Two constructions of optimal pairs of linear codes for resisting side channel and fault injection attacks

Abstract: Direct sum masking (DSM) has been proposed as a counter-measure against side-channel attacks (SCA) and fault injection attacks (FIA), which are nowadays important domains of cryptanalysis. DSM needs two linear codes whose sum is direct and equals a whole space $\Bbb F_q^n$. The minimum distance of the former code and the dual distance of the latter should be as large as possible, given their length and dimensions. But the implementation needs in practice to work with words obtained by appending, to each codeword $y$ of the latter code, the source word from which $y$ is the encoding. Let $\mathcal C_1$ be an $[n, k]$ linear code over the finite field $\Bbb F_q$ with generator matrix $G$ and let $\mathcal C_2$ be the linear code over the finite field $\Bbb F_q$ with generator matrix $[G, I_k]$. It is then highly desired to construct optimal pairs of linear codes satisfying that $d(\mathcal C_2^\perp)= d(\mathcal C_1^\perp)$. In this paper, we employ the primitive irreducible cyclic codes to derive two constructions of optimal pairs of linear codes for resisting SCA and FIA, where the security parameters are determined explicitly. To the best of our knowledge, it is the first time that primitive irreducible cyclic codes are used to construct (optimal) pairs of codes. As a byproduct, we obtain the weight enumerators of the codes $\mathcal C_1, \mathcal C_2, \mathcal C_1^\perp$, and $\mathcal C_2^\perp$ in our both constructions.