Low-Latency Hardware Masking with Application to AES

During the past two decades there has been a great deal of research published on masked hardware implementations of AES and other cryptographic primitives. Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due to the high-degree of nonlinear functions in their designs. In this paper, we present a hardware masking technique which does not increase the latency for such algorithms. It is based on the LUT-based Masked Dual-Rail with Pre-charge Logic (LMDPL) technique presented at CHES 2014. First, we show 1-glitch extended strong noninterference of a nonlinear LMDPL gadget under the 1-glitch extended probing model. We then use this knowledge to design an AES implementation which computes a full AES-128 operation in 10 cycles and a full AES-256 operation in 14 cycles. We perform practical side-channel analysis of our implementation using the Test Vector Leakage Assessment (TVLA) methodology and analyze univariate as well as bivariate t-statistics to demonstrate its DPA resistance level.

[1]  Vincent Rijmen,et al.  Does Coupling Affect the Security of Masked Implementations? , 2017, COSADE.

[2]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[3]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[4]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[5]  Emmanuel Prouff,et al.  Masking against Side-Channel Attacks: A Formal Security Proof , 2013, EUROCRYPT.

[6]  Jean-Sébastien Coron,et al.  Higher-Order Side Channel Security and Mask Refreshing , 2013, FSE.

[7]  Benjamin Grégoire,et al.  Improved parallel mask refreshing algorithms: generic solutions with parametrized non-interference and automated optimizations , 2019, Journal of Cryptographic Engineering.

[8]  Megan Wachs,et al.  Gate-Level Masking under a Path-Based Leakage Metric , 2014, CHES.

[9]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[10]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[11]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[12]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[13]  Ashrujit Ghoshal,et al.  Several Masked Implementations of the Boyar-Peralta AES S-Box , 2017, INDOCRYPT.

[14]  Roderick Bloem,et al.  Generic Low-Latency Masking in Hardware , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[15]  Mark G. Karpovsky,et al.  Power attacks on secure hardware based on early propagation of data , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[16]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[17]  Vincent Rijmen,et al.  Masking AES With d+1 Shares in Hardware , 2016, CHES.

[18]  Joan Daemen,et al.  Changing of the Guards: A Simple and Efficient Method for Achieving Uniformity in Threshold Sharing , 2017, CHES.

[19]  Vincent Rijmen,et al.  Rhythmic Keccak: SCA Security and Low Latency in HW , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[20]  Stefan Mangard,et al.  Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order , 2016, IACR Cryptol. ePrint Arch..

[21]  Vincent Rijmen,et al.  Higher-Order Threshold Implementations , 2014, ASIACRYPT.

[22]  Benjamin Grégoire,et al.  Strong Non-Interference and Type-Directed Higher-Order Masking , 2016, CCS.

[23]  Stefan Mangard,et al.  A unified masking approach , 2018, Journal of Cryptographic Engineering.

[24]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[25]  Takafumi Aoki,et al.  Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation , 2017, COSADE.

[26]  François-Xavier Standaert,et al.  Composable Masking Schemes in the Presence of Physical Defaults and the Robust Probing Model , 2018, IACR Cryptol. ePrint Arch..

[27]  Vincent Rijmen,et al.  A More Efficient AES Threshold Implementation , 2014, AFRICACRYPT.

[28]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[29]  Amir Moradi,et al.  Spin Me Right Round Rotational Symmetry for FPGA-Specific AES: Extended Version , 2018, Journal of Cryptology.

[30]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[31]  Stefan Mangard,et al.  Higher-Order Side-Channel Protected Implementations of KECCAK , 2017, 2017 Euromicro Conference on Digital System Design (DSD).

[32]  Amir Moradi,et al.  Glitch-Resistant Masking Revisited - or Why Proofs in the Robust Probing Model are Needed , 2019, IACR Cryptol. ePrint Arch..

[33]  Syed Kareem Uddin Trade-OFFS For Threshold Implementations Illustrated on AES , 2017 .

[34]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[35]  Takeshi Sugawara 3-Share Threshold Implementation of AES S-box without Fresh Randomness , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[36]  Begül Bilgin,et al.  Multiplicative Masking for AES in Hardware , 2018, IACR Cryptol. ePrint Arch..

[37]  Amir Moradi,et al.  A First-Order SCA Resistant AES without Fresh Randomness , 2018, IACR Cryptol. ePrint Arch..

[38]  Amir Moradi,et al.  Hardware Masking, Revisited , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[39]  Ventzislav Nikov,et al.  Optimized threshold implementations: securing cryptographic accelerators for low-energy and low-latency applications , 2021, Journal of Cryptographic Engineering.

[40]  Ingrid Verbauwhede,et al.  Towards Efficient and Automated Side Channel Evaluations at Design Time , 2018, PROOFS@CHES.

[41]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[42]  Begül Bilgin,et al.  Consolidating Security Notions in Hardware Masking , 2019, IACR Cryptol. ePrint Arch..

[43]  Amir Moradi,et al.  Side-Channel Analysis Protection and Low-Latency in Action - - Case Study of PRINCE and Midori - , 2016, ASIACRYPT.

[44]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.