2021
DOI: 10.1109/tifs.2021.3123527
|View full text |Cite
|
Sign up to set email alerts
|

LLTI: Low-Latency Threshold Implementations

Abstract: With the enormous increase in portable cryptographic devices, physical attacks are becoming similarly popular. One of the most common physical attacks is Side-Channel Analysis (SCA), extremely dangerous due to its non-invasive nature. Threshold Implementations (TI) was proposed as the first countermeasure to provide provable security in masked hardware implementations. While most works on hardware masking are focused on optimizing the area requirements, with the newer and smaller technologies area is taking a … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
10
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
2
2
1

Relationship

0
5

Authors

Journals

citations
Cited by 5 publications
(10 citation statements)
references
References 39 publications
0
10
0
Order By: Relevance
“…and adds a fresh random mask r to the cross-domain products, that is, a 0 ⊗ b 1 and a 1 ⊗ b 0 . Then, to ensure resistance against glitches [4], registers (−→) store the resulting shares (x 0 , x 1 , x 2 , x 3 ), as we can see in (1). The non-linear layer produces (d + 1) 2 shares and is followed by a sharing compression layer -as shown in (2) for a first-order masking -to reduce the number of shares back to (d + 1), preventing a quadratic growth of the number of shares through the computation [28].…”
Section: A Maskingmentioning
confidence: 99%
See 1 more Smart Citation
“…and adds a fresh random mask r to the cross-domain products, that is, a 0 ⊗ b 1 and a 1 ⊗ b 0 . Then, to ensure resistance against glitches [4], registers (−→) store the resulting shares (x 0 , x 1 , x 2 , x 3 ), as we can see in (1). The non-linear layer produces (d + 1) 2 shares and is followed by a sharing compression layer -as shown in (2) for a first-order masking -to reduce the number of shares back to (d + 1), preventing a quadratic growth of the number of shares through the computation [28].…”
Section: A Maskingmentioning
confidence: 99%
“…With the increasing proliferation of IoT devices, secure low-latency and area-efficient cryptographic modules become therefore necessary to satisfy commercial demands. In this manner, many techniques have been proposed to balance the masking implementation costs, with recent efforts aiming at the design of low-latency schemes based on different architectural approaches [1], [8], [20], [22], [29], [31]. Nevertheless, the reduction in the overall clock cycle score is accompanied by higher implementation costs and, in some cases, lower throughput.…”
Section: Introductionmentioning
confidence: 99%
“…Most recently, Arribas et. al presented a low-latency masking technique based on threshold implementations called LLTI [AZN21] and implemented their technique on Prince and AES. Compared to the implementation by [Sas+20] the area is worse, however, their construction does not require any online randomness.…”
Section: Low-latency Maskingmentioning
confidence: 99%
“…Most recently, Arribas et. al presented a low-latency masking technique based on threshold implementations called LLTI, that has somewhat comparable area requirements to GLM but can eliminate the need of online randomness [AZN21]. Current approaches lead to unfavorable design trade-offs in terms area, latency, randomness requirement and design complexity.…”
Section: Introductionmentioning
confidence: 99%
“…The essential idea of the GLM scheme is to skip the shares compression stage after the nonlinear operation, thereby eliminating the need for a register stage to increase the number of shared values. Arribas et al later proposed a Low-Latency Threshold Implementations (LLTI) technique [AZN22] using a divide-and-conquer strategy for nonlinear functions with an algebraic degree greater than two to reduce area and delay.…”
Section: Introductionmentioning
confidence: 99%