An Introduction to Enhance the Security of Cryptographic Algorithms against Side Channel Attacks Using the Threshold Implementation Approach

Document Type : Original Article

Authors

Fath Center, Faculty and Research Center of Communication and Information Technology, Imam Hossein University, Tehran, Iran

Abstract

In order to establish the information security, we need to implement a cryptography algorithm in the software or hardware. In 1996, Kocher presented the Side Channel Attacks (SCA) on the cryptography systems in which the leakage of some important information was used. Power analysis is one of these attacks. In order to prevent this kind of attacks, the designers and implementers presented some countermeasures such as hiding and masking. Afterwards, attackers showed that these countermeasures, especially masking, could not reach the security goals in the presence of Glitch. To resolve this challenge Nikova et al. presented the threshold implementation method in 2006. They used three subjects, threshold cryptography, hidden share, and multi-party computation in their new countermeasure. In fact, the threshold implementation is a kind of masking with some extra features to establish the information security in the presence of Glitch. In the recent years, National Institute of Standards and Technology (NIST) has started some activities in the field threshold implementation. Standardization in this field is the main goal of NIST. In this paper we introduce the threshold implantation method as a countermeasure against side channel attacks and review its challenges and advantages comparing the previous countermeasures.

Keywords


Smiley face

 [1]  W. Cheng, Y. Zhou, and L. Sauvage, “Differential fault analysis on Midori,” in International Conference on Information and Communications Security, Springer, pp. 307-317, 2016.##
[2]   P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Annual international cryptology conference, Springer, pp. 388-397, 1999.##
[3]   E. Prouff and M. Rivain, “Masking against          side-channel attacks: A formal security proof,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp. 142-159, 2013.##
[4]   S. Mangard, E. Oswald, and T. Popp, “Power analysis attacks: Revealing the secrets of smart cards,” Springer Science & Business Media, 2008.##
[5]   S. Nikova, C. Rechberger, and V. Rijmen, “Threshold implementations against side-channel attacks and glitches,” in International conference on information and communications security, Springer, pp. 529-545, 2006.##
[6]   D. Boneh, R. A. DeMillo, and R. J. Lipton, “On the importance of checking cryptographic protocols for faults,” in International conference on the theory and applications of cryptographic techniques, Springer, pp. 37-51, 1997.##
[7]   G.-F. Piret, “Block ciphers: security proofs, cryptanalysis, design, and fault attacks,” Catholic University of Louvain, Louvain-la-Neuve, Belgium, 2005.##
[8]   J. Arlat, “Validation de la sûreté de fonctionnement par injection de fautes: méthode, mise en oeuvre, application,” Toulouse, INPT, 1990.##
[9]   S. A. T. Nezhad, “Keeloq block cipher power analysis,” Master, Shahid Sattari, 1393.##
[10] P. C. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” in Annual International Cryptology Conference, Springer, pp. 104-113, 1996.##
[11] A. Z. Torbati, “Practical implementation of combined power-error analysis attack against AES cryptography system  on PIC microcontroller,” Master, Shahid Sattari, 1392.##
[12] P. Chodowiec and K. Gaj, “Very compact FPGA implementation of the AES algorithm,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 319-333, 2003.##
[13] K. Gandolfi, C. Mourtel, and F. Olivier, “Electromagnetic analysis: Concrete results,” in International workshop on cryptographic hardware and embedded systems, Springer, pp. 251-261, 2001.##
[14] S. Mangard, T. Popp, and B. M. Gammel,  “Side-channel leakage of masked CMOS gates,” in Cryptographers’ Track at the RSA Conference, Springer, pp. 351-365, 2005.##
[15] G. R. Blakley, “Safeguarding cryptographic keys,” in 1979 International Workshop on Managing Requirements Knowledge (MARK), IEEE, pp.       313-318, 1979.##
[16] A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612-613, 1979.##
[17] Y. Desmedt, “Some recent research aspects of threshold cryptography,” in International Workshop on Information Security, Springer, pp. 158-173, 1997.##
[18] A. C. Yao, “Protocols for secure computations,” in 23rd annual symposium on foundations of computer science (sfcs 1982), IEEE, pp. 160-164, 1982.##
[19] R. S. Ali Noori Khamnaeh and H. Soleymani “Provide an optimal masking for the implementation without delay of AES S-box,” Presented at the ISCISC 2020, Tehran, Iran University of Science and Technology, 1399. [Online]. Available: https://civilica.com/doc/1120276/.##
[20] A. Moradi, A. Poschmann, S. Ling, C. Paar, and H. Wang, “Pushing the limits: A very compact and a threshold implementation of AES,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, pp. 69-88, 2011.##
[21] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “A more efficient AES threshold implementation,” in International Conference on Cryptology in Africa, Springer, pp. 267-284, 2014.##
[22] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “Trade-offs for threshold implementations illustrated on AES,” IEEE Transactions on  Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 7, pp. 1188-1200, 2015.##
[23] O. Reparaz, B. Bilgin, S. Nikova, B. Gierlichs, and I. Verbauwhede, “Consolidating masking schemes,” in Annual Cryptology Conference, Springer, pp.       764-783, 2015.##
[24] T. De Cnudde, O. Reparaz, B. Bilgin, S. Nikova, V. Nikov, and V. Rijmen, “Masking AES with $$ d+ 1$$ shares in hardware,” in International Conference on Cryptographic Hardware and Embedded Systems, Springer, pp. 194-212, 2016.##
[25] T. Moos, A. Moradi, T. Schneider, and F.-X. Standaert, “Glitch-resistant masking revisited,” IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 256-292, 2019.##
[26] R. Ueno, N. Homma, and T. Aoki, “Toward more efficient DPA-resistant AES hardware architecture based on threshold implementation,” in International Workshop on Constructive Side-Channel Analysis and Secure Design, Springer, pp. 50-64, 2017.##
[27] A. Ghoshal and T. De Cnudde, “Several masked implementations of the boyar-peralta AES s-box,” in International Conference on Cryptology in India, Springer, pp. 384-402, 2017.##
[28] F. Wegener and A. Moradi, “Yet Another Size Record for AES: A First-Order SCA Secure AES     S-Box Based on $$mathrm {GF}(2^ 8) $$ Multiplication,” in International Conference on Smart Card Research and Advanced Applications, Springer, pp. 111-124, 2018.##
[29] J. Daemen, “Changing of the guards: A simple and efficient method for achieving uniformity in threshold sharing,” in International Conference on Cryptographic Hardware and Embedded Systems, Springer, pp. 137-153, 2017.##
[30] F. Wegener and A. Moradi, “A first-order SCA resistant AES without fresh randomness,” in International Workshop on Constructive Side-Channel Analysis and Secure Design, Springer, pp. 245-262, 2018.##
[31] H. Groß, R. Iusupov, and R. Bloem, “Generic       low-latency masking in hardware,” IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 1-21, 2018.##
[32] P. Sasdrich, B. Bilgin, M. Hutter, and M. E. Marson, “Low-latency hardware masking with application to aes,” IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 300-326, 2020.##
[33] A. J. Leiserson, M. E. Marson, and M. A. Wachs, “Gate-level masking under a path-based leakage metric,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp.   580-597, 2014.##
[34] T. De Cnudde, B. Bilgin, O. Reparaz, and S. Nikova, “Higher-order glitch resistant implementation of the PRESENT S-box,” in International Conference on Cryptography and Information Security in the Balkans, Springer, pp. 75-93, 2014.##
[35] L. T. Brandão, N. Mouha, and A. Vassilev, “Threshold Schemes for Cryptographic Primitives: Challenges and Opportunities in Standardization and Validation of Threshold Cryptography,” National Institute of Standards and Technology, 2018.##
[36] A. Moradi and T. Schneider, “Side-channel analysis protection and low-latency in action,” in International Conference on the Theory and Application of Cryptology and Information Security, Springer, pp. 517-547, 2016.##
[37] J.-S. Coron and L. Goubin, “On boolean and arithmetic masking against differential power analysis,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 231-237, 2000.##
[38] L. Goubin, “A sound method for switching between boolean and arithmetic masking,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 3-15, 2001.##
[39] M.-L. Akkar and C. Giraud, “An implementation of DES and AES, secure against some attacks,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 309-318, 2001.##
[40] T. De Cnudde, B. Bilgin, O. Reparaz, V. Nikov, and S. Nikova, “Higher-order threshold implementation of the AES S-box,” in International conference on smart card research and advanced applications, Springer, pp. 259-272, 2015.##
[41] A. Aghaie, A. Moradi, S. Rasoolzadeh, A. R. Shahmirzadi, F. Schellenberg, and T. Schneider, “Impeccable circuits,” IEEE Transactions on Computers, vol. 69, no. 3, pp. 361-376, 2019.##
[42] B. Bilgin, “Threshold implementations: as countermeasure against higher-order differential power analysis,” 2015.##
[43] C. De Canniere, O. Dunkelman, and M. Knežević, “KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 272-288, 2009.##
 [44]  E. Prouff and T. Roche, “Higher-order glitches free implementation of the AES using secure multi-party computation protocols,” in International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 63-78, 2011.##