Joint work with: Dušan Božilov, Miroslav Knežević.
Abstract. Threshold implementation (TI) is a popular hardware masking technique, being used in some of the current most efficient side-channel secure designs. Earlier versions of TI are characterized by the number of input shares being dependant on both security order d and algebraic degree of a function t, namely td + 1. Later, the bound was reduced to d + 1, with the cost of increasing the number of output shares and requirements of the input shares. In this work, we utilize the optimized sharing method to investigate the impact of the number of S-box stages on the area and latency of the final design, with the two extreme cases of fully decomposed S-box and a single stage S-box. Finally, we show the trade-off on d+1 and td + 1 TI, for first- and second-order secure, low-latency and low-energy implementations of the PRINCE block cipher.
(Click the above image to see video on Youtube)
NIST Threshold Cryptography Workshop 2019
Starts: March 11, 2019NIST, Gaithersburg campus
Security and Privacy: cryptography