Cankun Zhao,Hang Zhao,Jiangxue Liu,Bohan Yang,Wenping Zhu,Shuying Yin,Min Zhu,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.46586/tches.v2024.i4.231-257

2024-01-01

Abstract:SHA-3, the latest hash standard from NIST, is utilized by numerous cryptographic algorithms to handle sensitive information. Consequently, SHA-3 has become a prime target for side-channel attacks, with numerous studies demonstrating successful breaches in unprotected implementations. Masking, a countermeasure capable of providing theoretical security, has been explored in various studies to protect SHA-3. However, masking for hardware implementations may significantly increase area costs and introduce additional delays, substantially impacting the speed and area of higher-level algorithms. In particular, current low-latency first-order masked SHA-3 hardware implementations require more than four times the area of unprotected implementations. To date, the specific structure of SHA-3 has not been thoroughly analyzed for exploitation in the context of masking design, leading to difficulties in minimizing the associated area costs using existing methods. We bridge this gap by conducting detailed leakage path and data dependency analyses on two-share masked SHA-3 implementations. Based on these analyses, we propose a compact and low-latency first-order SHA-3 masked hardware implementation, requiring only three times the area of unprotected implementations and almost no fresh random number demand. We also present a complete theoretical security proof for the proposed implementation in the glitch+register-transition-robust probing model. Additionally, we conduct leakage detection experiments using PROLEAD, TVLA and VerMI to complement the theoretical evidence. Compared to state-of-theart designs, our implementation achieves a 28% reduction in area consumption. Our design can be integrated into first-order implementations of higher-level cryptographic algorithms, contributing to a reduction in overall area costs.

Qianmei Wu,Wei Cheng,Sylvain Guilley,Fan Zhang,Wei Fu

DOI: https://doi.org/10.46586/tches.v2022.i3.192-222

2022-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Code-based masking is a highly generalized type of masking schemes, which can be instantiated into specific cases by assigning different encoders. It captivates by its side-channel resistance against higher-order attacks and the potential to withstand fault injection attacks. However, similar to other algebraically-involved masking schemes, code-based masking is also burdened with expensive computational overhead. To mitigate such cost and make it efficient, we contribute to several improvements to the original scheme proposed by Wang et al. in TCHES 2020. Specifically, we devise a computationally friendly encoder and accordingly accelerate masked gadgets to leverage efficient implementations. In addition, we highlight that the amortization technique introduced by Wang et al. does not always lead to efficient implementations as expected, but actually decreases the efficiency in some cases. From the perspective of practical security, we carry out an extensive evaluation of the concrete security of code-based masking in the real world. On one hand, we select three representative variations of code-based masking as targets for an extensive evaluation. On the other hand, we aim at security assessment of both encoding and computations to investigate whether the state-of-the-art computational framework for code-based masking reaches the security of the corresponding encoding. By leveraging both leakage assessment tool and side-channel attacks, we verify the existence of “security order amplification” in practice and validate the reliability of the leakage quantification method proposed by Cheng et al. in TCHES 2021. In addition, we also study the security decrease caused by the “cost amortization” technique and redundancy of code-based masking. We identify a security bottleneck in the gadgets computations which limits the whole masked implementation. To the best of our knowledge, this is the first time that allows us to narrow down the gap between the theoretical security order under the probing model (sometimes with simulation experiments) and the concrete side-channel security level of protected implementations by code-based masking in practice.

Fan Zhang,Liang Geng,Jizhong Shen,Shivam Bhasin,Xinjie Zhao,Shize Guo

DOI: https://doi.org/10.1109/AsianHOST.2017.8353994

2017-01-01

Abstract:Recent lightweight cryptographic algorithms are vulnerable to side channel attacks (SCA), requiring a careful design of implementations. In this paper, we carefully investigate the "Low-Entropy Masking Scheme" (LEMS) on the block cipher LED in the context of resource-constrained environments. We propose an improved LEMS called "iMLED", so as to satisfy two different yet unified design goals: to maintain the entropy of the masking at one bit, meanwhile, to enhance first-order SCA-resistance against advanced SCAs such as correlation-enhanced collision attack (CCA). The security of the implementation has been evaluated based on the SASEBO-W board, which proves that iM-LED has boosted its mitigation against SCA with limited overheads.

Wei Wei,Cui Xiaoxin,Wu Di,Li Rui,Ma Kaisheng,Yu Dunshan,Cui Xiaole

DOI: https://doi.org/10.1109/icsict.2012.6466685

2012-01-01

Abstract:A masking scheme of AES algorithm is analyzed, and the optimal masked S-box is implemented in this paper. By using the "tower field" representation, all nonlinear process of unmasked S-box is mapped to multiplication in GF(2), which is a single AND gate in circuits, and power consumption is hidden by using additive masked. In order to further reduce the hardware cost, a simplified masked AND gate is adopted and masks are reused safely. Both gate-level simulation and FPGA testing result have proved that our implementation provides good resistance against DPA attack.

Yajing Chang,Yingjian Yan,Chunsheng Zhu,Yanjiang Liu

DOI: https://doi.org/10.1145/3611670

IF: 1.447

2023-08-03

ACM Transactions on Design Automation of Electronic Systems

Abstract:Post-quantum cryptography (PQC) has become the most promising cryptographic scheme against the threat of quantum computing to conventional public-key cryptographic schemes. Saber, as the finalist in the third round of the PQC standardization procedure, presents an appealing option for embedded systems due to its high encryption efficiency and accessibility. However, side-channel attack (SCA) can easily reveal confidential information by analyzing the physical manifestations, and several works demonstrate that Saber is vulnerable to SCAs. In this work, a ciphertext comparison method for masking design based on bitslicing technique and zerotest is proposed, which balances the trade-off between the performance and security of comparing two arrays. The mathematical description of the proposed ciphertext comparison method is provided, and its correctness and security metrics are analyzed under the concept of PINI. Moreover, a high-order masking approach based on the state-of-the-art, including the hash functions, centered binomial sampling, masking conversions, and proposed ciphertext comparison is presented, using the bitslicing technique to improve throughput. As a proof of concept, the proposed implementation of Saber is on the ARM Cortex-M4. The performance results show that the run-time overhead factor of 1 st -, 2 nd -, and 3 rd -order masking is 3.01x, 5.58x, and 8.68x, and the dynamic memory used for 1 st -, 2 nd -, and 3 rd -order masking is 17.4kB, 24.0kB, and 30.2kB, respectively. The SCA-resilience evaluation results illustrate that the first-order Test Vectors Leakage Assessment (TVLA) result fails to reveal the secret key with 100,000 traces.

computer science, software engineering, hardware & architecture

Aein Rezaei Shahmirzadi,Amir Moradi

DOI: https://doi.org/10.46586/tches.v2021.i3.708-755

2021-07-09

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Masking schemes are among the most popular countermeasures against Side-Channel Analysis (SCA) attacks. Realization of masked implementations on hardware faces several difficulties including dealing with glitches. Threshold Implementation (TI) is known as the first strategy with provable security in presence of glitches. In addition to the desired security order d, TI defines the minimum number of shares to also depend on the algebraic degree of the target function. This may lead to unaffordable implementation costs for higher orders.For example, at least five shares are required to protect the smallest nonlinear function against second-order attacks. By cuttingsuch a dependency, the successor schemes are able to achieve the same security level by just d + 1 shares, at the cost of high demand for fresh randomness, particularly at higher orders. In this work, we provide a methodology to realize the second-order glitch-extended probing-secure implementation of a group of quadratic functions with three shares and no fresh randomness. This allows us to construct second-order secure implementations of several cryptographic primitives with very limited number of fresh masks, including Keccak, SKINNY, Midori, PRESENT, and PRINCE.

Claude Carlet,Abderrahman Daif,Sylvain Guilley,Cédric Tavernier

DOI: https://doi.org/10.1007/s13389-018-0194-9

2018-08-31

Journal of Cryptographic Engineering

Abstract:Side-channel attacks (SCAs) and fault injection attacks (FIAs) allow an opponent to have partial access to the internal behavior of the hardware. Since the end of the 1990s, many works have shown that this type of attacks constitutes a serious threat to cryptosystems implemented in embedded devices. In the state of the art, there exist several countermeasures to protect symmetric encryption (especially AES-128). Most of them protect only against one of these two attacks (SCA or FIA). A method called ODSM has been proposed to withstand SCA and FIA, but its implementation in the whole algorithm is a big open problem when no particular hardware protection is possible. In the present paper, we propose a practical masking scheme specifying ODSM which makes it possible to protect the symmetric encryption against these two attacks.

computer science, theory & methods

Claude Carlet,Abderrahman Daif,Sylvain Guilley,Cédric Tavernier

DOI: https://doi.org/10.46586/tches.v2024.i1.398-432

2023-12-04

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:The implementation of cryptographic algorithms must be protected against physical attacks. Side-channel and fault injection analyses are two prominent such implementation-level attacks. Protections against either do exist. Against sidechannel attacks, they are characterized by SNI security orders: the higher the order, the more difficult the attack.In this paper, we leverage fast discrete Fourier transform to reduce the complexity of high-order masking. The security paradigm is that of code-based masking. Coding theory is amenable both to mask material at a prescribed order, by mixing the information, and to detect and/or correct errors purposely injected by an attacker. For the first time, we show that quasi-linear masking (pioneered by Goudarzi, Joux and Rivain at ASIACRYPT 2018) can be achieved alongside with cost amortisation. This technique consists in masking several symbols/bytes with the same masking material, therefore improving the efficiency of the masking. We provide a security proof, leveraging both coding and probing security arguments. Regarding fault detection, our masking is capable of detecting up to d faults, where 2d + 1 is the length of the code, at any place of the algorithm, including within gadgets. In addition to the theory, that makes use of the Frobenius Additive Fast Fourier Transform, we show performance results, in a C language implementation, which confirms in practice that the complexity is quasi-linear in the code length.

Chao Jin,Zhejing Bao,Weiwei Miao,Zeng,Xiaogang Wei,Rui Zhang

DOI: https://doi.org/10.1109/access.2023.3290211

2021-01-01

Abstract:The white-box implementation of cryptography algorithm can hide key information even in the white-box attack context owing to the means of obfuscation. However, under the deliberately designed attack, there is still a risk of the information being recovered within a certain time complexity. In this paper, a lightweight nonlinear white-box SM4 implementation is proposed to prevent several typical attacks from extracting the secret key, which hides the encryption and decryption process in obfuscated lookup tables. Aiming to improve the diversity and ambiguity of the lookup tables as well as resist the different types of white-box attacks, the random bijective nonlinear mappings are applied as scrambling encodings of the lookup tables. Moreover, the memory occupation of the implementation doesn't increase significantly by simplifying the structure and using concatenation code. Through several quantitative indicators, including memory size, diversity, ambiguity, the time complexity required to extract the key, and the value space of the key and external encodings, it is proved that the security of the proposed implementation could been enhanced significantly, while no sacrificing the practicality, compared with the existing schemes.

Pengfei Gao,Fu Song,Taolue Chen

DOI: https://doi.org/10.1145/3622862

IF: 3.685

2023-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:Masking is one of the most effective countermeasures for securely implementing cryptographic algorithms against power side-channel attacks, the design of which however turns out to be intricate and error-prone. While techniques have been proposed to rigorously verify implementations of cryptographic algorithms, currently they are limited in scalability. To address this issue, compositional approaches have been investigated, but insofar they fail to prove the security of recent efficient implementations. To fill this gap, we propose a novel compositional verification approach. In particular, we introduce two new language-level security notions based on which we propose composition strategies and verification algorithms. Our approach is able to prove efficient implementations, which cannot be done by prior compositional approaches. We implement our approach as a tool CONVINCE and conduct extensive experiments to confirm its efficacy. We also use CONVINCE to further explore the design space of the AES Sbox with least refreshing by replacing its implementation for finite-field multiplication with more efficient counterparts. We automatically prove leakage-freeness of these new versions. As a result, we can effectively reduce 1,600 randomness and 3,200 XOR-operations of the state-of-the-art AES implementation.

Jiang Jiuxing,Zhao Yuying,Huang Hai,Xie Guanghui,Hou Jiao,Feng Xinxin

DOI: https://doi.org/10.11999/jeit190257

2020-01-01

Abstract:Based on the in-depth research on the S-box constitution arithmetic of composite, an area optimized generic low-entropy higher-order masking scheme is proposed in this paper. The low entropy masking method is introduced on GF(2(4)), and the partial module reusing design is adopted, which reduces effectively the number of multiplications based on the S-box inversion operation of the composite. The algorithm can be applied to any order masking scheme of arbitrary S-box composed of inversion operation. This scheme is applied to AES, gives detailed simulation results and optimizes the layout area, compared with the traditional masking scheme, reduces effectively the use of logical resources. In addition, the security is theoretically proved.

Haibo Zhou,Zheng Li,Xiaoyang Dong,Keting Jia,Willi Meier

DOI: https://doi.org/10.1093/comjnl/bxz152

2020-01-01

The Computer Journal

Abstract:A new conditional cube attack was proposed by Li et al. at ToSC 2019 for cryptanalysis of KECCAK keyed modes. In this paper, we find a new property of Li et al.'s method. The conditional cube attack is modified and applied to cryptanalysis of 5-round KETJE Jr, 6-round XOODOO-AE and XOODYAK, where KETJE Jr is among the third round CAESAR competition candidates and XOODYAK is a Round 2 submission of the ongoing NIST lightweight cryptography project. For the updated conditional cube attack, all our results are shown to be of practical time complexity with negligible memory cost, and test codes are provided. Notably, our results on XOODYAK represent the first third-party cryptanalysis for XOODYAK.

Yingjie Ji,Liji Wu,Xiangmin Zhang,

DOI: https://doi.org/10.1109/ASICON.2009.5351540

2009-01-01

Abstract:In a high performance network security co-processor, the low power masking technique is used to promote the power attack resistant level of the AES crypto engine. Based on the original AES module which shares one S-box when ciphering and decoding, in order to achieve higher security, the novel circuit design of masking is achieved by two ways respectively, one utilized SRAM, the other replicated some modules. Over 1000 different power curves are recorded and compared between the two masked engines and the original one respectively, and over 10000 curves are recorded to show the strength of the masking architecture. The design is verified to be feasible by FPGA.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

Jiangxue Liu,Cankun Zhao,Shuohang Peng,Bohan Yang,Hang Zhao,Xiangdong Han,Min Zhu,Shaojun Wei,Leibo Liu

DOI: https://doi.org/10.46586/tches.v2024.i2.630-653

2024-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Masking, an effective countermeasure against side-channel attacks, is commonly applied in modern cryptographic implementations. Considering cryptographic algorithms that utilize both Boolean and arithmetic masking, the conversion algorithm between arithmetic masking and Boolean masking is required. Conventional high-order arithmetic masking to Boolean masking conversion algorithms based on Boolean circuits suffer from performance overhead, especially in terms of hardware implementation. In this work, we analyze high latency for the conversion and propose an improved high-order A2B conversion algorithm. For the conversion of 16-bit variables, the hardware latency can be reduced by 47% in the best scenario. For the case study of second-order 32-bit conversion, the implementation results show that the improved scheme reduces the clock cycle latency by 42% in hardware and achieves a 30% speed performance improvement in software. Theoretically, a security proof of arbitrary order is provided for the proposed high-order A2B conversion. Experimental validations are performed to verify the second-order DPA resistance of second-order implementation. The Test Vector Leakage Assessment does not observe side-channel leakage for hardware and software implementations.

J. Danger,C. Tavernier,Pierre-Augustin Berthet,L. Sauvage

Abstract:. The recent technological advances in Post-Quantum Cryptography (PQC) rise the questions of robust implementations of new asymmetric cryptographic primitives in today’s technology. This is the case for the lattice-based CRYSTALS-Kyber algorithm which has been selected as the first NIST standard for Public Key Encryption (PKE) and Key Encapsulation Mechanisms (KEM). We have notably to make sure the Kyber implementation is resilient against physical attacks like Side-Channel Analysis (SCA) and Fault Injection Attacks (FIA). To reach this goal, we propose to use the masking coun-termeasure, more precisely the generic Direct Sum Masking method (DSM). By taking inspiration of a previous paper on AES, we extend the method to finite fields of characteristic prime other than 2 and even-length codes. In particular, we investigated its application to Keccak, which is the hash-based function used in Kyber. We also provided the first masked implementation of Kyber providing both SCA and FIA resilience while not requiring any conversion between different masking methods.

Computer Science

Jyotirmoy Pathak,Suman Lata Tripathi,,

DOI: https://doi.org/10.36909/jer.icmet.17165

IF: 1.325

2022-04-06

Journal of Engineering Research

Abstract:The XOR gate is often used in cryptography modules. These cells' hardware implementations are subject to power analysis attacks. Correlation power attacks (CPAs) allow an attacker to estimate a highly correlated hypothetical value from the actual hidden value. By masking the input and unmaking the output, the present countermeasure technology randomises the power consumption pattern and increases the number of cells. We proposed the mask XOR gate in this study because they do not require cell unmasking and demonstrate a smaller correlation between power traces and input data.

engineering, multidisciplinary

Xiangyu Li,Pengyuan Jiao,Chaoqun Yang

DOI: https://doi.org/10.1088/1674-4926/42/3/032402

2021-01-01

Abstract:A side-channel attack (SCA)-resistant AES S-box implementation is proposed, which is an improvement from the power-aware hiding (PAH) S-box but with higher security and a smaller area. We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts. In addition, a delay-matched enable control technique is used to suppress glitches in the masked parts. The evaluation results show that its area is contracted to 63.3% of the full PAH S-box, and its power-delay product is much lower than that of the masking implementation. The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665 000 noiseless traces.

Ju-Hwan Kim,Dong-Guk Han

DOI: https://doi.org/10.3390/s24185894

IF: 3.9

2024-09-12

Sensors

Abstract:Side-channel analysis is a type of cryptanalysis that utilizes the physical leakage of a cryptographic device. An adversary exploits the relationship between a physical leakage and the secret intermediate value of an encryption algorithm. In order to prevent side-channel analysis, the masking method was proposed. Several masking methods of the ISO/IEC 18033-3 standard encryption algorithm SEED have been proposed, as the Korean financial IC (integrated circuit) card standard (CFIP.ST.FINIC-01-2021) mandates using a robust implementation of SEED as an encryption algorithm against side-channel analyses. However, vulnerabilities were reported, except for with only one masking method. This study proposes the first-order vulnerability of that masking method. That is, an adversary is able to perform a side-channel analysis with the same complexity as an unprotected implementation. In order to fix this vulnerability, we revise the masking method with negligible additional overhead. Its vulnerability and security are theoretically verified and experimentally demonstrated. The round key of the existing masking method is revealed with only 210 power consumption traces, while that of the proposed masking method is not disclosed with 10,000 traces.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yulin Zhao,Jiayou Song,Xingjun Wu,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2018.8693139

2018-01-01

Abstract:Hardware Trojans (HT) have become a new threat to integrated circuits, which is difficult to be detected and couldn’t be removed. Most of the HTs are designed for extracting the secret key in cryptographic devices. We proposed a new implementation of Trojan side-channel (TSC) combining with side channel attacks (SCA) in this article. This TSC could change the random numbers input of the encryption algorithm with masking method and invalid the protective measures (masking scheme) of encryption algorithm. We insert the TSC into SM4 algorithm and test it on FPGA and the experimental results prove the feasibility of the proposed scheme.