On 3-Share Threshold Implementations for 4-Bit S-boxes

  • Sebastian Kutzner
  • Phuong Ha Nguyen
  • Axel Poschmann
  • Huaxiong Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7864)


One of the most promising lightweight hardware countermeasures against SCA attacks is the so-called Threshold Implementation (TI) [12] countermeasure. In this work we discuss issues towards its applicability and introduce solutions to boost its implementation efficiency. In particular, our contribution is three-fold: first we introduce two methodologies to efficiently implement 3-share TI to a given S-box. Second, as an example, we successfully apply these methodologies to PRESENT and are able to decrease the area requirements of its protected S-box by 37-40%. Third, we present the first successful practical Mutual Information Attack on the original 3-share TI implementation of PRESENT and compare it with a correlation-enhanced collision attack using second-order moments.


Clock Cycle Side Channel Attack Power Trace Area Share Clock Gating 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold Implementations of All 3 ×3 and 4 ×4 S-Boxes. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 76–91. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Fiser, P., Hlavicka, J.: Two-Level Boolean Minimizer BOOM-II. In: IWSBP 2004, pp. 221–228 (2004)Google Scholar
  3. 3.
    Fiser, P., Hlavicka, J.: BOOM - A Heuristic Boolean Minimizer. Computers and Informatics 22(1), 19–51 (2003)zbMATHGoogle Scholar
  4. 4.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED Block Cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Virtual Silicon Inc. 0.18 μm VIP Standard Cell Library Tape Out Ready, Part Number: UMCL18G212T3, Process: UMC Logic 0.18 μm Generic II Technology: 0.18μmGoogle Scholar
  6. 6.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Leander, G., Poschmann, A.: On the Classification of 4 Bit S-Boxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 159–176. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Advances in Information Security. Springer (2007)Google Scholar
  10. 10.
    Moradi, A.: Statistical Tools Flavor Side-Channel Collision Attacks. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 428–445. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold Implementations Against Side-Channel Attacks and Glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Nikova, S., Rijmen, V., Schlaffer, M.: Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. Journal of Cryptology 24(2), 292–321 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  13. 13.
    Popp, T., Mangard, S.: Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C., Wee, C., Wang, H., Ling, S.: Side-Channel Resistant Crypto for Less than 2,300 GE. Journal of Cryptology 24(2), 322–345 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Sebastian Kutzner
    • 1
    • 2
  • Phuong Ha Nguyen
    • 1
    • 2
  • Axel Poschmann
    • 1
    • 2
  • Huaxiong Wang
    • 2
  1. 1.PACE Temasek LaboratoriesNanyang Technological UniversitySingapore
  2. 2.Division of Mathematical Sciences, SPMSNanyang Technological UniversitySingapore

Personalised recommendations