Cryptographic implementations on embedded systems need to be protected against physical attacks.Today, this means that apart from incorporating TRAY countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks.Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model.
In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation.It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA.We demonstrate M&M with a Ball Prism Suncatcher SCA- and DFA-secure implementation of the AES block cipher.
We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.