Threshold Implementation in Software

Case Study of PRESENT
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10815)

Abstract

Masking is one of the predominantly deployed countermeasures in order to prevent side-channel analysis (SCA) attacks. Over the years, various masking schemes have been proposed. However, the implementation of Boolean masking schemes has proven to be difficult in particular for embedded devices due to undisclosed architecture details and device internals. In this article, we investigate the application of Threshold Implementation (TI) in terms of Boolean masking in software using the PRESENT cipher as a case study. Since TI has proven to be a proper solution in order to implement Boolean masking for hardware circuits, we apply the same concept for software implementations and compare it to classical first- and second-order Boolean masking schemes. Eventually, our practical security evaluations reveal that amongst all our considered implementation variants only the TI can provide first-order security while all others still exhibit detectable first-order leakage.

Keywords

Side-channel analysis Boolean masking Threshold Implementation t-test Micro-controller AVR PRESENT 

Notes

Acknowledgments

The work described in this paper has been supported in part by the German Federal Ministry of Education and Research BMBF (grant nr. 16KIS0602 VeriSec).

References

  1. 1.
    Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44709-1_26CrossRefGoogle Scholar
  2. 2.
    Atmel: 8-bit AVR Microcontroller with 16K Bytes In-System Programmable Flash, Rev. 1142E-02/2003Google Scholar
  3. 3.
    Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.-X.: On the cost of lazy engineering for masked software implementations. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 64–81. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-16763-3_5CrossRefGoogle Scholar
  4. 4.
    Bayrak, A.G., Regazzoni, F., Novo, D., Brisk, P., Standaert, F.-X., Ienne, P.: Automatic application of power analysis countermeasures. IEEE Trans. Comput. 64(2), 329–341 (2015)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: A low-entropy first-degree secure provable masking scheme for resource-constrained devices. In: Proceedings of the Workshop on Embedded Systems Security, WESS 2013, Montreal, Quebec, Canada, 29 September–4 October 2013, pp. 7:1–7:10. ACM (2013)Google Scholar
  6. 6.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Tokareva, N., Vitkup, V.: Threshold implementations of small S-boxes. Crypt. Commun. 7(1), 3–33 (2015)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74735-2_31CrossRefGoogle Scholar
  8. 8.
    Canright, D., Batina, L.: A very compact “perfectly masked” S-box for AES. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 446–459. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68914-0_27CrossRefGoogle Scholar
  9. 9.
    Carlet, C., Goubin, L., Prouff, E., Quisquater, M., Rivain, M.: Higher-order masking schemes for S-boxes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 366–384. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34047-5_21CrossRefGoogle Scholar
  10. 10.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_26CrossRefGoogle Scholar
  11. 11.
    Coron, J.-S., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 28–44. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74735-2_3CrossRefGoogle Scholar
  12. 12.
    Francillon, A., Rohatgi, P. (eds.): CARDIS 2013. LNCS, vol. 8419. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08302-5CrossRefGoogle Scholar
  13. 13.
    Fumaroli, G., Martinelli, A., Prouff, E., Rivain, M.: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 262–280. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19574-7_18CrossRefGoogle Scholar
  14. 14.
    Genelle, L., Prouff, E., Quisquater, M.: Secure multiplicative masking of power functions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 200–217. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13708-2_13CrossRefGoogle Scholar
  15. 15.
    Genelle, L., Prouff, E., Quisquater, M.: Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 240–255. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-23951-9_16CrossRefGoogle Scholar
  16. 16.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side channel resistance validation. In: NIST Non-invasive Attack Testing Workshop (2011)Google Scholar
  17. 17.
    Goudarzi, D., Rivain, M.: How fast can higher-order masking be in software? In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 567–597. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56620-7_20CrossRefMATHGoogle Scholar
  18. 18.
    Grosso, V., Prouff, E., Standaert, F.-X.: Efficient masked S-boxes processing – a step forward. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 251–266. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-06734-6_16CrossRefGoogle Scholar
  19. 19.
    Grosso, V., Standaert, F.-X., Prouff, E.: Low entropy masking schemes, revisited. In: Francillon and Rohatgi [12], pp. 33–43Google Scholar
  20. 20.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_27CrossRefGoogle Scholar
  21. 21.
    Kutzner, S., Nguyen, P.H., Poschmann, A.: Enabling 3-share threshold implementations for all 4-bit S-boxes. In: Lee, H.-S., Han, D.-G. (eds.) ICISC 2013. LNCS, vol. 8565, pp. 91–108. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-12160-4_6CrossRefGoogle Scholar
  22. 22.
    Kutzner, S., Nguyen, P.H., Poschmann, A., Stöttinger, M.: Minimizing S-boxes in hardware by utilizing linear transformations. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 235–250. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-06734-6_15CrossRefMATHGoogle Scholar
  23. 23.
    Kutzner, S., Nguyen, P.H., Poschmann, A., Wang, H.: On 3-share threshold implementations for 4-bit s-boxes. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 99–113. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40026-1_7CrossRefGoogle Scholar
  24. 24.
    Kutzner, S., Poschmann, A.: On the security of RSM - presenting 5 first- and second-order attacks. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 299–312. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-10175-0_20CrossRefGoogle Scholar
  25. 25.
    Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage squeezing countermeasure against high-order attacks. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 208–223. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21040-2_14CrossRefGoogle Scholar
  26. 26.
    Mangard, S., Oswald, E., Popp, T.: Poweranalysis Attacks - Revealing the Secrets of Smart Cards. Springer, New York (2007).  https://doi.org/10.1007/978-0-387-38162-6CrossRefMATHGoogle Scholar
  27. 27.
    Moradi, A., Guilley, S., Heuser, A.: Detecting hidden leakages. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 324–342. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-07536-5_20CrossRefGoogle Scholar
  28. 28.
    Moradi, A., Wild, A.: Assessment of hiding the higher-order leakages in hardware. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 453–474. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48324-4_23CrossRefMATHGoogle Scholar
  29. 29.
    Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: Rosenstiel, W., Thiele, L., (eds.) 2012 Design, Automation and Test in Europe Conference and Exhibition, DATE 2012, Dresden, Germany, 12–16 March 2012, pp. 1173–1178. IEEE (2012)Google Scholar
  30. 30.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A side-channel analysis resistant description of the AES S-box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005).  https://doi.org/10.1007/11502760_28CrossRefGoogle Scholar
  32. 32.
    Papagiannopoulos, K., Veshchikov, N.: Mind the gap: towards secure 1st-order masking in software. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 282–297. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-64647-3_17CrossRefGoogle Scholar
  33. 33.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24(2), 322–345 (2011)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Prouff, E., Rivain, M.: A generic method for secure Sbox implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77535-5_17CrossRefGoogle Scholar
  35. 35.
    Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-23951-9_5CrossRefGoogle Scholar
  36. 36.
    Rivain, M., Dottax, E., Prouff, E.: Block ciphers implementations provably secure against second order side channel analysis. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 127–143. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-71039-4_8CrossRefGoogle Scholar
  37. 37.
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_28CrossRefGoogle Scholar
  38. 38.
    Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04138-9_13CrossRefMATHGoogle Scholar
  39. 39.
    Sasdrich, P., Moradi, A., Güneysu, T.: Affine equivalence and its application to tightening threshold implementations. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 263–276. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-31301-6_16CrossRefGoogle Scholar
  40. 40.
    Schneider, T., Moradi, A.: Leakage assessment methodology. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48324-4_25CrossRefGoogle Scholar
  41. 41.
    Schramm, K., Paar, C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208–225. Springer, Heidelberg (2006).  https://doi.org/10.1007/11605805_14CrossRefGoogle Scholar
  42. 42.
    Ye, X., Eisenbarth, T.: On the vulnerability of low entropy masking schemes. In: Francillon and Rohatgi [12], pp. 44–60Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT-SecurityRuhr-Universität BochumBochumGermany

Personalised recommendations