Cryptology ePrint Archive: Report 2018/1092

Shuffle and Mix: On the Diffusion of Randomness in Threshold Implementations of Keccak

Felix Wegener and Christian Baiker and Amir Moradi

Abstract: Threshold Implementations are well-known as a provably firstorder secure Boolean masking scheme even in the presence of glitches. A precondition for their security proof is a uniform input distribution at each round function, which may require an injection of fresh randomness or an increase in the number of shares. However, it is unclear whether violating the uniformity assumption causes exploitable leakage in practice. Recently, Daemen undertook a theoretical study of lossy mappings to extend the understanding of uniformity violations. We complement his work by entropy simulations and practical measurements of Keccak’s round function. Our findings shed light on the necessity of mixing operations in addition to bit-permutations in a cipher’s linear layer to propagate randomness between S-boxes and prevent exploitable leakage. Finally, we argue that this result cannot be obtained by current simulation methods, further stressing the continued need for practical leakage measurements.

Category / Keywords: implementation / side-channel analysis, threshold implementation, uniformity, Keccak

Date: received 12 Nov 2018, last revised 28 Nov 2018

Contact author: felix wegener at rub de

Available format(s): PDF | BibTeX Citation

Version: 20181128:112620 (All versions of this report)

Short URL: ia.cr/2018/1092


[ Cryptology ePrint archive ]