Advertisement

Higher-Order Masking Schemes for Simon

  • Jiehui Tang
  • Yongbin ZhouEmail author
  • Hailong Zhang
  • Shuang Qiu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9543)

Abstract

Open image in new window is a highly optimized lightweight block cipher designed by the U.S. National Security Agency (NSA) and it is considered a promising candidate for resource-constrained embedded applications. Previous analysis results show that its unprotected implementations are vulnerable to side-channel attack (SCA). Thus, for its implementations on embedded platforms, protection against side-channel attacks must be taken into account. Up to now, several masking schemes were presented for Open image in new window . However, those schemes just provide resistance against the first-order SCA and can be broken in practice by second-order or higher-order SCA. In order to deal with those attacks, higher-order masking is needed. The existing higher-order masking schemes were mainly designed for block ciphers based on s-box, invalid for Open image in new window . Therefore it is necessary to design higher-order masking schemes for Open image in new window . In this paper, we present two higher-order boolean masking schemes for the software implementations of Open image in new window . The first is based on the famous ISW scheme proposed at Crypto 2003, and the second is based on the design principle similar to the masking scheme proposed by Coron et al. at FSE 2013. The two proposals are proven to achieve \(d^{th}\)-order SCA security in the probing model and they are shown to have a reasonable implementation cost on 8-bit AVR platforms by the evaluation of implementation efficiency.

Keywords

Open image in new window Side Channel Attack Higher-Order Boolean Masking 

Notes

Acknowledgments

This work was supported in part by National Natural Science Foundation of China (Nos. 61472416, 61272478 and 61170282), National Key Scientific and Technological Project (No.2014ZX01032401-001), Strategic Priority Research Program of the Chinese Academy of Sciences (Nos. XDA06010701 and XDA06010703).

References

  1. 1.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. Siam J. Comput. 18(1), 291–304 (1985)MathSciNetzbMATHGoogle Scholar
  3. 3.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Canright, D.: A very compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Hong, D., et al.: HIGHT: a new block cipher suitable for low-resource device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 46–59. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Kim, H.S., Hong, S., Lim, J.: A fast and provably secure higher-order masking of AES S-Box. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 95–107. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Genelle, L., Prouff, E., Quisquater, M.: Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 240–255. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Genelle, L., Prouff, E., Quisquater, M.: Montgomery’s trick and fast implementation of masked AES. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 153–169. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  16. 16.
    Reparaz, O., Gierlichs, B., Verbauwhede, I.: Selecting time samples for multivariate DPA attacks. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 155–174. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Carlet, C., Goubin, L., Prouff, E., Quisquater, M., Rivain, M.: Higher-order masking schemes for S-Boxes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 366–384. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Ray, B., Douglas, S., Jason, S., Stefan, T.-C., Bryan, W., Louis, W.: The SIMON and SPECK Families of Lightweight Block Ciphers. Cryptology ePrint Archive, Report. /404 (2013). http://eprint.iacr.org/
  19. 19.
    Coron, J.-S., Prouff, E., Rivain, M., Roche, T.: Higher-order side channel security and mask refreshing. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 410–424. Springer, Heidelberg (2014)Google Scholar
  20. 20.
    Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 441–458. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  21. 21.
    Bhasin, S., Graba, T., Danger, J.L., Najm, Z.: A look into SIMON from a side-channel perspective. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust, pp. 56–59. IEEE Press, Arlington (2014)Google Scholar
  22. 22.
    Shanmugam, D., Selvam, R., Annadurai, S.: Differential power analysis attack on SIMON and LED block ciphers. In: Chakraborty, R.S., Matyas, V., Schaumont, P. (eds.) SPACE 2014. LNCS, vol. 8804, pp. 110–125. Springer, Heidelberg (2014)Google Scholar
  23. 23.
    Coron, J.-S., Großschädl, J., Vadnala, P.K.: Secure conversion between boolean and arithmetic masking of any order. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 188–205. Springer, Heidelberg (2014)Google Scholar
  24. 24.
    Shahverdi, A., Taha, M., Eisenbarth, T.: Silent SIMON: A Threshold Implementation under 100 Slices. Cryptology ePrint Archive, Report 2015/172 (2015). http://eprint.iacr.org/

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Jiehui Tang
    • 1
    • 2
  • Yongbin Zhou
    • 1
    Email author
  • Hailong Zhang
    • 1
  • Shuang Qiu
    • 1
    • 2
  1. 1.State Key Laboratory of Information SecurityInstitute of Information Engineering, Chinese Academy of SciencesBeijingChina
  2. 2.University of Chinese Academy of SciencesBeijingChina

Personalised recommendations