Spin Me Right Round Rotational Symmetry for FPGA-Specific AES

Self Cite

Masking schemes are among the most popular countermeasures against Side-Channel Analysis (SCA) attacks. Realization of masked implementations on hardware faces several difficulties including dealing with glitches. Threshold Implementation (TI) is known as the first strategy with provable security in presence of glitches. In addition to the desired security order d, TI defines the minimum number of shares to also depend on the algebraic degree of the target function. This may lead to unaffordable implementation costs for higher orders.For example, at least five shares are required to protect the smallest nonlinear function against second-order attacks. By cuttingsuch a dependency, the successor schemes are able to achieve the same security level by just d + 1 shares, at the cost of high demand for fresh randomness, particularly at higher orders. In this work, we provide a methodology to realize the second-order glitch-extended probing-secure implementation of a group of quadratic functions with three shares and no fresh randomness. This allows us to construct second-order secure implementations of several cryptographic primitives with very limited number of fresh masks, including Keccak, SKINNY, Midori, PRESENT, and PRINCE.

Section: Setupmentioning

confidence: 99%

Second-Order SCA Security with almost no Fresh Randomness

Shahmirzadi

Moradi

2021

Self Cite

“…Indeed, none of them has been designed to efficiently utilize FPGA resources, e.g., slices, LUTs, and BRAMs. Instead, in [DMW18] (improved in [WMM20]) an FPGA-specific masked AES has been presented. Following the same concept as in [WM18], the authors decomposed the inversion in GF (2 8 ) into two cubic functions and reduced the area footprint on FPGA by exploiting the rotational symmetry [RBF08].…”

Section: Related Workmentioning

confidence: 99%

“…Alternatively, Pseudo-Random Number Generators (PRNGs) can be used, which are seeded by a TRNG at power-up. Therefore, we followed the concept applied in [DMW18] to efficiently construct a PRNG using the FPGA building blocks. More precisely, for each required fresh mask bit (updated every clock cycle), we implemented a Linear Feedback Shift Register (LFSR) with feedback polynomial x 31 + x 28 + 1.…”

Section: Prngmentioning

confidence: 99%

“…More precisely, for each required fresh mask bit (updated every clock cycle), we implemented a Linear Feedback Shift Register (LFSR) with feedback polynomial x 31 + x 28 + 1. Based on the instruction given in [DMW18], each LFSR can be implemented by only 3 LUTs in Xilinx FPGAs: two LUTs as Shift-Register LUT and another one for the feedback function. In Table 2 we report the same comparative performance figures including the PRNG.…”

Section: Prngmentioning

confidence: 99%

See 1 more Smart Citation

New First-Order Secure AES Performance Records

Shahmirzadi¹,

Božilov²,

Moradi³

2021

Self Cite

Being based on a sound theoretical basis, masking schemes are commonly applied to protect cryptographic implementations against Side-Channel Analysis (SCA) attacks. Constructing SCA-protected AES, as the most widely deployed block cipher, has been naturally the focus of several research projects, with a direct application in industry. The majority of SCA-secure AES implementations introduced to the community opted for low area and latency overheads considering Application-Specific Integrated Circuit (ASIC) platforms. Albeit a few, those which particularly targeted Field Programmable Gate Arrays (FPGAs) as the implementation platform yield either a low throughput or a not-highly secure design.In this work, we fill this gap by introducing first-order glitch-extended probing secure masked AES implementations highly optimized for FPGAs, which support both encryption and decryption. Compared to the state of the art, our designs efficiently map the critical non-linear parts of the masked S-box into the built-in Block RAMs (BRAMs).The most performant variant of our constructions accomplishes five first-order secure AES encryptions/decryptions simultaneously in 50 clock cycles. Compared to the equivalent state-of-the-art designs, this leads to at least 70% reduction in utilization of FPGA resources (slices) at the cost of occupying BRAMs. Last but not least, we provide a wide range of such secure and efficient implementations supporting a large set of applications, ranging from low-area to high-throughput.

“…Therefore, we instantiated Pseudo-Random Number Generators (PRNGs) to supply such fresh randomness. To this end, we made use of the FPGA-optimized construction illustrated in [MMW18], which realizes a 31-bit Linear Feedback Shift Register (LFSR) with the feedback polynomial x 31 + x 28 + 1 by means of only three 6-to-1 Look-Up Tables (LUTs). More precisely, for each required fresh mask bit, we instantiated an LFSR seeded randomly at the power up of the device and updated at every clock cycle.…”

Section: Experimental Analysesmentioning

confidence: 99%

Low-Latency Keccak at any Arbitrary Order

Zarei¹,

Shahmirzadi²,

Soleimany³

et al. 2021

Self Cite

Correct application of masking on hardware implementation of cryptographic primitives necessitates the instantiation of registers in order to achieve the non-completeness (commonly said to stop the propagation of glitches). This sometimes leads to a high latency overhead, making the implementation not necessarily suitable for the underlying application. As a concrete example, this holds for Keccak. Application of d + 1 Domain Oriented Masking (DOM) on a round-based implementation of Keccak leads to the introduction of two register stages per round, i.e., two times higher latency. On the other hand, Rhythmic-Keccak, introduced in CHES 2018, unrolls two rounds to half the latency compared to an unprotected ordinary round-based implementation. To that end, td + 1 masking is used which requires a notable area, and – apart from the difficulty to construct – its extension to higher orders seems beyond the bounds of feasibility.In this paper, we focus on d + 1 masking and introduce a methodology which enables us to stay with the latency of an unprotected round-based implementation, i.e., one register stage per round. While being secure under glitch-extended probing model, we provide a general design where the desired security order can be easily adjusted without any effect on the above-given latency. Compared to the Rhythmic-Keccak, the synthesis results show that our first-order design is able to accomplish the entire operations of Keccak-f[200] in the same period of time while decreasing the area by 74.5%. Notably, our implementations achieve around 30% less delay compared to the corresponding original DOM-Keccak designs.