Efficient and First-Order DPA Resistant Implementations of Keccak

Begül Bilgin, Joan Daemen, Ventzislav Nikov, S.I. Nikova, Vincent Rijmen, Gilles Van Assche

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    50 Citations (Scopus)
    42 Downloads (Pure)


    In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against side-channel attacks, preferably at low cost. In this paper, we present threshold implementations (TI) of Keccak with three and four shares that build further on unprotected parallel and serial architectures. We improve upon earlier TI implementations of Keccak in the sense that the latter did not achieve uniformity of shares. In our proposals we do achieve uniformity at the cost of an extra share in a four-share version or at the cost of injecting a small number of fresh random bits for each computed round. The proposed implementations are efficient and provably secure against first-order side-channel attacks.
    Original languageUndefined
    Title of host publication12th Smart Card Research and Advanced Application Conference (CARDIS)
    EditorsA. Francillon, P. Rohatgi
    Place of PublicationSwitzerland
    Number of pages13
    ISBN (Print)978-3-319-08302-5
    Publication statusPublished - Nov 2013
    Event12th Smart Card Research and Advanced Application Conference, CARDIS 2013 - Berlin, Germany
    Duration: 27 Nov 201329 Nov 2013
    Conference number: 12

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer International Publishing


    Conference12th Smart Card Research and Advanced Application Conference, CARDIS 2013
    Abbreviated titleCARDIS 2013


    • EWI-24466
    • IR-91871
    • METIS-305854

    Cite this