Higher-Order Threshold Implementation of the AES S-Box

详细信息    查看全文

• 关键词：Higher ; order ; Threshold implementations ; AES ; S ; box ; Masking
• 刊名：Lecture Notes in Computer Science
• 出版年：2016
• 出版时间：2016
• 年：2016
• 卷：9514
• 期：1
• 页码：259-272
• 全文大小：734 KB
• 参考文献：1.Bilgin, B.: Threshold implementations, as countermeasure against higher-order differential power analysis. Ph.D. thesis, University of Twente, Enschede, May 2015
  2.Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT. LNCS, vol. 8469, pp. 267–284. Springer, Heidelberg (2014). http://​dx.​doi.​org/​10.​1007/​978-3-319-06734-6_​17 CrossRef
  3.Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014). http://​dx.​doi.​org/​10.​1007/​978-3-662-45608-8_​18
  4.Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Trade-offs for threshold implementations illustrated on AES. IEEE Trans. CAD Integr. Circ. Syst. 34(7), 1188–1200 (2015). doi:10.​1109/​TCAD.​2015.​2419623 CrossRef MATH
  5.Canright, D.: A very compact S-box for AES. In: Rao and Sunar [22], pp. 441–455. http://​dx.​org/​10.​1007/​11545262_​32
  6.Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)CrossRef
  7.Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference (2013). http://​icmc-2013.​org/​wp/​wp-content/​uploads/​2013/​09/​goodwillkenworth​testvector.​pdf
  8.Daemen, J., Rijmen, V.: The design of rijndael: AES - the advanced encryption standard. In: Information Security and Cryptography. Springer, Berlin (2002). doi:10.​1007/​978-3-662-04722-4
  9.De Cnudde, T., Bilgin, B., Reparaz, O., Nikova, S.: Higher-order glitch resistant implementation of the PRESENT S-box. In: Ors, B., Preneel, B. (eds.) BalkanCryptSec 2014. LNCS, vol. 9024, pp. 75–93. Springer, Heidelberg (2015)CrossRef
  10.Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop (2011). http://​csrc.​nist.​gov/​news_​events/​non-invasive-attack-testing-workshop/​papers/​08_​Goodwill.​pdf
  11.Goubin, L., Patarin, J.: DES and differential power analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRef
  12.Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRef
  13.Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao and Sunar [22], pp. 157–171. http://​dblp.​uni-trier.​de/​db/​conf/​ches/​ches2005.​html#MangardPO05
  14.Messerges, T.S.: Using second-order power analysis to attack DPA resistant software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRef
  15.Moradi, A., Mischke, O.: On the simplicity of converting leakages from multivariate to univariate. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 1–20. Springer, Heidelberg (2013)CrossRef
  16.Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)CrossRef
  17.Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006)CrossRef
  18.Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptology 24(2), 292–321 (2011). doi:10.​1007/​s00145-010-9085-7 MathSciNet CrossRef MATH
  19.Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192–207. Springer, Heidelberg (2006)CrossRef
  20.Peeters, E., Standaert, F., Donckers, N., Quisquater, J.: Improved higher-order side-channel attacks with FPGA experiments. In: Rao and Sunar [22], pp. 309–323. doi:10.​1007/​11545262_​23
  21.Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011)CrossRef
  22.Rao, J.R., Sunar, B. (eds.): CHES 2005. LNCS, vol. 3659. Springer, Heidelberg (2005)MATH
  23.Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating Masking Schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 1–20. Springer, Heidelberg (2015)
  24.Reparaz, O., Gierlichs, B., Verbauwhede, I.: Selecting time samples for multivariate DPA attacks. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 155–174. Springer, Heidelberg (2012)CrossRef
  25.Rijmen, V.: Efficient implementation of the rijndael S-box. http://​www.​researchgate.​net/​profile/​Vincent_​Rijmen/​publication/​2621085_​Efficient_​Implementation_​of_​the_​Rijndael_​S-box/​links/​0912f50f7a7be367​d7000000?​origin=​publication_​detail
  26.Schneider, T., Moradi, A.: Leakage assessment methodology. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015)CrossRef
  27.Standaert, F., Peeters, E., Quisquater, J.: On the masking countermeasure and higher-order power analysis attacks. In: International Symposium on Information Technology: Coding and Computing (ITCC 2005), vol. 1, pp. 562–567. IEEE Computer Society, Las Vegas, Nevada, USA, 4–6 April 2005. doi:10.​1109/​ITCC.​2005.​213
  28.Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRef
  
• 作者单位：Thomas De Cnudde (15)
  Begül Bilgin (15)
  Oscar Reparaz (15)
  Ventzislav Nikov (16)
  Svetla Nikova (15)
  
  15. KU Leuven, ESAT-COSIC and iMinds, Leuven, Belgium
  16. NXP Semiconductors, Leuven, Belgium
  
• 丛书名：Smart Card Research and Advanced Applications
• ISBN：978-3-319-31271-2
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

In this paper we present a threshold implementation of the Advanced Encryption Standard’s S-box which is secure against first- and second-order power analysis attacks. This security guarantee holds even in the presence of glitches, and includes resistance against bivariate attacks. The design requires an area of 7849 Gate Equivalents and 126 bits of randomness per S-box execution. The implementation is tested on an FPGA platform and its security claim is supported by practical leakage detection tests.