Paper 2025/193

On the Average Random Probing Model

Julien Béguinot, LTCI, Télécom Paris, Institut Polytechnique de Paris
Loïc Masure, LIRMM, Univ. Montpellier, CNRS
Abstract

Masking is one of the main countermeasures against side-channel analysis since it relies on provable security. In this context, “provable” means that a security bound can be exhibited for the masked implementation through a theoretical analysis in a given threat model. The main goal in this line of research is therefore to provide the tightest security bound, in the most realistic model, in the most generic way. Yet, all of these objectives cannot be reached together. That is why the masking literature has introduced a large spectrum of threat models and reductions between them, depending on the desired trade-off with respect to these three goals. In this paper, we focus on three threat models, namely the noisy-leakage model (realistic yet hard to work with), the random probing (unrealistic yet easy to work with), and more particularly a third intermediate model called average random probing. Average random probing has been introduced by Dziembowski et al. at Eurocrypt 2015, in order to exhibit a tight reduction between noisy-leakage and random probing models, recently proven by Brian et al. at Eurocrypt 2024. This milestone has strong practical consequences, since otherwise the reduction from the noisy leakage model to the random probing model introduces a prohibitively high constant factor in the security bound, preventing security evaluators to use it in practice. However, we exhibit a gap between the average random probing definitions of Dziembowski et al. (denoted hereafter by DFS-ARP) and Brian et al. (simply denoted by ARP). Whereas any noisy leakage can be tightly reduced to DFS-ARP, we show in this paper that it cannot be tightly reduced to ARP, unless requiring extra assumptions, e.g., if the noisy leakage is deterministic. Our proof techniques do not involve more tools than the one used so far in such reductions, namely basic probability facts, and known properties of the total variation distance. As a consequence, the reduction from the noisy leakage to the random probing — without high constant factor — remains unproven. This stresses the need to clarify the practical relevance of analyzing the security of masking in the random probing model since most of the current efforts towards improving the constructions and their security proofs in the random probing model might be hindered by potentially unavoidable loss in the reduction from more realistic but currently less investigated leakage models.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2025
Keywords
MaskingNoisy leakageRandom ProbingAverage Random ProbingReductionLeakage Model
Contact author(s)
julien beguinot @ telecom-paris fr
loic masure @ lirmm fr
History
2025-04-14: last of 2 revisions
2025-02-10: received
See all versions
Short URL
https://ia.cr/2025/193
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/193,
      author = {Julien Béguinot and Loïc Masure},
      title = {On the Average Random Probing Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/193},
      year = {2025},
      url = {https://eprint.iacr.org/2025/193}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.