Paper 2021/461
Second-Order SCA Security with almost no Fresh Randomness
Aein Rezaei Shahmirzadi and Amir Moradi
Abstract
Masking schemes are among the most popular countermeasures against Side-Channel Analysis (SCA) attacks. Realization of masked implementations on hardware faces several difficulties including dealing with glitches. Threshold Implementation (TI) is known as the first strategy with provable security in presence of glitches. In addition to the desired security order d, TI defines the minimum number of shares to also depend on the algebraic degree of the target function. This may lead to unaffordable implementation costs for higher orders. For example, at least five shares are required to protect the smallest nonlinear function against second-order attacks. By cutting such a dependency, the successor schemes are able to achieve the same security level by just $d+1$ shares, at the cost of high demand for fresh randomness, particularly at higher orders. In this work, we provide a methodology to realize the second-order glitch-extended probing-secure implementation of a group of quadratic functions with three shares and no fresh randomness. This allows us to construct second-order secure implementations of several cryptographic primitives with very limited number of fresh masks, including Keccak, SKINNY, Midori, PRESENT, and PRINCE.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published by the IACR in TCHES 2021
- Keywords
- Side-Channel AnalysisMaskingHardwareThreshold Implementation
- Contact author(s)
-
aein rezaeishahmirzadi @ rub de
amir moradi @ rub de - History
- 2021-04-27: revised
- 2021-04-12: received
- See all versions
- Short URL
- https://ia.cr/2021/461
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/461, author = {Aein Rezaei Shahmirzadi and Amir Moradi}, title = {Second-Order {SCA} Security with almost no Fresh Randomness}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/461}, year = {2021}, url = {https://eprint.iacr.org/2021/461} }