Building power analysis resistant implementations of Keccak
نویسندگان
چکیده
In this paper we report on Keccak implementations that offer a high level of resistance against power analysis by using the technique of masking (secret sharing). In software, we show that two shares are required and if implemented carefully, sufficient. In dedicated hardware, three shares are required. We show that Multi-Gbit/s. throughput can be obtained with cores of area around 100 KGates. We demonstrate that there is a trade-off between area and performance by detailing two different architectures. Finally, we give arguments why the technique of secret sharing offers a very high level of protection against power analysis.
منابع مشابه
An Improvement of Both Security and Reliability for Keccak Implementations on Smart Card
As the new SHA-3 standard, the security and reliability of Keccak have attracted a lot of attentions. Previous works already show that both software and hardware implementations of Keccak have strong side-channel power (electromagnetic) leakages, and these leakages can be easily used by attackers to recover secret key bits. Meanwhile, Keccak is vulnerable to random errors and injected faults, w...
متن کاملEfficient and First-Order DPA Resistant Implementations of Keccak
In October 2012 NIST announced that the SHA-3 hash standard will be based on Keccak. Besides hashing, Keccak can be used in many other modes, including ones operating on a secret value. Many applications of such modes require protection against sidechannel attacks, preferably at low cost. In this paper, we present threshold implementations (TI) of Keccak with three and four shares that build fu...
متن کاملSide-Channel Analysis of Keccak and Ascon
This thesis is about side-channel analysis of the SHA-3 competition winner Keccak and a similar algorithm Ascon. During the operation of such an algorithm on a device information will leak in many different ways. In this thesis we only look at the information that is leaked by the power consumption of a device. This leakage can be exploited with a technique called DPA. With DPA one tries to obt...
متن کاملPushing the Limits of SHA-3 Hardware Implementations to Fit on RFID
There exists a broad range of RFID protocols in literature that propose hash functions as cryptographic primitives. Since Keccak has been selected as the winner of the NIST SHA-3 competition in 2012, there is the question of how far we can push the limits of Keccak to fulfill the stringent requirements of passive low-cost RFID. In this paper, we address this question by presenting a hardware im...
متن کاملDifferential Power Analysis of MAC-Keccak at Any Key-Length
Keccak is a new hash function selected by NIST as the next SHA-3 standard. Keccak supports the generation of Message Authentication Codes (MACs) by hashing the direct concatenation of a variablelength key and the input message. As a result, changing the key-length directly changes the set of internal operations that need to be targeted with Differential Power Analysis. The proper selection of t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010