Cryptology ePrint Archive: Report 2016/420

A note on the security of threshold implementations with $d+1$ input shares

Santos Merino Del Pozo and François-Xavier Standaert

Abstract: Recently, threshold implementations (TI) with $d + 1$ input shares have been proposed at Crypto 2015. This optimization aims for more lightweight TI designs while keeping the glitch-resistance of the original concept. In this note, we consider such an approach and provide preliminary simulation-based evidence, backed by empirical results, of the existence of $d^{\text{th}}$-order leakages. We conclude that, while for first-order TI designs this solution can be overkill due to the extra randomness requirements, higher-order TIs can still benefit from it.

Category / Keywords: implementation / threshold implementations, masking

Date: received 28 Apr 2016, last revised 28 Apr 2016

Contact author: santos merino at uclouvain be

Available format(s): PDF | BibTeX Citation

Version: 20160501:131813 (All versions of this report)

Short URL: ia.cr/2016/420

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]