Paper 2016/434

A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile-and Why it is Not

Cong Chen, Mohammad Farmani, and Thomas Eisenbarth

Abstract

In this work, we explore the possibilities for practical Threshold Implementation (TI) with only two shares in order for a smaller design that needs less randomness but is still first-order leakage resistant. We present the first two-share Threshold Implementations of two lightweight block ciphers---Simon and Present. The implementation results show that two-share TI gains in compactness while loses in throughput compared with three-share schemes. Moreover, the leakage analyses show that two-share TI retains perfect first-order resistance but is shadowed by a strong second-order leakage, making it less worthwhile.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Threshold ImplementationPaired t-testLightweight CryptographyFPGA
Contact author(s)
teisenbarth @ wpi edu
History
2016-05-04: received
Short URL
https://ia.cr/2016/434
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2016/434,
      author = {Cong Chen and Mohammad Farmani and Thomas Eisenbarth},
      title = {A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile-and Why it is Not},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/434},
      year = {2016},
      url = {https://eprint.iacr.org/2016/434}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.