Paper 2024/439

Threshold implementations of cryptographic functions between finite Abelian groups

Abstract

Side-channel attacks pose a significant threat to the security of cryptographic hardware implementations and Threshold Implementation (TI) is a well-established countermeasure to mitigate those attacks. In 2023, Piccione et al. proposed a general construction of (first-order) TIs that is universal for S-boxes that are bijective vectorial Boolean function (functions from a binary vector space $\mathbb{F}_{2}^n$ into itself). This paper presents a novel approach to TI by addressing a broader class of cryptographic functions and providing a new construction for quadratic balanced functions in the framework of second-order attacks. We investigate the case of functions (also not necessarily bijective) that are defined between two finite Abelian groups by using the notion of functional degree introduced by Aichinger and Moosbauer in 2021. We show that if a function $F$ has functional degree (at most) $d$ and the cardinality of the domain is divisible by the cardinality of the codomain, then $F$ admits a TI with $s\geq d+2$ shares, and for the case $d=2$ and $F$ is balanced we have that $F$ admits a second order TI with $s\geq 7$ shares. As a real-world application, we present a general construction for the TI of any multiplication map with $4$ shares. Furthermore, we introduce first-order secure conversion procedures between an additive sharing over $\mathbb{F}_p^n$ (called Boolean sharing if $p=2$) and an additive sharing over $\mathbb{Z}_{p^n}$ (called Arithmetic sharing if $p=2$).