Article Free Access
- Authors:
- Simon Landry STMicroelectronics, Zone Industrielle, 190 Avenue Coq, 13106, Rousset, France Sorbonne Universités, UPMC Univ Paris 06, POLSYS, UMR 7606, LIP6, 75005, Paris, France
STMicroelectronics, Zone Industrielle, 190 Avenue Coq, 13106, Rousset, France
Sorbonne Universités, UPMC Univ Paris 06, POLSYS, UMR 7606, LIP6, 75005, Paris, France
http://orcid.org/0000-0002-8964-9126
View Profile
- Yanis Linge STMicroelectronics, Zone Industrielle, 190 Avenue Coq, 13106, Rousset, France
STMicroelectronics, Zone Industrielle, 190 Avenue Coq, 13106, Rousset, France
http://orcid.org/0000-0002-8667-7471
View Profile
- Emmanuel Prouff Sorbonne Universités, UPMC Univ Paris 06, POLSYS, UMR 7606, LIP6, 75005, Paris, France ANSSI, Paris, France
Sorbonne Universités, UPMC Univ Paris 06, POLSYS, UMR 7606, LIP6, 75005, Paris, France
ANSSI, Paris, France
http://orcid.org/0000-0002-3998-0478
View Profile
Information Security Theory and Practice: 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, ProceedingsDec 2019Pages 66–84https://doi.org/10.1007/978-3-030-41702-4_5
Published:02 March 2020Publication History
- 0citation
- 0
- Downloads
Metrics
Total Citations0Total Downloads0Last 12 Months0
Last 6 weeks0
- Get Citation Alerts
New Citation Alert added!
This alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
Manage my Alerts
New Citation Alert!
Please log in to your account
- Publisher Site
Information Security Theory and Practice: 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings
Monomial Evaluation of Polynomial Functions Protected by Threshold Implementations: With an Illustration on AES
Pages 66–84
PreviousChapterNextChapter
Abstract
In the context of side-channel countermeasures, threshold implementations (TI) have been introduced in 2006 by Nikova et al. to defeat attacks in presence of hardware effects called glitches. On several aspects, TI may be seen as an extension of another classical side-channel countermeasure, called masking, which is essentially based on the sharing of any internal state of the processing into independent parts (or shares). Among the properties of TI, uniform distribution of input and output shares is generally the most complicated to satisfy. Usually, this property is achieved by generating fresh randomness throughout the execution of the protected algorithm (e.g. the AES block cipher). In this paper, we combine the changing of the guards technique published by Daemen at CHES 2017 (which reduces the need for fresh randomness) with the work of Genelle et al. at CHES 2011 (which combines Boolean masking and multiplicative one) to propose a new TI without fresh randomness well suited to Substitution-Permutation Networks. As an illustration, we develop our proposal for the AES block cipher, and more specifically its non-linear part implemented thanks to a field inversion. In this particular context, we argue that our proposal is a valuable alternative to the state of the art solutions. More generally, it has the advantage of being easily applicable to the evaluation of any polynomial function, which was usually not the case of previous solutions.
References
- 1.Akkar M-LGiraud CKoç ÇKNaccache DPaar CAn implementation of DES and AES, secure against some attacksCryptographic Hardware and Embedded Systems — CHES 20012001HeidelbergSpringer30931810.1007/3-540-44709-1_26Google ScholarCross Ref
- 2.Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Simon, J. (ed.) Proceedings of the 20th Annual ACM Symposium on Theory of Computing, Chicago, Illinois, USA, 2–4 May 1988, pp. 1–10. ACM (1988). DOI: https://doi.org/10.1145/62212.62213Google ScholarDigital Library
- 3.Bilgin BGierlichs BNikova SNikov VRijmen VTrade-offs for threshold implementations illustrated on AESIEEE Trans. CAD Integr. Circ. Syst.20153471188120010.1109/TCAD.2015.24196231317.94086Google ScholarDigital Library
- 4.Blömer JGuajardo JKrummel VHandschuh HHasan MAProvably secure masking of AESSelected Areas in Cryptography2004HeidelbergSpringer698310.1007/978-3-540-30564-4_5Google ScholarDigital Library
- 5.Brier EClavier COlivier FJoye MQuisquater J-JCorrelation power analysis with a leakage modelCryptographic Hardware and Embedded Systems - CHES 20042004HeidelbergSpringer162910.1007/978-3-540-28632-5_2Google ScholarCross Ref
- 6.Canright D.A Very Compact S-Box for AESCryptographic Hardware and Embedded Systems – CHES 20052005Berlin, HeidelbergSpringer Berlin Heidelberg44145510.1007/11545262_32Google ScholarDigital Library
- 7.Carlet, C.: Boolean functions for cryptography and error-correcting codes. In: Encyclopedia of Mathematics and Its Applications, pp. 257–397. Cambridge University Press, Cambridge (2010). DOI: https://doi.org/10.1017/CBO9780511780448.011Google ScholarCross Ref
- 8.Carlet, C., Prouff, E., Rivain, M., Roche, T.: Algebraic decomposition for probing security. IACR Cryptology ePrint Archive 2016, 321 (2016). http://eprint.iacr.org/2016/321Google Scholar
- 9.Chari SureshJutla Charanjit S.Rao Josyula R.Rohatgi PankajTowards Sound Approaches to Counteract Power-Analysis AttacksAdvances in Cryptology — CRYPTO’ 991999Berlin, HeidelbergSpringer Berlin Heidelberg39841210.1007/3-540-48405-1_26Google ScholarCross Ref
- 10.Cnudde, T.D., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with d+1 shares in hardware. In: Bilgin, B., Nikova, S., Rijmen, V. (eds.) Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016, Vienna, Austria, October 2016, p. 43. ACM (2016). DOI: https://doi.org/10.1145/2996366.2996428Google ScholarDigital Library
- 11.Coron JRoy AVivek SFast evaluation of polynomials over binary finite fields and application to side-channel countermeasuresJ. Cryptogr. Eng.201552738310.1007/s13389-015-0099-91375.94117Google ScholarCross Ref
- 12.Daemen JFischer WHomma NChanging of the guards: a simple and efficient method for achieving uniformity in threshold sharingCryptographic Hardware and Embedded Systems – CHES 20172017ChamSpringer13715310.1007/978-3-319-66787-4_7Google ScholarCross Ref
- 13.Daemen JRijmen VThe Design of Rijndael: AES - The Advanced Encryption Standard2002HeidelbergSpringer10.1007/978-3-662-04722-41065.94005Google ScholarCross Ref
- 14.Damgård IKeller MSion RSecure multiparty AESFinancial Cryptography and Data Security2010HeidelbergSpringer36737410.1007/978-3-642-14577-3_31Google ScholarDigital Library
- 15.Fumaroli GMartinelli AProuff ERivain MBiryukov AGong GStinson DRAffine masking against higher-order side channel analysisSelected Areas in Cryptography2011HeidelbergSpringer26228010.1007/978-3-642-19574-7_18Google ScholarCross Ref
- 16.Fumaroli GMayer EDubois RSrinathan KRangan CPYung MFirst-order differential power analysis on the duplication methodProgress in Cryptology – INDOCRYPT 20072007HeidelbergSpringer21022310.1007/978-3-540-77026-8_16Google ScholarCross Ref
- 17.Genelle LProuff EQuisquater MNitaj APointcheval DMontgomery’s trick and fast implementation of masked AESProgress in Cryptology – AFRICACRYPT 20112011HeidelbergSpringer15316910.1007/978-3-642-21969-6_10Google ScholarCross Ref
- 18.Genelle LProuff EQuisquater MPreneel BTakagi TThwarting higher-order side channel analysis with additive and multiplicative maskingsCryptographic Hardware and Embedded Systems – CHES 20112011HeidelbergSpringer24025510.1007/978-3-642-23951-9_16Google ScholarCross Ref
- 19.Golić JDTymen CKaliski BSKoç KPaar CMultiplicative masking and power analysis of AESCryptographic Hardware and Embedded Systems - CHES 20022003HeidelbergSpringer19821210.1007/3-540-36400-5_16Google ScholarCross Ref
- 20.Goubin LPatarin JKoç ÇKPaar CDES and differential power analysis the “Duplication” methodCryptographic Hardware and Embedded Systems1999HeidelbergSpringer15817210.1007/3-540-48059-5_150955.94011Google ScholarCross Ref
- 21.Gross HMangard SKorak THandschuh HAn efficient side-channel protected AES implementation with arbitrary protection orderTopics in Cryptology – CT-RSA 20172017ChamSpringer9511210.1007/978-3-319-52153-4_6Google ScholarCross Ref
- 22.Ishai YSahai AWagner DBoneh DPrivate circuits: securing hardware against probing attacksAdvances in Cryptology - CRYPTO 20032003HeidelbergSpringer46348110.1007/978-3-540-45146-4_27Google ScholarCross Ref
- 23.Kocher PaulJaffe JoshuaJun BenjaminDifferential Power AnalysisAdvances in Cryptology — CRYPTO’ 991999Berlin, HeidelbergSpringer Berlin Heidelberg38839710.1007/3-540-48405-1_25Google ScholarCross Ref
- 24.Landry, S., Linge, Y., Prouff, E.: Monomial Evaluation of Polynomial Functions Protected by Threshold Implementations – With an Illustration on AES. Extended Version (to appear)Google Scholar
- 25.Mangard SPopp TGammel BMMenezes ASide-channel leakage of masked CMOS gatesTopics in Cryptology – CT-RSA 20052005HeidelbergSpringer35136510.1007/978-3-540-30574-3_24Google ScholarDigital Library
- 26.Mangard StefanPramstaller NorbertOswald ElisabethSuccessfully Attacking Masked AES Hardware ImplementationsCryptographic Hardware and Embedded Systems – CHES 20052005Berlin, HeidelbergSpringer Berlin Heidelberg15717110.1007/11545262_12Google ScholarDigital Library
- 27.Messerges TSKoç ÇKPaar CUsing second-order power analysis to attack DPA resistant softwareCryptographic Hardware and Embedded Systems — CHES 20002000HeidelbergSpringer23825110.1007/3-540-44499-8_19Google ScholarCross Ref
- 28.Moradi APoschmann ALing SPaar CWang HPaterson KGPushing the limits: a very compact and a threshold implementation of AESAdvances in Cryptology – EUROCRYPT 20112011HeidelbergSpringer698810.1007/978-3-642-20465-4_6Google ScholarCross Ref
- 29.Nikova SRijmen VSchläffer MSecure hardware implementation of nonlinear functions in the presence of glitchesJ. Cryptol.2011242292321278209210.1007/s00145-010-9085-71239.94060Google ScholarDigital Library
- 30.Prouff ERivain MBevan RStatistical analysis of second order differential power analysisIEEE Trans. Comput.2009586799811252420010.1109/TC.2009.151367.94339Google ScholarDigital Library
- 31.Rao JRSunar BCryptographic Hardware and Embedded Systems – CHES 20052005HeidelbergSpringer10.1007/115452621141.68326Google ScholarCross Ref
- 32.Rivain MDottax EProuff ENyberg KBlock ciphers implementations provably secure against second order side channel analysisFast Software Encryption2008HeidelbergSpringer12714310.1007/978-3-540-71039-4_8Google ScholarDigital Library
- 33.Rivain MProuff EMangard SStandaert F-XProvably secure higher-order masking of AESCryptographic Hardware and Embedded Systems, CHES 20102010HeidelbergSpringer41342710.1007/978-3-642-15031-9_28Google ScholarCross Ref
- 34.Rivest RLShamir ATauman YBoyd CHow to leak a secretAdvances in Cryptology — ASIACRYPT 20012001HeidelbergSpringer55256510.1007/3-540-45682-1_32Google ScholarCross Ref
- 35.Roche TProuff EHigher-order glitch free implementation of the AES using secure multi-party computation protocols - extended versionJ. Cryptogr. Eng.20122211112710.1007/s13389-012-0033-3Google ScholarCross Ref
- 36.Schramm KPaar CPointcheval DHigher order masking of the AESTopics in Cryptology – CT-RSA 20062006HeidelbergSpringer20822510.1007/11605805_14Google ScholarDigital Library
- 37.Sugawara T3-share threshold implementation of AES s-box without fresh randomnessIACR Trans. Cryptogr. Hardw. Embed. Syst.20192019112314510.13154/tches.v2019.i1.123-145Google ScholarCross Ref
- 38.Suzuki DaisukeSaeki MinoruIchikawa TetsuyaDPA Leakage Models for CMOS Logic CircuitsCryptographic Hardware and Embedded Systems – CHES 20052005Berlin, HeidelbergSpringer Berlin Heidelberg36638210.1007/11545262_27Google ScholarDigital Library
- 39.Wiener MAdvances in Cryptology — CRYPTO’ 991999HeidelbergSpringer10.1007/3-540-48405-10921.00042Google ScholarCross Ref
- 40.Yao, A.C.: How to generate and exchange secrets (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, Toronto, Canada, 27–29 October 1986, pp. 162–167. IEEE Computer Society (1986). DOI: https://doi.org/10.1109/SFCS.1986.25Google ScholarDigital Library
Cited By
View all
Recommendations
- Monomial evaluation of polynomial functions protected by threshold implementations—with an illustration on AES—: - Extended version -
Abstract
In the context of side-channel countermeasures, threshold implementations (TI) have been introduced in 2006 by Nikova et al. to defeat attacks which exploit hardware effects called glitches. On several aspects, TI may be seen as an extension of ...
Read More
- Combined fault and side-channel attack on protected implementations of AES
CARDIS'11: Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
The contribution of this paper is twofold: (1) a novel fault injection attack against AES, based on a new fault model, is proposed. Compared to state-of-the-art attacks, this fault model advantage is to relax constraints on the fault location, and then ...
Read More
- Spin Me Right Round Rotational Symmetry for FPGA-Specific AES: Extended Version
Abstract
The effort in reducing the area of AES implementations has largely been focused on application-specific integrated circuits (ASICs) in which a tower field construction leads to a small design of the AES S-box. In contrast, a naive implementation ...
Read More
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in
Full Access
Get this Publication
- Information
- Contributors
Published in
Information Security Theory and Practice: 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11–12, 2019, Proceedings
Dec 2019
236 pages
ISBN:978-3-030-41701-7
DOI:10.1007/978-3-030-41702-4
- Editors:
- Maryline Laurent
Telecom SudParis, Evry, France
, - Thanassis Giannetsos
Technical University of Denmark, Lyngby, Denmark
© IFIP International Federation for Information Processing 2020
Sponsors
In-Cooperation
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
- Published: 2 March 2020
Author Tags
- SCA
- Threshold implementations
- AES
- Masking
- Sharing
- Secure polynomial evaluation
Qualifiers
- Article
Conference
Funding Sources
Other Metrics
View Article Metrics
- Bibliometrics
- Citations0
Article Metrics
- View Citations
Total Citations
Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet
Digital Edition
View this article in digital edition.
View Digital Edition
- Figures
- Other
Close Figure Viewer
Browse AllReturn
Caption
View Table of Contents
Export Citations
Your Search Results Download Request
We are preparing your search results for download ...
We will inform you here when the file is ready.
Download now!
Your Search Results Download Request
Your file of search results citations is now ready.
Download now!
Your Search Results Download Request
Your search export query has expired. Please try again.