A New Class of Codes for Boolean Masking of Cryptographic Computations

• Published in: IEEE transactions on information theory Vol. 58; no. 9; pp. 6000 - 6011
• Main Authors: Carlet, Claude, Gaborit, Philippe, Kim, Jon-Lark, Sole, Patrick
• Format: Journal Article
• Language: English
• Published: New York, NY IEEE 01.09.2012; Institute of Electrical and Electronics Engineers; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Algorithms; Applied sciences; Channels; Coding theory; Coding, codes; Construction; Correlation; Correlation analysis; Cryptography; Cyclic codes; double circulant codes; dual distance; Exact sciences and technology; Generators; Hard surfacing; Information theory; Information, signal and communications theory; Linear code; Masking; Nonlinearity; self-dual codes; Signal and communications theory; Systematics; Telecommunications and information theory; Transforms; Vectors; {\BBZ}_{4} -codes; Side channel attack; Nonlinear codes; codes; Cyclic code; ℤ; Golay codes; Boolean function; Connected graph; Algorithm; Binary code; Implementation; Linear code; Security of data; dual distance; Masking; Cryptography; self-dual codes; Cyclic codes; double circulant codes; Dual codes
• ISSN: 0018-9448; 1557-9654
• DOI: 10.1109/TIT.2012.2200651

We introduce a new class of rate one-half binary codes: complementary information set codes. A binary linear code of length 2n and dimension n is called a complementary information set code (CIS code for short) if it has two disjoint information sets. This class of codes contains self-dual codes as a subclass. It is connected to graph correlation immune vectorial Boolean functions of use in the security of hardware implementations of cryptographic primitives. Such codes permit to improve the cost of masking cryptographic algorithms against side channel attacks. In this paper, we investigate this new class of codes: we give optimal or best known CIS codes of length < 132 . We derive general constructions based on cyclic codes and on double circulant codes. We derive a Varshamov-Gilbert bound for long CIS codes, and show that they can all be classified in small lengths \leq 12 by the building up construction. Some nonlinear permutations are constructed by using {\BBZ}_{4} -codes, based on the notion of dual distance of a possibly nonlinear code.