2022
DOI: 10.3390/app12052274
|View full text |Cite
|
Sign up to set email alerts
|

Boolean Masking for Arithmetic Additions at Arbitrary Order in Hardware

Abstract: Modular addition is an important component of many cryptographic algorithms such as ARX-ciphers and lattice-based post-quantum secure schemes. In order to protect devices that execute these algorithms against side-channel attacks, countermeasures such as masking must be applied. However, if an implementation needs to be secured against multivariate attacks, univariately secure masking schemes do not suffice. In this work, we focus on hardware architectures for higher-order masked addition circuits. We present … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
2
2
1

Relationship

1
4

Authors

Journals

citations
Cited by 7 publications
(4 citation statements)
references
References 21 publications
0
4
0
Order By: Relevance
“…Add13 and Add64. In their work [BG22], Bache and Güneysu compare the Brent-Kung, Kogge-Stone, and Sklansky adder architectures in the context of Boolean masking. For gadget-based masking, the Sklansky adder turns out to be the optimal choice, having the same low latency as Kogge-Stone but less randomness demand while having a lower latency than Brent-Kung at the cost of slightly more randomness.…”
Section: Methodsmentioning
confidence: 99%
See 2 more Smart Citations
“…Add13 and Add64. In their work [BG22], Bache and Güneysu compare the Brent-Kung, Kogge-Stone, and Sklansky adder architectures in the context of Boolean masking. For gadget-based masking, the Sklansky adder turns out to be the optimal choice, having the same low latency as Kogge-Stone but less randomness demand while having a lower latency than Brent-Kung at the cost of slightly more randomness.…”
Section: Methodsmentioning
confidence: 99%
“…These concepts also have been adapted to the Boolean masked domain first in [SMG15]. This was followed by a broader examination of more recent techniques like threshold implementation and gadget-based masking [BG22], which we deploy for our work.…”
Section: Multiplication In R Qmentioning
confidence: 99%
See 1 more Smart Citation
“…Eventually, we obtain a masked six-bit result for each 32-bit block which is fed into an accumulation stage. The accumulator is implemented by a fully pipelined masked 8-bit Sklansky adder as proposed in [2]. Since the adder consists of eight register stages, we obtain eight masked intermediate results that need to be accumulated to a final result.…”
Section: Hardwarementioning
confidence: 99%