78 Hits in 3.5 sec

On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking [chapter]

Dahmun Goudarzi, Matthieu Rivain
2016 Lecture Notes in Computer Science  
In this paper, we present a generic method to find a Boolean representation of an s-box with efficient bitsliced higher-order masking.  ...  The most widely used approach is based on a polynomial representation of the cipher s-box(es) allowing the application of standard higher-order masking building blocks such as the ISW scheme (Ishai-Sahai-Wagner  ...  Section 2 gives some preliminaries about Boolean functions and higher-order masking.  ... 
doi:10.1007/978-3-662-53140-2_22 fatcat:ccqw57qwlrg6lnzscns4wg4sz4

Bitsliced Masking and ARM: Friends or Foes? [chapter]

Wouter de Groot, Kostas Papagiannopoulos, Antonio de La Piedra, Erik Schneider, Lejla Batina
2017 Lecture Notes in Computer Science  
Second, we analyze experimentally the effectiveness of masking in ARM devices, i.e. we examine the effects of distance-based leakages on the security order of our implementation.  ...  In order to reduce the computational cost, we implement a high-throughput, bitsliced, 2ndorder masked implementation of the PRESENT cipher, using assembly in ARM Cortex-M4.  ...  Acknowledgments We would like to thank Rafael Boix-Carpi from Riscure BV for his advice and help.  ... 
doi:10.1007/978-3-319-55714-4_7 fatcat:pw7cslsvcvbrxj3lwkotxthv7a

Breaking Masked Implementations with Many Shares on 32-bit Software Platforms

Olivier Bronchain, François-Xavier Standaert
2021 Transactions on Cryptographic Hardware and Embedded Systems  
We explore the concrete side-channel security provided by state-of-theart higher-order masked software implementations of the AES and the (candidate to the NIST Lightweight Cryptography competition) Clyde  ...  We then show the positive impact of lightweight block ciphers with limited number of AND gates for side-channel security, and compare our attacks against a masked Clyde with the best reported attacks of  ...  Acknowledgments The authors thank Gaëtan Cassiers, co-author of SCALib, for its time spent in improving the leakage analysis tools.  ... 
doi:10.46586/tches.v2021.i3.202-234 fatcat:mjccfpanhrfunfkccivkq2ojvi

Defeating State-of-the-Art White-Box Countermeasures with Advanced Gray-Box Attacks

Louis Goubin, Matthieu Rivain, Junwei Wang
2020 Transactions on Cryptographic Hardware and Embedded Systems  
Then we analyze the different gray-box attack paths and study their performances in terms of required traces and computation time.  ...  In this article, we revisit state-of-the-art countermeasures employed in white-box cryptography, and we discuss possible ways to combine them.  ...  Acknowledgements The authors would like to thank Wieland Fischer and the anonymous referees for their valuable comments. This work was partially supported by the French FUI AAP25 IDECYS+ project.  ... 
doi:10.13154/tches.v2020.i3.454-482 dblp:journals/tches/GoubinRW20 fatcat:pdmjsy2c6jb2xjz7uilipj7oam

Masking Kyber: First- and Higher-Order Implementations

Joppe W. Bos, Marc Gourjon, Joost Renes, Tobias Schneider, Christine Van Vredendaal
2021 Transactions on Cryptographic Hardware and Embedded Systems  
which is protected against first- and higher-order attacks.  ...  To the best of our knowledge, this results in the first higher-order masked implementation of any post-quantum secure key encapsulation mechanism algorithm.  ...  Bitslice maps a Boolean-masked polynomial to its Boolean-masked bitsliced representation. This is a linear function and can, therefore, be computed on each share separately.  ... 
doi:10.46586/tches.v2021.i4.173-214 fatcat:nkvlktgvnjgulco2kplttqndtq

Very High Order Masking: Efficient Implementation and Security Evaluation [chapter]

Anthony Journault, François-Xavier Standaert
2017 Lecture Notes in Computer Science  
By exploiting the excellent features of these algorithms for bitslice implementations, we first extend the recent speed records of Goudarzi and Rivain (presented at Eurocrypt 2017) and report realistic  ...  In this paper, we study the performances and security of recent masking algorithms specialized to parallel implementations in a 32-bit embedded software platform, for the standard AES Rijndael and the  ...  This work has been funded in parts by the INNOVIRIS project SCAUT and by the European Commission through the ERC project 724725 and the H2020 project REASSURE.  ... 
doi:10.1007/978-3-319-66787-4_30 fatcat:k5jft5vp6jheje3cg7a3yq7qay

LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations [chapter]

Vincent Grosso, Gaëtan Leurent, François-Xavier Standaert, Kerem Varıcı
2015 Lecture Notes in Computer Science  
Side-channel analysis is an important issue for the security of embedded cryptographic devices, and masking is one of the most investigated solutions to mitigate such attacks.  ...  For this purpose, we first observe that bitslice ciphers have interesting properties for improving both the efficiency and the regularity of masked software implementations.  ...  This work has been funded in parts by the ERC project 280141 (acronym CRASH). François-Xavier Standaert is an associate researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.).  ... 
doi:10.1007/978-3-662-46706-0_2 fatcat:atvtcoqs7rg5po7mbzx27tynzu

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures [chapter]

Dahmun Goudarzi, Matthieu Rivain, Damien Vergnaud, Srinivas Vivek
2017 Lecture Notes in Computer Science  
Several masking schemes have been proposed in the literature that rely on the efficient decomposition of the underlying s-box(es).  ...  It allows to evaluate nλ-bit to mλ-bit s-boxes for any integers n, m, λ ≥ 1 by seeing it a sequence of m n-variate polynomials over F 2 λ and by trying to minimize the number of multiplications over F  ...  We would also like to thank the anonymous reviewers of CHES 2017 for valuable feedback that helped to improve the paper.  ... 
doi:10.1007/978-3-319-66787-4_8 fatcat:nqlotm4xwjhnpc7brzme2mgtsq

Vectorizing Higher-Order Masking [chapter]

Benjamin Grégoire, Kostas Papagiannopoulos, Peter Schwabe, Ko Stoffelen
2018 Lecture Notes in Computer Science  
The cost of higher-order masking as a countermeasure against side-channel attacks is often considered too high for practical scenarios, as protected implementations become very slow.  ...  We use refreshing and multiplication algorithms that are proven to be secure in the bounded moment leakage model and to be strongly non-interfering.  ...  Goudarzi and Rivain [23] compared the performance of different higher-order masking approaches on ARM architectures.  ... 
doi:10.1007/978-3-319-89641-0_2 fatcat:nrowmdwtb5azrguqh3xgwna7pq

Secure Multiplication for Bitslice Higher-Order Masking: Optimisation and Comparison [chapter]

Dahmun Goudarzi, Anthony Journault, Matthieu Rivain, François-Xavier Standaert
2018 Lecture Notes in Computer Science  
In this paper, we optimize the performances and compare several recent masking schemes in bitslice on 32-bit arm devices, with a focus on multiplication.  ...  They also highlight the increasing feasibility of (very) high-order masking that are offered by increasingly powerful embedded devices, with new opportunities of high-security devices in various contexts  ...  This work has been funded in part by the European Commission and the Walloon Region through the FEDER project USERMedia (convention number 501907-379156) and by the INNOVIRIS project SCAUT .  ... 
doi:10.1007/978-3-319-89641-0_1 fatcat:nqo676jwozco5cpcvzfnbbwcve

How Fast Can Higher-Order Masking Be in Software? [chapter]

Dahmun Goudarzi, Matthieu Rivain
2017 Lecture Notes in Computer Science  
We also investigate an alternative to polynomials methods which is based on bitslicing at the s-box level. We describe new masked bitslice implementations of the AES and PRESENT ciphers.  ...  In this paper, we investigate efficient higher-order masking techniques by conducting a case study on ARM architectures (the most widespread architecture in embedded systems).  ...  Higher-Order Masking.  ... 
doi:10.1007/978-3-319-56620-7_20 fatcat:h4pr5l3rxvc7jbuowgxuhsx24u

Bitslice Masking and Improved Shuffling:

Melissa Azouaoui, Olivier Bronchain, Vincent Grosso, Kostas Papagiannopoulos
2022 Transactions on Cryptographic Hardware and Embedded Systems  
impact was independent of the masking security order in previous works.  ...  We conclude that with moderate but sufficient noise, the "bitslice masking + shuffling" combination of countermeasures is practically relevant, and its interest increases when randomness is expensive and  ...  This work has been funded in parts by the European Union and the Walloon Region through the ERC project SWORD (project 724725) and the FEDER project USERMedia (convention number 501907-379156).  ... 
doi:10.46586/tches.v2022.i2.140-165 fatcat:363tfxbm5zdvhf7aa5ksg6civ4

Tuple Cryptanalysis: Slicing and Fusing Multisets [chapter]

Marine Minier, Raphaël C.-W. Phan
2017 Lecture Notes in Computer Science  
In this paper, we revisit the notions of Square, saturation, integrals, multisets, bit patterns and tuples, and propose a new Slice & Fuse paradigm to better exploit multiset type properties of block ciphers  ...  , as well as relations between multisets and constituent bitslice tuples.  ...  RP is supported in part by the Malaysian Ministry of Education's Fundamental Research Grant Scheme under the project ProvAdverse.  ... 
doi:10.1007/978-3-319-61273-7_15 fatcat:yf4bk5u6yraz3hetbva5ajn3am

The Block Cipher SC2000 [chapter]

Takeshi Shimoyama, Hitoshi Yanami, Kazuhiro Yokoyama, Masahiko Takenaka, Kouichi Itoh, Jun Yajima, Naoya Torii, Hidema Tanaka
2002 Lecture Notes in Computer Science  
It is a strong feature of the cipher that the fast software implementations are available by using the techniques of putting together S-boxes in various ways and of the Bitslice implementation.  ...  The block cipher is constructed by piling two layers: one is a Feistel structure layer and the other is an SPN structure layer.  ...  For evaluation of security, we inspect the security in the design against differential attacks, linear attacks, higher order differential attacks, interpolation attacks, and so on.  ... 
doi:10.1007/3-540-45473-x_26 fatcat:t4cm6sc4zjh33fnik3wndnwvoq

Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation

Dahmun Goudarzi, Jérémy Jean, Stefan Kölbl, Thomas Peyrin, Matthieu Rivain, Yu Sasaki, Siang Meng Sim
2020 IACR Transactions on Symmetric Cryptology  
More precisely, it strongly minimizes the number of nonlinear gates used in its internal primitive in order to allow efficient masked implementations, especially for high-order masking in software.  ...  We finally describe efficient (masked) implementations in software and provide implementation results with aggressive performances for masking of very high orders (up to 128).  ...  Acknowledgements The authors would like to thank the anonymous referees for their very valuable and constructive comments.  ... 
doi:10.13154/tosc.v2020.is1.31-59 dblp:journals/tosc/GoudarziJKPRSS20 fatcat:rl6m5nyvdbhnxj3f6ktculegwa
« Previous Showing results 1 — 15 out of 78 results