IPM-RED: combining higher-order masking with robust error detection

Cryptographic hardware becomes increasingly vulnerable to physical attacks—both passive side-channel analysis and active fault injections—performed by skillful and well-equipped adversaries. In this paper, we introduce a technique that provides very high security against both types of attacks. It combines inner product masking (IPM), which offers higher-order side-channel attack resistance on word level and on bit level, with nonlinear security-oriented error-detection codes that provide robustness, i.e., strong detection guarantees for arbitrary faults. We prove that our scheme has the same security against side-channel attacks that an earlier, non-robust IPM-based solution has and in addition preserves robustness during addition and multiplication (and therefore arbitrary computations). Moreover, we prove that the information leakage from the checker is small and that the attack will be detected far before the attacker will gain significant information.