A More Efficient AES Threshold Implementation

Bilgin, Begül; Gierlichs, Benedikt; Nikova, Svetla; Nikov, Ventzislav; Rijmen, Vincent

doi:10.1007/978-3-319-06734-6_17

Cited by 100 publications

(84 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moradi's design was also used and modified by Bilgin et al [2,3,6] and recently by De Cnudde et al [7] for a d + 1 share CMS TI. The control path of our modified AES design consists of a linear-feedback shift register (LFSR), the round constant generation module (RCON), and some additional logic gates to generate the control signals (see [17] for more details).…”

Section: Th -Order Secure Aes Implementationmentioning

confidence: 99%

See 1 more Smart Citation

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

Groß

Mangard

Korak

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Passive physical attacks, like power analysis, pose a serious threat to the security of digital circuits. In this work, we introduce an efficient sidechannel protected Advanced Encryption Standard (AES) hardware design that is completely scalable in terms of protection order. Therefore, we revisit the private circuits scheme of Ishai et al. [13] which is known to be vulnerable to glitches. We demonstrate how to achieve resistance against multivariate higher-order attacks in the presence of glitches for the same randomness cost as the private circuits scheme. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15 th protection order.

show abstract

Section: Th -Order Secure Aes Implementationmentioning

confidence: 99%

“…It has been extensively researched and extended by Bilgin et al [1,4] during the last years. There exist many protected hardware implementations that are based on TI [2,3,17].…”

Section: Introductionmentioning

confidence: 99%

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

Groß

Mangard

Korak

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…This eventually results in massive implementation overheads. For example, the first-order DPA-secure threshold implementations of AES in [10,42] add an areatime overhead of a factor of four.…”

Section: Maskingmentioning

confidence: 99%

“…Using existing memory encryption and authentication schemes with DPA-protected implementations, on the other hand, would result in overheads of a factor of four to a few hundred [6,10,42,45] and thus be far more expensive, eventually rendering memory encryption and authentication in many applications impractical.…”

Section: Memory Overheadmentioning

confidence: 99%

“…However, protecting implementations of cryptographic primitives against DPA is expensive and a tough problem in an active field of research existing for almost two decades. The massive overheads for DPA-protected implementations range between a factor of four and a few hundred [6,10,42,45] and would thus render current memory encryption and authentication schemes in latency sensitive applications impractical. In contrast, more efficient solutions are in sight when considering side-channel protection throughout the cryptographic design and looking for potential synergies.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MEAS: memory encryption and authentication secure against side-channel attacks

2018

View full text Add to dashboard Cite

Memory encryption is used in many devices to protect memory content from attackers with physical access to a device. However, many current memory encryption schemes can be broken using differential power analysis (DPA). In this work, we present Meas-the first Memory Encryption and Authentication Scheme providing security against DPA attacks. The scheme combines ideas from fresh re-keying and authentication trees by storing encryption keys in a tree structure to thwart first-order DPA without the need for DPA-protected cryptographic primitives. Therefore, the design strictly limits the use of every key to encrypt at most two different plaintext values. Meas prevents higher-order DPA without changes to the cipher implementation by using masking of the plaintext values. Meas is applicable to all kinds of memory, e.g., NVM and RAM. For RAM, we give two concrete Meas instances based on the lightweight primitives Ascon, PRINCE, and QARMA. We implement and evaluate both instances on a Zynq XC7Z020 FPGA showing that Meas has memory and performance overhead comparable to existing memory authentication techniques without DPA protection.

show abstract

Constructing TI-Friendly Substitution Boxes Using Shift-Invariant Permutations

Gao

Oswald

2019

Topics in Cryptology – CT-RSA 2019

View full text Add to dashboard Cite

The threat posed by side channels requires ciphers that can be efficiently protected in both software and hardware against such attacks. In this paper, we proposed a novel Sbox construction based on iterations of shift-invariant quadratic permutations and linear diffusions. Owing to the selected quadratic permutations, all of our Sboxes enable uniform 3-share threshold implementations, which provide first order SCA protections without any fresh randomness. More importantly, because of the "shift-invariant" property, there are ample implementation trade-offs available, in software as well as hardware. We provide implementation results (software and hardware) for a four-bit and an eight-bit Sbox, which confirm that our constructions are competitive and can be easily adapted to various platforms as claimed. We have successfully verified their resistance to first order attacks based on real acquisitions. Because there are very few studies focusing on software-based threshold implementations, our software implementations might be of independent interest in this regard.

show abstract

A More Efficient AES Threshold Implementation

Cited by 100 publications

References 23 publications

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

MEAS: memory encryption and authentication secure against side-channel attacks

Constructing TI-Friendly Substitution Boxes Using Shift-Invariant Permutations

Contact Info

Product

Resources

About