Low-Latency Hardware Masking with Application to AES
During the past two decades there has been a great deal of research published on masked hardware implementations of AES and other cryptographic primitives. Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due t...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2020-03-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/8553 |
| _version_ | 1819087186546393088 |
|---|---|
| author | Pascal Sasdrich Begül Bilgin Michael Hutter Mark E. Marson |
| author_facet | Pascal Sasdrich Begül Bilgin Michael Hutter Mark E. Marson |
| author_sort | Pascal Sasdrich |
| collection | DOAJ |
| description | During the past two decades there has been a great deal of research published on masked hardware implementations of AES and other cryptographic primitives. Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due to the high-degree of nonlinear functions in their designs. In this paper, we present a hardware masking technique which does not increase the latency for such algorithms. It is based on the LUT-based Masked Dual-Rail with Pre-charge Logic (LMDPL) technique presented at CHES 2014. First, we show 1-glitch extended strong noninterference of a nonlinear LMDPL gadget under the 1-glitch extended probing model. We then use this knowledge to design an AES implementation which computes a full AES-128 operation in 10 cycles and a full AES-256 operation in 14 cycles. We perform practical side-channel analysis of our implementation using the Test Vector Leakage Assessment (TVLA) methodology and analyze univariate as well as bivariate t-statistics to demonstrate its DPA resistance level. |
| first_indexed | 2024-12-21T21:32:09Z |
| format | Article |
| id | doaj.art-743449c04bbe4a3da1b7f8c09bc2c47c |
| institution | Directory Open Access Journal |
| issn | 2569-2925 |
| language | English |
| last_indexed | 2024-12-21T21:32:09Z |
| publishDate | 2020-03-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj.art-743449c04bbe4a3da1b7f8c09bc2c47c2022-12-21T18:49:36ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252020-03-012020210.13154/tches.v2020.i2.300-326Low-Latency Hardware Masking with Application to AESPascal Sasdrich0Begül Bilgin1Michael Hutter2Mark E. Marson3Rambus Cryptography Research, 425 Market Street, 11th Floor, San Francisco, CA 94105, United StatesRambus Cryptography Research, 425 Market Street, 11th Floor, San Francisco, CA 94105, United StatesRambus Cryptography Research, 425 Market Street, 11th Floor, San Francisco, CA 94105, United StatesRambus Cryptography Research, 425 Market Street, 11th Floor, San Francisco, CA 94105, United StatesDuring the past two decades there has been a great deal of research published on masked hardware implementations of AES and other cryptographic primitives. Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due to the high-degree of nonlinear functions in their designs. In this paper, we present a hardware masking technique which does not increase the latency for such algorithms. It is based on the LUT-based Masked Dual-Rail with Pre-charge Logic (LMDPL) technique presented at CHES 2014. First, we show 1-glitch extended strong noninterference of a nonlinear LMDPL gadget under the 1-glitch extended probing model. We then use this knowledge to design an AES implementation which computes a full AES-128 operation in 10 cycles and a full AES-256 operation in 14 cycles. We perform practical side-channel analysis of our implementation using the Test Vector Leakage Assessment (TVLA) methodology and analyze univariate as well as bivariate t-statistics to demonstrate its DPA resistance level.https://tches.iacr.org/index.php/TCHES/article/view/8553AESLow-Latency HardwareLMDPLMaskingSecure Logic StylesDifferential Power Analysis |
| spellingShingle | Pascal Sasdrich Begül Bilgin Michael Hutter Mark E. Marson Low-Latency Hardware Masking with Application to AES Transactions on Cryptographic Hardware and Embedded Systems AES Low-Latency Hardware LMDPL Masking Secure Logic Styles Differential Power Analysis |
| title | Low-Latency Hardware Masking with Application to AES |
| title_full | Low-Latency Hardware Masking with Application to AES |
| title_fullStr | Low-Latency Hardware Masking with Application to AES |
| title_full_unstemmed | Low-Latency Hardware Masking with Application to AES |
| title_short | Low-Latency Hardware Masking with Application to AES |
| title_sort | low latency hardware masking with application to aes |
| topic | AES Low-Latency Hardware LMDPL Masking Secure Logic Styles Differential Power Analysis |
| url | https://tches.iacr.org/index.php/TCHES/article/view/8553 |
| work_keys_str_mv | AT pascalsasdrich lowlatencyhardwaremaskingwithapplicationtoaes AT begulbilgin lowlatencyhardwaremaskingwithapplicationtoaes AT michaelhutter lowlatencyhardwaremaskingwithapplicationtoaes AT markemarson lowlatencyhardwaremaskingwithapplicationtoaes |