Paper 2023/1141

Composable Gadgets with Reused Fresh Masks $-$ First-Order Probing-Secure Hardware Circuits with only 6 Fresh Masks

David Knichel, Ruhr University Bochum
Amir Moradi, Ruhr University Bochum
Abstract

Albeit its many benefits, masking cryptographic hardware designs has proven to be a non-trivial and error-prone task, even for experienced engineers. Masked variants of atomic logic gates, like AND or XOR - commonly referred to as gadgets - aim to facilitate the process of masking large circuits by offering free composition while sustaining the overall design's security in the $d$-probing adversary model. A wide variety of research has already been conducted to (i) find formal properties a gadget must fulfill to guarantee composability and (ii) construct gadgets that fulfill these properties, while minimizing overhead requirements. In all existing composition frameworks like NI/SNI/PINI and all corresponding gadget realizations, the security argument relies on the fact that each gadget requires individual fresh randomness. Naturally, this approach leads to very high randomness requirements of the resulting composed circuit. In this work, we present composable gadgets with reused fresh masks (COMAR), allowing the composition of any first-order secure hardware circuit utilizing only $6$ fresh masks in total. By construction, our newly presented gadgets render individual fresh randomness unnecessary, while retaining free composition and first-order security in the robust probing model. More precisely, we give an instantiation of gadgets realizing arbitrary XOR and AND gates with an arbitrary number of inputs which can be trivially extended to all basic logic gates. With these, we break the linear dependency between the number of (non-linear) gates in a circuit and the randomness requirements, hence offering the designers the possibility to highly optimize a masked circuit's randomness requirements while keeping error susceptibility to a minimum.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A minor revision of an IACR publication in TCHES 2022
DOI
10.46586/tches.v2022.i3.114-140
Keywords
Side-Channel AnalysisMaskingProbing SecurityComposabilityCOMAR
Contact author(s)
david knichel @ rub de
amir moradi @ rub de
History
2023-07-27: approved
2023-07-24: received
See all versions
Short URL
https://ia.cr/2023/1141
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1141,
      author = {David Knichel and Amir Moradi},
      title = {Composable Gadgets with Reused Fresh Masks $-$ First-Order Probing-Secure Hardware Circuits with only 6 Fresh Masks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1141},
      year = {2023},
      doi = {10.46586/tches.v2022.i3.114-140},
      url = {https://eprint.iacr.org/2023/1141}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.