## Section: New Results

### Vectorizing Higher-Order Masking

Participants : Benjamin Grégoire, Kostas Papagiannopoulos [Radboud University] , Peter Schwabe [Radboud University] , Ko Stoffelen [Radboud University] .

The cost of higher-order masking as a countermeasure against side-channel attacks is often considered too high for practical scenarios, as protected implementations become very slow. At Eurocrypt 2017, we have proposed the bounded moment leakage model to study the (theoretical) security of parallel implementations of masking schemes. In this work we show how the NEON vector instructions of larger ARM Cortex-A processors can be exploited to build much faster masked implementations of AES based on the bounded moment model. This work is described in publication [18].