Paper 2021/892

Low-Latency Keccak at any Arbitrary Order

Sara Zarei, Aein Rezaei Shahmirzadi, Hadi Soleimany, Raziye Salarifard, and Amir Moradi

Abstract

Correct application of masking on hardware implementation of cryptographic primitives necessitates the instantiation of registers in order to achieve the non-completeness (commonly said to stop the propagation of glitches). This sometimes leads to a high latency overhead, making the implementation not necessarily suitable for the underlying application. As a concrete example, this holds for Keccak. Application of d + 1 Domain Oriented Masking (DOM) on a round-based implementation of Keccak leads to the introduction of two register stages per round, i.e., two times higher latency. On the other hand, Rhythmic-Keccak, introduced in CHES 2018, unrolls two rounds to half the latency compared to an unprotected ordinary round-based implementation. To that end, td + 1 masking is used which requires a notable area, and – apart from the difficulty to construct – its extension to higher orders seems beyond the bounds of feasibility. In this paper, we focus on d + 1 masking and introduce a methodology which enables us to stay with the latency of an unprotected round-based implementation, i.e., one register stage per round. While being secure under glitch-extended probing model, we provide a general design where the desired security order can be easily adjusted without any effect on the above-given latency. Compared to the Rhythmic-Keccak, the synthesis results show that our first-order design is able to accomplish the entire operations of Keccak-f[200] in the same period of time while decreasing the area by 74.5%. Notably, our implementations achieve around 30% less delay compared to the corresponding original DOM-Keccak designs.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in TCHES 2021
Keywords
KeccakMaskingThreshold ImplementationDomain-Oriented MaskingHardware ImplementationLow Latency
Contact author(s)
sarazareei 94 @ gmail com
aein rezaeishahmirzadi @ rub de
h_soleimany @ sbu ac ir
r_salarifard @ sbu ac ir
amir moradi @ rub de
History
2021-06-29: received
Short URL
https://ia.cr/2021/892
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/892,
      author = {Sara Zarei and Aein Rezaei Shahmirzadi and Hadi Soleimany and Raziye Salarifard and Amir Moradi},
      title = {Low-Latency Keccak at any Arbitrary Order},
      howpublished = {Cryptology ePrint Archive, Paper 2021/892},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/892}},
      url = {https://eprint.iacr.org/2021/892}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.