Filters








190,179 Hits in 5.4 sec

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers [chapter]

Praveen Kumar Vadnala
2017 Lecture Notes in Computer Science  
Rijmen, "Higher-Order Threshold Implementations". ASIACRYPT 2014 [2] A.Moradi, A. Wild, "Assessment of Hiding the Higher-Order Leakages in Hardware -What are the Achievements versus Overheads?".  ...  non-completeness  correctness  uniform sharing of function outputs (each set of output pairs occurs with same probability) NOTE: The number of input and output shares depends on the function  ...  CONCEPT:  success of higher-order attacks depends on noise-level  combining hiding countermeasures (noise addition) with classical approaches (e.g. first-order secure TI)  dynamic hardware modifications  ... 
doi:10.1007/978-3-319-52153-4_7 fatcat:oowhrolyfrgcddzbzqr45wmqiq

Higher-Order Threshold Implementation of the AES S-Box [chapter]

Thomas De Cnudde, Begül Bilgin, Oscar Reparaz, Ventzislav Nikov, Svetla Nikova
2016 Lecture Notes in Computer Science  
In this paper we present a threshold implementation of the Advanced Encryption Standard's S-box which is secure against first-and second-order power analysis attacks.  ...  The implementation is tested on an FPGA platform and its security claim is supported by practical leakage detection tests.  ...  Acknowledgements This work was supported in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007). In addition, this work was partially supported by the  ... 
doi:10.1007/978-3-319-31271-2_16 fatcat:3tv7et4p6zg5fjscgsttlm23lu

Higher-Order Threshold Implementation Of The Aes S-Box

Thomas De Cnudde, Begül Bilgin, Oscar Reparaz, Ventzislav Nikov, Svetla Nikova
2015 Zenodo  
In this paper we present a threshold implementation of the Advanced Encryption Standard's S-box which is secure against first- and second-order power analysis attacks.  ...  The implementation is tested on an FPGA platform and its security claim is supported by practical leakage detection tests.  ...  Acknowledgements This work was supported in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007). In addition, this work was partially supported by the  ... 
doi:10.5281/zenodo.58086 fatcat:2ovqn6rme5fk7e4coxg7m5ylhu

Detecting Flawed Masking Schemes with Leakage Detection Tests [chapter]

Oscar Reparaz
2016 Lecture Notes in Computer Science  
The security validation process is nowadays a lengthy, tedious and manual process. In this paper, we report on a method to verify the soundness of a masking scheme before implementing it on a device.  ...  We also present a new second-order flaw on a table recomputation scheme, and show that the approach is useful when designing a hardware masked implementation.  ...  The author is funded by a PhD fellowship of the Fund for Scientific Research -Flanders (FWO).  ... 
doi:10.1007/978-3-662-52993-5_11 fatcat:qtkcptberra5ndyr24ll6l2ile

On the Easiness of Turning Higher-Order Leakages into First-Order [chapter]

Thorben Moos, Amir Moradi
2017 Lecture Notes in Computer Science  
We present the theoretical concept of our approach based on simulation traces and examine its efficiency on noisy real-world measurements taken from a first-order secure threshold implementation of the  ...  block cipher PRESENT-80, implemented on a 150nm CMOS ASIC prototype chip.  ...  Acknowledgements The authors would like to acknowledge Axel Poschmann for the hardware designs and Stefan Heyse for his help on taping out the prototype chip.  ... 
doi:10.1007/978-3-319-64647-3_10 fatcat:mvakxgmk2rfynnpib4ix2w2j3y

Threshold Implementations in the Robust Probing Model

Siemen Dhooghe, Svetla Nikova, Vincent Rijmen
2019 Proceedings of ACM Workshop on Theory of Implementation Security Workshop - TIS'19  
Threshold Implementations (TI) are provably secure algorithmic countermeasures against side-channel attacks in the form of differential power analysis.  ...  Thus, over the years the practice of protecting implementations matured, however, the theory behind threshold implementations remained the same.  ...  The authors would like to thank Michiel Van Beirendonck for the interesting discussions.  ... 
doi:10.1145/3338467.3358949 dblp:conf/ccs/DhoogheNR19 fatcat:no2bzgan6ze53mi47br6sr5c7i

Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model [chapter]

Gilles Barthe, François Dupressoir, Sebastian Faust, Benjamin Grégoire, François-Xavier Standaert, Pierre-Yves Strub
2017 Lecture Notes in Computer Science  
Therefore we introduce a new model, the bounded moment model, that formalizes a weaker notion of security order frequently used in the side-channel literature.  ...  In this paper, we provide a necessary clarification of the good security properties that can be obtained from parallel implementations of masking schemes.  ...  Note that threshold implementations crucially rely on the separation of the non-complete f i functions by registers.  ... 
doi:10.1007/978-3-319-56620-7_19 fatcat:bjrjvrpu6rer3mm2opyhf5vgaq

Masking AES with $$d+1$$ Shares in Hardware [chapter]

Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2016 Lecture Notes in Computer Science  
Threshold Implementation of the AES S-box with similar security and attacker model.  ...  To achieve this, we follow the conditions presented by Reparaz et al. at CRYPTO 2015 to allow hardware masking schemes, like Threshold Implementations, to provide theoretical higher-order security with  ...  Acknowledgments The authors would like to thank the anonymous reviewers for providing constructive and valuable comments. This work was supported in part by NIST  ... 
doi:10.1007/978-3-662-53140-2_10 fatcat:zyxgtv6adjhrzdvo46gi2zfsvi

A More Efficient AES Threshold Implementation [chapter]

Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2014 Lecture Notes in Computer Science  
They confirm the first-order attack resistance of our implementation and show good resistance against higher-order attacks.  ...  In addition, we provide results of a practical security evaluation based on real power traces in adversary-friendly conditions.  ...  We proceed with higher-order attacks to assess the level of security our implementation provides.  ... 
doi:10.1007/978-3-319-06734-6_17 fatcat:xeeii4peeffmncxvog4yzzm3wq

Affine Equivalence and Its Application to Tightening Threshold Implementations [chapter]

Pascal Sasdrich, Amir Moradi, Tim Güneysu
2016 Lecture Notes in Computer Science  
Motivated by the development of Side-Channel Analysis (SCA) countermeasures which can provide security up to a certain order, defeating higher-order attacks has become amongst the most challenging issues  ...  In this work we look at the feasibility of higher-order attacks on firstorder TI from another perspective.  ...  Contribution: In this work we look at the feasibility of higher-order attacks on first-order secure TI designs from another perspective.  ... 
doi:10.1007/978-3-319-31301-6_16 fatcat:46xqo6zdnvcjvhmnyjsvnnc2ui

Masking AES With d+1 Shares in Hardware

Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2016 Proceedings of the 2016 ACM Workshop on Theory of Implementation Security - TIS'16  
Threshold Implementation of the AES S-box with similar security and attacker model.  ...  To achieve this, we follow the conditions presented by Reparaz et al. at CRYPTO 2015 to allow hardware masking schemes, like Threshold Implementations, to provide theoretical higher-order security with  ...  Acknowledgments The authors would like to thank the anonymous reviewers for providing constructive and valuable comments. This work was supported in part by NIST  ... 
doi:10.1145/2996366.2996428 dblp:conf/ccs/CnuddeRBNNR16 fatcat:uj2d7vjp7jclnboe7ukmayqssm

Digital signal processing in bio-implantable systems: Design challenges and emerging solutions

Seetharam Narasimhan, Jongsun Park, Swarup Bhunia
2010 2nd Asia Symposium on Quality Electronic Design (ASQED)  
Besides, programmability of the device and security of the recorded information are desirable features, which need to be considered during the design of such systems.  ...  secure hardware for on-chip realtime signal processing in implantable systems.  ...  On the other hand, super-threshold design, although more effective in terms of yield and reliability, usually dissipates much higher power.  ... 
doi:10.1109/asqed.2010.5548247 fatcat:teb4dnt5ira77one3os524747q

Assessment of Hiding the Higher-Order Leakages in Hardware [chapter]

Amir Moradi, Alexander Wild
2015 Lecture Notes in Computer Science  
In IEEE Symposium on Security and Privacy, pages 31–41. IEEE Computer Society, 2002. 44. O. Reparaz. A note on the security of Higher-Order Threshold Implementations.  ...  On the Need of Physical Security for Small Embedded Devices: A Case Study with COMP128-1 Implementations in SIM Cards.  ... 
doi:10.1007/978-3-662-48324-4_23 fatcat:g4f6ch2jfrg5hi3va7bfnkilwa

Higher-Order Threshold Implementations [chapter]

Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2014 Lecture Notes in Computer Science  
However, so far it is only provable secure against 1 st -order DPA. We address this gap and extend the Threshold Implementation technique to higher orders.  ...  The attack order in a higher-order DPA corresponds to the number of wires that are probed in the circuit (per unmasked bit).  ...  Bilgin was partially supported by the FWO project G0B4213N and Benedikt Gierlichs is a Postdoctoral Fellow of the Research Foundation -Flanders (FWO).  ... 
doi:10.1007/978-3-662-45608-8_18 fatcat:prm5ogxf7veihhw4w53topjre4

Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware [chapter]

Thomas Pöppelmann, Tim Güneysu
2014 Lecture Notes in Computer Science  
So far it is known for solid security reductions but implementations of specific instances have often been reported to be too complex beyond any practicability.  ...  This unit can encrypt and decrypt a block in 26.19 µs and 16.80 µs on a Virtex-6 LX75T FPGA, respectively -at moderate resource requirements of about 1506 slices and a few block RAMs.  ...  ., a single point multiplication [24] ) and RSA (random-exponent 1024-bit exponentiation [50] ) our implementation is by an order of magnitude faster, scales better for higher security levels, and also  ... 
doi:10.1007/978-3-662-43414-7_4 fatcat:2zkqm5obynehvomvienyqizocm
« Previous Showing results 1 — 15 out of 190,179 results