Filters








18,412 Hits in 6.9 sec

Higher-Order Threshold Implementation Of The Aes S-Box

Thomas De Cnudde, Begül Bilgin, Oscar Reparaz, Ventzislav Nikov, Svetla Nikova
2015 Zenodo  
In this paper we present a threshold implementation of the Advanced Encryption Standard's S-box which is secure against first- and second-order power analysis attacks.  ...  The design requires an area of 7849 Gate Equivalents and 126 bits of randomness per S-box execution.  ...  Acknowledgements This work was supported in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007). In addition, this work was partially supported by the  ... 
doi:10.5281/zenodo.58086 fatcat:2ovqn6rme5fk7e4coxg7m5ylhu

Higher-Order Threshold Implementation of the AES S-Box [chapter]

Thomas De Cnudde, Begül Bilgin, Oscar Reparaz, Ventzislav Nikov, Svetla Nikova
2016 Lecture Notes in Computer Science  
In this paper we present a threshold implementation of the Advanced Encryption Standard's S-box which is secure against first-and second-order power analysis attacks.  ...  The design requires an area of 7849 Gate Equivalents and 126 bits of randomness per S-box execution.  ...  Acknowledgements This work was supported in part by the Research Council KU Leuven: GOA TENSE (GOA/11/007). In addition, this work was partially supported by the  ... 
doi:10.1007/978-3-319-31271-2_16 fatcat:3tv7et4p6zg5fjscgsttlm23lu

A More Efficient AES Threshold Implementation [chapter]

Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2014 Lecture Notes in Computer Science  
They confirm the first-order attack resistance of our implementation and show good resistance against higher-order attacks.  ...  At Eurocrypt 2011 Moradi et al. published the to date most compact Threshold Implementation of AES-128 encryption.  ...  This will be used in the next section in order to reduce the number of shares in the subblocks of the AES S-box and improve on the implementation of [18] .  ... 
doi:10.1007/978-3-319-06734-6_17 fatcat:xeeii4peeffmncxvog4yzzm3wq

Domain-Oriented Masking

Hannes Gross, Stefan Mangard, Thomas Korak
2016 Proceedings of the 2016 ACM Workshop on Theory of Implementation Security - TIS'16  
Our second-order secure AES S-box implementation, for example, has a hardware footprint that is half the size of the smallest existing second-order TI of the S-box.  ...  This paper includes synthesis results of our AES implementation up to the 15 th protection order.  ...  The GMS is also the basis for the second-order TI of the AES S-box of De Cnudde et al. [10] . Implementing higher-order protection based on the TI scheme, has been shown to be very costly.  ... 
doi:10.1145/2996366.2996426 dblp:conf/ccs/GrossMK16 fatcat:2zklq624cjfufgy2zoprnhe6qa

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers [chapter]

Praveen Kumar Vadnala
2017 Lecture Notes in Computer Science  
C. van Oorschot, "White-Box Cryptography and an AES Implementation".  ...  DIFFERENT APPROACHES TO ENCOUNTER THIS PROBLEM: Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, "Higher-Order Threshold Implementations". ASIACRYPT 2014 [2] A.Moradi, A.  ...  CONCEPT:  success of higher-order attacks depends on noise-level  combining hiding countermeasures (noise addition) with classical approaches (e.g. first-order secure TI)  dynamic hardware modifications  ... 
doi:10.1007/978-3-319-52153-4_7 fatcat:oowhrolyfrgcddzbzqr45wmqiq

Masking AES With d+1 Shares in Hardware

Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2016 Proceedings of the 2016 ACM Workshop on Theory of Implementation Security - TIS'16  
Threshold Implementation of the AES S-box with similar security and attacker model.  ...  In this paper, we give practical implementations of the AES using d + 1 shares aiming at first-and second-order security even in the presence of glitches.  ...  Acknowledgments The authors would like to thank the anonymous reviewers for providing constructive and valuable comments. This work was supported in part by NIST  ... 
doi:10.1145/2996366.2996428 dblp:conf/ccs/CnuddeRBNNR16 fatcat:uj2d7vjp7jclnboe7ukmayqssm

Masking AES with $$d+1$$ Shares in Hardware [chapter]

Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2016 Lecture Notes in Computer Science  
Threshold Implementation of the AES S-box with similar security and attacker model.  ...  In this paper, we give practical implementations of the AES using d + 1 shares aiming at first-and second-order security even in the presence of glitches.  ...  Acknowledgments The authors would like to thank the anonymous reviewers for providing constructive and valuable comments. This work was supported in part by NIST  ... 
doi:10.1007/978-3-662-53140-2_10 fatcat:zyxgtv6adjhrzdvo46gi2zfsvi

Pushing the Limits: A Very Compact and a Threshold Implementation of AES [chapter]

Amir Moradi, Axel Poschmann, San Ling, Christof Paar, Huaxiong Wang
2011 Lecture Notes in Computer Science  
Then we apply the threshold countermeasure by Nikova et al. to the AES S-box and yield an implementation of the AES improving the level of resistance against first-order side-channel attacks.  ...  This is to the best of our knowledge the smallest implementation reported so far.  ...  Acknowledgment The authors would like to thank Akashi Satoh and Research Center for Information Security (RCIS) of Japan for the prompt and kind help in obtaining SASEBOs, and François-Xavier Standaert  ... 
doi:10.1007/978-3-642-20465-4_6 fatcat:ozdax4u4nnhfzi4qj6ukeojxqm

Statistical Tools Flavor Side-Channel Collision Attacks [chapter]

Amir Moradi
2012 Lecture Notes in Computer Science  
Instead of restricting the analyses to evaluation of means, we propose to employ higher-order statistical moments and probability density functions as the figure of merit to detect collisions.  ...  Thus, our new techniques remove the shortcomings of the existing correlation collision attacks using first-order moments.  ...  The author would like to thank the anonymous reviewers of CHES 2011 for their helpful comments, Kerstin Lemke-Rust for fruitful discussions, Akashi Satoh and RCIS of Japan for the prompt and kind help  ... 
doi:10.1007/978-3-642-29011-4_26 fatcat:uyrha2pl7vg2ngoiohxjxiq26q

Implementation of AES using biometric

Srividya R., Ramesh B.
2019 International Journal of Electrical and Computer Engineering (IJECE)  
AES implementation includes, the design of most robust Substitution-Box implementation which defines a nonlinear behavior and mitigates malicious attacks, with an extended security definition.  ...  In this paper, the input message is encrypted by AES powered by secured nonlinear S-box using finger print biometric feature and is decrypted using the reverse process.  ...  AES implementation is made more vulnerable with the optimization of S-box [6] , which extends the security level in multiple orders. S-box design optimization confronts the security threats.  ... 
doi:10.11591/ijece.v9i5.pp4266-4276 fatcat:v3boaih3mbcutnx3tdsn6fpzzm

A First-Order SCA Resistant AES Without Fresh Randomness [chapter]

Felix Wegener, Amir Moradi
2018 Lecture Notes in Computer Science  
We present a new construction based on Threshold Implementations and Changing of the Guards to realize a first-order secure AES with zero per-round randomness.  ...  Even though many different first-order secure masking schemes are available today, when applied to the AES S-box they all require fresh random bits in every evaluation.  ...  Acknowledgments The work described in this paper has been supported in part by the German Federal Ministry of Education and Research BMBF (grant nr. 16KIS0666 SysKit_HW).  ... 
doi:10.1007/978-3-319-89641-0_14 fatcat:fw6auqacgjeznfl4fzk4p2fhya

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order [chapter]

Hannes Gross, Stefan Mangard, Thomas Korak
2017 Lecture Notes in Computer Science  
Our first-order AES implementation requires only 18 fresh random bits per S-box calculation, which is a third of the random bits of the CMS implementation of De Cnudde et al. [7].  ...  Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area.  ...  The HECTOR project has received funding from the European Unions Horizon 2020 research and innovation programme under grant agreement No 644052.  ... 
doi:10.1007/978-3-319-52153-4_6 fatcat:p4xs4tuwtfbohenlboa3fd2iaq

Hardware Performance Evaluation of Authenticated Encryption SAEAES with Threshold Implementation

Takeshi Sugawara
2020 Cryptography  
We design a new circuit architecture using the column-oriented serialization based on the recent 3-share and uniform threshold implementation (TI) of the AES S-box based on the generalized changing of  ...  This paper aims to implement the first threshold implementation of SAEAES and evaluate the cost we are trading with the backward compatibility.  ...  Conflicts of Interest: The author declares no conflict of interest.  ... 
doi:10.3390/cryptography4030023 fatcat:byuh43jjirdqjmh2actb5hyky4

On the Easiness of Turning Higher-Order Leakages into First-Order [chapter]

Thorben Moos, Amir Moradi
2017 Lecture Notes in Computer Science  
We present the theoretical concept of our approach based on simulation traces and examine its efficiency on noisy real-world measurements taken from a first-order secure threshold implementation of the  ...  Our analyses verify that the proposed technique is indeed a worthy alternative to conventional higher-order attacks and suggest that it might be able to relax the sensitivity of higher-order evaluations  ...  Acknowledgements The authors would like to acknowledge Axel Poschmann for the hardware designs and Stefan Heyse for his help on taping out the prototype chip.  ... 
doi:10.1007/978-3-319-64647-3_10 fatcat:mvakxgmk2rfynnpib4ix2w2j3y

Suit up! -- Made-to-Measure Hardware Implementations of ASCON

Hannes Gross, Erich Wenger, Christoph Dobraunig, Christoph Ehrenhofer
2015 2015 Euromicro Conference on Digital System Design  
A threshold implementation of ASCON just requires about 8 kGE of chip area, which is only 3.1 times larger than the unprotected low-area optimized implementation.  ...  Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of the CAESAR authenticated encryption competition.  ...  This work has been supported by the FFG research program SeCoS (project number 836628), the European Commission through the FP7 program (project MATTHEW, project number 610436), and by the Austrian Science  ... 
doi:10.1109/dsd.2015.14 dblp:conf/dsd/GrossWDE15 fatcat:6tf3p7t4hzcrrf6o2n6skyj7wu
« Previous Showing results 1 — 15 out of 18,412 results