A main goal of circuit masking is to make more difficult the illegitimate exfiltration of secrets from a circuit evaluation.
Masking schemes use secret-sharing of the input bits of a circuit and recompile the circuit logic to ensure that important properties of the secret sharing remain across the circuit evaluation.
After a d-th order masking, the probing of up to d wires in a masked circuit should not reveal information about the logical value of the secret bits in the original circuit. However, various attack models exist and masking does not provide resistance against all conceivable attacks. For example, glitches during the evaluation of a circuit introduce some complications.
In noisy leakage scenarios, a potential effect of masking is to enhance resistance against an adversary that can analyze aggregate measures (traces) of power during a circuit evaluation. However, the attained (or not) side-channel resistance depends on the implementation.
After past exploratory steps to obtain feedback, the current focus of the Masked Circuits project is to collect concrete masked circuits to form a masked circuits library (MCL). The organization of the MCL, to be based on public contributions, will be performed in collaboration with the NIST circuit complexity project. There is an initial focus on circuits for AES, but with time it will be extended to other primitives represented in the form of vectorial Boolean functions. See details here.
At this stage, this project is not considering actions toward standardization.
The secret-sharing perspective of masked circuits was initially considered in the threshold cryptography project. The project then considered two separate tracks (single-device and multi-party). The single-device track evolved to become the "masked circuits for block-ciphers" project. Early public feedback about the single-device threshold setting was received in talks at the NTCW 2019 workshop (sessions II.1 and II.2), comments provided for NISTIR 8214 (see the diff) and 8214A (see the diff) and at a related workshop organized by K.U. Leuven (July 2020).
The Masked Circuits call for feedback issued in June 2021 (open till 2021-Sep-06) received diverse comments. The call and the received comments are compiled here.
Some summary notes:
The received feedback does not reveal a current consensus about the utility of standardizing concrete masking techniques. Yet, there is a recognized potential value for circuit masking. As a result, the project will focus on a stage of collecting reference material in the form of concrete masked circuits, to constitute a masked circuits library, to serve as an open reference for use by the community.
The project scope for 2022 is explained here.
In summary, the project plans to collect reference material in the form of concrete masked circuits, to constitute a masked circuits library, to serve as an open reference for use by the community.
In the future, the MCL will serve as a basis for comparative analyses of side-channel leakage and resistance for certain physical implementations. However, said testing and evaluation is currently out of scope for this project.
At this stage, this project is not considering actions toward standardization.
The current step is focused on masked circuits at the logical level. Future discussions may consider:
Security and Privacy: encryption, random number generation