Paper 2023/831

Automated Generation of Masked Nonlinear Components: From Lookup Tables to Private Circuits

Lixuan Wu, School of Cyber Science and Technology, Shandong University, Qingdao, China, Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
Yanhong Fan, School of Cyber Science and Technology, Shandong University, Qingdao, China, Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China, Quan Cheng Shandong Laboratory, Jinan, China
Bart Preneel, imec-COSIC, KU Leuven, Belgium
Weijia Wang, School of Cyber Science and Technology, Shandong University, Qingdao, China, Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China, Quan Cheng Shandong Laboratory, Jinan, China
Meiqin Wang, School of Cyber Science and Technology, Shandong University, Qingdao, China, Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China, Quan Cheng Shandong Laboratory, Jinan, China
Abstract

Masking is considered to be an essential defense mechanism against side-channel attacks, but it is challenging to be adopted for hardware cryptographic implementations, especially for high security orders. Recently, Knichel et al. proposed an automated tool called AGEMA that enables the generation of masked implementations in hardware for arbitrary security orders using composable gadgets. This accelerates the construction and practical application of masking schemes. This article proposes a new automated tool named AGMNC that can generate masked nonlinear components with much better performance. The effectiveness of AGMNC is evaluated in several case studies. The evaluation results show a significant performance improvement, particularly for the first-order secure SKINNY S-box: saving 41$ \% $ area, 25$ \% $ latency, and 49$ \% $ dynamic power. We achieve such a good result by integrating three key techniques: a new composable AND-XOR gadget, an optimization strategy based on the latency asymmetry feature of the AND-XOR gadget, and an implementation optimization for synchronization. Besides, we use the formal verification tool SILVER and FPGA-based practical experiments to confirm the security of the masked implementations generated by AGMNC.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
Side-Channel AnalysisMaskingComposable GadgetAGMNC
Contact author(s)
lixuanwu @ mail sdu edu cn
yanhongfan @ sdu edu cn
bart preneel @ esat kuleuven be
weijiawang @ sdu edu cn
mqwang @ sdu edu cn
History
2023-08-14: revised
2023-06-05: received
See all versions
Short URL
https://ia.cr/2023/831
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/831,
      author = {Lixuan Wu and Yanhong Fan and Bart Preneel and Weijia Wang and Meiqin Wang},
      title = {Automated Generation of Masked Nonlinear Components: From Lookup Tables to Private Circuits},
      howpublished = {Cryptology ePrint Archive, Paper 2023/831},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/831}},
      url = {https://eprint.iacr.org/2023/831}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.