Advertisement

Protecting Triple-DES Against DPA

A Practical Application of Domain-Oriented Masking
  • Pascal Sasdrich
  • Michael Hutter
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10815)

Abstract

Although AES has become the predominant standard for symmetric block ciphers, T-DES is still widely used especially for electronic payment and financial solutions. In order to protect small and embedded devices against power analysis and side-channel attacks in general, appropriate countermeasures have to be considered. In this paper, we present the first practical application of the Domain-Oriented Masking (DOM) scheme for the T-DES cipher in hardware and provide practical evaluation results that confirm the security of DOM and our designs. In particular, using Test Vector Leakage Assessment (TVLA) as evaluation methodology confirms that our first- and second-order secure architectures do not exhibit detectable leakage using up to 2 billion traces. This is the first paper that presents a T-DES hardware implementation using a state of the art provable secure masking technique.

Supplementary material

References

  1. 1.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side—channel(s). In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_4CrossRefGoogle Scholar
  2. 2.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313–314. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_19CrossRefGoogle Scholar
  3. 3.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45608-8_18CrossRefGoogle Scholar
  4. 4.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Tokareva, N.N., Vitkup, V.: Threshold implementations of small S-boxes. Crypt. Commun. 7(1), 3–33 (2015)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Faust, S., Grosso, V., Del Pozo, S.M., Paglialonga, C., Standaert, F.-X.: Composable masking schemes in the presence of physical defaults and the robust probing model. Cryptology ePrint Archive, Report 2017/711 (2017). https://eprint.iacr.org/2017/711
  6. 6.
    Gilbert Goodwill, B.J., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation. In: NIST Non-invasive Attack Testing Workshop (2011)Google Scholar
  7. 7.
    Groß, H., Mangard, S.: Reconciling \(d+1\) masking in hardware and software. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 115–136. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_6CrossRefGoogle Scholar
  8. 8.
    Groß, H., Mangard, S., Korak, T.: An efficient side-channel protected AES implementation with arbitrary protection order. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 95–112. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-52153-4_6CrossRefGoogle Scholar
  9. 9.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_27CrossRefGoogle Scholar
  10. 10.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68697-5_9CrossRefGoogle Scholar
  11. 11.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  12. 12.
    Kutzner, S., Nguyen, P.H., Poschmann, A., Wang, H.: On 3-share threshold implementations for 4-Bit S-boxes. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 99–113. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40026-1_7CrossRefGoogle Scholar
  13. 13.
    Leitold, H., Mayerwieser, W., Payer, U., Posch, K.C., Posch, R., Wolkerstorfer, J.: A 155 Mbps triple-DES network encryptor. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 164–174. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44499-8_12CrossRefGoogle Scholar
  14. 14.
    Maghrebi, H., Danger, J.-L., Flament, F., Guilley, S., Sauvage, L.: Evaluation of countermeasure implementations based on Boolean masking to thwart side-channel attacks. In: International Conference on Signals, Circuits and Systems, SCS 2009, Jerba, Tunisia, 5–8 November 2009, pp. 1–6 (2009)Google Scholar
  15. 15.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-0-387-38162-6CrossRefzbMATHGoogle Scholar
  16. 16.
    McLoone, M., McCanny, J.V.: High-performance FPGA implementation of DES using a novel method for implementing the key schedule. IEE Proc.-Circ. Devices Syst. 150(5), 373–378 (2003)CrossRefGoogle Scholar
  17. 17.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-20465-4_6CrossRefGoogle Scholar
  18. 18.
    Nikova, S., Nikov, V., Rijmen, V.: Decomposition of permutations in a finite field. IACR Cryptology ePrint Archive 2018:103 (2018)Google Scholar
  19. 19.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006).  https://doi.org/10.1007/11935308_38CrossRefzbMATHGoogle Scholar
  20. 20.
    Oswald, D., Paar, C.: Breaking mifare DESFire MF3ICD40: power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-23951-9_14CrossRefGoogle Scholar
  21. 21.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24(2), 322–345 (2011)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_37CrossRefGoogle Scholar
  23. 23.
    Sasdrich, P., Moradi, A., Güneysu, T.: Affine equivalence and its application to tightening threshold implementations. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 263–276. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-31301-6_16CrossRefGoogle Scholar
  24. 24.
    Sasdrich, P., Moradi, A., Güneysu, T.: Hiding higher-order side-channel leakage. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 131–146. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-52153-4_8CrossRefzbMATHGoogle Scholar
  25. 25.
    Sauvage, L., Guilley, S., Danger, J.-L., Mathieu, Y., Nassar, M.: Successful attack on an FPGA-based WDDL DES cryptoprocessor without place and route constraints. In: Design, Automation and Test in Europe, DATE 2009, Nice, France, 20–24 April 2009, pp. 640–645 (2009)Google Scholar
  26. 26.
    Schneider, T., Moradi, A.: Leakage assessment methodology - extended version. J. Cryptogr. Eng. 6(2), 85–99 (2016)CrossRefGoogle Scholar
  27. 27.
    Standaert, F.-X., Rouvroy, G., Quisquater, J.-J.: FPGA implementations of the DES and triple-des masked against power analysis attacks. In: Proceedings of the 2006 International Conference on Field Programmable Logic and Applications (FPL), Madrid, Spain, 28–30 August 2006, pp. 1–4 (2006)Google Scholar
  28. 28.
    Trimberger, S., Pang, R., Singh, A.: A 12 Gbps DES encryptor/decryptor core in an FPGA. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 156–163. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44499-8_11CrossRefGoogle Scholar
  29. 29.
    Wilcox, D.C., Pierson, L.G., Robertson, P.J., Witzke, E.L., Gass, K.: A DES ASIC suitable for network encryption at 10 Gbps and beyond. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 37–48. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48059-5_5CrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Cryptography ResearchSan FranciscoUSA
  2. 2.Horst Görtz Institute for IT-SecurityRuhr-Universität BochumBochumGermany

Personalised recommendations