Advertisement

A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile—and Why It Is Not

  • Cong ChenEmail author
  • Mohammad Farmani
  • Thomas Eisenbarth
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10031)

Abstract

This work explores the possibilities for practical Threshold Implementation (TI) with only two shares in order for a smaller design that needs less randomness but is still first-order leakage resistant. We present the first two-share Threshold Implementations of two lightweight block ciphers—Simon and Present. The implementation results show that two-share TI improves the compactness but usually further reduces the throughput when compared with first-order resistant three-share schemes. Our leakage analysis shows that two-share TI can retain perfect first-order resistance. However, the analysis also exposes a strong second-order leakage. All results are backed up by simulation as well as analysis of actual implementations.

Keywords

Threshold implementation Paired t-test Lightweight cryptography FPGA 

Notes

Acknowledgments

This work is supported by the National Science Foundation under grant CNS-1261399 and grant CNS-1314770.

References

  1. 1.
    Aysu, A., Gulcan, E., Schaumont, P.: SIMON says: break area records of block ciphers on FPGAs. IEEE Embed. Syst. Lett. 6(2), 37–40 (2014)CrossRefGoogle Scholar
  2. 2.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptology ePrint Arch. 2013, 404 (2013)Google Scholar
  3. 3.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Trade-offs for threshold implementations illustrated on AES. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 34(7), 1188–1200 (2015)CrossRefzbMATHGoogle Scholar
  4. 4.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45608-8_18 Google Scholar
  5. 5.
    Bilgin, B., Daemen, J., Nikov, V., Nikova, S., Rijmen, V., Assche, G.: Efficient and first-order DPA resistant implementations of Keccak. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 187–199. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-08302-5_13 Google Scholar
  6. 6.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 267–284. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-06734-6_17 CrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_31 CrossRefGoogle Scholar
  8. 8.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28632-5_2 CrossRefGoogle Scholar
  9. 9.
    Canright, D.: A very compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). doi: 10.1007/11545262_32 CrossRefGoogle Scholar
  10. 10.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_26 Google Scholar
  11. 11.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_26 Google Scholar
  12. 12.
    Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference (2013). http://icmc-2013.org/wp/wp-content/uploads/2013/09/goodwillkenworthtestvector.pdf
  13. 13.
    Coron, J.-S., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 28–44. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_3 CrossRefGoogle Scholar
  14. 14.
    Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04138-9_20 CrossRefGoogle Scholar
  15. 15.
    De Cnudde, T., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with \(d+1\) shares in hardware. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 194–212. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53140-2_10 CrossRefGoogle Scholar
  16. 16.
    Ding, A.A., Chen, C., Eisenbarth, T.: Simpler, Faster, and More Robust T-test Based Leakage Detection. In: Constructive Side-Channel Analysis and Secure Design - 7th International Workshop, COSADE 2016, Graz, Austria, April 14–15, 2016, Revised Selected Papers, pp. 163–183. http://dx.doi.org/10.1007/978-3-319-43283-0_10 Google Scholar
  17. 17.
    Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85174-5_12 CrossRefGoogle Scholar
  18. 18.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A Testing Methodology for Sidechannel Resistance Validation. Non-Invasive Attack Testing Workshop (2011). http://www.cryptography.com/public/pdf/a-testing-methodology-for-side-channel-resistance-validation.pdf
  19. 19.
    Kavun, E.B., Yalcin, T.: RAM-based ultra-lightweight FPGA implementation of PRESENT. In: 2011 International Conference on Reconfigurable Computing and FPGAs (ReConFig), pp. 280–285. IEEE (2011)Google Scholar
  20. 20.
    Kirschbaum, M., Popp, T.: Evaluation of a DPA-resistant prototype chip. In: Computer Security Applications Conference, ACSAC 2009, Annual, pp. 43–50, December 2009Google Scholar
  21. 21.
    Kutzner, S., Nguyen, P.H., Poschmann, A., Wang, H.: On 3-share threshold implementations for 4-Bit S-boxes. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 99–113. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40026-1_7 CrossRefGoogle Scholar
  22. 22.
    Leiserson, A.J., Marson, M.E., Wachs, M.A.: Gate-level masking under a path-based leakage metric. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 580–597. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_32 Google Scholar
  23. 23.
    Moradi, A., Mischke, O.: How far should theory be from practice? In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 92–106. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33027-8_6 CrossRefGoogle Scholar
  24. 24.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20465-4_6 CrossRefGoogle Scholar
  25. 25.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). doi: 10.1007/11935308_38 CrossRefGoogle Scholar
  26. 26.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C.W., Wang, H., Ling, S.: Side-Channel resistant crypto for less than 2,300 GE. J. Cryptology 24(2), 322–345 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47989-6_37 CrossRefGoogle Scholar
  28. 28.
    Reparaz, O., Sinha Roy, S., Vercauteren, F., Verbauwhede, I.: A masked ring-LWE implementation. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 683–702. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48324-4_34 CrossRefGoogle Scholar
  29. 29.
    Rolfes, C., Poschmann, A., Leander, G., Paar, C.: Ultra-lightweight implementations for smart devices – security for 1000 gate equivalents. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 89–103. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85893-5_7 CrossRefGoogle Scholar
  30. 30.
    Schneider, T., Moradi, A.: Leakage assessment methodology – a clear roadmap for side-channel evaluations. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48324-4_25 CrossRefGoogle Scholar
  31. 31.
    Shahverdi, A., Taha, M., Eisenbarth, T.: Silent simon: a threshold implementation under 100 slices. In: 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 1–6, May 2015Google Scholar
  32. 32.
    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of the Conference on Design, Automation and Test in Europe - vol. 1, DATE 2004, p. 10246 (2004). http://dl.acm.org/citation.cfm?id=968878.969036

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  • Cong Chen
    • 1
    Email author
  • Mohammad Farmani
    • 1
  • Thomas Eisenbarth
    • 1
  1. 1.Worcester Polytechnic InstituteWorcesterUSA

Personalised recommendations