Hiding Higher-Order Univariate Leakages by Shuffling Polynomial Masking Schemes - A More Efficient, Shuffled, and Higher-Order Masked AES S-box

De Santis, Fabrizio and Bauer, Tobias and Sigl, Georg

User: Guest

Sicherheit in der Informationstechnik (Prof. Sigl)

Back
Back to start of result list
Permanent link for displayed object

Title:: Hiding Higher-Order Univariate Leakages by Shuffling Polynomial Masking Schemes - A More Efficient, Shuffled, and Higher-Order Masked AES S-box
Document type:: Konferenzbeitrag
Contribution type:: Vortrag / Präsentation
Author(s):: De Santis, Fabrizio and Bauer, Tobias and Sigl, Georg
Pages contribution:: 10 pages
Abstract:: Polynomial masking is a glitch-resistant and higher-order masking scheme based upon Shamir's secret sharing scheme and multi-party computation protocols. Polynomial masking was first introduced at CHES 2011, while a 1st-order implementation of the AES S-box on FPGA was presented at CHES 2013. In this latter work, the authors showed a 2nd-order univariate leakage by side-channel collision analysis on a tuned measurement setup. This negative result motivates the need to evaluate the performance, area-costs, and security margins of combined shuffled and higher-order polynomially masking schemes to counteract trivial univariate leakages. In this work, we provide the following contributions: first, we introduce additional principles for the selection of efficient addition chains, which allow for more compact and faster implementations of cryptographic S-boxes. Our 1st-order AES S-box implementation requires approximately 27% less registers, 20% less clock cycles, and 5% less random bits than the CHES 2013 implementation. Then, we propose a lightweight shuffling countermeasure, which inherently applies to polynomial masking schemes and effectively enhances their univariate security at negligible area expenses. Finally, we present the design of a combined shuf- fled and higher-order polynomially masked AES S-box in hardware, while providing ASIC synthesis and side-channel analysis results in the Electro-Magnetic (EM) domain. «
Polynomial masking is a glitch-resistant and higher-order masking scheme based upon Shamir's secret sharing scheme and multi-party computation protocols. Polynomial masking was first introduced at CHES 2011, while a 1st-order implementation of the AES S-box on FPGA was presented at CHES 2013. In this latter work, the authors showed a 2nd-order univariate leakage by side-channel collision analysis on a tuned measurement setup. This negative result motivates the need to evaluate the perfor... »
Keywords:: Shuffling; Polynomial Masking; Multi-Party Computation; Secret Sharing; Side-Channel Analysis; AES
Dewey Decimal Classification:: 620 Ingenieurwissenschaften
Book / Congress title:: Theory of Implementation Security Workshop (TIs 2016), ACM CCS
Congress (additional information):: Vienna, Austria
Year:: 2016
Quarter:: 4. Quartal
Year / month:: 2016-10
Month:: Oct
Reviewed:: ja
Language:: en
BibTeX

Occurrences:

mediaTUM Gesamtbestand Hochschulbibliographie 2016 Fakultäten Elektrotechnik und Informationstechnik Sicherheit in der Informationstechnik (Prof. Sigl)

mediaTUM Gesamtbestand Einrichtungen Schools TUM School of Computation, Information and Technology Departments Computer Engineering Sicherheit in der Informationstechnik (Prof. Sigl)2016