Side Channel Resistance at a Cost: A Comparison of ARX-Based Authenticated Encryption

2020 ◽  
Author(s):  
Flora Coleman ◽  
Behnaz Rezvani ◽  
Sachin Sachin ◽  
William Diehl
Keyword(s):  
Side Channel ◽  
Authenticated Encryption ◽  
Channel Resistance

scholarly journals Transparency order versus confusion coefficient: a case study of NIST lightweight cryptography S-Boxes

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Huizhong Li ◽  
Guang Yang ◽  
Jingdian Ming ◽  
Yongbin Zhou ◽  
Chengbin Jin
Keyword(s):  
The Other ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Lightweight Cryptography ◽  
Security Assurance ◽  
Channel Resistance ◽  
Cryptographic Algorithms ◽  
Transparency Order ◽  
Comprehensive Study

AbstractSide-channel resistance is nowadays widely accepted as a crucial factor in deciding the security assurance level of cryptographic implementations. In most cases, non-linear components (e.g. S-Boxes) of cryptographic algorithms will be chosen as primary targets of side-channel attacks (SCAs). In order to measure side-channel resistance of S-Boxes, three theoretical metrics are proposed and they are reVisited transparency order (VTO), confusion coefficients variance (CCV), and minimum confusion coefficient (MCC), respectively. However, the practical effectiveness of these metrics remains still unclear. Taking the 4-bit and 8-bit S-Boxes used in NIST Lightweight Cryptography candidates as concrete examples, this paper takes a comprehensive study of the applicability of these metrics. First of all, we empirically investigate the relations among three metrics for targeted S-boxes, and find that CCV is almost linearly correlated with VTO, while MCC is inconsistent with the other two. Furthermore, in order to verify which metric is more effective in which scenarios, we perform simulated and practical experiments on nine 4-bit S-Boxes under the non-profiled attacks and profiled attacks, respectively. The experiments show that for quantifying side-channel resistance of S-Boxes under non-profiled attacks, VTO and CCV are more reliable while MCC fails. We also obtain an interesting observation that none of these three metrics is suitable for measuring the resistance of S-Boxes against profiled SCAs. Finally, we try to verify whether these metrics can be applied to compare the resistance of S-Boxes with different sizes. Unfortunately, all of them are invalid in this scenario.

scholarly journals Pyjamask: Block Cipher and Authenticated Encryption with Highly Efficient Masked Implementation

2020 ◽  
pp. 31-59
Author(s):  
Dahmun Goudarzi ◽  
Jérémy Jean ◽  
Stefan Kölbl ◽  
Thomas Peyrin ◽  
Matthieu Rivain ◽  
...  
Keyword(s):  
Block Cipher ◽  
High Order ◽  
Side Channel ◽  
Design Rationale ◽  
Authenticated Encryption ◽  
Lightweight Cryptography ◽  
Standardization Process ◽  
Very High ◽  
Better Than ◽  
Provably Secure

This paper introduces Pyjamask, a new block cipher family and authenticated encryption proposal submitted to the NIST lightweight cryptography standardization process. Pyjamask targets side-channel resistance as one of its main goal. More precisely, it strongly minimizes the number of nonlinear gates used in its internal primitive in order to allow efficient masked implementations, especially for high-order masking in software. Compared to other block ciphers, our proposal has thus among the smallest number of binary AND computations per input bit at the time of writing. Even though Pyjamask minimizes such an important criterion, it remains rather lightweight and efficient, thanks to a general bitslice construction that enables to computation of all nonlinear gates in parallel. For authenticated encryption, we adopt the provably secure AEAD mode OCB which has been extensively studied and has the benefit to offer full parallelization. Of course, other block cipher-based modes can be considered as well if other performance profiles are to be targeted.The paper first gives the specification of the Pyjamask block cipher and the associated AEAD proposal. We also provide a detailed design rationale for the block cipher which is guided by our aim of software efficiency in the presence of high-order masking. The security of the design is analyzed against most commonly known cryptanalysis techniques. We finally describe efficient (masked) implementations in software and provide implementation results with aggressive performances for masking of very high orders (up to 128). We also provide a rough estimation of the hardware performances which remain much better than those of an AES round-based implementation.

scholarly journals On using genetic algorithms for intrinsic side-channel resistance

2014 ◽  
Author(s):  
Stjepan Picek ◽  
Bariş Ege ◽  
Lejla Batina ◽  
Domagoj Jakobovic ◽  
Łukasz Chmielewski ◽  
...  
Keyword(s):  
Genetic Algorithms ◽  
Side Channel ◽  
Channel Resistance

scholarly journals Isap v2.0

2020 ◽  
pp. 390-416 ◽  
Author(s):  
Christoph Dobraunig ◽  
Maria Eichlseder ◽  
Stefan Mangard ◽  
Florian Mendel ◽  
Bart Mennink ◽  
...  
Keyword(s):  
Encryption Algorithm ◽  
Side Channel ◽  
Design Rationale ◽  
Authenticated Encryption ◽  
Lightweight Cryptography ◽  
Fault Attacks ◽  
Low Area ◽  
Constrained Environments ◽  
Leakage Resilient

We specify Isap v2.0, a lightweight permutation-based authenticated encryption algorithm that is designed to ease protection against side-channel and fault attacks. This design is an improved version of the previously published Isap v1.0, and offers increased protection against implementation attacks as well as more efficient implementations. Isap v2.0 is a candidate in NIST’s LightWeight Cryptography (LWC) project, which aims to identify and standardize authenticated ciphers that are well-suited for applications in constrained environments. We provide a self-contained specification of the new Isap v2.0 mode and discuss its design rationale. We formally prove the security of the Isap v2.0 mode in the leakage-resilient setting. Finally, in an extensive implementation overview, we show that Isap v2.0 can be implemented securely with very low area requirements. https://isap.iaik.tugraz.at

Sign in / Sign up

Export Citation Format

Share Document