DPA Protected Implementation of OCB and COLM Authenticated Ciphers

Authenticated ciphers are designed to provide two security requirements simultaneously, i.e. confidentiality and integrity. The CAESAR competition was ended with introducing six authenticated ciphers for several applications as the winners. The OCB and COLM authenticated ciphers are two AES-based winners, respectively for high-speed and defense in-depth applications. Similar to the implementation of any other cryptographic algorithm, unprotected implementations of these ciphers could also be vulnerable to side-channel attacks, especially differential power analysis (DPA). In this work, first, the OCB and COLM ciphers are implemented on FPGA of SAKURA-G board. Then their vulnerability is shown with power leakage detection using t-test over the power traces. Also, the first-order protected version of these ciphers is presented using two masking scheme, i.e. threshold implementation (TI) and domain-oriented masking (DOM). To verify these countermeasures, the first and second-order t-test is conducted, to indicate the resistance of protected schemes to the first-order DPA attacks. Finally, the hardware implementation of two protected and unprotected versions of ciphers on FPGA are benchmarked based on the criteria of area, maximum frequency, and throughput. Additionally, the ratio of the increased area and decreased throughput to the unprotected ciphers have been compared with previous works.

[1]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[2]  V. Neelima,et al.  A More Efficient AES Threshold Implementation , 2016 .

[3]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[4]  Phillip Rogaway,et al.  The OCB Authenticated-Encryption Algorithm , 2014, RFC.

[5]  Amir Moradi,et al.  A First-Order SCA Resistant AES without Fresh Randomness , 2018, IACR Cryptol. ePrint Arch..

[6]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[7]  Mihir Bellare,et al.  OCB: a block-cipher mode of operation for efficient authenticated encryption , 2001, CCS '01.

[8]  Joan Daemen,et al.  DPA on hardware implementations of Ascon and Keyak , 2017, Conf. Computing Frontiers.

[9]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality [including updates through 7/20/2007] , 2004 .

[10]  N. Ferguson Authentication weaknesses in GCM , 2005 .

[11]  William Stallings,et al.  The offset codebook (OCB) block cipher mode of operation for authenticated encryption , 2018, Cryptologia.

[12]  Josh Jae A First-Order DPA Attack Against AES in Counter Mode with Unknown Initial Counter , 2007 .

[13]  Nasour Bagheri,et al.  CPA on Hardware Implementation of COLM Authenticated Cipher and Protect it with DOM Masking Scheme , 2019, IACR Cryptol. ePrint Arch..

[14]  Syed Kareem Uddin Trade-OFFS For Threshold Implementations Illustrated on AES , 2017 .

[15]  Florian Mendel,et al.  Submission to the CAESAR Competition , 2014 .

[16]  Kris Gaj,et al.  Face-off Between the CAESAR Lightweight Finalists: ACORN vs. Ascon , 2018, 2018 International Conference on Field-Programmable Technology (FPT).

[17]  Seog Chung Seo,et al.  SCA-Resistant GCM Implementation on 8-Bit AVR Microcontrollers , 2019, IEEE Access.

[18]  Thomas Unterluggauer,et al.  A low-area ASIC implementation of AEGIS128 — A fast authenticated encryption algorithm , 2014, 22nd Austrian Workshop on Microelectronics (Austrochip).

[19]  Kris Gaj,et al.  Comparison of Cost of Protection against Differential Power Analysis of Selected Authenticated Ciphers , 2018, Cryptogr..

[20]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[21]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[22]  Stefan Mangard,et al.  An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order , 2017, CT-RSA.

[23]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[24]  Amir Moradi,et al.  Leakage assessment methodology , 2016, Journal of Cryptographic Engineering.

[25]  Erich Wenger,et al.  Ascon hardware implementations and side-channel evaluation , 2017, Microprocess. Microsystems.

[26]  Vincent Rijmen,et al.  Masking AES With d+1 Shares in Hardware , 2016, CHES.

[27]  Alexandre Adomnicai,et al.  Masking the Lightweight Authenticated Ciphers ACORN and Ascon in Software , 2018, IACR Cryptol. ePrint Arch..

[28]  P. Rohatgi,et al.  Test Vector Leakage Assessment ( TVLA ) methodology in practice , 2013 .