Paper 2024/755

Efficient Second-Order Masked Software Implementations of Ascon in Theory and Practice

Barbara Gigerl, Graz University of Technology, Graz, Austria
Florian Mendel, Infineon Technologies, Munich, Germany
Martin Schläffer, Infineon Technologies, Munich, Germany
Robert Primas, Intel Labs, Hillsboro, USA
Abstract

In this paper, we present efficient protected software implementations of the authenticated cipher Ascon, the recently announced winner of the NIST standardization process for lightweight cryptography. Our implementations target theoretical and practical security against second-order power analysis attacks. First, we propose an efficient second-order extension of a previously presented first-order masking of the Keccak S-box that does not require online randomness. The extension itself is inspired by a previously presented second-order masking of an AND-XOR construction. We then discuss implementation tricks that further improve performance and reduce the chance of unintended combination of shares during the execution of masked software on microprocessors. This allows us to retain the theoretic protection orders of masking in practice with low performance overhead, which we also confirm via TVLA on ARM microprocessors. The formal correctness of our designs is additionally verified using Coco on the netlist of a RISC-V IBEX core. We benchmark our masked software designs on 32-bit ARM and RISC-V microprocessor platforms. On both platforms, we can perform Ascon-128 authenticated encryption with a throughput of about 300 or 550 cycles/byte when operating on 2 or 3 shares. When utilizing a leveled implementation technique, the throughput of our masked implementations generally increases to about 90 cycles/byte. We publish our masked software implementations together with a generic software framework for evaluating performance and side-channel resistance of various masked cryptographic implementations.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
AsconSoftwareMaskingVerification
Contact author(s)
barbara gigerl @ iaik tugraz at
florian mendel @ infineon com
martin schlaeffer @ infineon com
robert primas @ intel com
History
2024-05-20: approved
2024-05-17: received
See all versions
Short URL
https://ia.cr/2024/755
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/755,
      author = {Barbara Gigerl and Florian Mendel and Martin Schläffer and Robert Primas},
      title = {Efficient Second-Order Masked Software Implementations of Ascon in Theory and Practice},
      howpublished = {Cryptology ePrint Archive, Paper 2024/755},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/755}},
      url = {https://eprint.iacr.org/2024/755}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.