Reducing risks through simplicity: high side-channel security for lazy engineers

Countermeasures against side-channel attacks are in general expensive, and a lot of research has been devoted to the optimization of their security versus performance trade-off. Besides, a wide literature has also shown that implementing such countermeasures is an error-prone task and requires to deal with various engineering challenges (e.g., physical defaults, compositional errors, ...). This work aims to contribute to this second item, by evaluating the extent to which (almost) key-homomorphic primitives, and in particular a recent PRF instance based on the learning with rounding problem, can lead to easy-to-implement and easier-to-evaluate side-channel-secure designs. We confirm these properties by describing an FPGA implementation that does not require complex (compositional) reasoning in its analysis and can be masked securely under simple design conditions, and for which the evaluation directly scales to arbitrary number of shares. We provide a comprehensive performance and (worst-case) security analysis of our design and compare the obtained results with those of an AES implementation protected with the domain-oriented masking scheme. Results show that simplicity has a cost, which becomes less prohibitive as security requirements increase.