Efficient and First-Order DPA Resistant Implementations of Keccak
نویسندگان
چکیده
In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against sidechannel attacks, preferably at low cost. In this paper, we present threshold implementations (TI) of Keccak with three and four shares that build further on unprotected parallel and serial architectures. We improve upon earlier TI implementations of Keccak in the sense that the latter did not achieve uniformity of shares. In our proposals we do achieve uniformity at the cost of an extra share in a four-share version or at the cost of injecting a small number of fresh random bits for each computed round. The proposed implementations are efficient and provably secure against first-order side-channel attacks.
منابع مشابه
Side-Channel Analysis of Keccak and Ascon
This thesis is about side-channel analysis of the SHA-3 competition winner Keccak and a similar algorithm Ascon. During the operation of such an algorithm on a device information will leak in many different ways. In this thesis we only look at the information that is leaked by the power consumption of a device. This leakage can be exploited with a technique called DPA. With DPA one tries to obt...
متن کاملPrinciples on the Security of AES against First and Second-Order Differential Power Analysis
Differential Power Analysis (DPA) is a powerful and practical technique used to attack a cryptographic implementation in a resourcelimited application environment. Despite the extensive research on DPA of AES, it seems none has explicitly addressed the fundamental issue: How far should we protect the first and last parts of AES in order to resist practical DPA attacks, namely first and second-o...
متن کاملRhythmic Keccak: SCA Security and Low Latency in HW
Glitches entail a great issue when securing a cryptographic implementation in hardware. Several masking schemes have been proposed in the literature that provide security even in the presence of glitches. The key property that allows this protection was introduced in threshold implementations as non-completeness. We address crucial points to ensure the right compliance of this property especial...
متن کاملHigher-Order Threshold Implementations
Higher-order differential power analysis attacks are a serious threat for cryptographic hardware implementations. In particular, glitches in the circuit make it hard to protect the implementation with masking. The existing higher-order masking countermeasures that guarantee security in the presence of glitches use multi-party computation techniques and require a lot of resources in terms of cir...
متن کاملA New DPA Countermeasure Based on Permutation Tables
We propose and analyse a new countermeasure against Differential Power Analysis (DPA) for the AES encryption algorithm, based on permutation tables. As opposed to existing AES countermeasures, it does not use random masking. We prove that our new countermeasure is resistant against first-order DPA; we also show that it is quite efficient in practice.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013