SPARX: a side-channel protected processor for ARX-based cryptography
Abstract
ARX-based cryptographic algorithms are composed of only three elemental operations --- addition, rotation and exclusive or --- which are mixed to ensure adequate confusion and diffusion properties. While ARX-ciphers can easily be protected against timing attacks, special measures like masking have to be taken in order to prevent power and electromagnetic analysis. In this paper we present a processor architecture for ARX-based cryptography, that intrinsically guarantees first-order SCA resistance of any implemented algorithm. This is achieved by protecting the complete data path using a Boolean masking scheme with three shares.
We evaluate our security claims by mapping an ARX-algorithm to the proposed architecture and using the common leakage detection methodology based on Student's t-test to certify the side-channel resistance of our processor.
References
[1]
H. Gross, "Sharing is caring - on the protection of arithmetic logic units against passive physical attacks," in RFIDSec, vol. 9440 of Lecture Notes in Computer Science, pp. 68--84, Springer, 2015.
[2]
K. Shahzad, A. Khalid, Z. E. R�kossy, G. Paul, and A. Chattopadhyay, "CoARX: a coprocessor for ARX-based cryptographic algorithms," in DAC, pp. 133:1--133:10, ACM, 2013.
[3]
A. Shahverdi, M. Taha, and T. Eisenbarth, "Silent Simon: A threshold implementation under 100 slices," in HOST, pp. 1--6, IEEE Computer Society, 2015.
[4]
C. Chen, M. S. Inci, M. Taha, and T. Eisenbarth, "SpecTre: A tiny side-channel resistant SPECK core for FPGAs," IACR Cryptology ePrint Archive, vol. 2015, p. 691, 2015.
[5]
D. Khovratovich and I. Nikolić, "Rotational cryptanalysis of ARX," in Fast Software Encryption, no. 6147 in Lecture Notes in Computer Science, pp. 333--346, Springer, 2010.
[6]
R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, and L. Wingers, "The SIMON and SPECK families of lightweight block ciphers," IACR Cryptology ePrint Archive, vol. 2013, p. 404, 2013.
[7]
D. J. Bernstein, "The Salsa20 family of stream ciphers," in The eSTREAM Finalists, vol. 4986 of Lecture Notes in Computer Science, pp. 84--97, Springer, 2008.
[8]
B. Gierlichs, L. Batina, C. Clavier, T. Eisenbarth, A. Gouget, H. Handschuh, T. Kasper, K. Lemke-Rust, S. Mangard, A. Moradi, and E. Oswald, "Susceptibility of eSTREAM candidates towards side channel analysis," in SASC - The State Of The Art Of Stream Ciphers, pp. 123--150, 2008.
[9]
B. Mazumdar, S. S. Ali, and O. Sinanoglu, "Power analysis attacks on ARX: an application to Salsa20," in IOLTS, pp. 40--43, IEEE, 2015.
[10]
N. Veyrat-Charvillon, M. Medwed, S. Kerckhof, and F. Standaert, "Shuffling against side-channel attacks: A comprehensive study with cautionary note," in ASIACRYPT, vol. 7658 of Lecture Notes in Computer Science, pp. 740--757, Springer, 2012.
[11]
E. Prouff and M. Rivain, "Masking against side-channel attacks: A formal security proof," in EUROCRYPT, vol. 7881 of Lecture Notes in Computer Science, pp. 142--159, Springer, 2013.
[12]
S. Mangard, N. Pramstaller, and E. Oswald, "Successfully attacking masked AES hardware implementations," in CHES, vol. 3659 of Lecture Notes in Computer Science, pp. 157--171, Springer, 2005.
[13]
A. Poschmann, A. Moradi, K. Khoo, C. Lim, H. Wang, and S. Ling, "Side-channel resistant crypto for less than 2, 300 GE," J. Cryptology, vol. 24, no. 2, pp. 322--345, 2011.
[14]
T. D. Cnudde, B. Bilgin, O. Reparaz, V. Nikov, and S. Nikova, "Higher-order threshold implementation of the AES s-box," in CARDIS, vol. 9514 of Lecture Notes in Computer Science, pp. 259--272, Springer, 2015.
[15]
B. Bilgin, J. Daemen, V. Nikov, S. Nikova, V. Rijmen, and G. V. Assche, "Efficient and first-order DPA resistant implementations of Keccak," in CARDIS, vol. 8419 of Lecture Notes in Computer Science, pp. 187--199, Springer, 2013.
[16]
B. Bilgin, S. Nikova, V. Nikov, V. Rijmen, N. Tokareva, and V. Vitkup, "Threshold implementations of small s-boxes," Cryptography and Communications, vol. 7, no. 1, pp. 3--33, 2015.
[17]
O. Reparaz, B. Bilgin, S. Nikova, B. Gierlichs, and I. Verbauwhede, "Consolidating masking schemes," in CRYPTO (1), vol. 9215 of Lecture Notes in Computer Science, pp. 764--783, Springer, 2015.
[18]
T. Schneider, A. Moradi, and T. G�neysu, "Arithmetic addition over boolean masking - towards first- and second-order resistance in hardware," in ACNS, vol. 9092 of Lecture Notes in Computer Science, pp. 559--578, Springer, 2015.
[19]
"Side-channel AttacK User Reference Architecture." http://satoh.cs.uec.ac.jp/SAKURA/index.html.
[20]
G. Goodwill, B. Jun, J. Jaffe, and P. Rohatgi, "A testing methodology for side channel resistance validation," in NIST non-invasive attack testing workshop, 2011.
[21]
T. Schneider and A. Moradi, "Leakage assessment methodology - A clear roadmap for side-channel evaluations," in CHES, vol. 9293 of Lecture Notes in Computer Science, pp. 495--513, Springer, 2015.
[22]
J. Yan and H. M. Heys, "Hardware implementation of the Salsa20 and Phelix stream ciphers," in Canadian Conference on Electrical and Computer Engineering, pp. 1125--1128, 2007.
- SPARX: a side-channel protected processor for ARX-based cryptography
Recommendations
Differential-Linear Cryptanalysis of Round-Reduced SPARX-64/128
Information Security and CryptologyAbstractSPARX is a family of ARX-based block ciphers introduced at ASIACRYPT 2016, which is designed according to the long-trail strategy (LTS). For SPARX-64/128 with block size 64 and key size 128, the best known attack is a differential cryptanalysis of ...
Differential Cryptanalysis of Round-Reduced Sparx-64/128
Applied Cryptography and Network SecurityAbstractSparx is a family of ARX-based block ciphers designed according to the long-trail strategy (LTS) that were both introduced by Dinu et al. at ASIACRYPT’16. Similar to the wide-trail strategy, the LTS allows provable upper bounds on the length of ...
New linear approximation of modular addition and improved differential-linear cryptanalysis of SPARX-64/128
AbstractDifferential-linear cryptanalysis is an efficient cryptanalysis method to attack ARX ciphers, which have been used to present the best attacks on many ARX primitives such as Chaskey and Chacha. In this paper, we present the differential-linear ...
Comments
Information & Contributors
Information
Published In
March 2017
1814 pages
Publisher
European Design and Automation Association
Leuven, Belgium
Publication History
Published: 27 March 2017
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 359Total Downloads
- Downloads (Last 12 months)26
- Downloads (Last 6 weeks)2
Reflects downloads up to 19 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in