To address the vulnerability of Gaussian elimination (GE) in multivariate and code-based post-quantum digital signatures to side-channel attacks, this paper proposes the first masked GE algorithm supporting arbitrary-order masking—including back-substitution—while ensuring both security and practicality. Our contributions are: (1) a unified masking framework eliminating costly conversions between Boolean and multiplicative masking; (2) efficient masked back-substitution and unmasking procedures; (3) formal security proof under the t-probe model and design of lightweight, customized masking operators; and (4) an Arm Cortex-M4-optimized implementation compatible with major NIST PQC candidates—UOV, MAYO, and SNOVA. At NIST Security Levels I, III, and V, masked GE for UOV incurs only ~15.2× overhead; MAYO exhibits 1.2× higher randomness consumption and 2.3× greater computational cost than UOV.

Digital signature schemes based on multivariate- and code-based hard problems are promising alternatives for lattice-based signature schemes, due to their small signature size. Gaussian Elimination (GE) is a critical operation in the signing procedure of these schemes. In this paper, we provide a masking scheme for GE with back substitution to defend against first- and higher-order attacks. To the best of our knowledge, this work is the first to analyze and propose masking techniques for multivariate- or code-based DS algorithms. We propose a masked algorithm for transforming a system of linear equations into row-echelon form. This is realized by introducing techniques for efficiently making leading (pivot) elements one while avoiding costly conversions between Boolean and multiplicative masking at all orders. We also propose a technique for efficient masked back substitution, which eventually enables a secure unmasking of the public output. All novel gadgets are proven secure in the $t$-probing model. Additionally, we evaluate the overhead of our countermeasure for several post-quantum candidates and their different security levels at first-, second-, and third-order, including UOV, MAYO, SNOVA, QR-UOV, and MQ-Sign. Notably, the operational cost of first-, second-, and third-order masked GE is 2.3$ imes$ higher, and the randomness cost is 1.2$ imes$ higher in MAYO compared to UOV for security levels III and V. In contrast, these costs are similar in UOV and MAYO for one version of level I. We also show detailed performance results for masked GE implementations for all three security versions of UOV on the Arm Cortex-M4 and compare them with unmasked results. Our masked implementation targeting UOV parameters has an overhead of factor 15.1$ imes$, 15.2$ imes$, and 15.4$ imes$ compared to the unprotected implementation for NIST security level I, III, and V.