Threshold Implementations of All 3 ×3 and 4 ×4 S-Boxes

Bilgin, Begül; Nikova, Svetla; Nikov, Ventzislav; Rijmen, Vincent; Stütz, Georg

doi:10.1007/978-3-642-33027-8_5

Cited by 84 publications

(101 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With this approach, the GF (2 4 ) inverter can be seen as a four bit permutation and the GF (2 4 ) multiplier as a four bit multiplication both of which are well studied in [4]. Therefore, we can find uniform TIs for these non-linear blocks directly which implies using less fresh random bits.…”

Section: Ti Of the Aes S-boxmentioning

confidence: 99%

“…To have a uniform sharing for this function, which belongs to class C 4 282 [5], we consider two options. Either using four shares which is the minimum number of shares necessary for a uniform implementation in that class and decomposing the function into three uniform sub-functions as Inv(x) = F (G (H(x))), or using five shares without any decomposition.…”

Section: Ti Of the Aes S-boxmentioning

confidence: 99%

“…It has been shown that all 3 × 3, 4 × 4 and the DES 6 × 4 S-boxes have a TI sharing with 3, 4 or 5 shares [5]. The TI approach has been applied to only few entire algorithms: PRESENT [21], AES [18] and Keccak [3].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A More Efficient AES Threshold Implementation

Bilgin

Gierlichs

Nikova

et al. 2014

Lecture Notes in Computer Science

Self Cite

100

View full text Add to dashboard Cite

Abstract. Threshold Implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. At Eurocrypt 2011 Moradi et al. published the to date most compact Threshold Implementation of AES-128 encryption. Their work shows that the number of required random bits may be an additional evaluation criterion, next to area and speed. We present a new Threshold Implementation of AES-128 encryption that is 18% smaller, 7.5% faster and that requires 8% less random bits than the implementation from Eurocrypt 2011. In addition, we provide results of a practical security evaluation based on real power traces in adversary-friendly conditions. They confirm the first-order attack resistance of our implementation and show good resistance against higher-order attacks.

show abstract

Section: Ti Of the Aes S-boxmentioning

confidence: 99%

Section: Ti Of the Aes S-boxmentioning

confidence: 99%

See 1 more Smart Citation

A More Efficient AES Threshold Implementation

Bilgin

Gierlichs

Nikova

et al. 2014

Lecture Notes in Computer Science

Self Cite

100

View full text Add to dashboard Cite

show abstract

“…Being secure even against the leakage caused by the presence of the glitches, TI provides a relatively cheap countermeasure. While protecting linear functions is trivial [27], it becomes a challenging task to properly address the security of non-linear functions such as S-boxes [5,23]. As mentioned in Section 2.1, we pay special attention while choosing the S-box such that it can be securely implemented in a single clock cycle, yet having a small area footprint.…”

Section: Hardware Implementations and Comparisonmentioning

confidence: 99%

Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware

Bilgin

Bogdanov

Knežević

et al. 2013

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper, we present a novel lightweight authenticated cipher optimized for hardware implementations called Fides. It is an online nonce-based authenticated encryption scheme with authenticated data whose area requirements are as low as 793 GE and 1001 GE for 80-bit and 96-bit security, respectively. This is at least two times smaller than its closest competitors Hummingbird-2 and Grain-128a. While being extremely compact, Fides is both throughput and latency efficient, even in its most serial implementations. This is attained by our novel sponge-like design approach. Moreover, cryptographically optimal 5-bit and 6-bit S-boxes are used as basic nonlinear components while paying a special attention on the simplicity of providing first order side-channel resistance with threshold implementation.

show abstract

“…We favored the latter method for the following reasons: For each application, the masking scheme has to be adapted to the specific S-box of the applied cipher, which works for all S-box variants up to four bits only, cf. [32,33]. Even for five bits, the search space for a suitable solution becomes so large that it is not traversable in a realistic search time.…”

mentioning

confidence: 99%

A Novel Design Flow for a Security-Driven Synthesis of Side-Channel Hardened Cryptographic Modules

Huss

Stein

2017

JLPEA

View full text Add to dashboard Cite

Abstract:Over the last few decades, computer-aided engineering (CAE) tools have been developed and improved in order to ensure a short time-to-market in the chip design business. Up to now, these design tools do not yet support an integrated design strategy for the development of side-channel-resistant hardware implementations. In order to close this gap, a novel framework named AMASIVE (Adaptable Modular Autonomous SIde-Channel Vulnerability Evaluator) was developed. It supports the designer in implementing devices hardened against power attacks by exploiting novel security-driven synthesis methods. The article at hand can be seen as the second of the two contributions that address the AMASIVE framework. While the first one describes how the framework automatically detects vulnerabilities against power attacks, the second one explains how a design can be hardened in an automatic way by means of appropriate countermeasures, which are tailored to the identified weaknesses. In addition to the theoretical introduction of the fundamental concepts, we demonstrate an application to the hardening of a complete hardware implementation of the block cipher PRESENT.

show abstract

Threshold Implementations of All 3 ×3 and 4 ×4 S-Boxes

Cited by 84 publications

References 29 publications

A More Efficient AES Threshold Implementation

A More Efficient AES Threshold Implementation

Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware

A Novel Design Flow for a Security-Driven Synthesis of Side-Channel Hardened Cryptographic Modules

Contact Info

Product

Resources

About