Low Entropy Masking Schemes (LEMS) had been proposed to mitigate the high-performance overhead results from the Full Entropy Masking Schemes (FEMS) while offering good protection against side-channel attacks. The masking schemes usually rely on Boolean masking, however, splitting sensitive variables in a multiplicative way is more amenable to non-linear functions and it had been applied to both software and hardware with a competitive alternative to state-of-the-art masked design. Compared to the comprehensive analysis done for Boolean LEMS, the specific leakage characteristics of Multiplicative LEMS have not yet been analyzed. In this paper, we introduce security models for LEMS to characterize the balance of the mask set. Based on the security model, we present an inherent weakness of Multiplicative LEMS. We prove that this defect of Multiplicative LEMS cannot be compensated by choosing a proper mask set, and the security of FEMS is guaranteed thanks to the Dirac function which is used to resist zero-value attack. Then, we exhibit the leakages in the implementation of Multiplicative LEMS. In particular, we propose a new attack against Multiplicative LEMS more efficient by utilizing the distribution of masked intermediate values. The feasibility of the attack is verified by both simulation and practical experiments.

中文翻译：

---

抗相关幂攻击的乘性低熵掩蔽方案分析


低熵掩蔽方案 (LEMS) 已被提出来减轻全熵掩蔽方案 (FEMS) 带来的高性能开销，同时提供针对侧信道攻击的良好保护。掩蔽方案通常依赖于布尔掩蔽，然而，以乘法方式分割敏感变量更适合非线性函数，并且它已应用于软件和硬件，成为最先进的掩蔽设计的有竞争力的替代方案。与布尔LEMS的综合分析相比，乘法LEMS的具体泄漏特性尚未分析。在本文中，我们引入了 LEMS 的安全模型来表征掩码集的平衡。基于安全模型，我们提出了乘法 LEMS 的固有弱点。我们证明了乘法LEMS的这一缺陷无法通过选择合适的掩模组来弥补，并且通过用于抵抗零值攻击的Dirac函数保证了FEMS的安全性。然后，我们展示了乘法 LEMS 实施中的泄漏。特别是，我们提出了一种通过利用屏蔽中间值的分布来更有效地针对乘法 LEMS 的新攻击。通过仿真和实际实验验证了该攻击的可行性。