1970-01-01

(2026-04) Provably Secure Hybrid Inner Product and Boolean Masking via Composable Conversion

[[Jaeseung Han]]
[[Dong-Guk Han]]

2026-04-20

Abstract

Masking is a representative side-channel countermeasure that provides provable security. Among masking schemes, Boolean masking (BM) is widely adopted due to its simple sharing structure, while inner product masking (IPM) and code-based masking (CM) have been studied as alternatives that achieve a higher security order with the same number of shares—a property known as security order amplification in the bit-probing model. Recent work by Gaspoz and Dhooghe (TCHES 2025) proposed an IPM multiplication gadget and CM gadgets with provable bit-level security; however, the overhead of CM gadgets for linear operations, the overhead of IPM multiplication, and the lack of a complete provably secure implementation exploiting IPM security order amplification remain open challenges. In this paper, we address all three challenges. First, we propose BM-to-IPM and IPM-to-BM conversion gadgets satisfying bit $t$ -MIMO-SNI in the bit-probing model, enabling composable and provably secure interoperation between the two masking domains. Second, we optimize the TCHES 2025 IPM multiplication gadget via Row Packing and Reduction in Rows, reducing the fresh random bit requirement from $\frac{1}{2}t(n^2-1)k^2(k+1)$ to $tk(n-1)(kn+W)$ bits with a proportional reduction in XOR gates, while maintaining bit $t$ -SNI security. Third, we present a hybrid IPM-BM framework in which multiplications are performed in IPM with fewer shares and all Boolean linear operations are handled share-wise in BM at no additional randomness cost, and show that this hybrid approach requires significantly fewer gates and random bits than a pure CM approach. As a concrete instantiation, we implement a second-order masked AES-128 with a 2-share IPM / 3-share BM hybrid architecture, prove that the implementation satisfies bit 2-PINI, and evaluate its practical side-channel security via first- and second-order TVLA on an ARM Cortex-M4 with up to one million traces. To the best of our knowledge, this is the first end-to-end cryptographic implementation that provably preserves IPM's security order amplification in the bit-probing model.