Paper 2023/1517

Threshold Implementations with Non-Uniform Inputs

Siemen Dhooghe, COSIC, KU Leuven
Artemii Ovchinnikov, COSIC, KU Leuven
Abstract

Modern block ciphers designed for hardware and masked with Threshold Implementations (TIs) provide provable security against first-order attacks. However, the application of TIs leaves designers to deal with a trade-off between its security and its cost, for example, the process to generate its required random bits. This generation cost comes with an increased overhead in terms of area and latency. Decreasing the number of random bits for the masking allows to reduce the aforementioned overhead. We propose to reduce the randomness to mask the secrets, like the plaintext. For that purpose, we suggest relaxing the requirement for the uniformity of the input shares and reuse randomness for their masking in first-order TIs. We apply our countermeasures to first-order TIs of the Prince and Midori64 ciphers with three shares. Since the designs with non-uniform masks are no longer perfect first-order probing secure, we provide further analysis by calculating bounds on the advantage of a noisy threshold-probing adversary. We then make use of the PROLEAD tool, which implements statistical tests verifying the robust probing security to compare its output with our estimates. Finally, we evaluate the designs on FPGA to highlight the practical security of our solution. We observe that their security holds while requiring four times less randomness over uniform TIs.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. Selected Areas in Cryptography 2023
Keywords
FPGAMaskingProbing SecurityThreshold ImplementationsUniformity
Contact author(s)
siemen dhooghe @ esat kuleuven be
artemii ovchinnikov @ esat kuleuven be
History
2023-10-06: approved
2023-10-05: received
See all versions
Short URL
https://ia.cr/2023/1517
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1517,
      author = {Siemen Dhooghe and Artemii Ovchinnikov},
      title = {Threshold Implementations with Non-Uniform Inputs},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1517},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1517}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.