Abstract
Hardware implementations of cryptographic algorithms are vulnerable to side-channel attacks. Side-channel attacks that are based on multiple measurements of the same operation can be countered by employing masking techniques. Many protection measures depart from an idealized hardware model that is very expensive to meet with real hardware. In particular, the presence of glitches causes many masking techniques to leak information during the computation of nonlinear functions. We discuss a recently introduced masking method which is based on secret sharing and multi-party computation methods. The approach results in implementations that are provably resistant against a wide range of attacks, while making only minimal assumptions on the hardware. We show how to use this method to derive secure implementations of some nonlinear building blocks for cryptographic algorithms. Finally, we provide a provable secure implementation of the block cipher Noekeon and verify the results by means of low-level simulations.
Article PDF
Similar content being viewed by others
References
M.L. Akkar, C. Giraud, An implementation of DES and AES, secure against some attacks, in CHES, ed. by Çetin Kaya Koç, D. Naccache, C. Paar. LNCS, vol. 2162 (Springer, Berlin, 2001), pp. 309–318
M.L. Akkar, R. Bevan, L. Goubin, Two power analysis attacks against one-mask methods, in FSE, ed. by B.K. Roy, W. Meier. LNCS, vol. 3017 (Springer, Berlin, 2004), pp. 332–347
Austria Microsystems: Standard Cell Library 0.35 μm CMOS (C35), http://asic.austriamicrosystems.com/databooks/c35/databook_c35_33
M. Ben-Or, S. Goldwasser, A. Wigderson, Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract), in STOC (ACM, New York, 1988), pp. 1–10
J. Blömer, J. Guajardo, V. Krummel, Provably secure masking of AES, in Selected Areas in Cryptography, ed. by H. Handschuh, M.A. Hasan. LNCS, vol. 3357 (Springer, Berlin, 2004), pp. 69–83
A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J.B. Robshaw, Y. Seurin, C. Vikkelsoe, PRESENT: An ultra-lightweight block cipher, in CHES, ed. by P. Paillier, I. Verbauwhede. LNCS, vol. 4727 (Springer, Berlin, 2007), pp. 450–466
D. Canright, A very compact S-box for AES, in CHES, ed. by J.R. Rao, B. Sunar. LNCS, vol. 3659 (Springer, Berlin, 2005), pp. 441–455
S. Chari, C.S. Jutla, J.R. Rao, P. Rohatgi, Towards sound approaches to counteract power-analysis attacks, in CRYPTO, ed. by M.J. Wiener. LNCS, vol. 1666 (Springer, Berlin, 1999), pp. 398–412
J. Daemen, V. Rijmen, AES proposal: Rijndael. Submitted as an AES Candidate Algorithm (2000), http://www.nist.gov/aes
J. Daemen, M. Peeters, G.V. Assche, V. Rijmen, Nessie proposal: NOEKEON. Submitted as an NESSIE Candidate Algorithm (2000), http://www.cryptonessie.org
W. Fischer, B.M. Gammel, Masking at gate level in the presence of glitches, in CHES, ed. by J.R. Rao, B. Sunar. LNCS, vol. 3659 (Springer, Berlin, 2005), pp. 187–200
B. Gierlichs, L. Batina, P. Tuyls, B. Preneel, Mutual information analysis, in CHES, ed. by E. Oswald, P. Rohatgi. LNCS, vol. 5154 (Springer, Berlin, 2008), pp. 426–442
J.D. Golic, C. Tymen, Multiplicative masking and power analysis of AES, in CHES, ed. by B.S. Kaliski Jr., Çetin Kaya Koç, C. Paar. LNCS, vol. 2523 (Springer, Berlin, 2002), pp. 198–212
Y. Ishai, M. Prabhakaran, A. Sahai, D. Wagner, Private circuits II: Keeping secrets in tamperable circuits, in EUROCRYPT, ed. by S. Vaudenay. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 308–327
Y. Ishai, A. Sahai, D. Wagner, Private circuits: Securing hardware against probing attacks, in CRYPTO, ed. by D. Boneh. LNCS, vol. 2729 (Springer, Berlin, 2003), pp. 463–481
M. Kirschbaum, T. Popp, Evaluation of power estimation methods based on logic simulations, in Austrochip, ed. by K.C. Posch, J. Wolkerstorfer (Verlag der Technischen Universität Graz, Graz, 2007), pp. 45–51
P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis, in CRYPTO, ed. by M.J. Wiener. LNCS, vol. 1666 (Springer, Berlin, 1999), pp. 388–397
S. Mangard, K. Schramm, Pinpointing the side-channel leakage of masked AES hardware implementations, in CHES, ed. by L. Goubin, M. Matsui. LNCS, vol. 4249 (Springer, Berlin, 2006), pp. 76–90
S. Mangard, T. Popp, B.M. Gammel, Side-channel leakage of masked CMOS gates, in CT-RSA, ed. by A. Menezes. LNCS, vol. 3376 (Springer, Berlin, 2005), pp. 351–365
S. Mangard, N. Pramstaller, E. Oswald, Successfully attacking masked AES hardware implementations, in CHES, ed. by J.R. Rao, B. Sunar. LNCS, vol. 3659 (Springer, Berlin, 2005), pp. 157–171
S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks—Revealing the Secrets of Smart Cards (Springer, Berlin, 2007), http://www.dpabook.org
T.S. Messerges, Securing the AES finalists against power analysis attacks, in FSE, ed. by B. Schneier. LNCS, vol. 1978 (Springer, Berlin, 2000), pp. 150–164
S. Nikova, C. Rechberger, V. Rijmen, Threshold implementations against side-channel attacks and glitches, in ICICS, ed. by P. Ning, S. Qing, N. Li. LNCS, vol. 4307 (Springer, Berlin, 2006), pp. 529–545
S. Nikova, V. Rijmen, M. Schläffer, Secure hardware implementation of non-linear functions in the presence of glitches, in ICISC, ed. by P.J. Lee, J.H. Cheon. LNCS, vol. 5461 (Springer, Berlin, 2008), pp. 218–234
E. Oswald, S. Mangard, N. Pramstaller, V. Rijmen, A side-channel analysis resistant description of the AES S-box, in FSE, ed. by H. Gilbert, H. Handschuh, LNCS, vol. 3557 (Springer, Berlin, 2005), pp. 413–423
F.J. Pautot, Some formal solutions in side-channel cryptanalysis—an introduction. Cryptology ePrint Archive, Report 2008/508 (2008), http://eprint.iacr.org/
T. Popp, S. Mangard, Masked dual-rail pre-charge logic: DPA-resistance without routing constraints, in CHES, ed. by J.R. Rao, B. Sunar. LNCS, vol. 3659 (Springer, Berlin, 2005), pp. 172–186
A. Poschmann, A. Moradi, K. Khoo, C.W. Lim, H. Wang, S. Ling, Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. Special Issues on Hardware and Security (2010). doi:10.1007/s00145-010-9086-6
E. Prouff, M. Rivain, Theoretical and practical aspects of mutual information based side channel analysis, in ACNS, ed. by M. Abdalla, D. Pointcheval, P.A. Fouque, D. Vergnaud. LNCS, vol. 5536 (2009), pp. 499–518
J.M. Rabaey, Digital Integrated Circuits: A Design Perspective (Prentice-Hall, Upper Saddle River, 1996)
M. Rivain, E. Dottax, E. Prouff, Block ciphers implementations provably secure against second order side channel analysis, in FSE, ed. by K. Nyberg. LNCS, vol. 5086 (Springer, Berlin, 2008), pp. 127–143
K. Schramm, C. Paar, Higher order masking of the AES, in CT-RSA, ed. by D. Pointcheval. LNCS, vol. 3860 (Springer, Berlin, 2006), pp. 208–225
A. Shamir, How to share a secret. Commun. ACM 22(11), 612–613 (1979)
F.X. Standaert, N. Veyrat-Charvillon, E. Oswald, B. Gierlichs, M. Medwed, M. Kasper, S. Mangard, The world is not enough: Another look on second-order DPA. Cryptology ePrint Archive, Report 2010/180 (2010), http://eprint.iacr.org/
D. Suzuki, M. Saeki, T. Ichikawa, DPA leakage models for CMOS logic circuits, in CHES, ed. by J.R. Rao, B. Sunar. LNCS, vol. 3659 (Springer, Berlin, 2005), pp. 366–382
K. Tiri, I. Verbauwhede, Securing encryption algorithms against DPA at the logic level: Next generation smart card technology, in CHES, ed. by C.D. Walter, Çetin Kaya Koç, C. Paar. LNCS, vol. 2779 (Springer, Berlin, 2003), pp. 125–136
K. Tiri, I. Verbauwhede, A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation, in DATE (IEEE Computer Society, Los Alamitos, 2004), pp. 246–251
E. Trichina, T. Korkishko, K.H. Lee, Small size, low power, side channel-immune AES coprocessor: Design and synthesis results, in AES Conference, ed. by H. Dobbertin, V. Rijmen, A. Sowa. LNCS, vol. 3373 (Springer, Berlin, 2004), pp. 113–127
E. Trichina, D.D. Seta, L. Germani, Simplified adaptive multiplicative masking for AES, in CHES, ed. by B.S. Kaliski Jr., Çetin Kaya Koç, C. Paar. LNCS, vol. 2523 (Springer, Berlin, 2002), pp. 187–197
N. Veyrat-Charvillon, F.X. Standaert, Mutual information analysis: How, when and why? in CHES, ed. by C. Clavier, K. Gaj. LNCS, vol. 5747 (Springer, Berlin, 2009), pp. 429–443
J. Waddle, D. Wagner, Towards efficient second-order power analysis, in CHES, ed. by M. Joye, J.J. Quisquater. LNCS, vol. 3156 (Springer, Berlin, 2004), pp. 1–15
J. Wolkerstorfer, E. Oswald, M. Lamberger, An ASIC implementation of the AES SBoxes, in CT-RSA, ed. by B. Preneel. LNCS, vol. 2271 (Springer, Berlin, 2002), pp. 67–78
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Nikova, S., Rijmen, V. & Schläffer, M. Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. J Cryptol 24, 292–321 (2011). https://doi.org/10.1007/s00145-010-9085-7
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-010-9085-7