Cryptology ePrint Archive: Report 2014/751

Higher-Order Threshold Implementations

Begül Bilgin and Benedikt Gierlichs and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen

Abstract: Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st-order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN- 32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.

Category / Keywords: implementation / higher-order DPA, threshold implementations, glitches

Original Publication (in the same form): IACR-ASIACRYPT-2014

Date: received 26 Sep 2014

Contact author: begul bilgin at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20140929:083019 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]