Hiding higher-order univariate leakages by shuffling polynomial masking schemes: A more efficient, shuffled, and Higher-Order Masked AES S-box

Fabrizio De Santis, Tobias Bauer, Georg Sigl

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Polynomial masking is a glitch-resistant and higher-order masking scheme based upon Shamir's secret sharing scheme and multi-party computation protocols. Polynomial masking was first introduced at CHES 2011, while a 1st-order implementation of the AES S-box on FPGA was presented at CHES 2013. In this latter work, the authors showed a 2nd-order univariate leakage by side-channel collision analysis on a tuned measurement setup. This negative result motivates the need to evaluate the performance, area-costs, and security margins of combined shuffled and higher-order polynomially masking schemes to counteract trivial univariate leakages. In this work, we provide the following contributions: first, we introduce additional principles for the selection of efficient addition chains, which allow for more compact and faster implementations of cryptographic S-boxes. Our 1st-order AES S-box implementation requires approximately 27% less registers, 20% less clock cycles, and 5% less random bits than the CHES 2013 implementation. Then, we propose a lightweight shuffling countermeasure, which inherently applies to polynomial masking schemes and effectively enhances their univariate security at negligible area expenses. Finally, we present the design of a combined shuffled and higher-order polynomially masked AES S-box in hardware, while providing ASIC synthesis and side-channel analysis results in the Electro-Magnetic (EM) domain.

Original languageEnglish
Title of host publicationTIS 2016 - Proceedings of the 2016 ACM Workshop on the Theory of Implementation Security, co-located with CCS 2016
PublisherAssociation for Computing Machinery, Inc
Pages17-26
Number of pages10
ISBN (Electronic)9781450345750
DOIs
StatePublished - 24 Oct 2016
Event2016 ACM Workshop on the Theory of Implementation Security, TIS 2016 - Vienna, Austria
Duration: 24 Oct 2016 → …

Publication series

NameTIS 2016 - Proceedings of the 2016 ACM Workshop on the Theory of Implementation Security, co-located with CCS 2016

Conference

Conference2016 ACM Workshop on the Theory of Implementation Security, TIS 2016
Country/TerritoryAustria
CityVienna
Period24/10/16 → …

Keywords

  • AES
  • Multi-party computation
  • Polynomial masking
  • Secret sharing
  • Shuffling
  • Side-channel analysis

Fingerprint

Dive into the research topics of 'Hiding higher-order univariate leakages by shuffling polynomial masking schemes: A more efficient, shuffled, and Higher-Order Masked AES S-box'. Together they form a unique fingerprint.

Cite this