Abstract
This work explores the possibilities for practical Threshold Implementation (TI) with only two shares in order for a smaller design that needs less randomness but is still firstorder leakage resistant. We present the first twoshare Threshold Implementations of two lightweight block ciphers—Simon and Present. The implementation results show that twoshare TI improves the compactness but usually further reduces the throughput when compared with firstorder resistant threeshare schemes. Our leakage analysis shows that twoshare TI can retain perfect firstorder resistance. However, the analysis also exposes a strong secondorder leakage. All results are backed up by simulation as well as analysis of actual implementations.
Keywords
 Threshold implementation
 Paired ttest
 Lightweight cryptography
 FPGA
Download conference paper PDF
1 Motivation
Protecting cryptographic hardware against side channel analysis is a difficult task and usually incurs significant area overheads. Especially masking schemes aimed at hardware have been found to be flawed or prone to implementation errors that leave the countermeasure at least partially insecure [13, 20, 23].
Threshold Implementation (TI) has become a popular masking scheme for hardware implementations in the recent years, due to several advantages over competing schemes. Unlike secure logic styles [20, 32], it does not require a change of the design flow. TI is fairly simple to apply to a wide range of ciphers, and its implementation is not very errorprone, if a known set of requirements and best practices is followed. Another advantage is that TI actually keeps the promise of reliable firstorder sidechannel resistance. It also provides good protection against higherorder attacks [6, 24].
However, like most other masking schemes, TI incurs large area and time overheads, and often consumes huge amounts of randomness for remasking, which can make practical application cumbersome. So far the best results have an area overhead of approximately three while consuming at least two times the combined plaintext and key size of randomness per encryption. Such overheads—the significant increase in area as well as the need for a highperformance random number generator—make TI an expensive choice, too expensive for a broad range of practical applications. Reparaz et al. [27] generalized TI to provide protection against higherorder attacks. The work mentioned the feasibility of reducing the number of shares to \(d+1\), where d is the desired protection order, suggesting that two shares are sufficient for firstorder side channel protection. A first evaluation of using \(d+1\) shares for AES was performed by De Cnudde et al. in [15].
Our contribution. In this work we explore the practical implications of reducing the number of shares of threshold implementations to only two shares (2TI). Such a reduction of shares enables implementations that only incur an area overhead of two and at the same time can also reduce the need of minimally required randomness by a factor of two, making the incurred cost more bearable and thus allowing side channel protection for a much wider range of applications. Reducing the number of shares is easily possible by applying the noncompleteness requirement of TI at the bitlevel rather than the statelevel, as done by prevailing implementations.
While the feasibility of this approach has already been discussed in [27] and recently been practically verified in [15], this work explores the practical aspects, the benefits—and ramifications—of applying threshold implementation with only two shares to modern ciphers. Our case study focuses on applying 2TI on two lightweight block ciphers, Present [7] and Simon [2]. Lightweight ciphers are usually a good target for TI, as the algebraic depth of their nonlinear functions is usually low. Low algebraic depth allows for cheap and effective masking while keeping the need for additional randomness low. In fact, our designs do not require remasking during the round functions, while a comparable masked implementation of AES requires more than 8,000 fresh random bits during one block encryption [15].
Our study shows that twoshare TI is first order secure and also reduces the size of the sequential logic in hardware implementations. The 2TIconversion of nonlinear functions is more cumbersome and usually requires at least one additional pipeline stage, with negative impact on implementation size and/or performance. However, we also expose a strong secondorder leakage in both of the designs and argue that this is inherent to twoshare TI implementations. We show that these leakages exist both in the theoretical model and can also be quickly exposed by leakage detection tests. We validate the exploitability of the observed leakages by side channel key recovery attacks.
The remaining work is structured as follows: Relevant terminologies and methods are explained in Sect. 2. The theoretical discussion of twoshare TI is given in Sect. 3 and two practical implementations of Simon and Present are introduced in Sects. 4 and 5. Sections 6 and 7 present implementation results and the outcome of the leakage analysis and we conclude at Sect. 8.
2 Preliminaries
2.1 Lightweight Cryptography
For many embedded applications, area and hence power or energy minimal implementations of cryptography are highly desirable. This has led to a rich literature on hardwareminimal crypto cores, which often rely on the numerous proposed “lightweight” block cipher designs, such as Present, Katan, or Simon and Speck. These lightweight ciphers as well as the areaminimal implementations share one common characteristic: Serialization.
Serialized implementations are very common for minimizing area of hardware implementations at the expense of increased run time. Areacritical functions are identified and broken into subfunctions that can be applied repeatedly, in an iterative manner, to achieve the same outcome. A typical example for block ciphers is the Sbox layer, which due to its high nonlinearity usually is difficult to minimize in hardware. A classical areaoptimized implementation of an Sbox based cipher only features a single Sbox, which is iteratively applied to different parts of the intermediate state. All modern block ciphers support this vertical type of serialization by using a single Sbox (unlike DES which uses 8 different Sboxes). Similar techniques are also applied to decrease the size of large Sboxes (or in general functions of great algebraic complexity), by breaking them into subfunctions that are concatenated. Examples include implementations that compute the AES Sbox by exploiting tower field representations by Canright [9] or the Present Sbox into mappings of algebraic degree 2, which eases sidechannel protection and decreases the size, at the cost of doubling the computation time [26]. We will refer to this serialization as horizontal. While vertical serialization is determined by the cipher at implementation time (usually determined by the number of Sboxes), the exploitable horizontal serialization is determined by the algebraic complexity of the nonlinear layer.
Typical vertical serialization parameters for hardware minimal implementations are ranging from data path sizes of 8 bit for AES, 4 bit for Present down to 1 bit for e.g. Simon or Katan. That is, as little as one bit of the cipher state are updated per cycle. Serial data paths increase the latency of the crypto core significantly. However, they also allow to reduce the combinational logic of the crypto core to low singledigit percentages of the entire design [14, 29]. That means, in applications where the latency is not critical, the area of a cipher is almost entirely determined by the registers storing the key and state. As a result, significant areaimprovements can only be achieved by breaking the memory barrier, for example by externalizing key storage (cf. Ktantan [14]), or, for FPGAs, hiding state and key in dedicated bulk memory such as block RAMs [19] or shift registers [1]. Since the remainder of the work uses Present and Simon for proofofconcept implementations, we provide more details on these two ciphers here.
2.2 Present
Present is a hardwareoriented block cipher proposed in 2007, optimized for low area footprint [7]. It is a substitutionpermutation network featuring a \(4\times 4\) bit Sbox and a permutation layer consisting only of bit shifts, making it low cost in hardware. It features a block size of 64 bits and a key size of 80 or 128 bits, and has 31 rounds. Present has been optimized for many application scenarios, but the areaminimal implementations with a 4bit datapath. It has also been standardized as a lightweight cryptographic block cipher as ISO/IEC 291922:2012. Each round of Present cipher consists of three steps including a keyaddition layer, a substitution layer which is a nonlinear function, and a permutation layer. In the first step, the round key which is consisted of left most significant 64 bits of the key is xored with the 64bit current state. In the next step, the Present Sbox is used which is a nonlinear 4bit to 4bit function shown in the following table in hexadecimal notation.
x  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F 
S(x)  C  5  6  B  9  0  A  D  3  E  F  8  4  7  1  2 
The substitution layer can be performed with 16 parallel Sbox or using only one Sbox 16 times which depends on the application requirement. In the last step, the permutation is applied to all the 64bit data which is just a rewiring.
At the same time, the key is updated in the key schedule part. The key can be 80bit or 120bit; however we use 80bit key in this paper. In each round the 64 left most bits of the current key, \(k_{79}k_{78}k_{77} ... k_{17}k_{16}\), is used in addroundkey. After using the round key, the 80bit key register is updated by shifting, using Sbox, and xoring with roundcounter. More details about the specification of the Present is provided in [7].
2.3 Simon
Simon is a lightweight block cipher proposed by NSA in 2013 [2]. Simon implements a Feistel structure that accepts two nbit words as input plaintext, with \(n\in \{ 16, 24, 32, 48, 64\}\). For each input size 2n, Simon has a set of allowable key sizes ranging from 64 bits to 256 bits. The number of rounds in Simon ranges from 32 to 72 rounds. Simon128/128, which can be seen as a dropin replacement for AES128, accepts 128 bits of plaintext at a word size of 64 bits and 128 bits of key. It generates a ciphertext after 68 rounds. The Simon128/128 parameter set will be used throughout this work, though the implementation strategies apply to other parameter sets in a natural way.
We denote the input words of round i as \(l_i\) and \(r_i\). Then the output words are given as:
The upper index in \(l_i^s\) indicates left circular shift by s bits. The addition and the multiplication are in GF(2) and equivalent to bitwise XOR and AND operations, respectively. Given the initial key words \(k_0\) and \(k_1\) (and possibly \(k_2\) and \(k_3\), depending on the key size), which are also used as first round keys, the subsequent round keys are computed as:
where \(c_i\) is a round constant.
2.4 Masking
Masking is a common technique to prevent side channel leakage [10]. Sensitive states of a cryptographic implementation are split into shares by adding randomness. In an additive masking scheme, a variable x is split into s shares \(x_i\) with \(i\in \left\{ 0,1,\ldots ,s1\right\} \) by choosing \(x_{i>0}\) uniformly at random and \(x_0 = x+\sum _{i=1}^{s1}{x_i}\). These shares are then processed separately, ensuring that the sensitive state is never presented in the system, and—more importantly—that processed states are independent of the secret.
2.5 Threshold Implementation
Threshold Implementation (TI) was proposed by Nikova et al. [25] as a sidechannel countermeasure to address the common problem of glitches that resulted in leakage for many other theoretically sound countermeasure techniques when applied to hardware. The original proposal only deals with protection against firstorder sidechannel leakages. Threshold Implementation has found widespread adoption in the academic community: several implementations of symmetric [5, 6, 24, 26, 31] and even asymmetric crypto algorithms [11, 28] have been successfully protected with TI. Recently, TI has been expanded to protect against higherorder attacks as well [4], though potential pitfalls of the scheme in the multivariate setting have been pointed out and fixed in [27].
TI combines a set of three requirements with a constructive description of how to convert an algorithm into a sidechannel resistant implementation in the presence of glitches. Sensitive states are converted into a shared representation by applying an additive Boolean masking, i.e., adding randomness. Functions \(F(\cdot )\) are converted meeting the requirements of correctness, uniformity, and noncompleteness.

Uniformity requires all intermediate states (shares) to be uniformly distributed. Uniformity is intended to ensures the mean leakages to be stateindependent, a key requirement to thwart firstorder DPA. To ensure uniformity in a circuit it suffices to ensure uniformity for the output share of each function, as well as for the inputs of the circuit.

NonCompleteness requires subfunctions \(f_i\) of a shared function F to be independent of at least one input share for firstorder SCA resistance. That is, a function F(x) shall be split into subfunctions \(f_i(x_{j\ne i})\). This requirement was updated in [4] to require any d subfunctions to be independent of at least one input share to achieve dth order SCA resistance. Noncompleteness ensures that the final circuit is not affected by glitches. Since glitches can only occur in subfunctions \(f_i\), and each subfunction has insufficient knowledge to reconstruct a secret state (since it has no knowledge of at least one share \(x_i\)), no leakage can be caused by glitches.

Correctness simply states that applying the subfunctions to a valid shared input must always yield a valid sharing of the correct output.
In the classic approach, a function of algebraic degree t can be implemented using at least \(t+1\) input shares for first order sidechannel resistance, and \(td+1\) for dth order resistance [4, 27]. In practice, virtually all implementations try to keep the number of shares low, i.e. for first orderprotected designs at or close to 3. As a consequence, implementations of algebraically more complex functions need to be broken into algebraically simpler subfunctions. The described TI conversion always ensures correctness and noncompleteness. Uniformity can be either achieved by using more input shares or by adding randomness during the computation. As a result, many of the published implementations, in order to reduce the size of the circuit, consume lots of randomness, up to thousands of bits per encrypted block.
2.6 Leakage Detection
A side channel leakage detection method based on Welch’s ttest has been recently gaining popularity due to its simplicity, efficiency and reliability. The test procedures have been well studied in [12, 30] and is often referred to as Test Vector Leakage Assesment (TVLA) test. Unlike other attacks or leakage models used for key recovery, TVLA only returns a confidence level to reject the leakagefree hypothesis and fail the device under test. Essentially, a tstatistic is calculated using two sets of leakage samples as:
where A and B denote the two sets and \(N_j\) denotes the number of traces in set \(j \in \{A, B\}\). \(\mu _j\) and \(\sigma _j\) are the sample mean and sample variance respectively. The two sets of measurements are obtained with either fixed versus random plaintext (in a nonspecific ttest) or random versus random plaintext (in a specific ttest). In our work we use the nonspecific ttest since it does not depend on any intermediate value and power model. When the value of t exceeds a certain threshold, the null hypothesis can be rejected with a small Type I error probability p. In this paper, we follow the threshold of \(\pm 4.5\) used in [18, 22].
An improved methodology based on paired ttest was suggested in [16]. The test uses matched pairs from the two sets of measurements. The advantage of this methodology is that common noise to both measurements can be rejected, making the test much more robust to slow changes of operating points in long measurement campaigns. When n such pairs of measurements are obtained, we have n difference measurements \(D = L_A  L_B\) where \(L_A\) is a random variable representing samples from set A while \(L_B\) from set B. The paired difference cancels the noise variation and makes it easier to detect nonzero population difference. Now, the null hypothesis becomes mean difference \(\mu _D=0\) instead of \(\mu _A=\mu _B\). Let \(\bar{D}\) and \(s_D^2\) denote the sample mean and sample variances of the paired differences \(D_1\), ..., \(D_n\). The paired ttest statistic is calculated as:
The null hypothesis of nonleakage is also rejected if \(t_p\) exceeds the threshold of 4.5.
With respect to higher order leakage detection, the original traces should be preprocessed as explained in [30]. For example in a second order ttest, the traces  at each sample points independently  are mean free squared beforehand. Usually, the global mean of all samples at each time point is used. However, as suggested in [16], a moving average which is the average of neighboring traces around each trace is used instead to mitigate the environmental effects. In our experiments, we apply both tests, the classic TVLA test as well as the paired Ttest, the latter one with moving averages for higherorder analysis.
3 Threshold Implementation with Two Shares
While the constructive approach by Nikova et al. allows to implement any dth order algebraic functions in a straightforward way, actual implementations requiring to share functions of degree greater than 2 have put significant effort into keeping the number of shares as close as possible to three, which is perceived as the minimum possible to implement nonlinear functions, until [27]^{Footnote 1}. In particular, [21] discussed the efficient implementation of 4bit Sboxes with three shares. Similarly, the current TIs of AES utilize the algebraic structure of the AES Sbox and four [24] or variable with up to five shares [6] to implement the Sbox on a small area.
A natural question is: Why to stop at three shares? If small area is desirable, using similar techniques as the ones used by the above papers could enable TIs with just two shares, further reducing the area footprint as well as the need for randomness. This approach was already discussed in [27]. The approach is straightforward for the linear operations of an implementation, and has already been widely used in several TIs for those parts [3, 6, 11]. The simplest nonlinear operation is a simple twoinput and: \(c = ab\) which can be processed with two shares as
This equation is in violation of the common interpretation of the noncompleteness requirement, since \(c_2\) and \(c_3\) mix inputs from shares with different indices. However, noncompleteness is not violated as long as a and b are statistically independent.
Equation (5) suggests a 4share output, which is undesirable for a minimal implementation. To keep the number of shares low, the four shares \(c_i\) can be recombined in the next cycle, e.g. \(c_0' = c_0 + c_2\) and \( c_1' = c_1 + c_3\). However, since the recombination would violate noncompleteness, it must happen after a registerstage in the next clock cycle. In other words, a pipelining stage becomes necessary, increasing the register count and the delay of the output. The share proliferation gets worse for higherdegree algebraic functions, as stated in [27]. However, hardwareminimal implementations break higherorder algebraic functions into degreeminimal building blocks anyway, making share proliferation a theoretical concern only.
To also ensure uniformity and thus gain an implementable basic nonlinear building block, we implement \(z = ab+c\) in two pipeline stages as
Note that \(z_i'\) and \(z_i\) are computed in separate cycles. Conveniently, the \(z_i'\) and \(z_i\) are uniform. Furthermore, this computation order only needs to store 2 intermediate states (unlike Eq. (5)). However, this assumes that the inputs are available in two subsequent clock cycles, which is a valid assumption in many serialized implementations. Either way, the resulting pipelining of the nonlinear function increases area overhead of that function, and also introduces a latency according to the number of pipeline stages needed. Most of this latency can be hidden if the data path of the implementation is small enough.
3.1 Potential Pitfalls
Share rotation. In [26] it was suggested to rotate the shares in every step to achieve increased side channel resistance. With two shares, this is highly dangerous: if \(s_0\) overwrites \(s_1\), the resulting leakage is likely to depend on both shares, hence has a direct dependence on the secret itself. In general, any register updates must be handled with great care.
Increased Higherorder leakage. The observed higher order leakage can be explained by the significant dependende of the variance on the value of the share x. For a simple example we compare a 2sharing \(S_2\) and a 3sharing \(S_3\) of a bit x into \(S_2(x)=\left\langle x_0,x_1\right\rangle \) and \(S_3(x)=\left\langle x_0,x_1,x_2\right\rangle \) respectively. We further assume a Hamming weight (\(wt(\cdot )\)) leakage on the shares. Table 1 lists the possible states and the resulting means and variances for both sharings.
As proper TI sharings of x, the mean leakage \(\mu (S_i)\) is independent of the value of x. However, the variance of \(S_2\) depends on x, in particular \({{\mathrm{var}}}(S_2(x=0))=2\ne 0={{\mathrm{var}}}(S_2(x=1))\). This is not true for the 3sharing \(S_3\), where the variances in both cases are identical as well. This is a strong indication why 2sharings may have a strong secondorder leakage. This was also observed for partial 2share implementations in [3] and will be demonstrated for full 2share implementations in the analysis of our reference implementations in Sect. 7.
4 Application to Simon
Threshold Implementations of Simon with three shares have been proposed in [31] to counteract firstorder side channel attacks. Moreover, their bitserialized implementation only consumes 87 slices on Spartan3 xc3s50 FPGA which renders it the smallest threshold implementation of a block cipher. The authors also discussed how the requirement of noncompleteness shuts the door on a twoshare hardware implementation of Simon but not on software implementations.
In this section, we at first apply serialization technique in order to realize a twoshare TI Simon on hardware. The leakage detection analysis and implementation results will be presented in Sects. 6 and 7.
4.1 Simon with Two Shares
We follow the notation used in [31] to describe the cipher. The input plaintext is initially split into two shares as:
Where r and l represents the two input words, a and b denote two shares of the variables and subscript i indicates the round of encryption. m[p][1] and m[p][2] are two fresh random values that mask the plaintext in the very beginning of the algorithm and no more random numbers are needed for the rest operations. Then, the round function is denoted as:
Where the superscripts 1, 2, 8 on \(l[*]_i\) represent left circular shift by corresponding numbers of bits. (Notice that both addition and multiplication are in GF(2)). Obviously, the computations of \(l[a]_{i+1}\) and \(l[b]_{i+1}\), if directly mapped into combinational circuits, are not noncomplete since the two shares \(l[a]_i^8\) and \(l[b]_i^8\) are present in the same circuit and glitches may still cause leakage. We can serialize the above equations by enforcing them being executed in two steps rather than one. That is, we first compute the intermediate values \(l[a]_{i+1, int}\) and \(l[b]_{i+1, int}\) using only half of the terms in the equations as follows:
Then, the round outputs can be further calculated as:
The serialization not only retains both correctness and uniformity but achieves noncompleteness as well. In Eq. (9), the inputs \(r[a]_i\), \(l[a]_i^2\), \(r[b]_i\) and \(l[b]_i^2\) are all uniform and therefore the output intermediates are also uniform. Each function is independent of one share of every input and hence is noncomplete. Similarly, Eq. (10) also satisfies the three requirements. Correctness can be easily proved by substituting \(l[a]_{i+1, int}\) and \(l[b]_{i+1, int}\) with Eq. (9). The uniformity of inputs \(k[a]_i\) and \(k[b]_i\) makes the outputs uniform too. Moreover, each function is independent of one share of every input and thus the functions are noncomplete as well. One may argue that \(l[a]_i^1\) and \(l[b]_i^8\) (or \(l[b]_i^1\) and \(l[a]_i^8\)) are two shares of \(l_i\) with different rotations and may leak information of \(l_i\). However, the multiplication between them is in GF(2) and is equivalent with bitwise AND operation. Further, in order to ensure the noncompleteness, “Keep Hierarchy” property of synthesize tool (ISE with XST) is enabled to separate the LUTs for AND.
4.2 RoundBased Implementation
Figure 1 depicts the structure of a FPGA implementation which contains two copies of the same datapath which consists of two registers \(L_j\) and \(R_j\) and the combinational circuits for round functions. Specifically, two clock cycles are taken to process each round operation. In the first clock cycle, the round inputs are evaluated with Eq. (9) and then the intermediates are overwritten back into the registers as illustrated by the solid lines in the figure. Note that \(r[j]_{i+1}=l[j]_{i}\) is stored in \(R_j\) while \(l[a]_{i+1, int}\) is in \(L_j\). Then, in the second clock cycle, Eq. (10) is evaluated as shown by the dashed line but remember that since \(l[j]_{i}\) is now stored in \(R_j\) and hence no extra buffer is needed for it.
The sharing of key schedule is not presented here since it consists of linear operations only and is trivial to implement.
4.3 BitSerialized Implementation
In order to fairly compare with the bitserialized 3TI Simon introduced in [31] and achieve a even smaller size of Simon implementation, a bitserialized 2TI Simon is constructed as depicted in the Fig. 2 (Only one share is shown).
Our design originates from the FIFObased 3TI bitserialized in [31] but introduces new features in order for a 2TI architecture.
First of all, the round function is adjusted according to Eqs. 9 and 10. (Note that both equations are evaluated in bits instead of the whole word in this case.) Therefore, as shown in the LUT part of Fig. 2, a onebit register is inserted to hold the intermediate value \(l[a]_{i+1, int}\) so that \(l[a]_i^8\) and \(l[b]_i^8\) will not be combined to cause leakages mistakenly.
Second, due to the insertion of this register, it will take two clock cycles for LUT to perform round operation for each bit. However, by using pipeline technique, the overall throughput will not be scarified too much. In fact, the 2TI architecture processes all 64 bits within 65 clock cycles which is only one more than 3TI in [31]. In order to achieve this, the FIFOs and shifted registers are designed to work as following.

Initially, the 128bit block is stored in register #63, Shifted Registers Up (SRU) #62 to #55, FIFO_1 and FIFO_2.

Once Encryption started, the values are right shifted and in the mean time bits in register #63, #62 and #56 as well as bit 0 in FIFO_2 are fed into LUT for logic operation.

The output will be written back to Shifted Registers Down (SRD). Note that the valid outputs are generated since the second clock cycle. And then, after 64 clock cycles, the first 63 output bits are stored in Shifted Registers Down (SRD) #62 to #55, FIFO_1 and FIFO_2. In the last (65th) clock cycle, the final output bit will be written in register #63. Therefore, the whole round operation is done within 65 clock cycles.
5 Application to Present
In this section, we apply twoshare Threshold Implementation to the Present cipher. In [21], the authors presented the 3TI Present Sbox. To achieve this, they decomposed the nonlinear Sbox of degree 3 into the combination of two quadratic functions—G function—plus some linear functions, and then implement them with three shares. We follow their idea to use the same decomposition but then implement them with 2TI while still retaining uniformity, noncompleteness, and correctness. According to [21], the Sbox of Present can be decomposed as:
Where G(.), A, B, and the constant vectors of c, d are given as follows:
5.1 Present with Two Shares
A 2sharing scheme of G(.) can be expressed as follows546:
The above sharing satisfies both correctness and uniformity when the input shares are uniformly distributed. However, noncompleteness is not fulfilled since two shares of the same inputs are fed into the same functions in some of the above equations.
As before, we serialize the computations into two steps in order to achieve noncompleteness as illustrated in the following equations.
The superscript indicates the level of the circuit. Until now, we achieved a correct, noncomplete and uniform twoshare implementation of G(.). The conversion of the remaining linear operations is discussed next.
5.2 Hardware Implementation
As depicted in Fig. 3, in order to provide the noncompleteness to the design, we use registers to separate the two parts of the G. The second part of the shares (\(G_0^2\) and \(G_1^2\)) use not only the outputs of the first part of the shares (\(G_0^1\) and \(G_1^1\)) but also some of their inputs as well (depicted in Fig. 3). One 6bit register and two 4bit registers are used before the second part of the G module, to store the inputs \(x_0\), \(x_1\), \(z_0\), \(z_1\), \(w_0\), and \(w_1\); and the outputs of the first part of the G module, respectively.
In Fig. 4, the Sbox architecture is depicted which includes two G modules, and functions \(BX +c_0\) and \(AX +d_0\) for the first share as well as functions \(BX +c_1\) and \(AX +d_1\) for second share in which \(c_0 + c_1 = c\) and \(d_0 + d_1 = d\). Furthermore, due to noncompleteness, we use another row of registers in between two G(.) functions in the Sbox. One may argue that registers should also be inserted between nonlinear functions (e.g. G(.)) and linear functions (e.g. \(AX +d_0\)), since when they are merged the two shares of certain variables may be combined again which fails the noncompleteness requirement. While this is true in general cases, our design avoids this problem as \(G_0^2\) and \(G_1^2\) are both independent of one share of the inputs and hence any linear combination of \(g_{13}^2,g_{12}^2, g_{11}^2, g_{10}^2\) or \(g_{03}^2,g_{02}^2, g_{01}^2, g_{00}^2\) still satisfies noncompleteness.
Figure 5 shows the whole Present cipher with two shares. The design includes two control inputs namely key_load and data_load. If key_load is high, at the rising edge of the clock signal, the 80bit input key sharesKey A and Key B are copied to the registers Key A and Key B respectively. When the data_load signal is high, at the rising edge of the clock signal, 64 rightmost significant bits of the input shares (data_in A[63:0], data_in B[63:0]) are copied to state registers. It is worth mentioning that when the data_load is set, i.e. loading new two shares of plaintext into the state registers results in a reset of the state machine. That why this design does not have a reset signal. When the twoshare keys and twoshare plaintexts are loaded, both key_load and data_load must be set to zero. After that, it takes 31 rounds in order to Data_out A and Data_out B have a valid ciphertexts. In each round, the Sbox and permutation operations respectively operate the inputs to update the state registers for the next round. Considering the hardware design, each G(.) function needs one cycle and then every Sbox needs four clock cycles to compute table lookup. According to the Fig. 5, each 64bit input stored in the State register needs to use Sbox 16 times. Hence, it needs 4 clock cycles for the first Sbox due to its latency, plus 15 clock cycles for other 15 Sboxes in pipeline, also one more clock cycle for the permutation operation. Therefore, we need 20 cycles for each round of the Present cipher. Hence, we define another control signal, ‘counter’, in which it updates the state registers and Key registers after each 20 cycles. After each cycle of these 20 cycles, the state registers are shifted to the right by 4 bits and the four most significant bits of the state registers are replaced by the outputs of substitution and permutation network. The Present cipher has 31 rounds, hence a full encryption of a 64bit input takes 620 clock cycles. We also design an unprotected Present cipher to show the area overhead of the protected Present versus unprotected one as well as its impact on maximum frequency and throughput. The comparison results are shown in Table 2.
6 Implementation Results
Table 2 summarizes the overhead and performance of twoshare implementations of both ciphers. Note that we only implement Simon128/128 and Present64/80 as an example to show the advantage of twoshare scheme. All the designs are implemented in Verilog and synthesized for Virtex5 (xc5vlx50) or Spartan3 (xc3s50) using XST.
For roundbased Simon, we have three different implementations: unprotected, 2TI and 3TI. In terms of slice registers used, twoshare TI implementation costs twice as much as the unprotected one and one third less than the 3TI implementation. This is not surprising since increasing by one share will consume one more copy of registers to store the new share. Similarly, number of LUTs also increases. However, each round operation in 2TI costs double clock cycles and therefore the throughput is greatly reduced compared with the other two designs.
We also implement bitserialized 2TI Simon to compare with the currently smallest block cipher designs for FPGAs, as given in [1], as well as its firstorder protected 3TI version from [31]. As shown in Table 2, our 2TI design reduces the area overhead when compared to the 3TI by about 13 %, i.e., cannot quite reach the optimal reduction of 33 % due to the pipelining overhead and the unaffected control logic. Nevertheless, this yields the smallest firstorder protected block cipher design for FPGAs with the same parameters as AES128.
With respect to Present, we have three implementations: Unprotected, Regular 3TI, and the new 2TI Present. In terms of slice registers used, regular 3TI implementation used more than three times of the unprotected one. This is because we should use extra registers to guarantee the noncompleteness of firstorder resistant threeshare Present cipher. Also, twoshare implementation costs more than two times of unprotected Present because of the same reason mentioned before. Moreover, it is worth mentioning that the 2TI first order resistant implementation uses less registers than 3TI. For example, we use extra registers in G(.) function as explained in Sect. 5. These registers help reducing the critical path, which explains the speedup and resulting increase in throughput for 2TI Present.
7 Leakage Analysis
In this section, we extend the discussion of a strong secondorder leakage of twoshare TI scheme, which was already described in Sect. 3.1, using simulation based leakage and the measurements from our reference implementations.
7.1 Theoretical Analysis
First we discuss the strong secondorder leakage of twoshare TI scheme using twoshare Present Sbox lookup as a target, namely the keydependent intermediate value \(y = S(x \oplus k)\) where x, y, k are 4bit input plaintext, Sbox output and subkey receptively.
Synthetic samples and leakage model. First, we generate noise free synthetic leakage samples of the 2TI Present Sbox based on Hamming weight model. As shown in Sect. 5, a 2TI Sbox processes two shares (4 bits for each share) in parallel and hence we use the Hamming weight of both output shares (8 bits in total) as the synthetic leakage samples. Further, in order for a second order analysis, the synthetic data should be centerandthensquared. With respect to the leakage model, we use the Hamming weight of the regular Sbox output which equals the bitwise XOR between the two output shares in the 2TI Sbox.
Firstorder analysis. We perform firstorder nonspecific paired ttest on the synthetic data and attempt to exploit any leakage using classic CPA as well. For this purpose, 1 million synthetic leakage samples for random input plaintext are generated as well as another 1 million for fixed inputs. The result of ttest using the 2 million samples is shown in Fig. 6(a) where the t value is less than 2 as the number of traces (synthetic samples) increases to 2 million. Then, a classic firstorder CPA is performed on the 1 million samples associated with the random inputs using the abovementioned leakage model. The results in Fig. 6(b) shows the correct key cannot be distinguished from the wrong key hypotheses with as much as 1 million samples and the attacks fail.
Secondorder analysis. Then, we proceed with secondorder nonspecific paired ttest and CPA. For this purpose, 200 synthetic leakage samples for random input plaintext are generated as well as another 200 for fixed inputs. Figure 7(a) shows that t value exceed 4.5 with only a couple of hundreds of samples while classic CPA can recover the correct key with less than a hundred samples as shown in Fig. 7(b).
In summary, the theoretical analyses also show the firstorder resistance of 2TI scheme but reveals a strong secondorder leakage. This strong secondorder leakage is caused by the differing variances, as pointed out in Sect. 3.1. Note that we use perfect Hamming weight model for synthetic data without adding any noise. Hence, the CPA with a Hamming weight model can efficiently recover the key because it captures the leakage well. In fact, CPA on a perfect Hamming weight leakage is comparable to a profiled attack, in the absence of noise. But in the real world, actual leakages are more complex and CPA with Hamming weight model will not be as efficient as in this synthetic scenario. In the following we will conduct analysis on practical implementations to show this.
7.2 Practical Analysis
Next, we discuss the leakage analysis results for the twoshare implementations of roundbased Simon and Present. First, we apply the nonspecific paired ttest method from [16] to detect any datadependent leakage. Fixed (F) and random (R) measurements are interleaved using the FRRF pattern. Also, leakage detection tests are performed on roundbased 3TI Simon in order to compare with 2TI and show the firstorder leakage resistance of twoshare scheme. Then, classic CPA is performed in order to exploit the secondorder leakage detected by ttest and the results comply with the simulations in Sect. 7.1.
The analyzed implementations are ported into a Virtex5 xc5vlx50 FPGA on the SASEBOGII board clocked at 3 MHz. Measurements are taken using a Tektronix DPO5104 oscilloscope which collects measurements with sample rate of 100 MS/s. The oscilloscope features a FastFrame functionality that can capture encryptions in bulk and thus 10 million measurements for each implementation can be taken in several hours.
Roundbased 2TI Simon. For twoshare Simon implementation, 10 million measurements are collected, yielding 5 million fixedrandom pairs. Each measurement contains 5000 time samples, covering the 68 rounds of Simon. The firstorder paired ttest is performed using \(n=5000, 10000, 15000, \ldots \) pairs. Figure 8(a) shows the first order ttest result on the twoshare Simon. The maximum absolute t value across the 5000 time samples remains below the threshold of 4.5 with 10 million traces. We conclude that the twoshare Simon implementation is resistant against firstorder DPA and thus a validly implemented threshold implementation.
The results of the second order paired ttest are shown in Fig. 8(b). The step size is reduced to \(n=100, 200, \ldots \) to magnify the relevant area: The t value of the second order analysis grows beyond 4.5 with about 500 traces. That is, a second order leakage is detectable with just hundreds of traces.
Roundbased 3TI Simon. In order to practically compare the performance of 2TI and 3TI in resisting firstorder and secondorder leakage, the paired ttest is also applied to 10 million FRRF measurements from a roundbased 3TI Simon. Figure 9(a) shows similar result as in Fig. 8(a) and the t value is below the threshold of 4.5. The comparison shows again that the firstorder resistance of 2TI is solid as a 3TI. However, 3TI exhibits resistance against secondorder analysis as shown in Fig. 9(b) and the t value is still below 4.5 with 10 million traces. That is, given more than 1000x as many measurements as for the 2TI case, the leakage is just barely detectable. The results comply with the simulation analyses in Subsects. 3.1 and 7.1 and validate the weakness of 2TI.
2TI Present. As before, 10 million traces are captured for the twoshare Present implementation, and then analyzed using paired ttest. The first order tstatistic is still below 4.5 with 10 million measurements, as shown in Fig. 10(a). The second order tstatistics exceeds the threshold with about 6000 traces as shown in Fig. 10(b). Again, the results suggest that twoshare TI holds the promise of first order resistance, but fares terribly on the second order resistance.
Exploiting the Uncovered Leakages. In order to practically exploit this strong secondorder leakage, a classic CPA [6, 8, 10] is performed on the measurements (centerandthensquared) associated with the 5 million random plaintexts.
For 2TI Simon, the targeted operations occurred in the first clock cycle of the third round of encryption where shared values in registers \(L_a\) and \(L_b\) overwrite \(R_a\) and \(R_b\) respectively (see Fig. 1). The leakage model used is Hamming distance between registers L and R as in a plain or unprotected implementation. The reason why third round is chosen is because of the weak nonlinearity of single Simon round operation (only one AND) and attacking third round would relieve the effect of “ghost peaks” [8]. Moreover, in order to reduce the computational complexity, we follow the divideandconquer approach and only attack the most significant four bits in L and R which are dependent on 10 bits in \(k_0\) and 4 bits in \(k_1\). Therefore, \(2^{14}\) key hypotheses are required for the attack. To further reduce the complexity, we assume the knowledge of the relevant 4 bits in \(k_1\) is known and only 10 bits in \(k_0\) are aimed at to recover. Figure 11(a) shows the max correlation for each key hypothesis over the number of traces. The practical secondorder attack successfully recovers the correct key with more than 3 million measurements even though ghost keys still exist. Note that these results can be significantly improved by using a profiled attack, predicting more bits, and by using a pruning technique as e.g. done in [17], which is always an option for ciphers with a low algebraic depth per round. Nevertheless, the results validate the secondorder leakage of twoshare TI detected by the ttest and it can be practically exploited.
We also performed the same secondorder CPA on 5 million random traces (centerandthensquared) on 2TI Present, targeting at the Sbox output to exploit the leakage. Recall our 2TI Present in which the 64bit state registers are right rotated by 4 bits per clock cycle so that the least significant nibble is continuously fed into the Sbox lookup and output is written back to the most significant nibble after 4 clock cycles. Therefore, a Hamming distance leakage occurs between consecutive output nibbles. In this attack, we use the Hamming distance power model between the first two consecutive Sbox outputs which depends on the least significant key byte and thus \(2^8\) key hypotheses are required. The max correlations per key hypothesis over number of traces are shown in Fig. 11(b) and the results show that correct key can be successfully recovered with more than 1 million traces which demonstrates the practical exploitability of detected leakage.
The results from both validate our simulation analyses for the idealized case from Sects. 3.1 and 7.1, which suggests strong secondorder leakage. The difference in sensitivity for the two implementations stems from their differing design strategies: 2TI Simon is round based and does not use pipelining. Hence, it maximizes the leakage for the fixedvsrandom test: the entire state that is processed per cycle is constant in the fixed case and varies in the other case. For 2TI Present, the implementation is serialized, with a 4bit datapath, hence, a much smaller part of the implementation is updated per cycle, making the leakage less pronounced.
Moreover, unlike the theoretical analysis results in Sect. 7.1 where the number of traces needed for successful secondorder ttest and CPA are of the same order magnitude, a lot more traces are needed for practical secondorder CPA with Hamming distance model to exploit the leakage detected by ttest with only hundreds to thousands of traces. This is mainly because: (1) Practical implementation don’t leak a perfect Hamming weight or Hamming distance leakage; (2) Noises also render the practical attacks inefficient.
While twoshare TI shows potential in preventing first order leakage with less overhead, its poor performance on second order leakage resistance compared with threesharing makes it less worthwhile.
8 Conclusion
This work presents the first practical threshold implementations using only two shares. We showed that lightweight ciphers have several features making them good targets for threshold implementations. Furthermore, we explain how using two shares can actually yield smaller cipher implementations that need less randomness and still show perfect first order resistance. While moving to two shares makes implementing the nonlinear functions of a cipher more cumbersome, resulting in either a loss in throughput, increase in circuit size, or even both, it allows to reduce the overhead of the sequential part of the implementation by only doubling the state and key size. Since the area of lowarea crypto implementations usually depends mainly on the sequential part, significant improvements are possible. In fact, the presented bitserialized twoshare implementation of Simon is the smallest sidechannel protected 128bit block cipher implementation for FPGAs. To this end, we presented the first twoshare threshold implementations of Simon and Present, which feature perfect firstorder resistance.
However, these findings are of limited practical impact, as twoshare TI features strong secondorder leakage. Hence, on one hand, the results highlight that provable resistance against a “low” order of attack might be meaningless in practice. On the other hand, the previously observed feature that threeshare TI not only keeps the promised firstorder resistance, but also fails gracefully for higher order analysis, is undervalued and may deserve further analysis.
Notes
 1.
It should be noted that [31] also proposed a twoshare TI version of Simon, with the requirement of manually preventing glitches for two parts of the equation.
References
Aysu, A., Gulcan, E., Schaumont, P.: SIMON says: break area records of block ciphers on FPGAs. IEEE Embed. Syst. Lett. 6(2), 37–40 (2014)
Beaulieu, R., Shors, D., Smith, J., TreatmanClark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. IACR Cryptology ePrint Arch. 2013, 404 (2013)
Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Tradeoffs for threshold implementations illustrated on AES. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 34(7), 1188–1200 (2015)
Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higherorder threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014). doi:10.1007/9783662456088_18
Bilgin, B., Daemen, J., Nikov, V., Nikova, S., Rijmen, V., Assche, G.: Efficient and firstorder DPA resistant implementations of Keccak. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 187–199. Springer, Heidelberg (2014). doi:10.1007/9783319083025_13
Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 267–284. Springer, Heidelberg (2014). doi:10.1007/9783319067346_17
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultralightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi:10.1007/9783540747352_31
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). doi:10.1007/9783540286325_2
Canright, D.: A very compact SBox for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). doi:10.1007/11545262_32
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract poweranalysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi:10.1007/3540484051_26
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract poweranalysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi:10.1007/3540484051_26
Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference (2013). http://icmc2013.org/wp/wpcontent/uploads/2013/09/goodwillkenworthtestvector.pdf
Coron, J.S., Prouff, E., Rivain, M.: Side channel cryptanalysis of a higher order masking scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 28–44. Springer, Heidelberg (2007). doi:10.1007/9783540747352_3
Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardwareoriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). doi:10.1007/9783642041389_20
De Cnudde, T., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with \(d+1\) shares in hardware. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 194–212. Springer, Heidelberg (2016). doi:10.1007/9783662531402_10
Ding, A.A., Chen, C., Eisenbarth, T.: Simpler, Faster, and More Robust Ttest Based Leakage Detection. In: Constructive SideChannel Analysis and Secure Design  7th International Workshop, COSADE 2016, Graz, Austria, April 14–15, 2016, Revised Selected Papers, pp. 163–183. http://dx.doi.org/10.1007/9783319432830_10
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008). doi:10.1007/9783540851745_12
Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A Testing Methodology for Sidechannel Resistance Validation. NonInvasive Attack Testing Workshop (2011). http://www.cryptography.com/public/pdf/atestingmethodologyforsidechannelresistancevalidation.pdf
Kavun, E.B., Yalcin, T.: RAMbased ultralightweight FPGA implementation of PRESENT. In: 2011 International Conference on Reconfigurable Computing and FPGAs (ReConFig), pp. 280–285. IEEE (2011)
Kirschbaum, M., Popp, T.: Evaluation of a DPAresistant prototype chip. In: Computer Security Applications Conference, ACSAC 2009, Annual, pp. 43–50, December 2009
Kutzner, S., Nguyen, P.H., Poschmann, A., Wang, H.: On 3share threshold implementations for 4Bit Sboxes. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 99–113. Springer, Heidelberg (2013). doi:10.1007/9783642400261_7
Leiserson, A.J., Marson, M.E., Wachs, M.A.: Gatelevel masking under a pathbased leakage metric. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 580–597. Springer, Heidelberg (2014). doi:10.1007/9783662447093_32
Moradi, A., Mischke, O.: How far should theory be from practice? In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 92–106. Springer, Heidelberg (2012). doi:10.1007/9783642330278_6
Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). doi:10.1007/9783642204654_6
Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against sidechannel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). doi:10.1007/11935308_38
Poschmann, A., Moradi, A., Khoo, K., Lim, C.W., Wang, H., Ling, S.: SideChannel resistant crypto for less than 2,300 GE. J. Cryptology 24(2), 322–345 (2011)
Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). doi:10.1007/9783662479896_37
Reparaz, O., Sinha Roy, S., Vercauteren, F., Verbauwhede, I.: A masked ringLWE implementation. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 683–702. Springer, Heidelberg (2015). doi:10.1007/9783662483244_34
Rolfes, C., Poschmann, A., Leander, G., Paar, C.: Ultralightweight implementations for smart devices – security for 1000 gate equivalents. In: Grimaud, G., Standaert, F.X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 89–103. Springer, Heidelberg (2008). doi:10.1007/9783540858935_7
Schneider, T., Moradi, A.: Leakage assessment methodology – a clear roadmap for sidechannel evaluations. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015). doi:10.1007/9783662483244_25
Shahverdi, A., Taha, M., Eisenbarth, T.: Silent simon: a threshold implementation under 100 slices. In: 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 1–6, May 2015
Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of the Conference on Design, Automation and Test in Europe  vol. 1, DATE 2004, p. 10246 (2004). http://dl.acm.org/citation.cfm?id=968878.969036
Acknowledgments
This work is supported by the National Science Foundation under grant CNS1261399 and grant CNS1314770.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 International Association for Cryptologic Research
About this paper
Cite this paper
Chen, C., Farmani, M., Eisenbarth, T. (2016). A Tale of Two Shares: Why TwoShare Threshold Implementation Seems Worthwhile—and Why It Is Not. In: Cheon, J., Takagi, T. (eds) Advances in Cryptology – ASIACRYPT 2016. ASIACRYPT 2016. Lecture Notes in Computer Science(), vol 10031. Springer, Berlin, Heidelberg. https://doi.org/10.1007/9783662538876_30
Download citation
DOI: https://doi.org/10.1007/9783662538876_30
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 9783662538869
Online ISBN: 9783662538876
eBook Packages: Computer ScienceComputer Science (R0)