## Cryptology ePrint Archive: Report 2018/922

Optimized Threshold Implementations: Securing Cryptographic Accelerators for Low-Energy and Low-Latency Applications

Dušan Božilov and Miroslav Knežević and Ventzislav Nikov

Abstract: Threshold implementations have emerged as one of the most popular masking countermeasures for hardware implementations of cryptographic primitives. In the original version of TI, the number of input shares was dependent on both security order $d$ and algebraic degree of a function $t$, namely $td + 1$. At CRYPTO 2015, a new method was presented yielding to a $d$-th order secure implementation using $d+1$ input shares. In this work, we first provide a construction for $d+1$ TI sharing which achieves the minimal number of output shares for any $n$-input Boolean function of degree $t=n-1$. Furthermore, we present a heuristic for minimizing the number of output shares for higher order $td + 1$ TI. Finally, we demonstrate the applicability of our results on $d+1$ and $td+1$ TI versions, for first- and second-order secure, low-latency and low-energy implementations of the PRINCE block cipher.

Category / Keywords: Threshold Implementations, PRINCE, SCA, Masking

Date: received 27 Sep 2018, last revised 27 Sep 2018

Contact author: dusan bozilov at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2018/922

[ Cryptology ePrint archive ]