Reducing Randomness Complexity of Mask Refreshing Algorithm

Abstract

Among the existing countermeasures against side-channel analysis, masking is the most widely deployed one. In order to mask large functions (e.g. S-boxes), each basic operation of the function should be replaced with the d-th order secure operation. In this process, the multiplication with dependent inputs always exists, which may lead to security bias. In order to preserve the security of the dependent-input multiplication, a refreshing algorithm should be utilized to eliminate the dependence. Among the existing refreshing algorithms, only one proposal satisfying d-Strong Non-Interferent (d-SNI) can effectively solve the dependent-input issue. However, it suffers a low efficiency with a high randomness complexity. In this paper, we claim that the d-SNI refreshing algorithm is overqualified and a weaker refreshing algorithm can also ensure the security of the dependent-input multiplication. According to the property of the ISW multiplication, we prove that a refreshing algorithm satisfying a “conditional d-SNI” (weaker than d-SNI) can solve the dependent-input issue. In this way, we relax the security requirement of the refreshing algorithm. Based on this new security requirement, we propose a new refreshing algorithm satisfying conditional d-SNI. The randomness complexity of the new proposal is much lower than that of the original refreshing algorithm. As a validation, we implement the two refreshing algorithms on the 32-bit ARM core, and compare their random generations, clock cycles, and ROM consumptions. The comparison results indicate that our proposal outperforms the d-SNI refreshing algorithm in terms of both the randomness complexity and the arithmetic complexity, as significantly less random generations (33%–70% reduction), less clock cycles, and less ROM consumptions are involved in our proposal than in the d-SNI refreshing.

1 Introduction

Side Channel Analysis (SCA) [8, 9] has become a serious threat to implementations of cryptographic algorithms. Among existing countermeasures, one of the most widely used is masking [3,4,5, 7, 10,11,12,13]. A d-th order masking consists in splitting each secret-dependent intermediate variable x (called sensitive variable) into \(d+1\) shares \((x_0,x_1,\dots ,x_d)\), where \((x_1,\dots ,x_d)\) are randomly picked up. When d-th order masking is utilized to secure a block cipher, a so-called d-th order masking scheme should be designed to operate on those shares.

The first probing secure masking scheme is the ISW scheme [7], which works as a transformer mapping the AND and NOT gates to secure gates. In this way, they aim to map an S-box circuit to a randomized S-box circuit which satisfies the d-th order security. Rivain and Prouff apply the ISW transformers to secure the whole AES software implementation [13], by extending the ISW transformer to secure multiplication over \(\mathbb {F}_{2}^{n}\). In this process, when the inputs of an ISW multiplication are related, the circuit may suffer joint leakage, which we call the “dependent-input issue” in the sequel. In order to solve the dependent-input issue, a so-called refreshing algorithm [5, 6, 13] should be inserted. Among the existing refreshing algorithms, the refreshing algorithm proposed in [6] is the only one which can actually solve the dependent-input issue. This refreshing algorithm satisfies d-SNI (Strong Non-Interference) [1], which we call the d-SNI refreshing in the sequel. It can be proved that the d-SNI refreshing algorithm can effectively eliminate the dependence of the input shares [1]. However, the d-SNI refreshing introduces exponential number of extra randomness, which may lead to a low efficiency. Therefore, improving the efficiency of the d-SNI refreshing, while maintaining the d-th order security of the dependent-input multiplication, is of great importance.

In [13], authors propose a refreshing algorithm which is very efficient with only d extra randomness. However, it only satisfies d-TNI (Tight Non-Interference) security [1], where d-TNI refreshing algorithms can hardly preserve the d-th order security of the dependent-input multiplication. In [2], a randomness reduction strategy for ISW multiplication is proposed. However, with this new strategy, the obtained algorithm only satisfies d-TNI security. d-TNI refreshing algorithm cannot solve the dependent-input issue.

In this paper, we claim that the d-SNI refreshing algorithm is overqualified when the multiplication is masked with ISW-like schemes [5, 7, 13]. According to the property of the ISW-like schemes, we relax the security requirement of the refreshing algorithm from d-SNI to conditional d-SNI (weaker than d-SNI). According to this new security requirement, we obtain a conditional d-SNI refreshing algorithm through search for security order \(d\le 11\), which requires less randomness generations than the original d-SNI refreshing algorithm. Finally, we implement the two refreshing algorithms on ARM, and compare the random generations and practical performances of both refreshing schemes.

Paper Organization. This paper is organized as follows. In Sect. 2, we give some useful notations and review the compositional security notions and the dependent-input issue. In Sect. 3, we prove that a refreshing algorithm satisfying conditional d-SNI can solve the dependent-input issue, and accordingly propose a conditional d-SNI refreshing algorithm. In Sect. 4, we compare the performances of our proposal with that of the d-SNI refreshing. In Sect. 5, we conclude this paper.

2 Preliminaries

2.1 Notations and Notions

\([n_1,n_2]\) denotes the integer set \(\{n_1,n_1+1,\dots ,n_2\}\). For a set S, |S| denotes the cardinality of S, and \(\overline{S}\) denotes the complementary set of S. For a set S which can be represented as \(S=\{s_1,s_2,\cdots ,s_n\}\), \((a_i)_{i\in S}\) represents the set \(\{a_{s_1}, a_{s_2}, \dots , a_{s_n}\}\). Linear mapping is denoted as \(\ell (\cdot )\). The arrow \(\leftarrow \) represents to assign the value of the right variable to the left variable. \(\xleftarrow {\,\,\$\,\,}\) represents to randomly pick one value from the set on the right and assign this value to the left variable. \(\oplus \) denotes XOR operation on \(\mathbb {F}_2\) (or \(\mathbb {F}_2^n\)), and \(\cdot \) denotes AND operation on \(\mathbb {F}_2\) (or \(\mathbb {F}_2^n\)). \(\bigoplus _{i=1}^n\) represents the XOR sum, namely \(\bigoplus _{i=1}^n x_i=x_1\oplus x_2\oplus \cdots \oplus x_n\). In this paper, the compositional security notions [1] are involved. We review them here.

Definition 1

(Simulatability). Denote by \(P=\{p_1,\dots ,p_\ell \}\) the set of \(\ell \) intermediate variables of a multiplication algorithm. If there exists two sets \(I=\{i_1,\dots ,i_t\}\) and \(J=\{j_1,\dots ,j_t\}\) of t indices from set \(\{1,\dots ,d\}\) and a random function S taking as input 2t bits and output \(\ell \) bits such that for any fixed bits \((a_i)_{0\le i\le d}\) and \((b_j)_{0\le j\le d}\), the distributions of \(\{p_1,\dots ,p_\ell \}\) and \(\{S(a_{i_1},\dots ,a_{i_t},b_{j_1},\dots ,b_{j_t})\}\) are identical, we say the set P can be simulated with at most t shares of each input \(a_I\) and \(b_J\).

Definition 2

(d-TNI). An algorithm satisfies d-Tight-Non-Interferent (d-TNI) property if and only if every set of \(t\le d\) intermediate variables can be simulated with at most t shares of each input.

Definition 3

(d-SNI). An algorithm satisfies d-Strong-Non-Interferent (d-SNI) if and only if for every set \(\mathcal {I}\) of \(t_1\) probes on intermediate variables (i.e. no output shares) and every set \(\mathcal {O}\) of \(t_2\) probes on output shares such that \(t_1+t_2\le d\), the set \(\mathcal {I}\cup \mathcal {O}\) can be simulated by only \(t_1\) shares of each input.

2.2 Dependent-Input Issue and Refreshing Algorithm

In the masked implementations of large functions, e.g. S-boxes, the “dependent-input issue” always exists and causes security biases. For the ISW scheme [7], the input shares \((a_i)_{i\in [0,d]}\) and \((b_i)_{i\in [0,d]}\) are required to be independent. Once the inputs are mutually dependent, i.e. \(b=\ell (a)\), one can directly obtain the share of one input \(b_i\) utilizing the share of the other input \(a_i\). In Fig. 1, x denotes the input, \(\mathcal {O}\) denotes the set of observed output shares, \(\mathcal {A}^1\) refers to the ISW multiplication, \(\mathcal {I}^1\) denotes the observed internal variables in \(\mathcal {A}^1\), and \(\mathcal {S}_j^i\) denotes the set of shares from the j-th input of algorithm \(\mathcal {A}^i\) utilized to simulate all further variables.

As is claimed in [13], the dependent-input multiplication in Fig. 1 can hardly preserve d-th order security. In fact, this conclusion can also be proved utilizing the aforementioned compositional security notions, as is shown in Proposition 1.

Fig. 1.

The dependent-input multiplication.

Fig. 2.

The dependent-input multiplication with a refreshing algorithm.

Proposition 1

(Dependent-Input Issue). The circuit given in Fig. 1 with \(\mathcal {A}^1\) being d-SNI is not necessarily d-TNI.

Proof

The total number of variables used to attack the circuit is limited to d, i.e. \(|\mathcal {I}^1|+|\mathcal {O}|\le d\). As in [1], we build the proof from right to left by simulating each algorithm. Algorithm \(\mathcal {A}^1\) is d-SNI, thus \(|\mathcal {S}^1_1|\), \(|\mathcal {S}^1_2|\le |\mathcal {I}^1|\). Therefore, all the variables can be simulated with \(|\mathcal {S}^1_1\cup \mathcal {S}^1_2|\le |\mathcal {I}^1|+|\mathcal {I}^1|\) shares of input x. \(|\mathcal {I}^1|+|\mathcal {I}^1|\) is not necessarily no more than d, thus the circuit in Fig. 1 is not necessarily d-TNI.    \(\square \)

In order to deal with the dependent-input issue, a so-called “refreshing algorithm” should be inserted [13], as is illustrated in Fig. 2. In Fig. 2, \(\mathcal {A}^1\) represents the ISW multiplication, and \(\mathcal {A}^2\) represents the refreshing algorithm. The refreshing algorithm aims to eliminate the dependence of the inputs, and therefore solve the dependent-input issue. However, as is claimed by [5], the refreshing algorithm proposed in [13] is not secure enough and may lead to a security bias. This conclusion can also be verified utilizing the definition of d-SNI and d-TNI. The refreshing algorithm in [13] is d-TNI [1]. As is stated in Proposition 2, d-TNI refreshing algorithm cannot preserve the security of the dependent-input multiplication.

Proposition 2

(d-TNI Refreshing). The circuit given in Fig. 2 with \(\mathcal {A}^1\) being d-SNI multiplication and \(\mathcal {A}^2\) being d-TNI refreshing algorithm is not necessarily d-TNI.

Proof

The total number of variables used to attack the circuit is limited to d, i.e. \(|\mathcal {I}^1|+|\mathcal {I}^2|+|\mathcal {O}|\le d\). As in [1], we build the proof from right to left by simulating each algorithm. Algorithm \(\mathcal {A}^1\) is d-SNI, thus \(|\mathcal {S}^1_1|\), \(|\mathcal {S}^1_2|\le |\mathcal {I}^1|\). Algorithm \(\mathcal {A}^2\) is d-TNI, thus \(|\mathcal {S}^2|\le |\mathcal {I}^2|+|\mathcal {S}^1_2|\). Finally, all the variables can be simulated with \(|\mathcal {S}^1_1\cup \mathcal {S}^2|\le |\mathcal {I}^1|+|\mathcal {I}^1|+|\mathcal {I}^2|\) shares of input x. \(|\mathcal {I}^1|+|\mathcal {I}^1|+|\mathcal {I}^2|\) is not necessarily no more than d, thus the circuit in Fig. 2 is not necessarily d-TNI.    \(\square \)

2.3 d-SNI Refreshing Algorithm

In order to solve the dependent-input issue, the refreshing algorithm is required to be d-SNI. As is shown in Proposition 3, with a d-SNI refreshing algorithm, the dependent-input multiplication preserves d-th order security. The security proof is given in the full version of this paper.

Proposition 3

(d-SNI Refreshing). The circuit given in Fig. 2 with \(\mathcal {A}^1\) being d-SNI multiplication and \(\mathcal {A}^2\) being d-SNI refreshing algorithm is d-SNI.

To deal with the dependent-input issue, Duc et al. [6] propose a new refreshing algorithm satisfying d-SNI, which we call the d-SNI refreshing in the sequel. Although being proven to reach d-th order security when plugged in the dependent-input multiplication, it requires more random generations. The d-TNI refreshing algorithm [13] needs d random generations, while the d-SNI refreshing algorithm needs \(d(d+1)/2\) random generations.

3 An Efficient Refreshing Algorithm with Less Random Generations

3.1 Dependent-Input Issue and Conditional d-SNI Refreshing

The implementation of a dependent-input multiplication is depicted in Fig. 2. The multiplication is masked utilizing the ISW-like scheme, which satisfies d-SNI [1]. In order to solve the dependent-input issue, one should ensure that the circuit in Fig. 2 satisfies d-th order security, i.e. d-SNI or d-TNI. As is shown in Proposition 3, if the refreshing algorithm satisfies d-SNI, the dependent-input multiplication (containing the multiplication and the refreshing algorithm) in Fig. 2 satisfies d-th order security.

In this section, we claimed that the refreshing algorithm is not necessarily d-SNI, and a weaker refreshing algorithm may also be secure. First, based on the property of the ISW multiplication (each intermediate leaks at most one share for each input), we propose a constraint on set \(\mathcal {I}^1\).

Proposition 4

In the circuit depicted in Fig. 2, we assume that \(\mathcal {I}^1\) is the set of input variables and intermediate variables of \(\mathcal {A}^1\) (the ISW multiplication), \(\mathcal {I}^2\) is the set of input variables and intermediate variables of \(\mathcal {A}^2\) (Algorithm 1). In \(\mathcal {I}^1\), A denotes the set of indexes of multiplicand a, i.e. \(\mathcal {S}_1^1\), and B denotes the set of indexes of multiplicand b, i.e. \(\mathcal {S}_2^1\). Set \(\mathcal {S}_1^1\cup \mathcal {S}^2\) denotes the set of input shares used to simulate all further variables in the circuit. We give two constraints,

1. 1.

   \(\mathcal {I}^1\) only contains \(a_i\cdot b_j\), and involves no \(a_i\) or \(b_j\) (i.e. \(|A|=|B|=|\mathcal {I}^1|)\),

2. 2.

   \(A\cap B=\emptyset \),

For a given \(\mathcal {I}^2\) and \(t\le d\), if every \(\mathcal {I}^1\) satisfying the above constraints satisfies \(|\mathcal {S}^2\cup \mathcal {S}_1^1|\le t\), then every \(\mathcal {I}^1\) satisfies \(|\mathcal {S}^2\cup \mathcal {S}_1^1|\le t\).

Proof

According to the description of ISW scheme, the intermediate variables of the ISW multiplication \(\mathcal {I}^1\) may contain \(a_i\), \(b_i\), \(a_i\cdot b_j\) and their linear combinations. In fact, each probes in \(\mathcal {I}^1\) leaks at most two shares \(a_i\) and \(b_j\) [7, 13]. As a result, according to set \(\mathcal {I}^1\), we can retrieve \(\bigoplus (a_i)_{i\in A}\bigoplus (b_i)_{i\in B}\). According to the description of the refreshing algorithm (Algorithm 1), set \(\mathcal {I}^2\) contains \(r_i'\) (\(r_i'=a_i\oplus b_i\)), \(r_i\), linear combinations of \(r_i\) and input shares \(a_i\). Therefore, set \(\mathcal {I}^2\) may depend on \(\bigoplus (a_i\oplus b_i)_{i\in B}\). Finally, the probes in the circuit \(\mathcal {I}^1\cup \mathcal {I}^2\) can be simulated with at most \(|A\cup B|\) shares of the input, as \(\mathcal {S}^1_1\cup \mathcal {S}^2\subseteq (a_i)_{i\in A\cup B}\).

The proof can be divided in the following two steps, where \(\mathbb {I}\) denotes the set of all possible \(\mathcal {I}^1\), \(\mathbb {I}|_{c1}\) denotes the set of all possible \(\mathcal {I}^1\) satisfies the first constraint, and \(\mathbb {I}|_{c1,c2}\) denotes the set of all possible \(\mathcal {I}^1\) satisfies the first and second constraints.

1. 1.

   First, we prove that if there exists \(\mathcal {I}^1\in \mathbb {I}\) satisfying \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\), there will exist \(\mathcal {I}^{1'}\in \mathbb {I}|_{c1}\) which also satisfies \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\).

   Assume \(\mathcal {I}^1\in \mathbb {I}\) satisfying \(|\mathcal {S}^1_2\cup \mathcal {S}^2|>t\), where \(\mathcal {I}^1\) contains \(a_i\). According to \(\mathcal {I}^1\), we construct \(\mathcal {I}^{1'}\) by replacing \(a_i\) with \(a_i\cdot b_j\). As there is no \(a_i\) or \(b_i\) involved in \(\mathcal {I}^{1'}\), there exists \(\mathcal {I}^{1'}\in \mathbb {I}|_{c1}\). As the involved indexes in \(\mathcal {I}^{1'}\) is no less than that in \(\mathcal {I}^{1}\), the input shares utilized to simulate \(\mathcal {I}^{1'}\cup \mathcal {I}^2\) is no less than that utilized to simulate \(\mathcal {I}^{1}\cup \mathcal {I}^2\). Namely, \(\mathcal {I}^{1'}\) also satisfies \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\). Therefore, for each \(\mathcal {I}^1\in \mathbb {I}\) satisfying \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\), we can always construct \(\mathcal {I}^{1'}\in \mathbb {I}|_{c1}\) satisfying \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\).

2. 2.

   Then, we prove that if there exists \(\mathcal {I}^1\in \mathbb {I}|_{c1}\) satisfying \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\), there will exist \(\mathcal {I}^{1'}\in \mathbb {I}|_{c1,c2}\) which also satisfies \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\).

   Assume \(\mathcal {I}^1\in \mathbb {I}|_{c1}\) satisfying \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\), where \(\mathcal {I}^1\) satisfies \(A\cap B\ne \emptyset \). We denote by AB the intersection of set A and set B. According to \(\mathcal {I}^1\), we can always construct \(\mathcal {I}^{1'}\) by replacing \((b_i)_{i\in AB}\) with any element else. For \(\mathcal {I}^{1'}\), \(A'=A\), \(B'=B\cap \overline{A}\), and thus \(A'\cap B'=\emptyset \). Therefore, there exists \(\mathcal {I}^{1'}\in \mathbb {I}|_{c1,c2}\). As the involved indexes in \(\mathcal {I}^{1'}\) is no less than that in \(\mathcal {I}^{1}\), the input shares utilized to simulate \(\mathcal {I}^{1'}\cup \mathcal {I}^2\) is no less than that utilized to simulate \(\mathcal {I}^{1}\cup \mathcal {I}^2\). Namely, \(\mathcal {I}^{1'}\) also satisfies \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\). Therefore, for each \(\mathcal {I}^1\in \mathbb {I}\) satisfying \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\), we can always construct \(\mathcal {I}^{1'}\in \mathbb {I}|_{c1}\) satisfying \(|\mathcal {S}^1_1\cup \mathcal {S}^2|>t\).

Accordingly, we can deduce that if there exists \(\mathcal {I}^1\in \mathbb {I}\) satisfying \(|\mathcal {S}_1^1\cup \mathcal {S}^2|>t\), there will exist \(\mathcal {I}^{1'}\in \mathbb {I}|_{c1,c2}\) which also satisfies \(|\mathcal {S}_1^1\cup \mathcal {S}^2|>t\). Namely, if every \(\mathcal {I}^1\in \mathbb {I}|_{c1,c2}\) satisfying the two constraints satisfies \(|\mathcal {S}^2\cup \mathcal {S}_1^1|\le t\), then every \(\mathcal {I}^1\in \mathbb {I}\) satisfies \(|\mathcal {S}^2\cup \mathcal {S}_1^1|\le t\).    \(\square \)

Proposition 5

If the circuit in Fig. 2 is d-SNI when \(\mathcal {I}^1\) satisfying the two constraints, the circuit is d-SNI.

Proof

If the circuit in Fig. 2 is d-SNI when \(\mathcal {I}^1\) satisfying the two constraints, there exists \(|\mathcal {S}_1^1\cup \mathcal {S}^2|\le |\mathcal {I}^1|+|\mathcal {I}^2|\) on condition of the two constraints. According to Proposition 4, for arbitrary \(\mathcal {I}^1\), there also exists \(|\mathcal {S}_1^1\cup \mathcal {S}^2|\le |\mathcal {I}^1|+|\mathcal {I}^2|\). Namely, the circuit satisfies d-SNI.    \(\square \)

Proposition 6

If the circuit in Fig. 2 is d-TNI when \(\mathcal {I}^1\) satisfying the two constraints, the circuit is d-TNI.

Proof

If the circuit in Fig. 2 is d-TNI when \(\mathcal {I}^1\) satisfying the two constraints, there exists \(|\mathcal {S}_1^1\cup \mathcal {S}^2|\le |\mathcal {I}^1|+|\mathcal {I}^2|+|\mathcal {O}|\) on condition of the two constraints. According to Proposition 4, for arbitrary \(\mathcal {I}^1\), there also exists \(|\mathcal {S}_1^1\cup \mathcal {S}^2|\le |\mathcal {I}^1|+|\mathcal {I}^2|+|\mathcal {O}|\). Namely, the circuit satisfies d-TNI.    \(\square \)

Theorem 1

(Conditional d-SNI Refreshing). If the refreshing algorithm satisfies d-SNI on condition of \(|\mathcal {S}_2^1|\le (d+1)/2\) and the multiplication algorithm is ISW-like scheme satisfying d-SNI (or d-TNI), the circuit in Fig. 2 preserves d-SNI (or d-TNI).

Proof

According to Proposition 4, A and B satisfy \(A\cap B=\emptyset \), and \(|A|=|B|\). Accordingly, we can deduce that \(|A|=|B|\le (d+1)/2\), i.e. \(|\mathcal {S}_2^1|\le (d+1)/2\). For \(|\mathcal {S}_2^1|\le (d+1)/2\), if the refreshing algorithm is d-SNI, there exist \(|\mathcal {S}^2|\le |\mathcal {I}^2|\) on condition of the two constraints. Therefore, all the probes in the circuit can be simulated by \(|\mathcal {S}_1^1\cup \mathcal {S}^2|\le |\mathcal {I}^1|+|\mathcal {I}^2|\) (or \(|\mathcal {S}_1^1\cup \mathcal {S}^2|\le |\mathcal {I}^1|+|\mathcal {I}^2|+|\mathcal {O}|\)) shares of x, which shows that the circuit is d-SNI (or d-TNI) on condition of \(|\mathcal {S}_2^1|\le (d+1)/2\). According to Propositions 5 and 6, the circuit in Fig. 2 satisfies d-SNI (or d-TNI).    \(\square \)

According to Theorem 1, if the refreshing algorithm is d-SNI for \(|\mathcal {S}_2^1|\le (d+1)/2\), the dependent-input multiplication can preserve d-th order security and the dependent-input issue can be solved. This security requirement for the refreshing algorithm is weaker than d-SNI, which we call the conditional d-SNI in the sequel.

Fig. 3.

An instance of the new scheme when \(d=3\).

3.2 A New Refreshing Algorithm Satisfies Conditional d-SNI

In this section, we propose a new refreshing algorithm which achieves d-SNI on condition of \(|\mathcal {S}_2^1|\le (d+1)/2\). The description of the new refreshing algorithm is given in Algorithm 1. It can be seen as a two-step process. First, the first d random numbers \(r_1,\dots ,r_d\) are added to shares \(x_1,\dots ,x_{d}\) and \(x_0\) in sequence. Then, the last \(d_0\) random numbers are added to \(x_1,\dots ,x_{d}\) according to m(i), where m(i) is a bijective function mapping \([1,d_0]\) to a \(d_0\)-element subset of [1, d]. We should search for suitable \(d_0\) and m(i), in order to make the refreshing algorithm be d-SNI on condition of \(|\mathcal {S}_2^1|\le (d+1)/2\) (Fig. 2).

Search Method. The detailed search method is given in Algorithm 2. According to Algorithm 2, we try each possible tuple of parameters \(d_0\) and m(i), and check if the obtained refreshing algorithm satisfies the conditional d-SNI. As is shown in Theorem 1, we only need to consider the case when \(|\mathcal {S}^1_2|\le (d+1)/2\). Moreover, if \(b_i\notin \mathcal {S}^1_2\), the index i satisfies \(a_i\notin \mathcal {S}^2\). Therefore, \(\mathcal {S}^2\subseteq \mathcal {S}_2^1\).

Accordingly, we do not need to search every possible \(\mathcal {S}^1_2\) and \(\mathcal {S}^2\), but only a subset. We utilize an algorithm \(\textsf {Sel}\) to judge if \(|\mathcal {S}^2|\le |\mathcal {I}^2|\) (the requirement of d-SNI) holds for any given \(\mathcal {S}^2\) and \(\mathcal {S}^1_2\). If this relation holds for every \(|\mathcal {S}^2_1|\le (d+1)/2\) and \(\mathcal {S}^2\subseteq \mathcal {S}^1_2\), we suggest this obtained refreshing algorithm is conditional d-SNI.

Algorithm \(\textsf {Sel}\). The details of algorithm \(\textsf {Sel}\) is given in Algorithm 3. After each execution of \(\textsf {Sel}\), one can obtain \(|\mathcal {I}^2_{min}|\) for the given \(\mathcal {S}^1_2\) and \(\mathcal {S}^2\), where \(\mathcal {I}^2_{min}\) is the smallest set of the intermediate variables \(\mathcal {I}^2\) which makes \(\mathcal {I}^2_{min}\cup \mathcal {S}_1^2\) should be simulated with input shares \((x_i)_{i\in \mathcal {S}^2}\). If \(|\mathcal {I}^2_{min}|\ge |\mathcal {S}^2|\), we can conclude that \(|\mathcal {S}^2|\le |\mathcal {I}^2|\) holds for \(\mathcal {S}_2^1\) and \(\mathcal {S}^2\). For each \(\mathcal {S}^1_2\) satisfying \(|\mathcal {S}_2^1|\le (d+1)/2\), we execute algorithm \(\textsf {Sel}\) several times to judge if \(|\mathcal {S}^2|\le |\mathcal {I}^2|\) holds for every possible \(\mathcal {S}^2\) and \(\mathcal {S}^1_2\). Finally, we can judge if this refreshing algorithm satisfies the conditional d-SNI.

The description of \(\textsf {Sel}\) is given in Algorithm 3. In the sequel, we explain in detail how algorithm \(\textsf {Sel}\) maps \(\mathcal {S}_2^1\) and \(\mathcal {S}^2\) to \(|\mathcal {I}^2_{min}|\). For \(B^*\subseteq B\), according to \(\mathcal {S}_2^1\), we can obtain \(\bigoplus _{i\in B^*} b_i\), where \(\bigoplus _{i\in B^*} b_i\) can be rewritten as \((\bigoplus _{i\in B^*} a_i)\oplus (\bigoplus _{i\in B^*} (a_i\oplus b_i))\). Then, if and only if we can obtain \(\bigoplus _{i\in B^*} (a_i\oplus b_i)\) according to \(\mathcal {I}^2\), the probes in \(\mathcal {I}^2\cup \mathcal {S}_2^1\) can be related to \((\bigoplus _{i\in B^*} a_i)\). Namely, \(\mathcal {S}^2\) equals \((a_i)_{i\in B^*}\). Therefore, for a given \(\mathcal {S}_2^1\) and a given \(\mathcal {S}^2=(a_i)_{i\in B^*}\), \(\mathcal {S}^2\) should relate to \(\bigoplus _{i\in B^*} (a_i\oplus b_i)\). To obtain the minimal set \(\mathcal {I}^2_{min}\) is equivalent to reveal \(\bigoplus _{i\in B^*} (a_i\oplus b_i)\) with minimal internal variables of the refreshing algorithm.

In the following, \(\bigoplus _{i\in B^*} r'_i\) is called the “target” and it is denoted by T. Algorithm \(\textsf {Sel}\) aim to find the smallest subset \(\mathcal {I}^2_{min}\), which satisfies \(\bigoplus \mathcal {I}_{min}^{2}=T\).

First, we rewrite the target T by processing function \(\textsf {Rewritten}()\). According to Algorithm 1, each \(r'_i\) is the sum of several \(r_i\). As a result, \(T=\bigoplus _{i\in B^*} r'_i\) can be rewritten as the sum of several random numbers \(r_i\). We re-sort these \(r_i\) in ascending order of i. The indexes are either “consecutive” or “inconsecutive”. For example, if the target element \(T=r_3\oplus r_4\oplus r_8\oplus r_9\oplus r_{10}\), then \(r_3\oplus r_4\) and \(r_8\oplus r_9\oplus r_{10}\) are consecutive, and there is a missing \(r_5\) between \(r_4\) and \(r_6\). Accordingly, we divide T into two consecutive parts, \((r_3\oplus r_4)\oplus (r_8\oplus r_9\oplus r_{10})\). Till now, T is rewritten as \(T'\). Subsequently, we count the number of parts in \(T'\) by processing \(m=\textsf {P}(T')\).

Then, we try to find the smallest set \(\mathcal {I}^2_{min}\) which satisfies \(\bigoplus \mathcal {I}^2_{min}=T'\). According to Algorithm 1, \(\mathcal {I}^2\) contains two kinds of elements, \((r_i)_{i\in \{1,2,\cdots ,d+d_0\}}\) and \(\{r_1\oplus r_2, r_1\oplus r_2\oplus r_3,\dots ,r_1\oplus r_2\oplus \dots \oplus r_{d+d_0}\}\).¹ It is not hard to see that each consecutive part in \(T'\), i.e. \(\bigoplus _{i=a}^{b}r_i\), can be rewritten as the sum of two elements in \(\mathcal {I}^2\) (except for the case when \(a=1\)), namely \(\bigoplus _{i=a}^{b}r_i=(\bigoplus _{i=1}^{b}r_i)\oplus (\bigoplus _{i=1}^{a-1}r_i)\). In this way, we can always rewrite \(T'\) (with m parts) as a sum of 2m elements in \(\mathcal {I}^2\) (when \(a=1\) for a part, \(T'\) can be written as \(2m-1\) elements). For instance, \((r_3\oplus r_4)\oplus (r_8\oplus r_9\oplus r_{10})\) can be rewritten as \(T'=(\bigoplus _{i=1}^{2}r_i)\oplus (\bigoplus _{i=1}^{4}r_i)\oplus (\bigoplus _{i=1}^{7}r_i)\oplus (\bigoplus _{i=1}^{9}r_i)\). That is to say, there always exists \(\mathcal {I}^2_0=\{\bigoplus _{i=1}^{2}r_i,\bigoplus _{i=1}^{4}r_i,\bigoplus _{i=1}^{7}r_i,\bigoplus _{i=1}^{9}r_i\}\) for any given \(\{\mathcal {S}^1_2,\mathcal {S}^2\}\), satisfying \(\bigoplus \mathcal {I}^2_0=T'\), and \(|\mathcal {I}^2|=2m\) (or \(2m-1\)).

Till now, we have mapped \(\mathcal {S}^1_2\) and \(\mathcal {S}^2\) to \(|\mathcal {I}^2_0|\), but what we aim to find is the cardinality of the smallest set \(\mathcal {I}^2_{min}\). Therefore, we should further decreasing the number of elements in \(\mathcal {I}^2_0\). In \(\mathcal {I}^2_0\), there may exist term \((\bigoplus _{m=1}^i r_m)\oplus (\bigoplus _{m=1}^{i-1}r_m)\) which can be written as \(r_i\). We call \((\bigoplus _{m=1}^i r_m)\) and \((\bigoplus _{m=1}^{i-1}r_m)\) the adjacent pair. If there exists an adjacent pair, two probes \((\bigoplus _{m=1}^i r_m)\) and \((\bigoplus _{m=1}^{i-1}r_m)\) can be replaced with one probe \(r_i\) and therefore \(|\mathcal {I}^2_0|\) can be reduced by 1. The adjacent pairs which are not mutually overlapped are denoted as the non-overlapping adjacent pair (Algorithm 3 \(\textsf {NOA}\)), while the adjacent pairs which are mutually overlapped are denoted as the overlapping adjacent pair (Algorithm 3 \(\textsf {OA}\)). The minimal cardinality \(|\mathcal {I}^2_{min}|\) can be computed according to the following principles:

• If there does not exist any adjacent pair in \(\mathcal {I}^2_0\), \(|\mathcal {I}^2_{min}|=2m\) (or \(2m-1\)).

• If there exists some, say n, adjacent pairs in \(\mathcal {I}^2_0\), and they do not overlap with each other, \(|\mathcal {I}^2_{min}|\) should be decreased by n.

• If there exists a k-overlapping adjacent pair and k is even, \(|\mathcal {I}^2_{min}|\) should be decreased by \((k-2)/2\). If there exists a k-overlapping adjacent pair and k is odd, \(|\mathcal {I}^2_{min}|\) should be decreased by \((k-1)/2\).

To be clearer, we give a small instance of \(T'=(r_1\oplus r_2)\oplus (r_4\oplus r_5)\oplus r_7\) in Fig. 4. As \(r_1\) is included in \(T'\), \(|\mathcal {I}_0^2|=2m-1=5\). Among the five elements in \(\mathcal {I}^2_0\), there is one non-overlapping adjacent pair \(\{\bigoplus _{i=1}^2,\,\,\bigoplus _{i=1}^3\}\) (\(n=1\)), and one 3-overlapping adjacent pair \(\{\bigoplus _{i=1}^5,\,\,\bigoplus _{i=1}^6,\,\, \bigoplus _{i=1}^7\}\) (\(k=3\)). Therefore, according to Algorithm \(\textsf {Sel}\), we can obtain \(|\mathcal {I}_{min}^2|=2m-1-n-\frac{k-1}{2}=3\). One case for \(\mathcal {I}^2_{min}\) is \(\{r_3, r_6, \bigoplus _{i=1}^7 r_i\}\), and \(r_3\oplus r_6\oplus \bigoplus _{i=1}^7 r_i=T'\).

Fig. 4.

A instance of \(T'=(r_1\oplus r_2)\oplus (r_4\oplus r_5)\oplus r_7\).

Obtained m(i) and \(d_0\). With the search method in Algorithms 2 and 3, we obtain the conditional d-SNI refreshing algorithm for \(d\le 11\). In Table 1, we list part of the obtained m(i) with minimum \(d_0\) from order 3 to 11. We can hardly search for refreshing algorithms for order larger than 11, as the computational complexity will be much too high.

Table 1. The search results.

4 Complexity Comparisons

In this section, we implement the refreshing algorithms on ARM, and verify the efficiency of our proposal by comparing the required random generations, clock cycles and ROM consumptions. For each algorithm (the d-SNI refreshing and our new proposal), we have six implementations for \(d=3,4,\dots ,8\). Codes were written in assembly language for an ARM-based 32-bit architecture. According to the comparison results, our proposal outperforms the d-SNI refreshing in terms of both the randomness complexity and the arithmetic complexity, as significantly less random generations, less clock cycles, and less ROM consumptions are involved in our proposal than in the d-SNI refreshing.

Fig. 5.

The random complexity of the d-SNI refreshing and the new refreshing.

Fig. 6.

Clock cycles and ROM consumptions (KBytes) of the new refreshing and the d-SNI refreshing.

First, we compare the random generations of the two refreshing schemes. For ISW-like masking schemes, the main overhead lies in the randomness generation. Random generations execute by calling a random generation module, which leads to significant time and storage consumptions. Therefore, decreasing the randomness generation is of crucial importance. The randomness complexities of the new refreshing algorithm and the d-SNI refreshing algorithm are compared in Fig. 5. We can see that the new refreshing makes a remarkable improvement and decreasing 33%–70% random generations than the d-SNI refreshing. Then, in order to verify the arithmetic complexity, we implemented two refreshing algorithms on 32-bit ARM core. As we have already compared the randomness complexity, the random generations are no longer executed in the implementations. The random numbers are assumed to be stored in ROM without considering its ROM consumption. The performances of the implementations, including clock cycles and ROM consumptions, are given in Fig. 6. According to Fig. 6, our proposal are better than the d-SNI refreshing in both timing performance and ROM consumption.

5 Conclusion and Future Work

The proposed refreshing algorithm satisfies a conditional d-SNI, which is weaker than d-SNI. In fact, this security notion is proposed specifically for the refreshing algorithm. We do not think it make sense for the multiplication algorithm. It is noteworthy that our work is different from the strategy proposed in [2]. Their scheme is designed for the multiplication and satisfies d-TNI security, while our scheme is designed for the refreshing algorithm and satisfies conditional d-SNI.

Our proposal is not a generic scheme for arbitrarily order d. We consider it an incredible future work to design a generic order refreshing satisfies the conditional d-SNI.