Filters








4,277 Hits in 5.2 sec

Masking AES With d+1 Shares in Hardware

Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2016 Proceedings of the 2016 ACM Workshop on Theory of Implementation Security - TIS'16  
d + 1 shares.  ...  In this paper, we give practical implementations of the AES using d + 1 shares aiming at first-and second-order security even in the presence of glitches.  ...  This work was supported in part by NIST  ... 
doi:10.1145/2996366.2996428 dblp:conf/ccs/CnuddeRBNNR16 fatcat:uj2d7vjp7jclnboe7ukmayqssm

Masking AES with $$d+1$$ Shares in Hardware [chapter]

Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen
2016 Lecture Notes in Computer Science  
d + 1 shares.  ...  In this paper, we give practical implementations of the AES using d + 1 shares aiming at first-and second-order security even in the presence of glitches.  ...  This work was supported in part by NIST  ... 
doi:10.1007/978-3-662-53140-2_10 fatcat:zyxgtv6adjhrzdvo46gi2zfsvi

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order [chapter]

Hannes Gross, Stefan Mangard, Thomas Korak
2017 Lecture Notes in Computer Science  
At CHES 2016, De Cnudde et al. [7] demonstrated the suitability of using only d+1 shares on an AES hardware design.  ...  In this work 1 , we demonstrate how the randomness requirements for d + 1 masking can be lowered from (d + 1) 2 to only d(d + 1)/2.  ...  In comparison with the recently published d + 1 share AES design [7] , our design requires just d(d + 1)/2 fresh random shares instead of (d + 1) 2 .  ... 
doi:10.1007/978-3-319-52153-4_6 fatcat:p4xs4tuwtfbohenlboa3fd2iaq

Low-Latency Hardware Masking with Application to AES

Pascal Sasdrich, Begül Bilgin, Michael Hutter, Mark E. Marson
2020 Transactions on Cryptographic Hardware and Embedded Systems  
In this paper, we present a hardware masking technique which does not increase the latency for such algorithms.  ...  Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due to the high-degree of nonlinear functions in their designs  ...  Composability and d-Strong Non-Interference In [RP10] the authors present an AES implementation using d + 1 shares, with the claim of d th -order security.  ... 
doi:10.13154/tches.v2020.i2.300-326 dblp:journals/tches/SasdrichBHM20 fatcat:eai3v3vyl5bqbg7mwkrasr3sda

Domain-Oriented Masking

Hannes Gross, Stefan Mangard, Thomas Korak
2016 Proceedings of the 2016 ACM Workshop on Theory of Implementation Security - TIS'16  
The presented AES implementation is built in a way that it can be synthesized for any protection order.  ...  We introduce a novel masking approach called domain-oriented masking (DOM).  ...  A DOM implementation uses d + 1 shares per variable in order to achieve d th -order security. There are d + 1 domains in this case.  ... 
doi:10.1145/2996366.2996426 dblp:conf/ccs/GrossMK16 fatcat:2zklq624cjfufgy2zoprnhe6qa

New First-Order Secure AES Performance Records

Aein Rezaei Shahmirzadi, Dušan Božilov, Amir Moradi
2021 Transactions on Cryptographic Hardware and Embedded Systems  
Constructing SCA-protected AES, as the most widely deployed block cipher, has been naturally the focus of several research projects, with a direct application in industry.  ...  five first-order secure AES encryptions/decryptions simultaneously in 50 clock cycles.  ...  Acknowledgments The work described in this paper has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy -EXC 2092 CASA -  ... 
doi:10.46586/tches.v2021.i2.304-327 fatcat:r2st3yhkbjga7ar347ahr4jsm4

Re-Consolidating First-Order Masking Schemes

Aein Rezaei Shahmirzadi, Amir Moradi
2020 Transactions on Cryptographic Hardware and Embedded Systems  
Among them, classical threshold implementations force the designers to use at least three shares in the underlying masking.  ...  The other schemes, which can deal with two shares, often necessitates the use of fresh randomness.Here, in this work, we present a technique allowing us to use two shares to realize the first-order glitch-extended  ...  Acknowledgements The work described in this paper has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy -EXC 2092 CASA  ... 
doi:10.46586/tches.v2021.i1.305-342 fatcat:xihq4odxd5df3lh42j56byc3sa

Provably Secure Higher-Order Masking of AES [chapter]

Matthieu Rivain, Emmanuel Prouff
2010 Lecture Notes in Computer Science  
When dth-order masking is involved (i.e. when d masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with the order d.  ...  This paper presents the first generic dth-order masking scheme for AES with a provable security and a reasonable software implementation overhead.  ...  The point is that if an attacker observes noisy side channel information about d + 1 shares corresponding to a variable masked with d random masks, the number of samples required to retrieve information  ... 
doi:10.1007/978-3-642-15031-9_28 fatcat:hzx2cmhqibcfpeexevjotos6gq

Multiplicative Masking for AES in Hardware

Lauren De Meyer, Oscar Reparaz, Begül Bilgin
2018 Transactions on Cryptographic Hardware and Embedded Systems  
Up to now, sound higher-order multiplicative masking schemes have been implemented only in software. In this work, we demonstrate the first hardware implementation of AES using multiplicative masks.  ...  Hardware masked AES designs usually rely on Boolean masking and perform the computation of the S-box using the tower-field decomposition.  ...  This means that for any number of shares, the original multiplicative masking scheme is vulnerable to first-order DPA. Masking in Hardware Masking in hardware requires special care.  ... 
doi:10.13154/tches.v2018.i3.431-468 dblp:journals/tches/MeyerRB18 fatcat:r5zso3vdhjg6ndhxvht573mn7u

Generic Low-Latency Masking in Hardware

Hannes Gross, Rinat Iusupov, Roderick Bloem
2018 Transactions on Cryptographic Hardware and Embedded Systems  
As a result, we obtain a first-order masked AES S-box that is calculated in a single clock cycle with rather high implementation costs (60.7 kGE), and a two-cycle variant with much less implementation  ...  The main idea of our approach is to avoid collisions of shared variables in nonlinear circuit parts and to skip the share compression.  ...  The work has been supported in part by the Austrian Science Fund (FWF) through project P26494-N15, project W1255-N23, and S11406.  ... 
doi:10.13154/tches.v2018.i2.1-21 dblp:journals/tches/GrossIB18 fatcat:2vlxvw74p5auda55js2i2mme5a

Hardware Masking, Revisited

Thomas De Cnudde, Maik Ender, Amir Moradi
2018 Transactions on Cryptographic Hardware and Embedded Systems  
associated to each share.  ...  Hardware masking schemes have shown many advances in the past few years. Through a series of publications their implementation cost has dropped significantly and flaws have been fixed where present.  ...  Acknowledgments This work is supported in part by NIST with the research grant 60NANB15D346 and the German Research Foundation (DFG) through the project NaSCA (Nano-Scale Side-Channel Analysis).  ... 
doi:10.13154/tches.v2018.i2.123-148 dblp:journals/tches/CnuddeEM18 fatcat:ppbii5yiw5ahrnat2v3affsmaa

Pushing the Limits: A Very Compact and a Threshold Implementation of AES [chapter]

Amir Moradi, Axel Poschmann, San Ling, Christof Paar, Huaxiong Wang
2011 Lecture Notes in Computer Science  
Our contribution is twofold: first we describe a very compact hardware implementation of AES-128, which requires only 2400 GE.  ...  Then we apply the threshold countermeasure by Nikova et al. to the AES S-box and yield an implementation of the AES improving the level of resistance against first-order side-channel attacks.  ...  Acknowledgment The authors would like to thank Akashi Satoh and Research Center for Information Security (RCIS) of Japan for the prompt and kind help in obtaining SASEBOs, and François-Xavier Standaert  ... 
doi:10.1007/978-3-642-20465-4_6 fatcat:ozdax4u4nnhfzi4qj6ukeojxqm

Generic Hardware Private Circuits

David Knichel, Pascal Sasdrich, Amir Moradi
2021 Transactions on Cryptographic Hardware and Embedded Systems  
Over the last decade, a lion's share of research in this area has been dedicated to developing countermeasures at an algorithmic level.  ...  In particular, we present a design methodology to generate first-order secure masked gadgets which is well-suited for integration into existing Electronic Design Automation (EDA) tools for automated hardware  ...  Acknowledgments The work described in this paper has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy -EXC 2092 CASA -  ... 
doi:10.46586/tches.v2022.i1.323-344 fatcat:p5faqxjxt5agvkmybups5nmfli

RS-Mask: Random Space Masking as an Integrated Countermeasure against Power and Fault Analysis [article]

Keyvan Ramezanpour, Paul Ampadu, William Diehl
2019 arXiv   pre-print
We additionally show that an FPGA implementation of AES, protected with RS-Mask, is resistant to power analysis SCA using Welch's t-test.  ...  The area of the RS-Masked AES is about 3.5 times that of an unprotected AES implementation of similar architecture, and about 2 times that of a known FPGA SCA-resistant AES implementation.  ...  ACKNOWLEDGEMENT This work was supported by NIST award 70NANB18H219 for Lightweight Cryptography in Hardware and Embedded Systems.  ... 
arXiv:1911.11278v1 fatcat:r6b4lb6kcfai5loenmsawcqkoe

A secure and highly efficient first-order masking scheme for AES linear operations

Jingdian Ming, Yongbin Zhou, Huizhong Li, Qian Zhang
2021 Cybersecurity  
In order to show its practical implications, we replace the linear operations of state-of-the-art first-order AES masking schemes with our proposal, while keeping their original non-linear operations unchanged  ...  Specifically, we discover some security flaws and redundant processes in popular first-order masked AES linear operations, and pinpoint the underlying root causes.  ...  Authors' contributions JM and YZ proposed the first-order AES masking scheme, and drafted the manuscript. HL participated in problem discussions and improvements of the manuscript.  ... 
doi:10.1186/s42400-021-00082-w fatcat:plvsycs6fnf27hd77haxy5gviq
« Previous Showing results 1 — 15 out of 4,277 results