Skip to main content
SpringerLink
Log in

Efficient and secure software implementations of Fantomas

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

In this paper, the efficient software implementation and side-channel resistance of the LS-Design construction are studied through a series of software implementations of the Fantomas block cipher, one of its most prominent instantiations. Target platforms include resource-constrained ARM devices like the Cortex-M3 and M4, and more powerful processors such as the ARM Cortex-A15 and modern Intel platforms. The implementations span a broad range of characteristics: 32-bit and 64-bit versions, unprotected and side-channel resistant, and vectorized code for NEON and SSE instruction sets. Our results improve the state of the art substantially, in terms of both efficiency and compactness, by making use of novel algorithmic techniques and features specific to the target platform. We finish by proposing and prototyping instruction set extensions to reduce by half the performance penalty of the introduced side-channel countermeasures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

Notes

  1. https://github.com/rafajunio/fantomas-x86.

  2. https://www.cryptolux.org/index.php/FELICS.

References

  1. Aciiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, ASIACCS’07, pp. 312–320. ACM, New York, NY, USA (2007)

  2. Altera. Nios ii processor reference handbook (2016)

  3. Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S., Yalçin, T.: PRINCE—a low-latency block cipher for pervasive computing applications—extended abstract. In: Wang, X., Sako, K. (eds.) Advances in Cryptology—ASIACRYPT 2012—18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2–6, 2012. Proceedings, Volume 7658 of Lecture Notes in Computer Science, pp. 208–225. Springer (2012)

  4. Bernstein, D.J.: Cache-timing attacks on AES (2004). http://cr.yp.to/papers.html#cachetiming

  5. Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.: On the cost of lazy engineering for masked software implementations. In: CARDIS, Volume 8968 of Lecture Notes in Computer Science, pp. 64–81. Springer (2014)

  6. Barker, E., Kelsey, J.: NIST SP 800-90A—recommendation for random number generation using deterministic random bit generators (2012)

  7. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007, 9th International Workshop, Vienna, Austria, September 10–13, 2007, Proceedings, Volume 4727 of Lecture Notes in Computer Science, pp. 450–466. Springer (2007)

  8. Bernstein, D.J., Lange, T.: eBACS: ECRYPT Benchmarking of Cryptographic Systems. http://bench.cr.yp.to (2016)

  9. Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, Yokohama, Japan, October 10–13, 2006, Proceedings, Volume 4249 of Lecture Notes in Computer Science, pp. 201–215. Springer (2006)

  10. Cruz, R.J., Aranha, D.F.: Efficient software implementations of Fantomas. In: 16th Brazilian Symposium on Information and Computer Systems Security (SBSeg 2016), pp. 212–225 (2016)

  11. Canteaut, A., Duval, S., Leurent, G.: Construction of lightweight s-boxes using feistel and MISTY structures. In: Dunkelman, O., Keliher, L. (eds.) Selected Areas in Cryptography—SAC 2015—22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, Revised Selected Papers, Volume 9566 of Lecture Notes in Computer Science, pp. 373–393. Springer (2015)

  12. Dinu, D., Corre, Y.L., Khovratovich, D., Perrin, L., Großschädl, J., Biryukov, A.: Triathlon of lightweight block ciphers for the internet of things. Cryptology ePrint Archive, Report 2015/209. http://eprint.iacr.org/ (2015)

  13. Dinu, D., Perrin, L., Udovenko, A., Velichkov, V., Großschädl, J., Biryukov, A.: Design strategies for ARX with provable bounds: Sparx and LAX. In: Cheon, J.H., Takagi, T. (eds.) Advances in Cryptology—ASIACRYPT 2016—22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4–8, 2016, Proceedings, Part I, Volume 10031 of Lecture Notes in Computer Science, pp. 484–513 (2016)

  14. Daemen, J., Rijmen, V.: The Design of Rijndael: AES—The Advanced Encryption Standard. Information Security and Cryptography. Springer, Berlin (2002)

    Book  Google Scholar 

  15. Fog, A.: Instruction tables: list of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD and VIA CPUs. http://www.agner.org/optimize/instruction_tables.pdf, version published on 08 Oct 2018. (2016)

  16. Grosso, V., Laurent, G., Standaert, F., Varici, K., Durvaux, F., Gaspar, L., Kerckhof, S.: CAESAR candidate SCREAM side-channel resistant authenticated encryption with masking. http://2014.diac.cr.yp.to/slides/leurent-scream.pdf (2015)

  17. Grosso, V., Laurent, G., Standaert, F., Varici, K., Durvaux, F., Gaspar, L., Kerckhof, S.: SCREAM side-channel resistant authenticated encryption with masking. https://competitions.cr.yp.to/round2/screamv3.pdf (2015)

  18. Grosso, V., Leurent, G., Standaert, F., Varici, K.: Ls-designs: Bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) Fast Software Encryption—1st International Workshop, FSE 2014, London, UK, March 3–5, 2014. Revised Selected Papers, Volume 8540 of Lecture Notes in Computer Science, pp. 18–37. Springer (2014)

  19. Intel. Quartus prime standard edition handbook volume 1—design and synthesis (2017)

  20. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) Advances in Cryptology—CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17–21, 2003, Proceedings, Volume 2729 of Lecture Notes in Computer Science, pp. 463–481. Springer (2003)

  21. Journault, A., Standaert, F.: Very high order masking: efficient implementation and security evaluation. In: CHES, Volume 10529 of Lecture Notes in Computer Science, pp. 623–643. Springer (2017)

  22. Journault, A., Standaert, F.-X., Varici, K.: Improving the security and efficiency of block ciphers based on LS-designs. Des. Codes Cryptogr. 82(1–2), 495–509 (2017)

    Article  MathSciNet  Google Scholar 

  23. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) Advances in Cryptology—CRYPTO’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, Volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer (1999)

  24. Kocher, P.C.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems. In: Koblitz, N., (ed.), Advances in Cryptology—CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18–22, 1996, Proceedings, Volume 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer (1996)

  25. Leander, G., Minaud, B., Rønjom, S.: A generic approach to invariant subspace attacks: cryptanalysis of robin, iSCREAM and Zorro. In: Oswald, E., Fischlin, M. (eds.) Advances in Cryptology—EUROCRYPT 2015—34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26–30, 2015, Proceedings, Part I, Volume 9056 of Lecture Notes in Computer Science, pp. 254–283. Springer (2015)

  26. Piret, G., Roche, T., Carlet, C.: PICARO—A block cipher allowing efficient higher-order side-channel resistance. In: Bao, F., Samarati, P., Zhou, J. (eds.) Applied Cryptography and Network Security—10th International Conference, ACNS 2012, Singapore, June 26–29, 2012. Proceedings, Volume 7341 of Lecture Notes in Computer Science, pp. 311–328. Springer (2012)

  27. Reparaz, O., Balasch, J., Verbauwhede, I.: Dude, is my code constant time? In: DATE, pp. 1697–1702. IEEE (2017)

  28. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F. (eds.) Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17–20, 2010. Proceedings, Volume 6225 of Lecture Notes in Computer Science, pp. 413–427. Springer (2010)

  29. Rodrigues, B., Quintão P., Fernando M., Aranha, D.F.: Sparse representation of implicit flows with applications to side-channel detection. In: Zaks, A., Hermenegildo, M.V. (eds.) Proceedings of the 25th International Conference on Compiler Construction, CC 2016, Barcelona, Spain, March 12–18, 2016, pp. 110–120. ACM (2016)

  30. Yarom, Y., Falkner, K.: FLUSH + RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: Fu, K., Jung, J. (eds.) Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20–22, 2014, pp. 719–732. USENIX Association (2014)

Download references

Acknowledgements

The first and last authors acknowledge financial support and access to the ARM MPS2 board by LG Electronics Inc. during the development of this research, under the project titled “Efficient and Secure Cryptography for IoT”. The second and third authors acknowledge financial support from Intel and FAPESP under the project “Secure Execution of Cryptographic Algorithms”, Grant 14/50704-7. We thank the anonymous reviewers for their comments.

Author information

Authors and Affiliations

  1. Institute of Computing, University of Campinas, Campinas, Brazil

    Rafael J. Cruz & Antonio Guimarães

  2. Department of Engineering, Aarhus University, Aarhus, Denmark

    Diego F. Aranha

Authors
  1. Rafael J. Cruz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Guimarães
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Diego F. Aranha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Diego F. Aranha.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cruz, R.J., Guimarães, A. & Aranha, D.F. Efficient and secure software implementations of Fantomas. J Cryptogr Eng 10, 211–228 (2020). https://doi.org/10.1007/s13389-019-00218-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-019-00218-2

Keywords

Search

Navigation