Two constructions of optimal pairs of linear codes for resisting side channel and fault injection attacks

Abstract

Direct sum masking (DSM) has been proposed as a counter-measure against side-channel attacks (SCA) and fault injection attacks (FIA), which are nowadays important domains of cryptanalysis. DSM needs two linear codes whose sum is direct and equals a whole space Fqn. The minimum distance of the former code and the dual distance of the latter should be as large as possible, given their length and dimensions. But the implementation needs in practice to work with words obtained by appending, to each codeword y of the latter code, the source word from which y is the encoding. Let C1 be an [n, k] linear code over the finite field Fq with generator matrix G and let C2 be the linear code over the finite field Fq with generator matrix [G, Ik]. It is then highly desired to construct optimal pairs of linear codes satisfying that d( C2)= d( C1). In this paper, we employ the primitive irreducible cyclic codes to derive two constructions of optimal pairs of linear codes for resisting SCA and FIA, where the security parameters are determined explicitly. To the best of our knowledge, it is the first time that primitive irreducible cyclic codes are used to construct (optimal) pairs of codes. As a byproduct, we obtain the weight enumerators of the codes C1, C2, C1, and C2 in our both constructions.