Higher-Order Threshold Implementation

Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

87 Citations (Scopus)

Abstract

Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.
Original languageEnglish
Title of host publicationAdvances in Cryptology – ASIACRYPT 2014
Subtitle of host publication20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings
EditorsPalash Sarkar, Tetsu Iwata
Place of PublicationLondon
PublisherSpringer
Pages326-343
Number of pages19
ISBN (Electronic)978-3-662-45608-8
ISBN (Print)978-3-662-45607-1
DOIs
Publication statusPublished - Dec 2014

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume8874
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Fingerprint

Networks (circuits)
Field programmable gate arrays (FPGA)
Clocks
Hardware
Side channel attack

Keywords

  • EWI-25075
  • METIS-306031
  • IR-92489
  • SCS-Cybersecurity

Cite this

Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., & Rijmen, V. (2014). Higher-Order Threshold Implementation. In P. Sarkar, & T. Iwata (Eds.), Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings (pp. 326-343). (Lecture Notes in Computer Science; Vol. 8874). London: Springer. https://doi.org/10.1007/978-3-662-45608-8_18
Bilgin, Begül ; Gierlichs, Benedikt ; Nikova, Svetla ; Nikov, Ventzislav ; Rijmen, Vincent. / Higher-Order Threshold Implementation. Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings. editor / Palash Sarkar ; Tetsu Iwata. London : Springer, 2014. pp. 326-343 (Lecture Notes in Computer Science).
@inproceedings{2fca9137feae4eefae561122dac13883,
title = "Higher-Order Threshold Implementation",
abstract = "Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.",
keywords = "EWI-25075, METIS-306031, IR-92489, SCS-Cybersecurity",
author = "Beg{\"u}l Bilgin and Benedikt Gierlichs and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen",
note = "eemcs-eprint-25075",
year = "2014",
month = "12",
doi = "10.1007/978-3-662-45608-8_18",
language = "English",
isbn = "978-3-662-45607-1",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "326--343",
editor = "Palash Sarkar and Tetsu Iwata",
booktitle = "Advances in Cryptology – ASIACRYPT 2014",

}

Bilgin, B, Gierlichs, B, Nikova, S, Nikov, V & Rijmen, V 2014, Higher-Order Threshold Implementation. in P Sarkar & T Iwata (eds), Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings. Lecture Notes in Computer Science, vol. 8874, Springer, London, pp. 326-343. https://doi.org/10.1007/978-3-662-45608-8_18

Higher-Order Threshold Implementation. / Bilgin, Begül; Gierlichs, Benedikt; Nikova, Svetla; Nikov, Ventzislav; Rijmen, Vincent.

Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings. ed. / Palash Sarkar; Tetsu Iwata. London : Springer, 2014. p. 326-343 (Lecture Notes in Computer Science; Vol. 8874).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Higher-Order Threshold Implementation

AU - Bilgin, Begül

AU - Gierlichs, Benedikt

AU - Nikova, Svetla

AU - Nikov, Ventzislav

AU - Rijmen, Vincent

N1 - eemcs-eprint-25075

PY - 2014/12

Y1 - 2014/12

N2 - Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.

AB - Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.

KW - EWI-25075

KW - METIS-306031

KW - IR-92489

KW - SCS-Cybersecurity

U2 - 10.1007/978-3-662-45608-8_18

DO - 10.1007/978-3-662-45608-8_18

M3 - Conference contribution

SN - 978-3-662-45607-1

T3 - Lecture Notes in Computer Science

SP - 326

EP - 343

BT - Advances in Cryptology – ASIACRYPT 2014

A2 - Sarkar, Palash

A2 - Iwata, Tetsu

PB - Springer

CY - London

ER -

Bilgin B, Gierlichs B, Nikova S, Nikov V, Rijmen V. Higher-Order Threshold Implementation. In Sarkar P, Iwata T, editors, Advances in Cryptology – ASIACRYPT 2014: 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings. London: Springer. 2014. p. 326-343. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-662-45608-8_18