Optimized Threshold Implementations: Securing Cryptographic Accelerators for Low-Energy and Low-Latency Applications

Dušan Božilov; Miroslav Knežević; Ventzislav Nikov

Paper 2018/922

Optimized Threshold Implementations: Securing Cryptographic Accelerators for Low-Energy and Low-Latency Applications

Dušan Božilov, Miroslav Knežević, and Ventzislav Nikov

Abstract

Threshold implementations have emerged as one of the most popular masking countermeasures for hardware implementations of cryptographic primitives. In the original version of TI, the number of input shares was dependent on both security order $d$ and algebraic degree of a function $t$ , namely $t d + 1$ . At CRYPTO 2015, a new method was presented yielding to a $d$ -th order secure implementation using $d + 1$ input shares. In this work, we first provide a construction for $d + 1$ TI sharing which achieves the minimal number of output shares for any $n$ -input Boolean function of degree $t = n - 1$ . Furthermore, we present a heuristic for minimizing the number of output shares for higher order $t d + 1$ TI. Finally, we demonstrate the applicability of our results on $d + 1$ and $t d + 1$ TI versions, for first- and second-order secure, low-latency and low-energy implementations of the PRINCE block cipher.

Metadata

Available format(s): PDF
Publication info: Preprint. MINOR revision.
Keywords: Threshold Implementations PRINCE SCA Masking
Contact author(s): dusan bozilov @ esat kuleuven be
History: 2018-10-02: received
Short URL: https://ia.cr/2018/922
License: CC BY

BibTeX

@misc{cryptoeprint:2018/922,
      author = {Dušan Božilov and Miroslav Knežević and Ventzislav Nikov},
      title = {Optimized Threshold Implementations: Securing Cryptographic Accelerators for Low-Energy and Low-Latency Applications},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/922},
      year = {2018},
      url = {https://eprint.iacr.org/2018/922}
}