Faster Mask Conversion with Lookup Tables

Vadnala, Praveen Kumar; Groβschädl, Johann

doi:10.1007/978-3-319-21476-4_14

Cited by 5 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Related Workmentioning

confidence: 99%

“…They described the use of pre-computation tables to obtain large benefits in terms of execution time, although it required additional space in RAM. There have also been numerous attempts to optimize the memory use [17][18][19][20][21].Recently B. Debraize proposed a conversion algorithm that offered a substantial reduction in memory for the use of pre-computation tables [22]. Briefly, this proposal iterates the conversion phase with a k-bit value using a (k + 1)-bit table.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Lightweight Conversion from Arithmetic to Boolean Masking for Embedded IoT Processor

2019

View full text Add to dashboard Cite

A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: "Boolean to Arithmetic (B2A)" and "Arithmetic to Boolean (A2B)". The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require (2 (k+1) ) entries of length (k + 1)-bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only (2 k )(k)-bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from (k + 1)-bit to (k)-bit, as a result, the memory use for the pre-computation table is reduced from (2 (k+1) )(k + 1)-bit to (2 k )(k)-bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize's algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize's results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm.the algorithm) and the processed value (the value that is actually processed by the device) by using random numbers. The typical types of masking methods include Boolean masking and arithmetic masking [8]. Boolean masking uses an XOR (exclusive or) to blind values such as x = x ⊕ r, and arithmetic masking uses an algebraic operation such as A = (x − r) mod 2 k .These two types of masking should be selectively used for cryptographic algorithms that consist of Boolean and arithmetic operations such as ARX (Addition, Rotation, XOR) block ciphers [9][10][11], cryptographic hash functions [12,13], and stream ciphers [14]. In general, Boolean operations (AND, XOR, SHIFT, etc.) and arithmetic operations (Addition, Subtraction, Multiplication, etc.) can be efficiently computed using Boolean masking and arithmetic masking, respectively; however, it is very difficult to execute arithmetic operations in Boolean masking and to execute Boolean operations in arithmetic masking. This problem can be easily solved using a masking conversion algorithm between Boolean and arithmetic masking. Related WorkThe first masking conversion algorithm to counteract first-order DPA was proposed by L. Goubin in 2001 [15]. This conversion algorithm from Boolean to arithmetic masking (B2A) has been elaborately implemented without any improvements made upon it. I...

show abstract

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

Lightweight Conversion from Arithmetic to Boolean Masking for Embedded IoT Processor

2019

View full text Add to dashboard Cite

show abstract

“…A few countermeasures to protect the AND operation are suggested in [2]. Moreover, many suggestions [24][25][26][27][28][29][30][31][32] have been proposed with respect to the Addition operation.…”

Section: Countermeasure For Block Cipher Seedmentioning

confidence: 99%

Side Channel Leakages Against Financial IC Card of the Republic of Korea

2018

View full text Add to dashboard Cite

Integrated circuit (IC) chip cards are commonly used in payment system applications since they can provide security and convenience simultaneously. More precisely, Europay, MasterCard, and VISA (EMV) are widely known to be well equipped with security frameworks that can defend against malicious attacks. On the other hand, there are other payment system applications at the national level. In the case of the Republic of Korea, standards for financial IC card specifications are established by the Korea Financial Telecommunications and Clearings Institute. Furthermore, security features defending against timing analysis, power analysis, electromagnetic analysis, and TEMPEST are required. This paper identifies side channel leakages in the financial IC cards of the Republic of Korea, although there may be side channel countermeasures. Side channel leakages in the financial IC cards of the Republic of Korea are identified for the first time since the side channel countermeasures were included in the standards. The countermeasure that is applied to the IC card from a black box perspective is estimated to measure security features against power analysis. Then, in order to investigate whether an underlying countermeasure is applied, first-order and second-order power analyses are performed on the main target, e.g., a S-box of the block cipher SEED that is employed in the financial system. Furthermore, the latest proposal in ICISC 2017 is examined to apply block cipher SEED to the financial IC card protocol. As a result, it is possible to identify some side channel leakages while expanding the lemma of the paper accepted in ICISC 2017. Algebraic logic is also constructed to recover the master key from some round keys. Finally, it is found that only 20,000 traces are required to find the master key.

show abstract