Cryptology ePrint Archive: Report 2021/892

Low-Latency Keccak at any Arbitrary Order

Sara Zarei and Aein Rezaei Shahmirzadi and Hadi Soleimany and Raziye Salarifard and Amir Moradi

Abstract: Correct application of masking on hardware implementation of cryptographic primitives necessitates the instantiation of registers in order to achieve the non-completeness (commonly said to stop the propagation of glitches). This sometimes leads to a high latency overhead, making the implementation not necessarily suitable for the underlying application. As a concrete example, this holds for Keccak. Application of d + 1 Domain Oriented Masking (DOM) on a round-based implementation of Keccak leads to the introduction of two register stages per round, i.e., two times higher latency. On the other hand, Rhythmic-Keccak, introduced in CHES 2018, unrolls two rounds to half the latency compared to an unprotected ordinary round-based implementation. To that end, td + 1 masking is used which requires a notable area, and apart from the difficulty to construct its extension to higher orders seems beyond the bounds of feasibility. In this paper, we focus on d + 1 masking and introduce a methodology which enables us to stay with the latency of an unprotected round-based implementation, i.e., one register stage per round. While being secure under glitch-extended probing model, we provide a general design where the desired security order can be easily adjusted without any effect on the above-given latency. Compared to the Rhythmic-Keccak, the synthesis results show that our first-order design is able to accomplish the entire operations of Keccak-f[200] in the same period of time while decreasing the area by 74.5%. Notably, our implementations achieve around 30% less delay compared to the corresponding original DOM-Keccak designs.

Category / Keywords: implementation / Keccak, Masking, Threshold Implementation, Domain-Oriented Masking, Hardware Implementation, Low Latency

Original Publication (in the same form): IACR-CHES-2021

Date: received 29 Jun 2021

Contact author: sarazareei 94 at gmail com, aein rezaeishahmirzadi at rub de, h_soleimany at sbu ac ir, r_salarifard at sbu ac ir, amir moradi at rub de

Available format(s): PDF | BibTeX Citation

Version: 20210629:115027 (All versions of this report)

Short URL: ia.cr/2021/892


[ Cryptology ePrint archive ]