Re-Consolidating First-Order Masking Schemes

Nullifying Fresh Randomness

Authors

  • Aein Rezaei Shahmirzadi Ruhr University Bochum, Horst Görtz Institute for IT Security, Germany
  • Amir Moradi Ruhr University Bochum, Horst Görtz Institute for IT Security, Germany

DOI:

https://doi.org/10.46586/tches.v2021.i1.305-342

Keywords:

Side-Channel Analysis, Masking, Threshold Implementation, AES

Abstract

Application of masking, known as the most robust and reliable countermeasure to side-channel analysis attacks, on various cryptographic algorithms has dedicated a lion’s share of research to itself. The difficulty originates from the fact that the overhead of application of such an algorithmic-level countermeasure might not be affordable. This includes the area- and latency overheads and the amount of fresh randomness required to fulfill the resulting design’s security properties. There are already techniques applicable in hardware platforms that consider glitches into account. Among them, classical threshold implementations force the designers to use at least three shares in the underlying masking. The other schemes, which can deal with two shares, often necessitates the use of fresh randomness.
Here, in this work, we present a technique allowing us to use two shares to realize the first-order glitch-extended probing secure masked realization of several functions, including the S-box of Midori, PRESENT, PRINCE, and AES ciphers without any fresh randomness.

Downloads

Published

2020-12-03

Issue

Section

Articles

How to Cite

Re-Consolidating First-Order Masking Schemes: Nullifying Fresh Randomness. (2020). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(1), 305-342. https://doi.org/10.46586/tches.v2021.i1.305-342