A Low-Randomness First-Order Masked Xoodyak

Xoodyak, a finalist in the Round 3 of the Lightweight Cryptography Standardization Process, is a compact and efficient lightweight cryptographic algorithm. Resistance to side-channel attacks is an important evaluation metric of this Process. In this work, we dedicatedly analyze and realize the domainoriented masking implementation of Xoodyak. We first perform a security evaluation for the domain-oriented masking in Xoodyak’s implementation. Moreover, we propose a randomness reduction technique for domain-oriented masking implementation of Xoodyak, where existing techniques are inapplicable. Finally, our protected design is implemented on FPGA and evaluated on ASIC. Potential side-channel leakage is evaluated using Test Vector Leakage Assessment. Results show that our implementation is compact, side-channel leakage-free, and only consumes 33% of the originally required randomness.

[1]  Martin Novotný,et al.  Side-channel attack on Rainbow post-quantum signature , 2021, 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Aein Rezaei Shahmirzadi,et al.  Re-Consolidating First-Order Masking Schemes - Nullifying Fresh Randomness , 2020, IACR Cryptol. ePrint Arch..

[3]  Joan Daemen,et al.  Xoodyak, a lightweight cryptographic scheme , 2020, IACR Trans. Symmetric Cryptol..

[4]  Joan Daemen,et al.  The design of Xoodoo and Xoofff , 2018, IACR Trans. Symmetric Cryptol..

[5]  François-Xavier Standaert,et al.  Composable Masking Schemes in the Presence of Physical Defaults and the Robust Probing Model , 2018, IACR Cryptol. ePrint Arch..

[6]  Vincent Rijmen,et al.  Rhythmic Keccak: SCA Security and Low Latency in HW , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[7]  Joan Daemen,et al.  Changing of the Guards: A Simple and Efficient Method for Achieving Uniformity in Threshold Sharing , 2017, CHES.

[8]  Stefan Mangard,et al.  Higher-Order Side-Channel Protected Implementations of KECCAK , 2017, 2017 Euromicro Conference on Digital System Design (DSD).

[9]  Stefan Mangard,et al.  Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order , 2016, IACR Cryptol. ePrint Arch..

[10]  Ingrid Verbauwhede,et al.  Consolidating Masking Schemes , 2015, CRYPTO.

[11]  Morris Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[12]  Vincent Rijmen,et al.  Efficient and First-Order DPA Resistant Implementations of Keccak , 2013, CARDIS.

[13]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[14]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[15]  K. Gaj,et al.  Side-Channel Resistant Implementations of Three Finalists of the NIST Lightweight Cryptography Standardization Process: Elephant, TinyJAMBU, and Xoodyak , 2022 .

[16]  Amir Moradi,et al.  Second-Order SCA Security with almost no Fresh Randomness , 2021, IACR Cryptol. ePrint Arch..

[17]  Thomas Peyrin,et al.  Preliminary Hardware Benchmarking of a Group of Round 2 NIST Lightweight AEAD Candidates , 2020, IACR Cryptol. ePrint Arch..

[18]  Kris Gaj,et al.  FPGA Benchmarking of Round 2 Candidates in the NIST Lightweight Cryptography Standardization Process: Methodology, Metrics, Tools, and Results , 2020, IACR Cryptol. ePrint Arch..

[19]  Kris Gaj,et al.  Implementer’s Guide to Hardware Implementations Compliant with the Hardware API for Lightweight Cryptography , 2019 .

[20]  Joan Daemen,et al.  Xoodoo cookbook , 2018, IACR Cryptol. ePrint Arch..

[21]  Guido Bertoni,et al.  Keccak , 2013, EUROCRYPT.

[22]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[23]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .