WO2023232951A1 - Method and circuit for securely mapping a masked variable - Google Patents

Abstract

Method and Circuit for Securely Mapping a Masked Variable The present invention relates to a computer-implemented method for securely mapping a first variable performing a first masking of an underlying first secret value to a second variable performing a second masking of an underlying second secret value, wherein the first masking splits the first variable into a first plurality of shares, and wherein the second masking splits the second variable into a second plurality of shares. The method comprises setting up a third variable masking an underlying secret register, said third masking splitting the secret register into a third plurality of shares, said secret register containing all logical zero bits except for at most a single logical one bit, and performing for the masked first variable the steps of : - performing a first operation on the third variable, said first operation corresponding to a rotation or shift of the secret register with a number of positions related to the shares of the first variable, yielding an updated third variable, - performing a second operation to calculate one or more values for shares of the second variable from a corresponding individual share of the updated third variable.

Description

Method and Circuit for Securely Mapping a Masked Variable

Field of the invention

[0001] The present invention is generally related to the field of systems and methods for use in cryptographic applications.

Background of the invention

[0002] A majority of public key cryptographic algorithms are based on factoring or the discrete logarithm problem. These algorithms are no longer secure in the presence of a large scale quantum computer. The technical domain of Post-Quantum Cryptography (PQC) is concerned with alternative cryptographic algorithms that remain secure in the presence of quantum computers.

[0003] Standardisation efforts are ongoing to replace public-key standards that will soon become insecure. Some candidate schemes for a future standard belong to the field of lattice-based cryptography, i.e. constructions of cryptographic primitives for which the security is based on hard mathematical problems.

[0004] One of the challenges in replacing the current standards with post-quantum standards relates to protecting their implementations against side-channel attacks. When using such encryption schemes in practical applications, an adversary that has access to the computing device (e.g. a bank card, embedded devices, Internet-of-Things nodes), can observe unwanted effects of computation leaking information, such as power usage, electromagnetic radiation and timing. Cryptographic attacks that make use of such leaked information are called side-channel attacks. Several side-channel attacks on lattice-based cryptographic implementations have been demonstrated in the art, including timing attacks or power consumption and electromagnetic radiation attacks. Therefore, it is necessary to provide protection against these side-channel attacks.

[0005] Masking is a popular tool to protect against side-channel attacks. The idea of masking is to split a sensitive variable into two or more shares, that individually look random so that each of the shares considered individually does not yield any information on the original variable. More specifically, an adversary able to see all but one share still cannot infer any information about the sensitive value. A sensitive variable that is shared in such way is called a masked variable.

A crucial aspect is that computation is carried out by handling shares only, without reconstructing the original variable. To compute a function on masked sensitive input data to masked sensitive output data in a secure way, one performs calculations on the shares individually. The effect is that computations are performed on the shares which contain seemingly random data and never explicitly on the sensitive data itself, thus protecting the sensitive data. The end result of a computation is an implicit computation on the sensitive data, where the shared output variable, if unmasked, would be the sensitive output data. The sensitive data can be retrieved at the end of the computations by unmasking, wherein the shares are combined using a predefined procedure.

[0006] To give an example of masking, a sensitive bit string x can be masked by first generating a uniformly random bitstring R and then generating the shares x^[0] = x θ R and x^[1] = R, with θ denoting the bitwise exclusive OR (XOR) operation. Both shares are then uniformly random and individually reveal no information about the sensitive value x. Unmasking can then be done by taking the XOR of both shares: x = x^[0] θ x^[1]. This type of masking is called Boolean masking.

[0007] As an example of calculations on masked variables, to calculate z = x θ y, with y a non-sensitive variable, one can calculate z^[0] = x^[0] θ y and z^[1] = x^[1]. During these computations one only computes on the shares and not on the sensitive data, thus protecting this sensitive data against side-channel attacks. The result of the computation is a Boolean masked sharing (z^[0], z^[1]) of z, so that z = z^[0] θ z^[1] = x θ y. Another computation would be z = x & y, the bitwise AND operation, which can be performed as z^[0] = x^[0] & y and z^[1] = x^[1] & y and would result in z = z^[0] θ z^[1] = x & y. While these operations are relatively easy to understand and implement, other more complex operations (e.g. bitwise AND between two sensitive masked variables) might be more complicated to design and implement.

[0008] A different method to perform masking is arithmetic masking, where a sensitive integer x between 0 and q-1 is masked by first generating a random integer R between 0 and q-1, and then generating the shares x⁽⁰⁾ = x-R mod q and x⁽¹⁾ = R. In this case, unmasking is performed by calculating x = x⁽⁰⁾ + x⁽¹⁾ mod q.

[0009] Arithmetic masking allows for easy computation of a sum or multiplication with an unmasked variable. For a sum z = x + y mod q with y a non-sensitive variable, one calculates the shares z⁽⁰⁾ = x⁽⁰⁾ + y and z⁽¹⁾ = x⁽¹⁾. The result of this computation is that z = z⁽⁰⁾ + z⁽¹⁾ = x + y mod q. Multiplication z = x * y mod q can be performed as z⁽⁰⁾ = x⁽⁰⁾ * y and z⁽¹⁾ = x⁽¹⁾ * y, resulting in z = z⁽⁰⁾ + z⁽¹⁾ = x * y mod q. As in Boolean masking, other functions are more complicated to design and implement.

[0010] Masking where the sensitive value is split into two shares, as in the examples above, is called first-order masking. This means that an adversary can probe at most one share without compromised security. Higher order masking splits the sensitive variable into more shares. For example for second order Boolean masking (three shares) one first generates two uniformly independently random bitstrings Ri and R2 and then calculates the shares x^[0] = x θ Ri θ R2, x^[1] = Ri and X^[2I=R2. Unmasking can then be done by XORing all shares together. [0011] One observation is that some efficient techniques have been developed specifically for first-order masking that do not scale to higher masking orders. Several masked implementations of lattice-based cryptographic schemes have been presented in the prior art.

[0012] In general, for masking a sensitive value x can be split into x⁽⁰⁾ and x⁽¹⁾ so that x=x^(0,O x⁽¹⁾ where O is a mathematical operation that depends on the type of masking. For Boolean masking the O operation is a XOR operation ®, whereas in arithmetic masking © is an addition modulo q, with q a predefined integer.

[0013] One recurring property of most masked implementations of lattice-based cryptography is that both Boolean masking and arithmetic masking are used. To integrate both masking domains, arithmetic to Boolean (A2B) and Boolean to arithmetic (B2A) conversion are needed. In one application field of the invention disclosed below one is specifically interested in arithmetic to Boolean conversion.

[0014] To implement a first-order masked A2B conversion, two categories of techniques have been proposed in the state-of-the-art. First order secure A2B conversions have been disclosed based on writing the conversion as a Boolean circuit and implementing this Boolean circuit in a secure masked fashion. Another approach to first-order A2B conversion is a table-based conversion, where the Boolean result is stored in a table that is manipulated based on the arithmetic input. Of the two techniques table-based conversions are typically more efficient.

[0015] For higher-order masked A2B, similar to first-order masking, Boolean circuit and table-based approaches have been proposed. In the table-based approach, for a large modulus q, the inputs are split into different chunks which are converted individually using A2B conversion, and the carries between the chunks are taken into account using an additional arithmetic to arithmetic (A2A with different moduli) conversion. Therefore, state-of-the-art A2B using a Boolean circuit approach is more efficient than the state-of-the-art table-based alternative.

[0016] Another important application of A2B conversions is masked comparison, which is a vital building block in actively secure implementations of lattice-based cryptography. The goal of such a comparison is to validate an input ciphertext by comparing it with a recomputed ciphertext as part of the Fujisaki-Okamoto transformation (see “Secure integration of asymmetric and symmetric encryption schemes", E. Fujisaki et al., CRYPTO '99, vol.1666 of LNCS, pp.537-554, Aug.1999).

[0017] For first order masking, a hash based approach has been proposed, wherein it is checked if a sensitive array is zero by hashing both shares separately and checking the equality of the hash outputs. For schemes that perform ciphertext compression, this comparison additionally needs an arithmetic to arithmetic (A2A) conversion (i.e., a conversion between two arithmetic masking domains with different modulus). Such an A2A conversion can be implemented as a simplified A2B conversion, where a table-based conversion is most efficient for first order.

[0018] Higher order masked comparisons have to rely on different techniques, as the hashbased method is limited to two shares. The state-of-the-art conversion techniques to perform higher order masked comparison first perform A2B conversion and then do the comparison in the Boolean domain. The different approaches differ in pre- and postprocessing of the A2B conversion. Whereas some perform a masked comparison by a simple approach comprising an A2B conversion followed by a masked bitwise comparison, others introduce a method based on a random sum to reduce the number of coefficients.

[0019] The paper "A Side-Channel Resistant Implementation of SABER" (M. Van Beirendonck et al., ACM J. Emerg. Technol. Comput. Syst., vol.17, no.2, April 2021, pp.1-26) describes an instance of SABER wherein masking is applied. A major challenge in masking lattice-based cryptosystems is the integration of bit-wise operations with arithmetic masking, requiring algorithms to securely convert between masked representations. The described design includes a novel primitive for masked logical shifting on arithmetic shares and adapts an existing masked binomial sampler for Saber.

[0020] Application US2021/406406 is concerned with constant time secure arithmetic-to-

Boolean mask conversion. A first and a second arithmetic input share of an initial arithmetically masked cryptographic value are received. A sequence of operations using the arithmetic input shares and a randomly generated number is performed, where a current operation generates a corresponding intermediate value that is used in a subsequent operation. At the end of the sequence, a first Boolean output share and a second Boolean output share are generated.

[0021] In W02008/064704 a method is presented for preventing information leakage attacks during execution of a cryptographic function. A random masking of a multiplexer operation used in the cryptographic function is performed in a specific way. A secure solution is so offered for mixed random masking of arbitrary Boolean functions wherein the input is masked by an arithmetic mask and the output by an XOR mask. The Boolean functions can be implemented by lookup tables in software or by logic circuits in hardware.

[0022] There is a need for improved method for performing A2B conversion and masked comparison in a secure way.

Summary of the invention

[0023] It is an object of embodiments of the present invention to provide for a method for mapping a masked variable to another masked variable in a way that remains secure in the masking framework. The method can advantageously be used both for A2B conversion and masked comparison.

[0024] The above objective is accomplished by the solution according to the present invention.

[0025] In a first aspect the invention relates to a computer-implemented method for securely mapping a first variable performing a first masking of an underlying first secret value to a second variable performing a second masking of an underlying second secret value. The first masking splits the first variable into a first plurality of shares and the second masking splits the second variable into a second plurality of shares. The method comprises setting up a third variable masking an underlying secret register, said third masking splitting said secret register into a third plurality of shares, said underlying secret register containing all logical zero bits except for at most a single logical one bit, and performing for the masked first variable the steps of : performing a first operation on the third variable, said first operation corresponding to a rotation or shift of the secret register with a number of positions related to the shares of the first variable, yielding an updated third variable, performing a second operation to calculate one or more values for shares of the second variable from a corresponding individual share of the updated third variable.

[0026] The proposed solution indeed allows for performing the mapping in a secure way, i.e. without revealing the secret value. The first (input) and second (output) variable are both masked by splitting them into a (same) number of shares. The method employs a masked register, where the masking splits the register into a (same) number of shares. At the start, the register is initiated with value 1, that is, it contains a single logical one at the least significant bit and for the rest all logical zero bits. Note that this value is not necessarily explicitly present in the implementation, but implicitly as it can be reconstructed as a combination of the shares. Obviously, the role of logical zeroes and ones can be inverted, i.e. a single logical zero is used and for the rest all logical ones. Two operations are then performed on the register. The first operation corresponds to a secure rotation or shift of the register, depending on the shares of the first variable. The result is that the register now contains a one-hot encoding of the relevant information of the input variable. Next a postprocessing operation is performed on each share of the rotated register individually, wherein information from the one-hot encoding of the first variable in the register is extracted. As this second operation is performed on each share individually, it is definitely secure. It is an advantage of the proposed method that a secure mapping can be guaranteed by performing these two relatively simple operations. It is also an advantage that the proposed method performs well in terms of speed compared to state of the art solutions. A further advantage is that the number of random bits is in the proposed method lower than in state-of-the-art solutions.

[0027] In preferred embodiments the first operation comprises the execution of one or more rotate or shift operations on the register, alternated with remasking operations. This is in particular advantageous in embodiments where the quality of the randomness of the shares somewhat decreases after some operations, i.e. that the shares look less uniformly random or contain additional information when all shares are combined. By means of a remasking operation randomness is added to the shares (without affecting the sensitive shared value) in order to restore the quality of the sharing.

[0028] In some embodiments the first operation corresponds to a rotation or shift with a number of positions that corresponds to the sum of the shares of the first variable modulo the size of the masked register.

[0029] In preferred embodiments the first variable is chopped into two or more chunks, such that each chunk has a lower number of possible values than the first variable. This is especially useful to avoid too large a register size. Note that when the first variable is not chopped into two or more chunks, the register size typically needs to be at least the value of the modulus q used in the arithmetic masking. The method steps are then performed iteratively, chunk by chunk starting with the least significant chunk.

[0030] In embodiments where chunking is applied, a third operation is performed to calculate a further update of the updated third variable obtained after the secure rotation operation. The further update then serves as masked register in the iteration for a next chunk.

[0031] Advantageously, at least the first operation is performed for each chunk and said second operation is performed at least in the iteration for the last chunk, being the most significant chunk. The first operation, i.e., the secure rotate, is indeed required for every chunk. Next, for each chunk the second operation or the third operation or both the second and third operation are performed. In the iteration for the last chunk the second operation is performed. The third operation is not necessary anymore in the last iteration.

[0032] In embodiments of the invention the method comprises a step of combining outputs of the second operation for two or more of the chunks.

[0033] Advantageously, performing the third operation comprises determining a carry that needs to be propagated to a next chunk.

[0034] In some embodiments the masked first variable is a coefficient of a masked vector comprising a plurality of coefficients and the method steps are iteratively performed for each coefficient of the masked vector individually. The coefficients may belong to a list in other embodiments instead being part of a masked vector.

[0035] In embodiments of the invention it is checked whether the value of the first variable is in a public list of allowed values. This involves selecting all bits of a share of the third variable on locations corresponding to values in the public list of allowed values and XOR'ing these bits together. In some embodiments the check is performed for all coefficients of a masked list. The checking may be performed in said third operation, or, if it concerns the iteration for the last chunk, in the second operation. If the checking occurs in the third operation, the above-mentioned step of determining a carry is performed as well.

[0036] In a preferred embodiment the first masking is an arithmetic masking and the second masking is a Boolean masking. Such an A2B conversion is one of the main applications of the proposed method. In some embodiments the underlying first secret value is the same as the underlying second secret value and a masked comparison of the two values is the purpose. In some embodiments the underlying second secret value is a function of the underlying first secret value.

[0037] In other embodiments the first variable is divided into two or more arrays, wherein for each array a different secret register is used and wherein the first and second operations are performed per array in parallel.

[0038] In some embodiments the second or third operation(s) are calculated using one or more subfunctions that perform a bitwise AND operation followed by a parity calculation.

[0039] In one aspect the invention relates to a program executable on a programmable device containing instructions which, when executed, perform the method as previously described.

[0040] In another aspect the invention relates to a computer-readable medium comprising instructions which, when executed by a computer, cause the computer to carry out the method as described above.

[0041] In yet another aspect the invention relates to a device for securely mapping a first variable performing a first masking of an underlying first secret value to a second variable performing a second masking of an underlying second secret value, wherein said first masking splits said first variable into a first plurality of shares, and wherein said second masking splits said second variable into a second plurality of shares. The device comprises processing means arranged to set up a third variable masking an underlying secret register, said third masking splitting said secret register into a third plurality of shares, said underlying secret register containing all logical zero bits except for at most a single logical one bit, and to perform for said masked first variable a first operation on said third variable, said first operation corresponding to a rotation or shift of said secret register with a number of positions related to said shares of said first variable, yielding an updated third variable, and a second operation to calculate one or more values for shares of said second variable from a corresponding individual share of said updated third variable. The device typically forms a building component of a bigger computational system.

[0042] In some embodiments the masking of the first variable is performed external to the device and the first variable is fed as input to the device. In other embodiments the device also takes care of the first masking.

[0043] For purposes of summarizing the invention and the advantages achieved over the prior art, certain objects and advantages of the invention have been described herein above. Of course, it is to be understood that not necessarily all such objects or advantages may be achieved in accordance with any particular embodiment of the invention. Thus, for example, those skilled in the art will recognize that the invention may be embodied or carried out in a manner that achieves or optimizes one advantage or group of advantages as taught herein without necessarily achieving other objects or advantages as may be taught or suggested herein.

[0044] The above and other aspects of the invention will be apparent from and elucidated with reference to the embodiment(s) described hereinafter.

Brief description of the drawings

[0045] The invention will now be described further, by way of example, with reference to the accompanying drawings, wherein like reference numerals refer to like elements in the various figures. [0046] Fig.l illustrates an embodiment of the method according to the invention, wherein two shares are used.

[0047] Fig.2 illustrates the resulting operations on the protected value for the example depicted in Fig.l.

[0048] Fig.3 illustrates a possible implementation of a secure rotate operation.

[0049] Fig.4 illustrates an embodiment of the method according to the invention, wherein an arithmetic to Boolean conversion is implemented.

[0050] Fig.5 illustrates a high-level block scheme of an embodiment of the method, wherein the first variable D¹'¹ is split into L chunks.

[0051] Fig.6 illustrates the calculation of the first and second operation as performed for each chunk when calculating an A2B conversion.

[0052] Fig.7 illustrates a high-level block scheme of an embodiment wherein a masked list of coefficients is processed, where each coefficient is split into L+l chunks and the processing is performed coefficient per coefficient. Detailed description of illustrative embodiments

[0053] The present invention will be described with respect to particular embodiments and with reference to certain drawings but the invention is not limited thereto but only by the claims.

[0054] Furthermore, the terms first, second and the like in the description and in the claims, are used for distinguishing between similar elements and not necessarily for describing a sequence, either temporally, spatially, in ranking or in any other manner. It is to be understood that the terms so used are interchangeable under appropriate circumstances and that the embodiments of the invention described herein are capable of operation in other sequences than described or illustrated herein.

[0055] It is to be noticed that the term "comprising", used in the claims, should not be interpreted as being restricted to the means listed thereafter; it does not exclude other elements or steps. It is thus to be interpreted as specifying the presence of the stated features, integers, steps or components as referred to, but does not preclude the presence or addition of one or more other features, integers, steps or components, or groups thereof. Thus, the scope of the expression "a device comprising means A and B" should not be limited to devices consisting only of components A and B. It means that with respect to the present invention, the only relevant components of the device are A and B.

[0056] Reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment, but may. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner, as would be apparent to one of ordinary skill in the art from this disclosure, in one or more embodiments.

[0057] Similarly it should be appreciated that in the description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention. [0058] Furthermore, while some embodiments described herein include some but not other features included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention, and form different embodiments, as would be understood by those in the art. For example, in the following claims, any of the claimed embodiments can be used in any combination.

[0059] It should be noted that the use of particular terminology when describing certain features or aspects of the invention should not be taken to imply that the terminology is being redefined herein to be restricted to include any specific characteristics of the features or aspects of the invention with which that terminology is associated.

[0060] In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

[0061] Before describing the processing device and method of the present invention, the notation adopted in this description is explained. Lists and matrices are denoted in bold text. They are indexed using a subscript, where Xi indicates the /^1h element of a list X and Yy indicates the element on the /^1h row and 7^th column of a matrix Y. The notation |X| denotes the number of coefficients in the list X. A flooring of a number x to the nearest integer less or equal to x, is denoted [xj and [x] represents ceiling x to the nearest integer greater or equal to x. A rounding to the nearest integer with ties rounded upwards is written as [x]. These operations are extended coefficient-wise to lists.

[0062] Positive integers are represented in unsigned binary representation unless stated otherwise, with the most significant bit (MSB) at the leftmost position and the least significant bit (LSB) at the rightmost position. x[/] indicates the I^th bit of the binary representation of x starting from the least significant bit and | R| indicates the number of bits in the binary representation of R.

[0063] A shift of the binary representation of x to the left with / positions (which equals x.2') is denoted x « i. With x » i is meant a shift to the right with / positions (equalling [x/2¹]). A

|R| circular shift to the left with / positions is written as x «< i, with | R| the number of bits involved in the shift.

[0064] In Boolean masking, a sensitive variable x is split into S shares x^[0] to x^{[s 1]}, so that the

XOR of the shares results in the original variable x (i.e. x = x^©x^ © ... ©x^^-1!). The notation x^w denotes the value of the /^1h share of a masked variable x and x^{[ I} denotes the value of x while explicitly making clear that x is masked by splitting x in two or more shares. As such, the value x^{[ I} will not be physically represented in a secure implementation, and is only implicitly present by combining the different shares.

[0065] One can perform Boolean operations on a Boolean masked variable: z^H =x^{[ I}θy^H is calculated by a XOR operation on the corresponding shares as z^w = x^w θ y^w. An AND operation with an unmasked variable z^{[ I} = x^{[ I} & m is calculated by applying m to each share individually z^w = x^[/] & m. Similarly, shifts, rotations and concatenations on a Boolean masked variable are applied to each share individually.

[0066] In arithmetic masking a sensitive variable x is masked by splitting x into a plurality of S shares x⁽⁰⁾ to x^(s-1) so that the sum of the shares modulo a given integer q equals the sensitive value (x< ) = _x(o) _{+ x}(i) _moc| qj /\_s before one denotes with x^w the /^1h share of a masked variable, and with x^{( )} the value of x while stressing that this value is not physically present in the implementation.

[0067] Arithmetic masking allows for easy computation of arithmetic operations. A sum z^{( )} = x⁽ + y can be calculated by summing y to the zero^th share of x^{( 1} (i.e., z⁽⁰⁾ = x⁽⁰⁾ + y and z^w=x^w for other shares). Multiplication with an unmasked constant is performed on each share individually (i.e., z^{( )} = c-x^{( )} can be calculated as z^w = c-x^w). Concatenation, flooring and rounding are calculated on each share individually. It is important to note that for arithmetic masking [x^J is not necessarily equal to [xj as the former is calculated on each share individually, while the latter is calculated on the unmasked variable. This also holds for rounding and concatenation.

[0068] Ideally, the shares of a masked variable look uniformly random and contain only information about the masked value, when all shares are combined. After some operations, the quality of the randomness of the shares may decrease, where the randomness is no longer uniformly random or where the shares contain additional information. In such case, one can perform a remasking operation to restore the quality of the sharing. To perform remasking, one adds randomness to the shares in such a way that the sensitive shared value is not changed. For example, given a masked sensitive variable (x^[0], x^[1]) one can use a uniformly random value R and calculate the new sharing (x^[0] θ R, x^[1] θ R). For three shares (x^[0], x^[1], x^PI) one could use the uniformly random values Ro and Ri to calculate (x^[0] θ Ro, x^[1] θ Ri, x^PI θ Ro θ Ri). If one combines the shares one can see that the sensitive value has not changed. However, clearly the randomness of the shares is again uniformly random.

[0069] In this invention a new strategy is presented to perform conversion between different types of masking and/or to calculate a function upon masked input data. Such an algorithm that maps in a secure way a first masked variable to a second masked variable is applied, for example, in the context of an A2B conversion or a masked comparison. Generic example of secure mapping

[0070] A basic example of the proposed secure mapping method is now provided. The goal is to map a sensitive masked input variable

to a masked output variable

according to a given mapping function. This basic example is then next illustrated with three instantiations.

[0071] The setup is performed as follows: a Boolean masked register is set up consisting of q masked bits, with q the number of distinct values that

can take (i.e., the arithmetic masking modulus of The bitwise representation of the register

f g contains all

zeroes except for the least significant bit which is equal to 1. The initial

can be unmasked (i.e.

= 0) or masked, where all shares look uniformly random but one has that (B^ =

= D-

[0072] The procedure depicted in Algorithm 1 comprises two operations : secure rotation of the register and a sharewise function operating on each share of the register individually.

In the secure rotation step the goal is to rotate the position of the 1 in

positions. Therefore, the output

of the secure rotation can be seen as a one-hot encoding of

where the 1 in the binary representation of

s on the

-th position. This needs to be done in a secure way, without directly computing on or revealing B

The result of this operation is that the register bitstring

is rotated with

positions, while never explicitly computing the values of and B

[0073] One method to implement the secure rotation is described in Algorithm 2: all shares of the register are rotated with positions. In this example all the register shares are then

remasked. These two steps are repeated for the other shares for i = {1, S — 1} as depicted in

Algorithm 2.

[0074] The postprocessing operation (SharewiseF) aims at extracting the requested information from the one-hot encoding of

in the register

as obtained from the previous operation. This operation thus depends on the (mapping) function that needs to be computed. Importantly, this operation is performed on each share individually and is as such inherently secure.

First instantiation

[0075] In a first instantiation an arithmetically masked sensitive value

with masking modulus q is considered together with a public list of values M. The goal is to check if

while performing this operation in the protected masked domain (i.e. without directly computing on D^). More specifically,

is a sensitive value split into S shares D

with mod q, such

that each share looks uniformly random. It is to be checked if

ε M without explicitly combining any shares of

[0076] To achieve this functionality, the sharewise function (Algorithm 3) aims at extracting the requested information (i.e. whether M) from the one-hot encoding of in the register

as obtained from the secure rotate operation. Importantly, this sharewise function is performed on each share individually and is as such inherently secure. For each share of all bits on bit

positions m that have a value in the public list of values (i.e. m ε M) are extracted. These values are XOR'ed together and put on the zeroth position of the register

All other values of the register shares are set to zero. The result of this operation is that

[0077] Fig.l depicts the operations as presented above in the masked domain, that is, the real operations as performed in this first instantiation on the register shares and Fig.2 depicts the corresponding unmasked values

of the register. Remember tha

t but that the value of

is never explicitly present in the processing device and is never directly calculated upon to preserve security. Note that Fig.2 only serves as an illustration of the impact of the operations, the values depicted in Fig.2 are unmasked and thus unsecure, and should not be present in any implementation. In this example there are two shares (S’ = 2), an arithmetic masking modulus q = 16, and a public list of values M = {0,1, 2, 3}. The input value

= 3. The figure depicts the two operations performed on the register

[0078] As explained above, the first operation (SecureRotate) in this instantiation rotates the register with

= 3 positions. Due to the remasking, also provided in this example, the individual shares look uniformly random after this first operation (see Fig.l), but the value of B

(see Fig.2) is indeed rotated with 3 positions. One thus has a one-hot encoding of

in the register

Then for each share all bit positions in the public list (i.e., positions 0,1, 2, 3 in this example) are XOR'ed together and copied to the least significant bit of the register

As a result, the 1 is kept if

s in the list M, while the 1 is discarded if is not in the list M.

[0079] An example of a possible implementation of the secure rotate operation is given in

Fig.3. In the case depicted in Fig.3 there are three shares for the input

and the register

The secure rotation operation involves a rotation of the shares of B

In this particular example then follows a remasking step where the shares are XOR'ed with randomness in a specific pattern. These two steps are then repeated for the other shares of

Second instantiation

[0080] In a second instantiation the goal is to implement an arithmetic to Boolean (A2B) conversion. That is to convert the input

into an output B

where The difference

between

is arithmetically masked and

Boolean masked. Again, this operation is to be performed in the protected masked domain without revealing information about The setup is performed exactly as in the first instantiation : a masked register with q bits is

set up, with

= 1. As before the procedure comprises of two operations: secure rotation of the register followed by postprocessing on each share of the register

individually.

[0081] The secure rotation proceeds as explained before. The difference between both methods is in the postprocessing, i.e. the SharewiseF function (see Algorithm 4). For each share of the register the following is done: for i going from 0 to q-1, the bit is taken and multiplied with i, and

the results are all XOR'ed together. More specifically, for each share

one calculates

= The result is that

is Boolean masked.

This is due to the fact that

This means that for all bits where B equals zero, the shares of B

cancel each

other out, and for the bit where R[.] = 1, the value / is kept. As B

is 1 at the

)-th position, one has that B^ = DT). Fig.4 provides an illustration of the computations performed in this instantiation. First the secure rotation is performed. Note that also in this example the optional (but preferred) remasking is performed. Next the postprocessing step is carried out as specified in Algorithm 4.

Third instantiation

[0082] The previous instantiation can be generalized to the computation of B^ as a function

, , is arithmetically masked while B^ is Boolean masked. The same procedure is adopted as in the first example, with the same setup and same secure rotate operation. The second operation (see Algorithm 5) is extended to calculate

• /(i) instead of B^^sl1^

• i. This results in B

f( ) for the same reasons as explained for the second example: the f(i) corresponding to = 0 are cancelled out and the f

corresponding to B^ [i] = 1 is the only one that remains.

Generic Example wherein chunks are used

[0083] The approach adopted in the simple examples above is typically not efficient for large values of q, as it requires an equally large register size |B|. Therefore, some adaptation is needed to allow the modulus q of the input coefficient

to be bigger than the register size |B|.

[0084] The size of the inputs, and thus the minimal size of the register, is reduced by splitting the input coefficients j_n several smaller chunks using a split function. These smaller chunks are

then processed iteratively, starting with the least significant chunk. Note that the chunks are not independent as the arithmetic masking entails that there are carries to be propagated from the less significant chunk to the more significant chunks. Algorithm 6 illustrates a possible implementation of the updated secure mapping algorithm. A high level overview of this algorithm is also given in Fig.5. The figure shows the split into (L+l) chunks, which are next processed separately, starting with a secure rotate operation. For each chunk a SharewiseF operation and a PropagateR operation are performed. The latter takes care of the calculation of a new value of the register to be used as input in the following chunk. The outputs of the SharewiseF function for all chunks are then combined, share by share.

[0085] An example implementation of the split function is given in Algorithm 7. For a given list of moduli

the input

is split into L+l chunks, where the chunk has possible

values. As an example, for powers of two, this Split function splits the binary representation

of the shares of into parts of bitlength log(pt).

[0086] More in detail, the new secure mapping starts with a register

with a size of at least

- S, with S the number of shares of

The register is still initialized as before, where

= 1. Then the secure rotate operation is performed as before with

(i.e., the first chunk of In previous examples, the secure rotation was calculated as

=

mod q, where the modular operation appears due to the limited size of the register |B | = q. In the present case, the register

s rotated with

(i)mod |B|, but

1 this is the same as rotating with

without any modular reduction. This means that after secure rotation, the 1 in the value B^ is shifted with

positions.

[0087] The position of the one in the register can now be described as a function of two components: the value of the chunk,

^m°d Po and the carry that needs

to be propagated to the next chunk.

[0088] As an example, for p = 2³, the binary representation of the sum of the least significant shares might for example be 0010 or 1010. In both cases, the value of the chunk equals 010, as it is the result modulo p. The carry in the first case is 0, while in the second case, there is a carry 1 that needs to be propagated to the next chunk. However, the exact value of this carry is sensitive as one can derive information about

from it, and thus the carry needs to be propagated in a secure way.

[0089] After the SecureRotate, there are two algorithms to extract information from the rotated register B^: PropagateR, which calculates a new value o

to be used as input register in the next iteration, and SharewiseF, which as before calculates a certain output function from the register. The implementation of these algorithms depends on the mapping function that one wants to implement. The SecureRotate, PropagateR and SharewiseF are iteratively executed for each chunk, except for the last chunk where there is no need to calculate the PropagateR algorithm. As a last step, the different outputs of the SharewiseF are combined in the Combine algorithm.

Fourth instantiation

[0090] In this case study the goal of the second instantiation given above is revisited. That is, one wants to calculate

such that B =

and is Boolean masked. To achieve this an

algorithm is proposed to convert a chunk from the arithmetic domain to the Boolean domain. Then a method is proposed to securely propagate the carries between the chunks. [0091] After the SecureRotate, the register contains information about the value of the chunk,

^m°d Po and the carry that needs to be propagated to the next

chunk.

[0092] The value of the chunk in the Boolean masked domain can be calculated using the method of the above-discussed third instantiation, which implements any function f. In this case the function is f(x) = x mod p, which for both examples

= 0010 and 1010 from above would result in the output 010 as intended. This algorithm is given in Algorithm 8 and depicted in Fig.6. The figure illustrates the secure rotation followed by a calculation of the value of the chunk in a sharewise fashion as specified in Algorithm 8.

[0093] To propagate the carry, a register

should be output that holds a one-hot encoding of the carry. That is, for a carry c, one wants the 1 to be at position c in the register. Note that as before, the individual shares look uniformly random, and the position of the 1 is never directly revealed or computed upon. When using this register as an input to the next iteration, the register already has an initial rotation with c steps, and is additionally rotated with steps. This

means that the 1 in the next iteration ends up at position c , thus taking into account the

carry. To put the carry in the right position, the register is divided in parts of p bits. The first p bits correspond to carry 0 (in an example with p = 2³, this corresponds to values 0000 to 0111), the second p bits correspond to carry 1 (in this example this corresponds to values 1000 to 1111), and so on. Then all bits in the first part are XOR'ed together and placed at the zeroth location (corresponding to carry 0) in the output register. This is repeated for each part, where the bits from the i^th part (corresponding to carry c) are placed in the c^th bit of the register. As before, this operation is performed on each share individually. The resulting algorithm is given in Algorithm 9.

[0094] After all chunks are processed, the outputs of the SharewiseF algorithm are consolidated in the Combine algorithm as given in Algorithm 10. This algorithm constructs the output To illustrate this algorithm, if all pi are powers of two, Combine

effectively performs a bitwise concatenation (i.e.,

[0095] To summarize, the input is partitioned into chunks, and each chunk is processed

individually starting from the least significant bit. The register = 1 is setup. For each chunk a

secure rotate operation with the chunk value is performed, then the chunk value is converted to Boolean masking and finally a new register

is calculated which contains a one-hot encoding of the carry. This register is then used as input of the next iteration. In the last iteration, there is no need anymore to prepare the output register, and secure rotation and the sharewise chunk value to Boolean masking conversion are performed. Moreover, this conversion can possibly be performed with a larger p, as there is no more need to calculate a carry value. The value of p in the last iteration is denoted p_L and has the condition that

[0096] This approach can be generalized to calculating a wide variety of functions as in the third example, by applying a function on the chunk value calculation.

Fifth instantiation

[0097] As another example the following is considered. Similar to the register size reduction for arithmetic to Boolean reduction (see the second example), register size reduction can be performed for the case illustrated in the first example. Remember that the goal in the first example was to check

G M, without revealing information about

In the example to be elaborated now the goal is the same, but one wants to reduce the register size.

[0098] As above, the input is divided into chunks using the same split

algorithm as before (Algorithm 7) and the chunks are processed iteratively starting from the least significant chunk. Additionally, one has to divide the condition list M into equivalent conditions per chunk Such a division of M is only feasible for a subset of possible lists M and not for any

possible list M. However, for a typical use case where q and pt are powers of two, and where the condition M specifies the allowed values on individual bits in the bitwise representation of the input, such a division is always possible. [0099] One starts with one 1 in the register If a chunk is valid (i.e the 1 is

propagated to the next iteration, with the 1 being on the position of the carry value as in the fourth instantiation. However, if a chunk is not valid (i.e , the 1 is not propagated and a register

= 0 is propagated. Note that the register

is zero in this case, but the shares of the register are still uniformly random to protect the sensitive information. Once the register equals zero

it remains zero throughout the algorithm. At the end the result of

G M is given by the presence or absence of the 1 in the register.

[0100] Such a functionality can be achieved as described in Algorithm 6, with helper functions as described in Algorithms 11 to 13. Note that for all but the last chunk, the SharewiseF function is irrelevant and thus not executed, as all relevant information is contained in the updated register

In the last iteration, there is no carry that needs to be propagated. However, the main idea of the last iteration remains the same as in previous iterations: if the 1 is still present and if the last chunk is valid (i.e. the one is propagated to the zeroth location of the output. Algorithm 12 gives a

possible implementation of this functionality. The Combine function then trivially passes the result of this last SharewiseF function as the output as depicted in Algorithm 13.

Generic example of working with an array of inputs

[0101] Instead of working with inputs that are individual variables, one can extend the secure mapping technique to allow inputs that are masked lists or vectors. The idea remains largely the same: all coefficients of the list (or vector) are split into chunks. Then one iterates over all coefficients and for each coefficient over all chunks, executing SecureRotate followed by the PropagateR and

SharewiseF algorithm.

[0102] A change compared to the previous examples is that in the last iteration of each coefficient one now does update the register

, which is then used as register for the processing of the next coefficient. A generic example of this functionality is given in Algorithm 14. The general flow of the operations is depicted in Fig.7, wherein now an index / is used to indicate the coefficients. It is possible to generalize this algorithm further by allowing different values of chunk sizes for

each coefficient, and by allowing different instantiations of the PropagateR and SharewiseF algorithms for different coefficients and/or chunks.

Sixth instantiation [0103] In yet another example the first example and the fifth example are revisited. The aim is to check if

corresponds to the conditions given by M. However, in this case D is a list of N values that need to be checked and M a list that contains conditions on each of these N values. It needs to be checked if 6 Mj. In essence, this case performs the method from the fifth

example iteratively for each coefficient. This means that each is divided into chunks and

similarly the chunk conditions are calculated. Then an iteration over all coefficients is carried out,

wherein the same operations as in the fifth example are performed. The output register of one iteration is used as input register in the next iteration.

[0104] A typical application of the approach presented above is the A2B conversion, which is a useful building block for masked implementations of cryptographic algorithms. The approach presented above can also be used to make building blocks specific to masking of lattice-based encryption. Two building blocks for lattice-based encryption are now further discussed: masked comparison of the (uncompressed) recomputed ciphertext with the input ciphertext in the already mentioned Fujisaki-Okamoto transformation and an algorithm for extraction of the most significant bit(s) of a variable used during decryption. They have both already been addressed in the simple examples explained previously in this detailed description. Both functionalities can be achieved using the proposed method by choosing the appropriate input parameters, as will be detailed below.

[0105] The comparison is an essential part of the Fujisaki-Okamoto transformation. The goal of this comparison is to validate the input ciphertext against a recomputed ciphertext. More specifically, the goal is to check if the input ciphertext equals the recomputed ciphertext. In typical applications the input ciphertext is additionally compressed, while the recomputed ciphertext is still uncompressed. In a masked scenario, this compression step is generally expensive. The method according to this invention can be used to perform both the compression and the validation step of this comparison.

[0106] The first input to the comparison is the input ciphertext, which comprises two arrays of numbers (B, C), with coefficients modulo p and t, respectively. The second input is an uncompressed recomputed masked ciphertext , both with coefficients modulo q. The

comparison then should return true if and only if:

This condition can be rewritten as:

where the 1/2 terms are used to convert the rounding operation in a flooring operation. Another way to write the same condition is:

[0107] To achieve that goal, the framework of the sixth example as discussed above is used, using appropriately chosen values for

and M. For p, q and t powers of two, such a function can be instantiated by calculating the list with coefficients

as :

and the list of accepted values M is prepared as: M = [0, — , qlp — 1] for coefficients corresponding to the B array and M = [0, ... , q/t — 1] for coefficients corresponding to the C array.

[0108] For q a prime number, there are two options, namely a straightforward approach which needs a large register, or first converting the coefficients to powers of two. In the first option, the coefficients of the masked uncompressed ciphertext are used as input :

and the values of M are chosen as: for the coefficients of and {k | [t/q .

= Cj} for the coefficients of

In this first option, no chunks are used (i.e., L=0 and p=q= | R| ). A downside of this approach is the large size of the register required.

[0109] The second option to perform masked comparison with prime moduli q is to compute the compression for each share individually. Ideally for this option, p and t are powers of two, which means that after compression the modulus is also a power of two. The method consists of calculating the list with coefficients D * as:

°

where the division is calculated for each share individually. The problem is that this would result in an infinitely long bitstring due to the fractional part. However, it has been shown sufficient to take into account a certain number of bits f > log₂(S’) + log₂ with S the number of shares, to

obtain the correct output. One ends up with the following inputs :

where the flooring operation is taken on each share of separately and not on the

underlying masked variable (and equally so for the calculation of The arithmetic

masking moduli are then

p

. f f

2^f and t • 2^f , for the coefficients o respectively. The list

of accepted values M is prepared as: M = [0, ... , 2^f — 1] for all coefficients. Using this setup, one can select L>1 and the chunk moduli pt as powers of two to obtain an efficient algorithm with limited register size.

[0110] The same method can also be used to securely implement the A2B conversion in lattice-based encryption schemes. This is typically a special version of the A2B conversion where one is only interested in the most significant bit of the result for q a power of two, or in the more general case whether the input

is in the interval or not. To find the most significant bit of

a number in case of a power of two modulus, one inputs

with the modulus q equal to the arithmetic sharing modulus and M = [q/2, ... , q — 1].

[0111] Again, a similar technique can be performed for prime moduli. To do this, one converts to a power-of-two modulus using the expression :

where, as before, the flooring is calculated for each share separately, and with modulus q = ¹ and

condition M = . Due to the multiplication with 2^⁺¹ and addition of S correctness is

preserved even in the presence of flooring errors.

[0112] Now some embodiments are discussed wherein the algorithms as described above are provided with additional features that allow for an efficient implementation for performing the masked comparison and A2B conversion on a variety of computing platforms. First possible tweaks in software implementations are considered and then parallelization possibilities are explored, which are typically more useful in hardware implementations.

[0113] Looking back at Algorithm 3, the calculation of

requires a XOR of all bits at positions corresponding to elements of M. For a fixed M in a hardware environment, this can be implemented very efficiently using the description given before. For software implementations or when a varying M is considered, other ways of computing might be more optimal. An alternative way to calculate fi

is as follows:

where parity() is the parity function that outputs 1 if there are an uneven number of ones in the input bitstring, and 0 otherwise; and where F is a mask determined by the condition list M. On some compute platforms the parity function might be available as an instruction, on other platforms one can use an optimized implementation of this function.

[0114] A similar approach can be taken to compute the unity function for A2B conversion as in Algorithm 4. To compute the i^th bit of the result, one can compute:

with Fi the appropriate mask. For example, F_o = 010101 ... 01; F_t = 00110011 ... 0011; and F₂ = 00001111 ... 00001111.

[0115] Depending on the function f that needs to be computed, a similar approach as above might be applicable to optimize Algorithm 4. Similarly, one could rewrite Algorithms 8, 9, 11 and 12 using the parity function technique.

[0116] The algorithms presented above typically consume random bits, especially in the SecureRotate function. To reduce the number of random bits consumed by the algorithm, one can reuse the randomness used in the SecureRotate step. Randomness to execute the SecureRotate function can then be generated one time, and reused for follow-up executions of this function. This allows a significant reduction of the randomness consumed to only the number of random bits needed to perform one iteration of the SecureRotate function, while maintaining some security guarantees.

[0117] The proposed algorithm is inherently serial, as the output of the previous chunk is necessary to start the calculations on the next chunk. This might be a bottleneck for the masked comparison operation as used in lattice-based cryptography as described above. In such a scenario one has typically an input array that has between 768 and 1280 coefficients that need to be validated. In some embodiments therefore a parallel implementation on n 'cores' with minimal overhead can be made.

[0118] At the start, one divides the array in n arrays of approximately /n elements.

These sub-arrays are then validated separately on the n cores, which results in n outputs to

Each of these outputs is a Boolean masked bit representing the result of the comparison of

the corresponding sub-array ( = 1 if the corresponding sub-array was valid, and 0 if it was

invalid).

[0119] To combine these registers, one can use the fact that one Boolean masked bit is essentially an arithmetic masked bit modulo 2. To combine

another iteration of the masked array verification is performed with these inputs:

with arithmetic masking modulus 2, R and M = 1. The result of these choices is an output that is 1 if both

and were 1, and 0 otherwise.

[0120] Taking a step back one can see that in this case the method of the invention is used to construct a masked AND gate on Boolean masked bits. By applying this AND gate on all F

one ends up with an output containing the result of the masked comparison. [0121] In a serial implementation, given | ^| coefficients and L chunks for each coefficient, the masked comparison takes L

| iterations. In the parallelized method one additionally has to perform n — 1 iterations to combine the sub-array which increases the cost only slightly to (L +

1) • | ) | + n — 1 iterations.

[0122] In some embodiments of the invention it was assumed that the register size |R| was equal to the arithmetic masking modulus q. This allowed implicitly computing the modulus q operation on the position of the one in the register computed as mod q due to the wrap

around of the register at position q. However, in some applications it might be more natural to use other register sizes.

[0123] While the register size should be at least q when no chunks are used, it can in some circumstances be chosen larger. One option is to choose |R| > q - S, in which case there is no wraparound of the 1 in the register. This means that no information is lost, or equivalently that the modulus q operation is not performed and that the 1 is shifted with

positions. One can then easily compensate for the missing mod q operation in the SharewiseF function. The idea is that the SharewiseF can be computed on the bits 0, ..., q-1 as before, but additionally also on the bit ranges q, ..., 2q-l up to (S-l)q, ..., Sq-1. The results of these functions can then be combined sharewise using an exclusive OR operation. Note that in this case the rotate operation can be equivalently computed as a shift operation. This equivalency of the rotate and the shift operation is also the case for the embodiments discussed above where |R| > q - S is chosen as default in order to determine carry information.

[0124] Another option to increase the register size is to choose |R| = k • q, in which case it is possible to mimic the modulus q by preprocessing the register before the SecureRotate using the formula « (q • i), or by using the regular register R and compensating for the fact that the modulus is k • q instead of q during the SharewiseF and PropagateR functions, similar to the method explained before.

[0125] The method proposed in this invention is advantageously performed on a programmable device equipped with processing means adapted to perform the various steps of the method. As explained above, basically two basic steps are needed to implement the method, i.e., a secure rotation and next some bitwise operations. During the secure rotation one needs to be able to cycle the register an arbitrary amount of positions and perform a XOR operation on the register with randomness. Cycling the register is readily available in software as a register shift, and in the case where qij = |R|, one can use the build-in circular shift operation to perform the shift. These operations are also easily build-in hardware. The bitwise operations are essentially just a simple binary circuit to XOR a selection of the register bits and copy them to a specific location. This is especially easy to implement in hardware, where one can build a specific circuit for this operation. In software, for generalized choices of q and p this is more cumbersome. However, when working with power-of-two values of q and ranges of p that align to powers of two, one can perform specific operations.

[0126] In preferred embodiments the device is a Field Programmable Gate Array (FPGA).

Alternatively, the method can be implemented on an ASIP/domain specific processor, i.e. a processor with a dedicated, application-specific architecture designed to be optimal for performing the method as described above.

[0127] Apart from software applications, one can also consider hardware implementations, e.g., on an ASIC.

[0128] While the invention has been illustrated and described in detail in the drawings and foregoing description, such illustration and description are to be considered illustrative or exemplary and not restrictive. The foregoing description details certain embodiments of the invention. It will be appreciated, however, that no matter how detailed the foregoing appears in text, the invention may be practiced in many ways. The invention is not limited to the disclosed embodiments.

[0129] Other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the indefinite article "a" or "an" does not exclude a plurality. A single processor or other unit may fulfil the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. A computer program may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems. Any reference signs in the claims should not be construed as limiting the scope.

Claims

Claims

1. Computer-implemented method for securely mapping a first variable performing a first masking of an underlying first secret value to a second variable performing a second masking of an underlying second secret value, wherein said first masking splits said first variable into a first plurality of shares, and wherein said second masking splits said second variable into a second plurality of shares, the method comprising setting up a third variable masking an underlying secret register, said third masking splitting said secret register into a third plurality of shares, said underlying secret register containing all logical zero bits except for at most a single logical one bit, and performing the steps of : performing a first operation on said third variable, said first operation corresponding to a rotation or shift of said secret register with a number of positions related to said shares of said first variable, yielding an updated third variable, performing a second operation to calculate one or more values for shares of said second variable from a corresponding individual share of said updated third variable.

2. Method for securely mapping as in claim 1, wherein said first operation comprises one or more remasking operations.

3. Method for securely mapping as in any of the previous claims, wherein said first operation corresponds to a rotation or shift of said secret register with a number of positions that corresponds to the sum of the shares of the first variable modulo the size of said masked register.

4. Method for securely mapping as in any of the previous claims, wherein said first variable is chopped into two or more chunks, each chunk having a lower number of possible values than said first variable and wherein the steps of the method are performed chunk by chunk, starting with the least significant chunk.

5. Method for securely mapping as in any of the previous claims, wherein a third operation is performed to calculate a further update of said updated third variable, said further update serving as masked register in the iteration for a next chunk or for a next coefficient.

6. Method for securely mapping as in claim 4 or 5, wherein at least said first operation is performed for each chunk and said second operation is performed at least in the iteration for the last chunk.

7. Method for securely mapping as in any of claims 4 to 6, comprising a step of combining outputs of said second operation for two or more of said chunks.

8. Method for securely mapping as in any of claims 5 to 7, wherein performing said third operation comprises determining a carry that needs to be propagated to a next chunk.

9. Method for securely mapping as in any of the previous claims, wherein said first variable after said first masking is a coefficient of a masked vector or list comprising a plurality of coefficients and the steps of the method are iteratively performed for each coefficient of said masked vector or list individually.

10. Method for securely mapping as in any of the previous claims, wherein said first masking is an arithmetic masking and said second masking is a Boolean masking.

11. Method for securely mapping as in claim 10, wherein said underlying first secret value is the same as said underlying second secret value.

12. Method for securely mapping as in any of claim 1 to 10, wherein said underlying second secret value is a function of said underlying first secret value.

13. Method for securely mapping as in any of the previous claims, wherein said first variable is divided into two or more arrays, wherein for each array a different secret register is used and wherein said first and second operations are performed per array in parallel.

14. Method for securely mapping as in any of the previous claims, where said second or third operation(s) are calculated using one or more subfunctions that perform a bitwise AND operation followed by a parity calculation.

15. Device for securely mapping a first variable performing a first masking of an underlying first secret value to a second variable performing a second masking of an underlying second secret value, wherein said first masking splits said first variable into a first plurality of shares, and wherein said second masking splits said second variable into a second plurality of shares, said device comprising processing means arranged to set up a third variable masking an underlying secret register, said third masking splitting said secret register into a third plurality of shares, said underlying secret register containing all logical zero bits except for at most a single logical one bit, and to perform for said masked first variable a first operation on said third variable, said first operation corresponding to a rotation or shift of said secret register with a number of positions related to said shares of said first variable, yielding an updated third variable, and a second operation to calculate one or more values for shares of said second variable from a corresponding individual share of said updated third variable.