A First-Order Leak-Free Masking Countermeasure

One protection of cryptographic implementations against side-channel attacks is the masking of the sensitive variables. In this paper, the authors present a first-order masking that does not leak information when the registers change values according to some specific (and realistic) rules. This countermeasure applies to all devices that leak a function of the distance between consecutive values of internal variables. In particular, they illustrate its practicality on both hardware and software implementations. Moreover, they introduce a framework to evaluate the soundness of the new first-order masking when the leakage slightly deviates from the rules involved to design the countermeasure.