Abstract
Threshold Implementations are known countermeasures defending against side-channel attacks via the use of masking techniques. While sufficient properties are known to defend against first-order side-channel attacks, it is not known how to achieve higher-order security. This work generalizes the Threshold Implementation notion of uniformity and proves it achieves second-order protection. The notion is applied to create a second-order masking of the Present cipher with a low randomness cost.
Similar content being viewed by others
References
Beyne, T., Dhooghe, S., Zhang, Z.: Cryptanalysis of masked ciphers: A not so random idea. IACR Cryptol. ePrint Arch. 2020, 993, https://eprint.iacr.org/2020/993 (2020)
Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology – ASIACRYPT 2014, Part II. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-662-45608-8_18, vol. 8874, pp 326–343. Springer, Heidelberg (2014)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop. https://doi.org/10.1007/978-3-540-74735-2_31, vol. 4727, pp 450–466. Springer, Vienna (2007)
Braeken, A., Nikov, V., Nikova, S., Preneel, B.: On boolean functions with generalized cryptographic properties. In: Canteaut, A., Viswanathan, K. (eds.) Progress in Cryptology - INDOCRYPT 2004, 5th International Conference on Cryptology in India, Proceedings. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-540-30556-9_11, vol. 3348, pp 120–135. Springer, Chennai (2004)
Cassiers, G., Grégoire, B., Levi, I., Standaert, F.: Hardware private circuits: From trivial composition to full verification. IACR Cryptol. ePrint Arch. 2020, 185, https://eprint.iacr.org/2020/185 (2020)
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M.J. (ed.) Advances in Cryptology – CRYPTO’99. Lecture Notes in Computer Science. https://doi.org/10.1007/3-540-48405-1_26, vol. 1666, pp 398–412. Springer, Germany (1999)
Cho, J.Y.: Linear cryptanalysis of reduced-round PRESENT. In: Pieprzyk, J. (ed.) Topics in Cryptology – CT-RSA 2010. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-642-11925-5_21, vol. 5985, pp 302–317. Springer, Germany (2010)
Dhooghe, S., Nikova, S., Rijmen, V.: Threshold implementations in the robust probing model. In: Bilgin, B., Petkova-Nikova, S., Rijmen, V. (eds.) Proceedings of ACM Workshop on Theory of Implementation Security Workshop, TIS@CCS 2019. https://doi.org/10.1145/3338467.3358949, pp 30–37. ACM, London (2019)
Faust, S., Grosso, V., Pozo, S.M.D., Paglialonga, C., Standaert, F.X.: Composable masking schemes in the presence of physical defaults & the robust probing model. IACR Trans. Cryptogr. Hardware Embedded Syst. 2018(3), 89–120. https://doi.org/10.13154/tches.v2018.i3.89-120, https://tches.iacr.org/index.php/TCHES/article/view/7270 (2018)
Goubin, L., Patarin, J.: DES and differential power analysis (the “duplication” method). In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems – CHES’99. Lecture Notes in Computer Science. https://doi.org/10.1007/3-540-48059-5_15, vol. 1717, pp 158–172. Springer, Germany (1999)
Hirt, M., Maurer, U. M.: Complete Characterization of Adversaries Tolerable in Secure Multi-Party Computation (Extended Abstract). In: Burns, J. E., Attiya, H. (eds.) 16Th ACM Symposium Annual on Principles of Distributed Computing. https://doi.org/10.1145/259380.259412, pp 25–34. Association for Computing Machinery, Santa Barbara (1997)
Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh, D. (ed.) Advances in Cryptology – CRYPTO 2003. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-540-45146-4_27, vol. 2729, pp 463–481. Springer, Germany (2003)
Kutzner, S., Nguyen, P.H., Poschmann, A., Wang, H.: On 3-share threshold implementations for 4-bit S-boxes. In: Prouff, E. (ed.) COSADE 2013: 4th International Workshop on Constructive Side-Channel Analysis and Secure Design. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-642-40026-1_7, vol. 7864, pp 99–113. Springer, Germany (2013)
Moos, T., Moradi, A., Schneider, T., Standaert, F.: Glitch-resistant masking revisited or why proofs in the robust probing model are needed. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 256–292 (2019). https://doi.org/10.13154/tches.v2019.i2.256-292
Nikova, S., Rechberger, C., Rijmen, V.: Threshold Implementations against Side-Channel Attacks and Glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 06: 8Th International Conference on Information and Communication Security. Lecture Notes in Computer Science, vol. 4307, pp 529–545. Springer, Germany (2006)
Nikova, S., Rijmen, V., Schlȧffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011). https://doi.org/10.1007/s00145-010-9085-7
Reparaz, O.: A note on the security of higher-order threshold implementations. Cryptology ePrint Archive, Report 2015/001, http://eprint.iacr.org/2015/001 (2015)
Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M.J.B. (eds.) Advances in Cryptology – CRYPTO 2015, Part I. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-662-47989-6_37, vol. 9215, pp 764–783. Springer, Germany (2015)
Siegenthaler, T.: Correlation-immunity of nonlinear combining functions for cryptographic applications. IEEE Trans. Inf. Theory 30(5), 776–780 (1984). https://doi.org/10.1109/TIT.1984.1056949
Sugawara, T.: 3-share threshold implementation of AES s-box without fresh randomness. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(1), 123–145 (2019). https://doi.org/10.13154/tches.v2019.i1.123-145
Acknowledgements
We acknowledge Vincent Rijmen and Venci Nikov for helpful comments. This work was supported by CyberSecurity Research Flanders with reference number VR20192203. Siemen Dhooghe is supported by a PhD Fellowship from the Research Foundation – Flanders (FWO). Svetla Nikova was partially supported by the Bulgarian National Science Fund, Contract No. 12/8.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection: Boolean Functions and Their Applications V
Guest Editors: Lilya Budaghyan, Claude Carlet, Tor Helleseth and Kaisa Nyberg
Appendices
Appendix A: Masking of the Present S-Box
This appendix gives a decomposition of the Present S-box and a seven-sharing of the cipher.
A.1 Decomposition
Let (x,y,z,w) denote the input nibble from most significant to least significant bit. Similarly, (G1,...,G4) denotes the output from most significant to least significant bit.
In the above, the nonlinear function G(x,y,z,w) is given as
the linear transformations as
and the constants as
A.2 Seven-Sharing of G(x,y,z,w)
For each share i ∈{1,..., 7}, the permutation G(x,y,z,w) is shared as
where the convention is used that superscripts wrap around at seven.
For each i ∈{1,..., 7} and given 21 random bits \(({r_{1}^{i}},{r_{2}^{i}}, {r_{3}^{i}})\), the randomness layer \(\bar {r}_{1}(x,y,z,w)\) is given by
where the convention is used that superscripts wrap around at seven.
For each i ∈{1,..., 7} and given 28 random bits \(({r_{1}^{i}},{r_{2}^{i}},{r_{3}^{i}},{r_{4}^{i}})\), the randomness layer \(\bar {r}_{2}(x,y,z,w)\) is given by
where the convention is used that superscripts wrap around at seven.
Rights and permissions
About this article
Cite this article
Dhooghe, S., Nikova, S. Resilient uniformity: applying resiliency in masking. Cryptogr. Commun. 14, 41–58 (2022). https://doi.org/10.1007/s12095-021-00515-w
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-021-00515-w