Concrete Evaluation of the Random Probing Security

We study masked implementations' security when the adversary can randomly probe their internal variables. By describing the relations of the intermediate variables with a parity equation system, we assess the random probing leakage's informativeness with a new definition for the security. Side-channel researchers often consider the Bayesian adversary, here we introduce the MAP adversary and discuss that she has the highest possible success rate among the other adversaries. For various masked implementations, the security as a function of masking order and leakage rate is measured. In contrast to the previous results in the asymptomatic model, our approach is in a concrete setting. Therefore, it can be used as an analysis tool for practical engineering purposes. Moreover, for the multiplication gadget proposed in Ches 2016, with some modification, we prove security in the random probing for constant leakage rate. So, we give the first practical multiplication gadget with proved security in the random probing model. As another contribution, leakage effects of refreshing gadgets is modeled with an equivalent erasure channel. Appropriate handling of the leakage of refreshing gadgets, instead of neglecting, was a long-standing challenge in the random probing environment. This modeling helps to give the first S-Box implementation with proved security in the random probing leakage. We also study the security of arbitrary order masking of AES, and for the first time, we derive a security bound that is independent of the size of masked implementation. Furthermore, we have developed new insights into the connections of the SNI security in the threshold probing model with the security results obtained in the random probing model.