You are looking at a specific version 20210427:162032 of this paper. See the latest version.

Paper 2021/461

Second-Order SCA Security with almost no Fresh Randomness

Aein Rezaei Shahmirzadi and Amir Moradi

Abstract

Masking schemes are among the most popular countermeasures against Side-Channel Analysis (SCA) attacks. Realization of masked implementations on hardware faces several difficulties including dealing with glitches. Threshold Implementation (TI) is known as the first strategy with provable security in presence of glitches. In addition to the desired security order d, TI defines the minimum number of shares to also depend on the algebraic degree of the target function. This may lead to unaffordable implementation costs for higher orders. For example, at least five shares are required to protect the smallest nonlinear function against second-order attacks. By cutting such a dependency, the successor schemes are able to achieve the same security level by just $d+1$ shares, at the cost of high demand for fresh randomness, particularly at higher orders. In this work, we provide a methodology to realize the second-order glitch-extended probing-secure implementation of a group of quadratic functions with three shares and no fresh randomness. This allows us to construct second-order secure implementations of several cryptographic primitives with very limited number of fresh masks, including Keccak, SKINNY, Midori, PRESENT, and PRINCE.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2021
Keywords
Side-Channel AnalysisMaskingHardwareThreshold Implementation
Contact author(s)
aein rezaeishahmirzadi @ rub de,amir moradi @ rub de
History
2021-04-27: revised
2021-04-12: received
See all versions
Short URL
https://ia.cr/2021/461
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.