From theory to practice of private circuit: A cautionary note

Roy, Debapriya Basu; Bhasin, Shivam; Guilley, Sylvain; Danger, Jean‐Luc; Mukhopadhyay, Debdeep

doi:10.1109/iccd.2015.7357117

Cited by 19 publications

(6 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous work has shown that applying PC-I or PC-II is not trivial and prone to many subtle mistakes that can lead to insecure designs. As the traps and pitfalls of PC-I were covered in the work of Roy et al [29], we direct our focus on PC-II.…”

Section: Discussionmentioning

confidence: 99%

“…the operation order by inserting registers. In [29], a secure AND gadget was proposed by inserting registers behind every gate of a manually encoded PC-I AND. The resulting impact on the area and performance is significant.…”

Section: B Masking With Private Circuitsmentioning

confidence: 99%

“…The resulting implementations were later shown to have security flaws [28]. At ICCD 2015, Roy et al [29], pointed out the reasons for the existent side-channel leakage. Undesired circuit optimization by the design flow tools, glitches and early propagation of signal values all had a noticeable impact on the security of the masked implementations.…”

Section: Introductionmentioning

confidence: 99%

“…Additionally, a strategy for secure Private Circuits implementations in the presence of glitches is given by inheriting the noncompleteness property from TI. Their strategy provides a cheaper and more efficient PC-I implementation compared to the fully sequential realization of [29].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

More Efficient Private Circuits II through Threshold Implementations

Cnudde

Nikova

2016

2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)

View full text Add to dashboard Cite

Abstract-Since the introduction of Private Circuits at CRYPTO 2003, several works have attempted its implementation in hardware. Only very recently was an implementation of this masking scheme shown to survive state-of-the-art leakage detection tests. The overhead introduced to achieve the provable security was significant. Similarly, the implementational aspect of Private Circuits II, the tamper-resistant extension of Private Circuits presented at EUROCRYPT 2006, was only recently presented at RECONFIG 2015. It however relied on a combinational PC-I implementation, which is susceptible to both glitches and early evaluation.In this work, we evaluate a recently proposed Private Circuits implementation and its corresponding Threshold Implementation side by side and give a full comparison in an equal and fair setting. In succession, we take the smallest resulting masking scheme as basis for a new approach towards a secure PC-II implementation. In addition to quantifying the resource overhead of PC-II, our work provides detailed instructions on how to achieve PC-II in FPGAs.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: B Masking With Private Circuitsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

More Efficient Private Circuits II through Threshold Implementations

Cnudde

Nikova

2016

2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC)

View full text Add to dashboard Cite

show abstract

“…In Table 3, we do this first for various masked S-box implementations. The results from other works are obtained by synthesis, translate and map using Xilinx default settings apart from the KEEP HIERARCHY constraint which is turned on to prohibit optimization across shares [50], as is common practice with masked implementations [22, §2.4.1]. We stress that no optimization for FPGA has been done for these designs.…”

Section: Methodsmentioning

confidence: 99%

Spin Me Right Round Rotational Symmetry for FPGA-Specific AES: Extended Version

2020

View full text Add to dashboard Cite

The effort in reducing the area of AES implementations has largely been focused on application-specific integrated circuits (ASICs) in which a tower field construction leads to a small design of the AES S-box. In contrast, a naive implementation of the AES S-box has been the status-quo on field-programmable gate arrays (FPGAs). A similar discrepancy holds for masking schemes-a well-known side-channel analysis countermeasure-which are commonly optimized to achieve minimal area in ASICs. In this paper, we demonstrate a representation of the AES S-box exploiting rotational symmetry which leads to a 50% reduction in the area footprint on FPGA devices. We present new AES implementations which improve on the state-of-the-art and explore various trade-offs between area and latency. For instance, at the cost of increasing 4.5 times the latency, one of our design variants requires 25% less look-up tables (LUTs) than the smallest known AES on Xilinx FPGAs by Sasdrich and Güneysu at ASAP 2016. We further explore the protection of such implementations against side-channel attacks. We introduce a generic methodology for masking any n-bit Boolean functions of degree t with protection order d. The methodology is exact for first-order and heuristic for higher orders. Its application to our new construction of the AES S-box allows us to improve previous results and introduce the smallest first-order masked AES implementation on Xilinx FPGAs, to date.

show abstract