Article

Silent Simon: A threshold implementation under 100 slices

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Lightweight Cryptography aims at achieving security comparable to conventional cryptography at a much lower cost. Simon is a lightweight alternative to AES, as it shares same cryptographic parameters, but has been shown to be extremely area-efficient on FPGAs. However, in the embedded setting, protection against side channel analysis is often required. In this work we present a threshold implementation of Simon. The proposed core splits the information between three shares and achieves provable security against first order side-channel attacks. The core can be implemented in less than 100 slices of a low-cost FPGA, making it the world smallest threshold implementation of a block-cipher. Hence, the proposed core perfectly suits highly-constrained embedded systems including sensor nodes and RFIDs. Security of the proposed core is validated by provable arguments as well as practical DPA attacks and tests for leakage quantification.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The encrypted operation of fault plaintext is randomly inserted into the first half cycle or the second half cycle of normal encrypted operation by double rate technology so that the attacker cannot accurately locate the position of each round of encryption operations in the power curve. Compared with existing countermeasure based on the threshold implementation and bool mask [2,6,11], our scheme is area-efficient. ...
... Because of its lightweight structure, SIMON circuit has weak resistance to power analysis attack. Some studies have clearly demonstrated or implemented the crack of SIMON circuits through power analysis such as Refs [2,8,10,11]. The purpose of this section is to show intuitively through analysis and experiment that the SIMON circuit can be cracked by simple differential power analysis. ...
... According to the deduction method, the discriminant function of the rest of the first round key is shown in Table 1. (11) For the reason that DPA is a statistical-based attack method, the power consumption curve collected during the attack must reach a certain threshold to meet the statistical law. Therefore, during the attack process, the groups whose constraint conditions and the correlation bits have no conflicts can be selected to attack at the same time. ...
Article
Full-text available
Differential power analysis (DPA) is an effective side channel attack method, which poses a critical threat to cryptographic algorithms, especially lightweight ciphers such as SIMON. In this paper, we propose an area-efficient countermeasure against DPA on SIMON based on the power randomization. Firstly, we review and analyze the architecture of SIMON algorithm. Secondly, we prove the threat of DPA attack to SIMON by launching actual DPA attack on SIMON 32/64 circuit. Thirdly, a low-cost power randomization scheme is proposed by combining fault injection with double rate technology, and the corresponding circuit design is implemented. To the best of our knowledge, this is the first scheme that applies the combination of fault injection and double rate technology to the DPA-resistance. Finally, the t-test is used to evaluate the security mechanism of the proposed designs with leakage quantification. Our experimental results show that the proposed design implements DPA-resistance of SIMON algorithm at certain overhead the cost of 47.7% LUTs utilization and 39.6% registers consumption. As compared to threshold implementation and bool mask, the proposed scheme has greater advantages in resource consumption.
... Thus, only Boolean masking is used (i.e., no conversion is required, unlike Chaskey). An existing masking method [26] for the Simon permutation is explained as follows: ...
Article
Full-text available
With the growth of Internet of Things (IoT) era, the protection of secret information on IoT devices is becoming increasingly important. For IoT devices, attacks that target information leakage through physical side-channels (e.g., a power side-channel) are a major threat in many use cases because IoT devices can be accessed easily by a hostile third party. However, securing resource-constrained IoT devices against side-channel attacks is a challenging issue. Generally, it is difficult to satisfy the requirements on side-channel protection while maintaining the low-power and real-time constrains of IoT devices. In this paper, we propose a hardware/software cooperative design for cryptosystems that is suitable for resource-constrained IoT devices. Combining a security-oriented processor design (i.e., an instruction set architecture definition and its architectural structure) and careful implementations of masked software implementation for cipher algorithms can effectively improve the power-performance-area (PPA) while suppressing power side-channel leakage. In our evaluation, for three ciphers (Chaskey, Simon, and AES), we demonstrate that our work is superior to state-of-the-art works (two RISC-V processors and a small-scale low-power processor) in terms of both PPA and power side-channel protection.
... Also, the S-box is implemented based on an area-optimised combinational logic circuit by using the Karnaugh mapping and further factorisation. The works [26][27][28][29][30] presented the ASIC implementations of the SIMON cipher. In [26] three structures of the SIMON cipher (iterative structure, key-agile pipeline structure, and non-key-agile pipeline structure) are presented. ...
Article
Full-text available
Security and privacy of the Internet of Things (IoT) systems are critical challenges in many data‐sensitive applications. The IoT systems are constrained in terms of execution time, flexibility and computational resources. In recent years, many encryption algorithms have been proposed to provide the security of IoT communication. In this study, flexible and high‐throughput hardware structures of the PRESENT, SIMON, and LED lightweight block ciphers are presented for IoT applications. The proposed flexible structures can perform various configurations of these block ciphers to support variable key sizes. For example, the PRESENT, SIMON, and LED ciphers support key sizes (80, 128 bits), (96, 144, 128, 192, and 256 bits), and (64, 128 bits), respectively. Therefore, these architectures provide versatile implementations that enable adaptive security level using a variable key size. In the proposed structures, sub‐blocks of the ciphers are implemented based on optimised circuits. In the PRESENT and LED ciphers, the S‐boxes are implemented based on area‐optimised logic circuits. The implementation results of proposed flexible architectures are achieved in 180 nm CMOS technology. Area, throughput and throughput/area of the proposed structures have improved compared to other related works.
... Several ASIC implementations of the SIMON and SPECK algorithms have been reported in the literature. [7][8][9][10][11] In Maene and Verbauwhede, 7 the authors presented synthesis results for unrolled implementations of six families of lightweight ciphers, where the same approach is used for all of them. The algorithms are AES, KATAN, PRESENT, PRINCE, RECTAN-GLE, SIMON, and SPECK. ...
Article
In this paper, high‐throughput and flexible hardware implementations of the SIMON and SPECK lightweight block ciphers are presented. The most complex block in the SPECK algorithm is addition modulo 2ⁿ, where n is word size (half of the input data). In the proposed structure of modular adder, we used the Sklansky adder, which is an efficient parallel prefix adder with low critical path delay and suitable hardware resources. In the SIMON block cipher, to reduce critical path delay, we use a tree structure for implementation of XOR operations. In addition, we proposed flexible structures that can perform various configurations of the SIMON and SPECK ciphers to support variable key sizes (128, 144, 192, and 256 bits) and block sizes (64, 96, and 128 bits). Therefore, the flexible architectures provide versatile implementations with adaptive security level and the ability of encryption of longer messages based on variable key size and variable block size. Implementation results of the proposed structures in 180 nm CMOS technology for different key and block sizes are achieved. The results show that the proposed structures have better critical path delay compared with other's related works.
... In the bit-serialized Threshold Implementation of Simon as shown in Fig. 7 and reported in [68], in every clock cycle, 1-bit of internal state is processed. So if the circuit takes nbit size plaintext as input, n/2-clock cycles will be required to complete the whole round. ...
Article
Full-text available
In March 2017, NIST (National Institute of Standards and Technology) has announced to create a portfolio of lightweight algorithms through an open process. The report emphasizes that with emerging applications like automotive systems, sensor networks, healthcare, distributed control systems, the Internet of Things (IoT), cyber-physical systems, and the smart grid, a detailed evaluation of the so called light-weight ciphers helps to recommend algorithms in the context of profiles, which describe physical, performance, and security characteristics. In recent years, a number of lightweight block ciphers have been proposed for encryption/decryption of data which makes such choices complex. Each such cipher offers a unique combination of resistance to classical cryptanalysis and resource-efficient implementations. At the same time, these implementations must be protected against implementation-based attacks such as side-channel analysis. In this paper, we present a holistic comparison study of four lightweight block ciphers, PRESENT, SIMON, SPECK, and KHUDRA, along with the more traditional Advanced Encryption Standard (AES). We present a uniform comparison of the performance and efficiency of these block ciphers in terms of area and power consumption, on ASIC and FPGA-based platforms. Additionally, we also compare the amenability to side-channel secure implementations for these ciphers on ASIC-based platforms. Our study is expected to help designers make suitable choices when securing a given application, across a wide range of implementation platforms.
... Due to the high area overhead of threshold implementations (particularly the size of the shared Sbox), serialized architectures are favored, e.g., in [9,32,35,40]. Our main target in this work is a serialized architecture in which one instance of the Sbox is implemented. ...
Article
Full-text available
Block ciphers are arguably the most important cryptographic primitive in practice. While their security against mathematical attacks is rather well understood, physical threats such as side-channel analysis (SCA) still pose a major challenge for their security. An effective countermeasure to thwart SCA is using a cipher representation that applies the threshold implementation (TI) concept. However, there are hardly any results available on how this concept can be adopted for block ciphers with large (i.e., 8-bit) Sboxes. In this work we provide a systematic analysis on and search for 8-bit Sbox constructions that can intrinsically feature the TI concept, while still providing high resistance against cryptanalysis. Our study includes investigations on Sboxes constructed from smaller ones using Feistel, SPN, or MISTY network structures. As a result, we present a set of new Sboxes that not only provide strong cryptographic criteria, but are also optimized for TI. We believe that our results will find an inspiring basis for further research on high-security block ciphers that intrinsically feature protection against physical attacks.
... Due to the high area overhead of threshold implementations (particularly the size of the shared Sbox), serialized architectures are favored, e.g. in [9,31,34,39]. Our main target in this work is a serialized architecture in which one instance of the Sbox is implemented. ...
Conference Paper
Block ciphers are arguably the most important cryptographic primitive in practice. While their security against mathematical attacks is rather well understood, physical threats such as side-channel analysis (SCA) still pose a major challenge for their security. An effective countermeasure to thwart SCA is using a cipher representation that applies the threshold implementation (TI) concept. However, there are hardly any results available on how this concept can be adopted for block ciphers with large (i.e., 8-bit) Sboxes. In this work we provide a systematic analysis on and search for 8-bit Sbox constructions that can intrinsically feature the TI concept, while still providing high resistance against cryptanalysis. Our study includes investigations on Sboxes constructed from smaller ones using Feistel, SPN, or MISTY network structures. As a result, we present a set of new Sboxes that not only provide strong cryptographic criteria, but are also optimized for TI. We believe that our results will found an inspiring basis for further research on high-security block ciphers that intrinsically feature protection against physical attacks.
Chapter
This paper explores the performance of speck cipher based on different adder structures and is implemented incorporating two architectures namely folded (round based) and unfolded. Folded architecture reduces huge areas at the cost of an increment in delay which can be negligible when the area is primary metric. VLSI implementations show that Kogge–Stone tree has delay improvement in the range of (6.31–29.28)% at the cost of an increment in the area by (22.03–30.44)% when compared with the Sklansky tree, whereas Han-Carlson tree when compared with Sklansky tree, achieves an improvement in the delay for about (2.24–22.16)% at the cost of an increment in the area less than 5%.
Article
Threshold Implementation ( TI ) is one of the most widely used countermeasure for side channel attacks. Over the years several TI techniques have been proposed for randomizing cipher execution using different variations of secret-sharing and implementation techniques. For instance, sharing without decomposition ( 4-shares ) is the most straightforward implementation of the threshold countermeasure. However, its usage is limited due to its high area requirements. On the other hand, sharing using decomposition ( 3-shares ) countermeasure for cubic non-linear functions significantly reduces area and complexity in comparison to 4-shares . Nowadays, security of ciphers using a side channel countermeasure is of utmost importance. This is due to the wide range of security critical applications from smart cards, battery operated IoT devices, to accelerated crypto-processors. Such applications have different requirements (higher speed, energy efficiency, low latency, small area etc.) and hence need different implementation techniques. Although, many TI strategies and implementation techniques are known for different ciphers, there is no single study comparing these on a single cipher. Such a study would allow a fair comparison of the various methodologies. In this work, we present an in-depth analysis of the various ways in which TI can be implemented for a lightweight cipher. We chose GIFT for our analysis as it is currently one of the most energy-efficient lightweight ciphers. The experimental results show that different implementation techniques have distinct applications. For example, the 4-shares technique is good for applications demanding high throughput whereas 3-shares is suitable for constrained environments with less area and moderate throughput requirements. The techniques presented in the paper are also applicable to other blockciphers. For security evaluation, we performed TVLA (test vector leakage assessment) on all the design strategies. Experiments using up to 50 million traces show that the designs are protected against first-order attacks.
Chapter
SPARX family of lightweight block cipher was introduced in Asiacrypt 2016. The family consists of three variants (a) SPARX-64/128, (b) SPARX-128/128 and (c) SPARX-128/256. In this work, first, we propose a technique to perform Correlation Power Analysis (CPA) on the SPARX-64/128 cipher. Our technique uses a combination of first-order, second-order and modulo addition CPA methods. Using our proposed technique we extract 128 key bits of SPARX-64/128 cipher with low complexities in general; key guess complexity of 2122^{12} and 6500021665000\approx 2^{16} power traces. We initially propose a countermeasure of SPARX-64/128 block cipher against side-channel attacks in terms of power analysis, a threshold implementation based on a serialized design of SPARX-64/128 core. The serialized design of SPARX-64/128 core is implemented in hardware and occupies 60 slices in FPGA. As a countermeasure, this serialized implementation is extended to propose a provably secure threshold implementation of SPARX-64/128 core (TI-SPARX). The TI-SPARX core occupies 131 slices in FPGA and runs at 144 MHz thus, giving a throughput of 9 Mbps. To the best of our knowledge, this is the first side channel attack and countermeasure result on SPARX-64/128 cipher.
Article
With the popularity of modern FPGAs, the business of FPGA specific intellectual properties (IP) is expanding rapidly. This also brings in the concern of IP protection. FPGA vendors are making serious efforts toward IP protection, leading to standardization schemes like IEEE P1735. However, efficient techniques to prevent unauthorized overuse of IP still remain an open question. In this article, we propose a two-party IP protection scheme combining the re-configurable look-up table primitive of modern FPGAs with physically unclonable functions (PUF). The proposed scheme works with the assumption that the FPGA vendor provides the assurance of confidentiality and integrity of the developed IP. The proposed scheme is considerably lightweight compared to existing schemes, prevents overuse, and does not involve FPGA vendors or trusted third parties for IP licensing. The validation of the proposed scheme is done on MCNC’91 benchmark and third-party IPs like AES and lightweight MIPS processors.
Conference Paper
Emerging applications such as the Internet of Things require security solutions that are small, low power and low cost, yet provide solid protection against a wide range of sophisticated attacks. Lightweight cryptographic schemes such as the Speck cipher that was recently proposed by the NSA aim to solve some of these challenges. However, before using Speck in any practical application, sound protection against side-channel attacks must be in place. In this work, we propose a bit-serialized implementation of Speck, to achieve minimal area footprint. We further propose a Speck core that is provably secure against first-order side-channel attacks using a Threshold Implementation technique which depends on secure multi-party computation. The resulting design is a tiny crypto core that provides AES-like security in under 40 slices on a low-cost Xilinx Spartan 3 FPGA. The first-order side-channel resistant version of the same core needs less than 100 slices. Further, we validate the security of the protected core by state-of-the-art side-channel leakage detection tests.
Conference Paper
This work explores the possibilities for practical Threshold Implementation (TI) with only two shares in order for a smaller design that needs less randomness but is still first-order leakage resistant. We present the first two-share Threshold Implementations of two lightweight block ciphers—Simon and Present. The implementation results show that two-share TI improves the compactness but usually further reduces the throughput when compared with first-order resistant three-share schemes. Our leakage analysis shows that two-share TI can retain perfect first-order resistance. However, the analysis also exposes a strong second-order leakage. All results are backed up by simulation as well as analysis of actual implementations.
Article
As networking has become major innovation driver for the Internet of Things as well as Networks on Chips, the need for effective cryptography in hardware is on a steep rise. Both cost and overall system security are the main challenges in many application scenarios, rather than high throughput. In this work we present area-optimized implementations of the lightweight block cipher SIMON. All presented cores are protected against side channel attacks using threshold implementation, which applies secret sharing of different orders to prevent exploitable leakages. Implementation results show that, on FPGAs, the higher-order protected SIMON core can be smaller than an unprotected AES core at the same security level against classic cryptanalysis. Also, the proposed secure cores consume less than 30% the power of any unprotected AES. Security of the proposed cores is validated by provable arguments as well as practical t-test based leakage detection methods. In fact, we show that the first-order protected SIMON core does not have first-order leakage and is secure up to 10 million observations against higher-order attacks. The second-order secure implementation could not be exploited at all with up to 100 million observations.
Conference Paper
Instantiations of the McEliece cryptosystem which are considered computationally secure even in a post-quantum era still require hardening against side channel attacks for practical applications. Recently, the first differential power analysis attack on a McEliece cryptosystem successfully recovered the full secret key of a state-of-the-art FPGA implementation of QC-MDPC McEliece. In this work we show how to apply masking countermeasures to the scheme and present the first masked FPGA implementation that includes these countermeasures. We validate the side channel resistance of our design by practical DPA attacks and statistical tests for leakage detection.
Conference Paper
The TVLA procedure using the t-test has become a popular leakage detection method. To protect against environmental fluctuation in laboratory measurements, we propose a paired t-test to improve the standard procedure. We take advantage of statistical matched-pairs design to remove the environmental noise effect in leakage detection. Higher order leakage detection is further improved with a moving average method. We compare the proposed test with standard t-test on synthetic data and physical measurements. Our results show that the proposed tests are robust to environmental noise.
Conference Paper
Side-channel analysis and fault-injection attacks are known as major threats to any cryptographic implementation. Hardening cryptographic implementations with appropriate countermeasures is thus essential before they are deployed in the wild. However, countermeasures for both threats are of completely different nature: Side-channel analysis is mitigated by techniques that hide or mask key-dependent information while resistance against fault-injection attacks can be achieved by redundancy in the computation for immediate error detection. Since already the integration of any single countermeasure in cryptographic hardware comes with significant costs in terms of performance and area, a combination of multiple countermeasures is expensive and often associated with undesired side effects. In this work, we introduce a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection. As a case study, we apply our generic construction to the lightweight LED cipher. Our LED instance achieves first-order resistance against side-channel attacks combined with a fault detection capability that is superior to that of simple duplication for most error distributions at an increased area demand of 12 %.
Article
There is a disconnection between the theory and the practice of lightweight physical unclonable function (PUF)-based protocols. At a theoretical level, there exist several PUF-based authentication protocols with unique features and novel efficiency claims, but most of these solutions lack real-world implementations with simple performance figures. On the other hand, practical protocol implementations are ad-hoc designs fixed to a specific functionality and with limited area optimisations. This work aims to bring these approaches on PUF protocols closer. The authors' contribution is twofold. First, they provide a novel ASIP (application-specific instruction set processor) that can efficiently execute PUF-based authentication protocols. The key novelty of the proposed ASIP is optimisation for area without degrading the performance. Second, they demonstrate the capability of their ASIP by mapping three secure PUF-based authentication protocols and benchmark their execution time, memory footprint, communication overhead, and power/energy consumption. Their results demonstrate the advantage of ASIP over dedicated architectures and also as opposed to general-purpose programming on an MSP430. The results further demonstrate various efficiency metrics that can be used to compare PUF-based protocol implementations.
Conference Paper
is a highly optimized lightweight block cipher designed by the U.S. National Security Agency (NSA) and it is considered a promising candidate for resource-constrained embedded applications. Previous analysis results show that its unprotected implementations are vulnerable to side-channel attack (SCA). Thus, for its implementations on embedded platforms, protection against side-channel attacks must be taken into account. Up to now, several masking schemes were presented for . However, those schemes just provide resistance against the first-order SCA and can be broken in practice by second-order or higher-order SCA. In order to deal with those attacks, higher-order masking is needed. The existing higher-order masking schemes were mainly designed for block ciphers based on s-box, invalid for . Therefore it is necessary to design higher-order masking schemes for . In this paper, we present two higher-order boolean masking schemes for the software implementations of . The first is based on the famous ISW scheme proposed at Crypto 2003, and the second is based on the design principle similar to the masking scheme proposed by Coron et al. at FSE 2013. The two proposals are proven to achieve dthd^{th}-order SCA security in the probing model and they are shown to have a reasonable implementation cost on 8-bit AVR platforms by the evaluation of implementation efficiency.
Article
The Simon and Speck families of block cIPhers were designed specifically to offer security on constrained devices, where simplicity of design is crucial. However, the intended use cases are diverse and demand flexibility in implementation. Simplicity, security, and flexibility are ever-present yet conflicting goals in cryptographic design. This paper outlines how these goals were balanced in the design of Simon and Speck.
Article
In this paper we will present various hardware architecture designs for implementing the SIMON 64/128 block cipher as a cryptographic component offering encryption, decryption and self-contained key-scheduling capabilities and discuss the issues and design options we encountered and the tradeoffs we made in implementing them. Finally, we will present the results of our hardware architectures' implementation performances on the Xilinx Spartan-6 FPGA series.
Conference Paper
Full-text available
SIMON is a lightweight block cipher, specially designed for resource constrained devices that was recently presented by the National Security Agency (NSA). This paper deals with a hardware implementation of this algorithm from a side-channel point of view as it is a prime concern for embedded systems. We present the implementation of SIMON on a Xilinx Virtex-5 FPGA and propose a low-overhead countermeasure using first-order Boolean masking exploiting the simplistic construction of SIMON. Finally we evaluate the side-channel resistance of both implementations.
Conference Paper
Full-text available
Our contribution is twofold: first we describe a very compact hardware implementation of AES-128, which requires only 2400 GE. This is to the best of our knowledge the smallest implementation reported so far. Then we apply the threshold countermeasure by Nikova et al. to the AES S-box and yield an implementation of the AES improving the level of resistance against first-order side-channel attacks. Our experimental results on real-world power traces show that although our implementation provides additional security, it is still susceptible to some sophisticated attacks having enough number of measurements.
Conference Paper
Full-text available
A classical model is used for the power consumption of cryptographic devices. It is based on the Hamming distance of the data handled with regard to an unknown but constant reference state. Once validated experimentally it allows an optimal attack to be derived called Correlation Power Analysis. It also explains the defects of former approaches such as Differential Power Analysis. Keywords: Correlation factor, CPA, DPA, Hamming distance, power analysis, DES, AES, secure cryptographic device, side channel.
Conference Paper
Full-text available
Implementations of cryptographic algorithms are vulnera- ble to side-channel attacks. Masking techniques are employed to counter side-channel attacks that are based on multiple measurements of the same operation on difierent data. Most currently known techniques re- quire new random values after every nonlinear operation and they are not efiective in the presence of glitches. We present a new method to protect implementations. Our method has a higher computational com- plexity, but requires random values only at the start, and stays efiective in the presence of glitches.
Conference Paper
Masking is a popular countermeasure against differential power analysis (DPA) and other side-channel attacks. When designing integrated circuits to resist DPA, masking at the logic gate level has the benefit that it can be implemented without consideration of the high-level function of the circuit. However, the phenomena of glitches and early propagation reduce the effectiveness of many gate-level masking schemes. In this paper we present a new technique for gate-level masking that is free of glitches and early propagation, yet requires only cell-level “don’t touch” constraints. Our technique, which we call LUT-Masked Dual-rail with Precharge Logic (LMDPL), can therefore be implemented in a typical FPGA or standard cell ASIC design flow. LMDPL does not require routing constraints, nor sequencing of the evaluation of individual gates with enables, registers, or latches. We verify our techniques with an AES implementation on an FPGA. Our implementation shows no significant leaks in evaluations using up to 200 million traces.
Conference Paper
Power analysis attack is one of the most important and effective side channel attack methods, that has been attempted against implementations of cryptographic algorithms. In this paper, we investigate the vulnerability of SIMON [5] and LED [16] lightweight block ciphers against Differential Power Analysis (DPA) attack. Firstly, we describe the power model used to mount the attack on Field Programmable Gate Array (FPGA) implementation of SIMON and LED block ciphers. Then, we proceed to experimentally verified DPA attack, which is the first successful DPA attack on the algorithms. Our attack retrieves complete 64-bit key of SIMON32/64 and LED-64 with a complexity of 176 and 218 hypotheses respectively. Finally, we present our analysis on other versions of SIMON and LED. Our DPA results exhibits the weakness of algorithms, which emphasize the need for secure implementation of SIMON and LED.
Conference Paper
In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against side-channel attacks, preferably at low cost. In this paper, we present threshold implementations (TI) of Keccak with three and four shares that build further on unprotected parallel and serial architectures. We improve upon earlier TI implementations of Keccak in the sense that the latter did not achieve uniformity of shares. In our proposals we do achieve uniformity at the cost of an extra share in a four-share version or at the cost of injecting a small number of fresh random bits for each computed round. The proposed implementations are efficient and provably secure against first-order side-channel attacks.
Conference Paper
Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of circuit area and randomness. The Threshold Implementation method is also based on multi-party computation but it is more area and randomness efficient. Moreover, it typically requires less clock-cycles since all parties can operate simultaneously. However, so far it is only provable secure against 1st -order DPA. We address this gap and extend the Threshold Implementation technique to higher orders. We define generic constructions and prove their security. To illustrate the approach, we provide 1st, 2nd and 3rd-order DPA-resistant implementations of the block cipher KATAN-32. Our analysis of 300 million power traces measured from an FPGA implementation supports the security proofs.
Article
The Simon and Speck families of block cIPhers were designed specifically to offer security on constrained devices, where simplicity of design is crucial. However, the intended use cases are diverse and demand flexibility in implementation. Simplicity, security, and flexibility are ever-present yet conflicting goals in cryptographic design. This paper outlines how these goals were balanced in the design of Simon and Speck.
Conference Paper
Threshold implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. At Eurocrypt 2011 A. Moradi et al. [Advances in cryptology – EUROCRYPT 2011. 30th annual international conference on the theory and applications of cryptographic techniques. Lect. Notes Comput. Sci. 6632, 69–88 (2011; Zbl 1281.94044)] published the to date most compact threshold implementation of AES-128 encryption. Their work shows that the number of required random bits may be an additional evaluation criterion, next to area and speed. We present a new threshold implementation of AES-128 encryption that is 18% smaller, 7.5% faster and that requires 8% less random bits than the implementation from Eurocrypt 2011. In addition, we provide results of a practical security evaluation based on real power traces in adversary-friendly conditions. They confirm the first-order attack resistance of our implementation and show good resistance against higher-order attacks.
Article
While advanced encryption standard (AES) is extensively in use in a number of applications, its area cost limits its deployment in resource constrained platforms. In this letter, we have implemented SIMON, a recent promising low-cost alternative of AES on reconfigurable platforms. The Feistel network, the construction of the round function and the key generation of SIMON, enables bit-serial hardware architectures which can significantly reduce the cost. Moreover, encryption and decryption can be done using the same hardware. The results show that with an equivalent security level, SIMON is 86% smaller than AES, 70% smaller than PRESENT (a standardized low-cost AES alternative), and its smallest hardware architecture only costs 36 slices (72 LUTs, 30 registers). To our best knowledge, this work sets the new area records as we propose the hardware architecture of the smallest block cipher ever published on field-programmable gate arrays (FPGAs) at 128-bit level of security. Therefore, SIMON is a strong alternative to AES for low-cost FPGA-based applications.
Conference Paper
One of the most promising lightweight hardware countermeasures against SCA attacks is the so-called Threshold Implementation (TI) [12] countermeasure. In this work we discuss issues towards its applicability and introduce solutions to boost its implementation efficiency. In particular, our contribution is three-fold: first we introduce two methodologies to efficiently implement 3-share TI to a given S-box. Second, as an example, we successfully apply these methodologies to PRESENT and are able to decrease the area requirements of its protected S-box by 37-40%. Third, we present the first successful practical Mutual Information Attack on the original 3-share TI implementation of PRESENT and compare it with a correlation-enhanced collision attack using second-order moments.
Conference Paper
The advent of new low-power field programmable gate arrays (FPGA) for battery powered devices opens a host of new applications to FPGAs. In order to provide security on resource constrained devices lightweight cryptographic algorithms have been developed. However, there has not been much research on porting these algorithms to FPGAs. In this paper we propose lightweight cryptography for FPGAs by introducing block cipher independent optimization techniques for Xilinx Spartan3 FPGAs and applying them to the lightweight cryptographic algorithms HIGHT and present. Our implementations are the first reported of these block ciphers on FPGAs. Furthermore, they are the smallest block cipher implementations on FPGAs using only 117 and 91 slices respectively, which makes them comparable in size to stream cipher implementations. Both are less than half the size of the AES implementation by Chodowiec and Gaj without using block RAMs. Present's throughput over area ratio of 240 Kbps/slice is similar to that of AES, however, HIGHT outperforms them by far with 720 Kbps/slice.
Conference Paper
Two new FPGA designs for the Advanced Encryption Standard (AES) are presented. The first is believed to be the fastest, achieving 25 Gbps throughput using a Xilinx Spartan-III (XC3S2000) device. The second is believed to be the smallest and fits into a Xilinx Spartan-II (XC2S15) device, only requiring two block memories and 124 slices to achieve a throughput of 2.2 Mbps. These designs show the extremes of what is possible and have radically different applications from high performance e-commerce IPsec servers to low power mobile and home applications. The high speed design presented here includes support for continued throughput during key changes for both encryption and decryption which previous pipelined designs have omitted.
A testing methodology for sidechannel resistance validation
  • G Goodwill
  • B Jun
  • J Jaffe
  • P Rohatgi