Cryptology ePrint Archive: Report 2015/597

Assessment of Hiding the Higher-Order Leakages in Hardware - what are the achievements versus overheads?

Amir Moradi and Alexander Wild

Abstract: Higher-order side-channel attacks are becoming amongst the major interests of academia as well as industry sector. It is indeed being motivated by the development of countermeasures which can prevent the leakages up to certain orders. As a concrete example, threshold implementation (TI) as an efficient way to realize Boolean masking in hardware is able to avoid first-order leakages. Trivially, the attacks conducted at second (and higher) orders can exploit the corresponding leakages hence devastating the provided security. Hence, the extension of TI to higher orders was being expected which has been presented at ASIACRYPT 2014. Following its underlying univariate settings it can provide security at higher orders, and its area and time overheads naturally increase with the desired security order. In this work we look at the feasibility of higher-order attacks on first-order TI from another perspective. Instead of increasing the order of resistance by employing higher-order TIs, we realize the first-order TI designs following the principles of a power-equalization technique dedicated to FPGA platforms, that naturally leads to hardening higher-order attacks. We show that although the first-order TI designs, which are additionally equipped by the power-equalization methodology, have significant area overhead, they can maintain the same throughput and more importantly can avoid the higher-order leakages to be practically exploitable by up to 1 billion traces.

Category / Keywords: implementation / side-channel analysis, countermeasure, threshold implementation, GliFred, FPGA, hiding, masking

Original Publication (with minor differences): IACR-CHES-2015

Date: received 15 Jun 2015

Contact author: amir moradi at rub de

Available format(s): PDF | BibTeX Citation

Version: 20150621:165149 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]