Optimized Threshold Implementations: Minimizing the Latency of Secure Cryptographic Accelerators

  • Dušan BožilovEmail author
  • Miroslav Knežević
  • Ventzislav Nikov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11833)


Threshold implementations have emerged as one of the most popular masking countermeasures for hardware implementations of cryptographic primitives. In this work, we first provide a generic construction for \(d+1\) TI sharing which achieves the minimal number of output shares for any n-input Boolean function of degree \(t=n-1\) and for any d. Secondly, we demonstrate the applicability of our results on a first-order and second-order \(d+1\) low-latency PRINCE implementation.


Threshold implementations PRINCE SCA Masking 



We would like to thank Amir Moradi and Tobias Schneider for providing us with HDL code of PRINCE TI presented in [14]. Also we would like to thank the reviewers for helping us to improve the paper.


  1. 1.
    Banik, S., et al.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. Springer, Heidelberg (2015). Scholar
  2. 2.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference, January 2011.
  3. 3.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014). Scholar
  4. 4.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold implementations of all \(3 \times 3\) and \(4 \times 4\) S-boxes. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 76–91. Springer, Heidelberg (2012). Scholar
  5. 5.
    Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). Scholar
  6. 6.
    Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012). Scholar
  7. 7.
    Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test Vector Leakage Assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference (2013)Google Scholar
  8. 8.
    Groß, H., Iusupov, R., Bloem, R.: Generic low-latency masking in hardware. IACR Trans. Cryptogr. Hardw. Embed. Syst.-TCHES 2, 1–21 (2018)Google Scholar
  9. 9.
    Gross, H., Mangard, S.: Reconciling \(d+1\) masking in hardware and software. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 115–136. Springer, Cham (2017). Scholar
  10. 10.
    Groß, H., Mangard, S., Korak, T.: Domain-oriented masking: compact masked hardware implementations with arbitrary protection order. In: Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016, Vienna, Austria, p. 3, October 2016Google Scholar
  11. 11.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). Scholar
  12. 12.
    Knežević, M., Nikov, V., Rombouts, P.: Low-latency encryption – is “Lightweight = Light + Wait”? In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 426–446. Springer, Heidelberg (2012). Scholar
  13. 13.
    Moos, T., Moradi, A., Schneider, T., Standaert, F.X.: Glitch-resistant masking revisited - or why proofs in the robust probing model are needed. IACR Trans. Cryptogr. Hardw. Embed. Syst.-TCHES 2, 256–292 (2019)Google Scholar
  14. 14.
    Moradi, A., Schneider, T.: Side-channel analysis protection and low-latency in action. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 517–547. Springer, Heidelberg (2016). Scholar
  15. 15.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold Implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). Scholar
  16. 16.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C.W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24(2), 322–345 (2011). Scholar
  17. 17.
    Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). Scholar
  18. 18.
    Reparaz, O., Gierlichs, B., Verbauwhede, I.: Fast leakage assessment. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 387–399. Springer, Cham (2017). Scholar
  19. 19.
    Ueno, R., Homma, N., Aoki, T.: A systematic design of tamper-resistant Galois-field arithmetic circuits based on threshold implementation with (d + 1) input shares. In: 2017 IEEE 47th International Symposium on Multiple-Valued Logic (ISMVL), pp. 136–141 (2017)Google Scholar
  20. 20.
    Ueno, R., Homma, N., Aoki, T.: Toward more efficient DPA-resistant AES hardware architecture based on threshold implementation. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 50–64. Springer, Cham (2017). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Dušan Božilov
    • 1
    • 2
    Email author
  • Miroslav Knežević
    • 1
  • Ventzislav Nikov
    • 1
  1. 1.NXP SemiconductorsLeuvenBelgium
  2. 2.COSIC KU Leuven and imecLeuvenBelgium

Personalised recommendations