Skip to main content
SpringerLink
Log in

Squeezing Polynomial Masking in Tower Fields

A Higher-Order Masked AES S-Box

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10146))

Abstract

Polynomial masking is a higher-order and glitch-resistant masking scheme to protect cryptographic implementations against side-channel attacks. Polynomial masking was introduced at CHES 2011, while a \(1^{st}\)-order polynomially masked AES S-box hardware implementation was presented at CHES 2013, and later on improved at TIs 2016. Polynomial masking schemes are advantageous in the way they can be easily adapted to every block-cipher and inherently scaled to any masking order using simple hardware design patterns. As a drawback, they typically have large area, time, and randomness requirements when compared to other masking schemes, e.g. threshold implementations. In this work, we show how tower fields can be perfectly committed to polynomial masking schemes, to reduce both area and randomness requirements of higher-order polynomially masked implementations, with application to AES. We provide ASIC synthesis results up to the \(6^{th}\) masking order and perform side-channel attacks on a Xilinx Spartan6 FPGA up to the \(2^{nd}\) masking order.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Mutual information was estimated using histograms.

References

  1. Belaid, S., De Santis, F., Heyszl, J., Mangard, S., Medwed, M., Schmidt, J.-M., Standaert, F.-X., Tillich, S.: Towards fresh re-keying with leakage-resilient PRFs: cipher design principles and analysis. JCEN 4(3), 1–15 (2014)

    Google Scholar 

  2. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45608-8_18

    Google Scholar 

  3. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: \(20^{th}\) ACM Symposium on Theory of Computing, STOC, pp. 1–10. ACM (1988)

    Google Scholar 

  4. Chari, S., Jutla, C., Rao, J.R., Rohatgi, P.: A cautionary note regarding evaluation of AES candidates on smart-cards. In: \(2^{nd}\) Advanced Encryption Standard (AES) Candidate Conference (1999)

    Google Scholar 

  5. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_26

    Google Scholar 

  6. De Santis, F., Bauer, T., Sigl, G.: Hiding higher-order univariate leakages by shuffling polynomial masking schemes. In: Theory of Implementation Security (TIs) ACM CCS Workshop (2016)

    Google Scholar 

  7. Cnudde, T., Bilgin, B., Reparaz, O., Nikov, V., Nikova, S.: Higher-order threshold implementation of the AES S-Box. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 259–272. Springer, Cham (2016). doi:10.1007/978-3-319-31271-2_16

    Chapter  Google Scholar 

  8. De Cnudde, T., Bilgin, B., Reparaz, O., Nikova, S.: Higher-order glitch resistant implementation of the PRESENT S-Box. In: Ors, B., Preneel, B. (eds.) BalkanCryptSec 2014. LNCS, vol. 9024, pp. 75–93. Springer, Cham (2015). doi:10.1007/978-3-319-21356-9_6

    Chapter  Google Scholar 

  9. Dobraunig, C., Koeune, F., Mangard, S., Mendel, F., Standaert, F.-X.: Towards fresh and hybrid re-keying schemes with beyond birthday security. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 225–241. Springer, Cham (2016). doi:10.1007/978-3-319-31271-2_14

    Chapter  Google Scholar 

  10. Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, New York Inc. (2002)

    Book  MATH  Google Scholar 

  11. Kirschbaum, M.: Power analysis resistant logic styles - design, implementation, and evaluation. Ph.D. thesis (2011)

    Google Scholar 

  12. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_25

    Google Scholar 

  13. Moradi, A., Kirschbaum, M., Eisenbarth, T., Paar, C.: Masked dual-rail precharge logic encounters state-of-the-art power analysis methods. IEEE Trans. VLSI Syst. 20, 1578–1589 (2012)

    Article  Google Scholar 

  14. Moradi, A., Mischke, O.: On the simplicity of converting leakages from multivariate to univariate. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 1–20. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40349-1_1

    Chapter  Google Scholar 

  15. Medwed, M., Standaert, F.-X., Großschädl, J., Regazzoni, F.: Fresh re-keying: security against side-channel and fault attacks for low-cost devices. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 279–296. Springer, Heidelberg (2010). doi:10.1007/978-3-642-12678-9_17

    Chapter  Google Scholar 

  16. Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the masked logic style MDPL on a prototype chip. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 81–94. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74735-2_6

    Chapter  Google Scholar 

  17. Prouff, E., Roche, T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23951-9_5

    Chapter  Google Scholar 

  18. Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P.: Efficient rijndael encryption implementation with composite field arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–184. Springer, Heidelberg (2001). doi:10.1007/3-540-44709-1_16

    Chapter  Google Scholar 

  19. Rijmen, V.: Efficient Implementation of the Rijndael S-box

    Google Scholar 

  20. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15031-9_28

    Chapter  Google Scholar 

  21. Roche, T., Prouff, E.: Higher-order glitch free implementation of the AES using secure multi-party computation protocols - extended version. J. Cryptogr. Eng. 2(2), 111–127 (2012)

    Article  Google Scholar 

  22. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  23. Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES S boxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 67–78. Springer, Heidelberg (2002). doi:10.1007/3-540-45760-7_6

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was partly funded by the German Federal Ministry of Education and Research (BMBF) in the project SIBASE under grant number 01IS13020A.

Author information

Authors and Affiliations

  1. Technische Universität München (TUM), Munich, Germany

    Fabrizio De Santis, Tobias Bauer & Georg Sigl

  2. Fraunhofer Institute for Applied and Integrated Security (AISEC), Munich, Germany

    Georg Sigl

Authors
  1. Fabrizio De Santis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tobias Bauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Georg Sigl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fabrizio De Santis .

Editor information

Editors and Affiliations

  1. Bonn-Rhein-Sieg University of Applied Sciences, St. Augustin, Germany

    Kerstin Lemke-Rust

  2. Cryptography Research Inc. , San Francisco, California, USA

    Michael Tunstall

Appendices

A Tables

Table 2. Isomorphic mapping \(\varPhi : \mathsf {GF}(2^8) \rightarrow \mathsf {GF}((2^4)^2)\) of the AES constants.
Full size table

B Figures

Fig. 9.
figure 9

Shared \(\mathsf {GF}(2^4)\) multiplication module for \((d,m)=(2,5)\).

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

De Santis, F., Bauer, T., Sigl, G. (2017). Squeezing Polynomial Masking in Tower Fields. In: Lemke-Rust, K., Tunstall, M. (eds) Smart Card Research and Advanced Applications. CARDIS 2016. Lecture Notes in Computer Science(), vol 10146. Springer, Cham. https://doi.org/10.1007/978-3-319-54669-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54669-8_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54668-1

  • Online ISBN: 978-3-319-54669-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation