Paper 2013/168

On secure embedded token design (Long Version) -- Quasi-looped Yao circuits and bounded leakage

Simon Hoerder, Kimmo Järvinen, and Dan Page


Within a broader context of mobile and embedded computing, the design of practical, secure tokens that can store and/or process security-critical information remains an ongoing challenge. One aspect of this challenge is the threat of information leakage through side-channel attacks, which is exacerbated by any resource constraints. Although any countermeasure can be of value, it seems clear that approaches providing robust guarantees are most attractive. Along these lines, this paper extends previous work on use of Yao circuits via two contributions. First, we show how careful analysis can fix the maximum number of traces acquired during a DPA attack, effectively bounding leakage from a Yao-based token: for a low enough bound, the token can therefore be secured via conventional (potentially less robust) countermeasures. To achieve this we use modularised Yao circuits, which also support our second contribution: the first Yao-based mplementation of a secure authentication payload, namely HMAC based on SHA.

Available format(s)
Publication info
Published elsewhere. Workshop on Information Security Theory and Practice (WISTP) 2013
Yao circuitsside-channel attacksleakage-resilientmobileembedded tokensAESHMACSHA
Contact author(s)
hoerder @ cs bris ac uk
2013-03-28: received
Short URL
Creative Commons Attribution


      author = {Simon Hoerder and Kimmo Järvinen and Dan Page},
      title = {On secure embedded token design (Long Version) -- Quasi-looped Yao circuits and bounded leakage},
      howpublished = {Cryptology ePrint Archive, Paper 2013/168},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.