Skip to main content
SpringerLink
Log in

Self-timed Masking: Implementing Masked S-Boxes Without Registers

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13820))

  • 312 Accesses

Abstract

Masking is one of the most used side-channel protection techniques. However, a secure masking scheme requires additional implementation costs, e.g. random number, and transistor count. Furthermore, glitches and early evaluation can temporally weaken a masked implementation in hardware, creating a potential source of exploitable leakages. Registers are generally used to mitigate these threats, hence increasing the implementation’s area and latency.

In this work, we show how to design glitch-free masking without registers with the help of the dual-rail encoding and asynchronous logic. This methodology is used to implement low-latency masking with arbitrary protection order. Finally, we present a side-channel evaluation of our first and second order masked AES implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We use SCALib for side-channel analysis: https://github.com/simple-crypto/scalib.

References

  1. Arribas, V., Zhang, Z., Nikova, S.: LLTI: low-latency threshold implementations. IEEE Trans. Inf. Forensics Secur. 16, 5108–5123 (2021). https://doi.org/10.1109/TIFS.2021.3123527

    Article  Google Scholar 

  2. Barthe, G., et al.: Strong non-interference and type-directed higher-order masking. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016. pp. 116–129. ACM (2016). https://doi.org/10.1145/2976749.2978427

  3. Batina, L., Robshaw, M. (eds.): CHES 2014. LNCS, vol. 8731. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3

    Book  MATH  Google Scholar 

  4. Bhasin, S., Guilley, S., Flament, F., Selmane, N., Danger, J.: Countering early evaluation: an approach towards robust dual-rail precharge logic. In: Proceedings of the 5th Workshop on Embedded Systems Security, WESS 2010, Scottsdale, AZ, USA, 24 October 2010, p. 6. ACM (2010). https://doi.org/10.1145/1873548.1873554

  5. Boyar, J., Peralta, R.: A small depth-16 circuit for the AES S-Box. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 287–298. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_24

    Chapter  Google Scholar 

  6. Canright, D.: A very compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_32

    Chapter  Google Scholar 

  7. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_26

    Chapter  Google Scholar 

  8. Davis, A., Nowick, S.M.: Asynchronous circuit design: motivation, background, & methods. In: Birtwistle, G., Davis, A. (eds.) Asynchronous Digital Circuit Design, pp. 1–49. Springer, London (1995)

    Google Scholar 

  9. Faust, S., Grosso, V., Pozo, S.M.D., Paglialonga, C., Standaert, F.: Composable masking schemes in the presence of physical defaults & the robust probing model. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 89–120 (2018). https://doi.org/10.13154/tches.v2018.i3.89-120

    Article  Google Scholar 

  10. Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation. In: NIST Non-invasive Attack Testing (NIAT) Workshop, vol. 7, pp. 115–136 (2011)

    Google Scholar 

  11. Goubin, L., Patarin, J.: DES and differential power analysis the duplication method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_15

    Chapter  MATH  Google Scholar 

  12. Groß, H., Iusupov, R., Bloem, R.: Generic low-latency masking in hardware. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 1–21 (2018). https://doi.org/10.13154/tches.v2018.i2.1-21

    Article  Google Scholar 

  13. Groß, H., Mangard, S., Korak, T.: Domain-oriented masking: compact masked hardware implementations with arbitrary protection order. In: Bilgin, B., Nikova, S., Rijmen, V. (eds.) Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016 Vienna, Austria, October 2016, p. 3. ACM (2016). https://doi.org/10.1145/2996366.2996426

  14. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_27

    Chapter  Google Scholar 

  15. Jukna, S.: Notes on hazard-free circuits. SIAM J. Discret. Math. 35(2), 770–787 (2021). https://doi.org/10.1137/20M1355240

    Article  MATH  Google Scholar 

  16. Kulikowski, K.J., Karpovsky, M.G., Taubin, A.: Power attacks on secure hardware based on early propagation of data. In: 12th IEEE International On-Line Testing Symposium (IOLTS 2006), 10–12 July 2006, Como, Italy, pp. 131–138. IEEE Computer Society (2006). https://doi.org/10.1109/IOLTS.2006.49

  17. Leiserson, A.J., Marson, M.E., Wachs, M.A.: Gate-level masking under a path-based leakage metric. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 580–597. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_32

    Chapter  Google Scholar 

  18. Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30574-3_24

    Chapter  Google Scholar 

  19. Moradi, A., Immler, V.: early propagation and imbalanced routing, how to diminish in FPGAs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 598–615. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_33

    Chapter  MATH  Google Scholar 

  20. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_6

    Chapter  Google Scholar 

  21. Moradi, A., Schneider, T.: Side-channel analysis protection and low-latency in action. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 517–547. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_19

    Chapter  Google Scholar 

  22. Muller, D.E., Bartky, W.S.: A theory of asynchronous circuits. In: Proceedings of an International Symposium on the Theory of Switching, April 1957, Part I. the Annals of the Computation Laboratory of Harvard University, vol. XXIX, pp. 204–243. Cambridge University Press, Cambridge, MA, USA (1959). https://doi.org/10.2307/3611677

  23. Nagpal, R., Gigerl, B., Primas, R., Mangard, S.: Riding the waves towards generic single-cycle masking in hardware. IACR Cryptol. ePrint Archive, p. 505 (2022), https://eprint.iacr.org/2022/505

  24. Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). https://doi.org/10.1007/11935308_38

    Chapter  MATH  Google Scholar 

  25. Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_13

    Chapter  Google Scholar 

  26. Rao, J.R., Sunar, B. (eds.): CHES 2005. LNCS, vol. 3659. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262

    Book  MATH  Google Scholar 

  27. Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_37

    Chapter  Google Scholar 

  28. Sasdrich, P., Bilgin, B., Hutter, M., Marson, M.E.: Low-latency hardware masking with application to AES. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 300–326 (2020). https://doi.org/10.13154/tches.v2020.i2.300-326

    Article  Google Scholar 

  29. Sparsø, J.: Introduction to asynchronous circuit design. DTU Compute, Technical University of Denmark (2020). https://www.amazon.com/dp/B08BF2PFLN

  30. Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: 2004 Design, Automation and Test in Europe Conference and Exposition (DATE 2004), 16–20 February 2004, Paris, France, pp. 246–251. IEEE Computer Society (2004). https://doi.org/10.1109/DATE.2004.1268856

Download references

Author information

Authors and Affiliations

  1. Laboratoire Hubert Curien, CNRS UMR5516, Saint-Étienne, France

    Mateus Simões, Lilian Bossuet & Vincent Grosso

  2. STMicroelectronics, Rousset, France

    Mateus Simões, Nicolas Bruneau, Patrick Haddad & Thomas Sarno

Authors
  1. Mateus Simões
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lilian Bossuet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicolas Bruneau
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincent Grosso
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Patrick Haddad
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Thomas Sarno
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mateus Simões .

Editor information

Editors and Affiliations

  1. Radboud University, Nijmegen, The Netherlands

    Ileana Buhan

  2. NXP Semiconductors, Gratkorn, Austria

    Tobias Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Simões, M., Bossuet, L., Bruneau, N., Grosso, V., Haddad, P., Sarno, T. (2023). Self-timed Masking: Implementing Masked S-Boxes Without Registers. In: Buhan, I., Schneider, T. (eds) Smart Card Research and Advanced Applications. CARDIS 2022. Lecture Notes in Computer Science, vol 13820. Springer, Cham. https://doi.org/10.1007/978-3-031-25319-5_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25319-5_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25318-8

  • Online ISBN: 978-3-031-25319-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation