Side-channel resistant crypto for less than 2,300 GE

Axel Poschmann; Amir Moradi; Khoongming Khoo; Chu Wee Lim; Huaxiong Wang; San Ling

doi:10.1007/s00145-010-9086-6

Side-channel resistant crypto for less than 2,300 GE

Axel Poschmann^*, Amir Moradi, Khoongming Khoo, Chu Wee Lim, Huaxiong Wang, San Ling

^*Corresponding author for this work

School of Computing

Research output: Contribution to journal › Article › peer-review

147 Citations (Scopus)

Abstract

A provably secure countermeasure against first order side-channel attacks was proposed by Nikova et al. (P. Ning, S. Qing, N. Li (eds.) International conference in information and communications security. Lecture notes in computer science, vol. 4307, pp. 529-545, Springer, Berlin, 2006). We have implemented the lightweight block cipher PRESENT using the proposed countermeasure. For this purpose we had to decompose the S-box used in PRESENT and split it into three shares that fulfill the properties of the scheme presented by Nikova et al. (P. Lee, J. Cheon (eds.) International conference in information security and cryptology. Lecture notes in computer science, vol. 5461, pp. 218-234, Springer, Berlin, 2008). Our experimental results on real-world power traces show that this countermeasure provides additional security. Post-synthesis figures for an ASIC implementation require only 2,300 GE, which makes this implementation suitable for low-cost passive RFIDtags.

Original language	English
Pages (from-to)	322-345
Number of pages	24
Journal	Journal of Cryptology
Volume	24
Issue number	2
DOIs	https://doi.org/10.1007/s00145-010-9086-6
Publication status	Published - Apr 2011

Keywords

ASIC
Countermeasures
Lightweight
Secret sharing
Side-channel attacks

Access to Document

10.1007/s00145-010-9086-6

Cite this

@article{0941bc7a98c6472d8e123468722c2c66,

title = "Side-channel resistant crypto for less than 2,300 GE",

abstract = "A provably secure countermeasure against first order side-channel attacks was proposed by Nikova et al. (P. Ning, S. Qing, N. Li (eds.) International conference in information and communications security. Lecture notes in computer science, vol. 4307, pp. 529-545, Springer, Berlin, 2006). We have implemented the lightweight block cipher PRESENT using the proposed countermeasure. For this purpose we had to decompose the S-box used in PRESENT and split it into three shares that fulfill the properties of the scheme presented by Nikova et al. (P. Lee, J. Cheon (eds.) International conference in information security and cryptology. Lecture notes in computer science, vol. 5461, pp. 218-234, Springer, Berlin, 2008). Our experimental results on real-world power traces show that this countermeasure provides additional security. Post-synthesis figures for an ASIC implementation require only 2,300 GE, which makes this implementation suitable for low-cost passive RFIDtags.",

keywords = "ASIC, Countermeasures, Lightweight, Secret sharing, Side-channel attacks",

author = "Axel Poschmann and Amir Moradi and Khoongming Khoo and Lim, {Chu Wee} and Huaxiong Wang and San Ling",

year = "2011",

month = apr,

doi = "10.1007/s00145-010-9086-6",

language = "English",

volume = "24",

pages = "322--345",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer, Springer Nature",

number = "2",

}

TY - JOUR

T1 - Side-channel resistant crypto for less than 2,300 GE

AU - Poschmann, Axel

AU - Moradi, Amir

AU - Khoo, Khoongming

AU - Lim, Chu Wee

AU - Wang, Huaxiong

AU - Ling, San

PY - 2011/4

Y1 - 2011/4

N2 - A provably secure countermeasure against first order side-channel attacks was proposed by Nikova et al. (P. Ning, S. Qing, N. Li (eds.) International conference in information and communications security. Lecture notes in computer science, vol. 4307, pp. 529-545, Springer, Berlin, 2006). We have implemented the lightweight block cipher PRESENT using the proposed countermeasure. For this purpose we had to decompose the S-box used in PRESENT and split it into three shares that fulfill the properties of the scheme presented by Nikova et al. (P. Lee, J. Cheon (eds.) International conference in information security and cryptology. Lecture notes in computer science, vol. 5461, pp. 218-234, Springer, Berlin, 2008). Our experimental results on real-world power traces show that this countermeasure provides additional security. Post-synthesis figures for an ASIC implementation require only 2,300 GE, which makes this implementation suitable for low-cost passive RFIDtags.

AB - A provably secure countermeasure against first order side-channel attacks was proposed by Nikova et al. (P. Ning, S. Qing, N. Li (eds.) International conference in information and communications security. Lecture notes in computer science, vol. 4307, pp. 529-545, Springer, Berlin, 2006). We have implemented the lightweight block cipher PRESENT using the proposed countermeasure. For this purpose we had to decompose the S-box used in PRESENT and split it into three shares that fulfill the properties of the scheme presented by Nikova et al. (P. Lee, J. Cheon (eds.) International conference in information security and cryptology. Lecture notes in computer science, vol. 5461, pp. 218-234, Springer, Berlin, 2008). Our experimental results on real-world power traces show that this countermeasure provides additional security. Post-synthesis figures for an ASIC implementation require only 2,300 GE, which makes this implementation suitable for low-cost passive RFIDtags.

KW - ASIC

KW - Countermeasures

KW - Lightweight

KW - Secret sharing

KW - Side-channel attacks

UR - http://www.scopus.com/inward/record.url?scp=79959973331&partnerID=8YFLogxK

U2 - 10.1007/s00145-010-9086-6

DO - 10.1007/s00145-010-9086-6

M3 - Article

AN - SCOPUS:79959973331

VL - 24

SP - 322

EP - 345

JO - Journal of Cryptology

JF - Journal of Cryptology

SN - 0933-2790

IS - 2

ER -

Side-channel resistant crypto for less than 2,300 GE

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this