Higher-Order Threshold Implementation

Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    91 Citations (Scopus)

    Abstract

    Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.
    Original languageEnglish
    Title of host publicationAdvances in Cryptology – ASIACRYPT 2014
    Subtitle of host publication20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings
    EditorsPalash Sarkar, Tetsu Iwata
    Place of PublicationLondon
    PublisherSpringer
    Pages326-343
    Number of pages19
    ISBN (Electronic)978-3-662-45608-8
    ISBN (Print)978-3-662-45607-1
    DOIs
    Publication statusPublished - Dec 2014

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume8874
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Fingerprint

    Networks (circuits)
    Field programmable gate arrays (FPGA)
    Clocks
    Hardware
    Side channel attack

    Keywords

    • EWI-25075
    • METIS-306031
    • IR-92489
    • SCS-Cybersecurity

    Cite this

    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., & Rijmen, V. (2014). Higher-Order Threshold Implementation. In P. Sarkar, & T. Iwata (Eds.), Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings (pp. 326-343). (Lecture Notes in Computer Science; Vol. 8874). London: Springer. https://doi.org/10.1007/978-3-662-45608-8_18
    Bilgin, Begül ; Gierlichs, Benedikt ; Nikova, Svetla ; Nikov, Ventzislav ; Rijmen, Vincent. / Higher-Order Threshold Implementation. Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings. editor / Palash Sarkar ; Tetsu Iwata. London : Springer, 2014. pp. 326-343 (Lecture Notes in Computer Science).
    @inproceedings{2fca9137feae4eefae561122dac13883,
    title = "Higher-Order Threshold Implementation",
    abstract = "Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.",
    keywords = "EWI-25075, METIS-306031, IR-92489, SCS-Cybersecurity",
    author = "Beg{\"u}l Bilgin and Benedikt Gierlichs and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen",
    note = "eemcs-eprint-25075",
    year = "2014",
    month = "12",
    doi = "10.1007/978-3-662-45608-8_18",
    language = "English",
    isbn = "978-3-662-45607-1",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "326--343",
    editor = "Palash Sarkar and Tetsu Iwata",
    booktitle = "Advances in Cryptology – ASIACRYPT 2014",

    }

    Bilgin, B, Gierlichs, B, Nikova, S, Nikov, V & Rijmen, V 2014, Higher-Order Threshold Implementation. in P Sarkar & T Iwata (eds), Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings. Lecture Notes in Computer Science, vol. 8874, Springer, London, pp. 326-343. https://doi.org/10.1007/978-3-662-45608-8_18

    Higher-Order Threshold Implementation. / Bilgin, Begül; Gierlichs, Benedikt; Nikova, Svetla; Nikov, Ventzislav; Rijmen, Vincent.

    Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings. ed. / Palash Sarkar; Tetsu Iwata. London : Springer, 2014. p. 326-343 (Lecture Notes in Computer Science; Vol. 8874).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Higher-Order Threshold Implementation

    AU - Bilgin, Begül

    AU - Gierlichs, Benedikt

    AU - Nikova, Svetla

    AU - Nikov, Ventzislav

    AU - Rijmen, Vincent

    N1 - eemcs-eprint-25075

    PY - 2014/12

    Y1 - 2014/12

    N2 - Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.

    AB - Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.

    KW - EWI-25075

    KW - METIS-306031

    KW - IR-92489

    KW - SCS-Cybersecurity

    U2 - 10.1007/978-3-662-45608-8_18

    DO - 10.1007/978-3-662-45608-8_18

    M3 - Conference contribution

    SN - 978-3-662-45607-1

    T3 - Lecture Notes in Computer Science

    SP - 326

    EP - 343

    BT - Advances in Cryptology – ASIACRYPT 2014

    A2 - Sarkar, Palash

    A2 - Iwata, Tetsu

    PB - Springer

    CY - London

    ER -

    Bilgin B, Gierlichs B, Nikova S, Nikov V, Rijmen V. Higher-Order Threshold Implementation. In Sarkar P, Iwata T, editors, Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings. London: Springer. 2014. p. 326-343. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-662-45608-8_18