On 3-Share Threshold Implementations for 4-Bit S-boxes
One of the most promising lightweight hardware countermeasures against SCA attacks is the so-called Threshold Implementation (TI)  countermeasure. In this work we discuss issues towards its applicability and introduce solutions to boost its implementation efficiency. In particular, our contribution is three-fold: first we introduce two methodologies to efficiently implement 3-share TI to a given S-box. Second, as an example, we successfully apply these methodologies to PRESENT and are able to decrease the area requirements of its protected S-box by 37-40%. Third, we present the first successful practical Mutual Information Attack on the original 3-share TI implementation of PRESENT and compare it with a correlation-enhanced collision attack using second-order moments.
KeywordsClock Cycle Side Channel Attack Power Trace Area Share Clock Gating
Unable to display preview. Download preview PDF.
- 2.Fiser, P., Hlavicka, J.: Two-Level Boolean Minimizer BOOM-II. In: IWSBP 2004, pp. 221–228 (2004)Google Scholar
- 5.Virtual Silicon Inc. 0.18 μm VIP Standard Cell Library Tape Out Ready, Part Number: UMCL18G212T3, Process: UMC Logic 0.18 μm Generic II Technology: 0.18μmGoogle Scholar
- 6.Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- 9.Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Advances in Information Security. Springer (2007)Google Scholar