Threshold Implementation in Software - Case Study of PRESENT

Masking is one of the predominantly deployed countermeasures in order to prevent side-channel analysis (SCA) attacks. Over the years, various masking schemes have been proposed. However, the implementation of Boolean masking schemes has proven to be difficult in particular for embedded devices due to undisclosed architecture details and device internals. In this article, we investigate the application of Threshold Implementation (TI) in terms of Boolean masking in software using the PRESENT cipher as a case study. Since TI has proven to be a proper solution in order to implement Boolean masking for hardware circuits, we apply the same concept for software implementations and compare it to classical first- and second-order Boolean masking schemes. Eventually, our practical security evaluations reveal that amongst all our considered implementation variants only the TI can provide first-order security while all others still exhibit detectable first-order leakage.

[1]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[2]  Sylvain Guilley,et al.  Leakage Squeezing Countermeasure against High-Order Attacks , 2011, WISTP.

[3]  Sylvain Guilley,et al.  Detecting Hidden Leakages , 2014, ACNS.

[4]  Amir Moradi,et al.  Assessment of Hiding the Higher-Order Leakages in Hardware - What Are the Achievements Versus Overheads? , 2015, CHES.

[5]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[6]  Jean-Sébastien Coron,et al.  Side Channel Cryptanalysis of a Higher Order Masking Scheme , 2007, CHES.

[7]  Axel Poschmann,et al.  On the Security of RSM - Presenting 5 First- and Second-Order Attacks , 2014, COSADE.

[8]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[9]  Tim Güneysu,et al.  Affine Equivalence and Its Application to Tightening Threshold Implementations , 2015, SAC.

[10]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[11]  Matthieu Rivain,et al.  How Fast Can Higher-Order Masking Be in Software? , 2017, EUROCRYPT.

[12]  François-Xavier Standaert,et al.  Efficient Masked S-Boxes Processing - A Step Forward - , 2014, AFRICACRYPT.

[13]  Kostas Papagiannopoulos,et al.  Mind the Gap: Towards Secure 1st-Order Masking in Software , 2017, COSADE.

[14]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[15]  David Novo,et al.  Automatic Application of Power Analysis Countermeasures , 2015, IEEE Transactions on Computers.

[16]  Michaël Quisquater,et al.  Secure Multiplicative Masking of Power Functions , 2010, ACNS.

[17]  Amir Moradi,et al.  Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations , 2015, CHES.

[18]  Sylvain Guilley,et al.  A low-entropy first-degree secure provable masking scheme for resource-constrained devices , 2013, WESS '13.

[19]  Emmanuel Prouff,et al.  Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers , 2009, CHES.

[20]  Emmanuel Prouff,et al.  Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis , 2008, FSE.

[21]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[22]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[23]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[24]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[25]  Michaël Quisquater,et al.  Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings , 2011, CHES.

[26]  Thomas Eisenbarth,et al.  On the Vulnerability of Low Entropy Masking Schemes , 2013, CARDIS.

[27]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[28]  Emmanuel Prouff,et al.  A Generic Method for Secure SBox Implementation , 2007, WISA.

[29]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[30]  Aurélien Francillon,et al.  Smart Card Research and Advanced Applications , 2013, Lecture Notes in Computer Science.

[31]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[32]  Phuong Ha Nguyen,et al.  Minimizing S-Boxes in Hardware by Utilizing Linear Transformations , 2014, AFRICACRYPT.

[33]  Huaxiong Wang,et al.  On 3-Share Threshold Implementations for 4-Bit S-boxes , 2013, COSADE.

[34]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[35]  Claude Carlet,et al.  Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[36]  Phuong Ha Nguyen,et al.  Enabling 3-Share Threshold Implementations for all 4-Bit S-Boxes , 2013, ICISC.

[37]  Vincent Rijmen,et al.  Threshold implementations of small S-boxes , 2014, Cryptography and Communications.

[38]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[39]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[40]  François-Xavier Standaert,et al.  Low Entropy Masking Schemes, Revisited , 2013, CARDIS.

[41]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[42]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .