Cryptology ePrint Archive: Report 2016/434

A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile-and Why it is Not

Cong Chen and Mohammad Farmani and Thomas Eisenbarth

Abstract: In this work, we explore the possibilities for practical Threshold Implementation (TI) with only two shares in order for a smaller design that needs less randomness but is still first-order leakage resistant. We present the first two-share Threshold Implementations of two lightweight block ciphers---Simon and Present. The implementation results show that two-share TI gains in compactness while loses in throughput compared with three-share schemes. Moreover, the leakage analyses show that two-share TI retains perfect first-order resistance but is shadowed by a strong second-order leakage, making it less worthwhile.

Category / Keywords: implementation / Threshold Implementation, Paired t-test, Lightweight Cryptography, FPGA

Date: received 2 May 2016

Contact author: teisenbarth at wpi edu

Available format(s): PDF | BibTeX Citation

Version: 20160504:093220 (All versions of this report)

Short URL: ia.cr/2016/434

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]