Secure Wire Shuffling in the Probing Model

In this paper we describe the first improvement of the wire shuffling countermeasure against side-channel attacks described by Ishai, Sahai and Wagner at Crypto 2003. More precisely, we show how to get worst case statistical security against t probes with running time \({\mathcal O}(t)\) instead of \({\mathcal O}(t \log t)\); our construction is also much simpler. Recall that the classical masking countermeasure achieves perfect security but with running time \({\mathcal O}(t^2)\). We also describe a practical implementation for AES that outperforms the masking countermeasure for \(t \ge 6\,000\).