Transparency order versus confusion coefficient: a case study of NIST lightweight cryptography S-Boxes

Side-channel resistance is nowadays widely accepted as a crucial factor in deciding the security assurance level of cryptographic implementations. In most cases, non-linear components (e.g. S-Boxes) of cryptographic algorithms will be chosen as primary targets of side-channel attacks (SCAs). In order to measure side-channel resistance of S-Boxes, three theoretical metrics are proposed and they are reVisited transparency order (VTO), confusion coefficients variance (CCV), and minimum confusion coefficient (MCC), respectively. However, the practical effectiveness of these metrics remains still unclear. Taking the 4-bit and 8-bit S-Boxes used in NIST Lightweight Cryptography candidates as concrete examples, this paper takes a comprehensive study of the applicability of these metrics. First of all, we empirically investigate the relations among three metrics for targeted S-boxes, and find that CCV is almost linearly correlated with VTO, while MCC is inconsistent with the other two. Furthermore, in order to verify which metric is more effective in which scenarios, we perform simulated and practical experiments on nine 4-bit S-Boxes under the non-profiled attacks and profiled attacks, respectively. The experiments show that for quantifying side-channel resistance of S-Boxes under non-profiled attacks, VTO and CCV are more reliable while MCC fails. We also obtain an interesting observation that none of these three metrics is suitable for measuring the resistance of S-Boxes against profiled SCAs. Finally, we try to verify whether these metrics can be applied to compare the resistance of S-Boxes with different sizes. Unfortunately, all of them are invalid in this scenario.

Design and Application of Automatic Calibration Device for Multi-Channel Resistance Strain Gauge Indicator

In this paper, an automatic calibration device for multi-channel resistance strain gauge indicator is designed and its applicability and measurement accuracy are verified at laboratory. The calibration done by original resistance bridge calibrator is time-consuming for its manual operation and complex calibration process. With the intent to increase calibration efficiency, an automatic channel switch device was developed, and the resistance bridge calibrator was automated. The designed calibration device is completely computer controlled enabling a sequence of unmanned measurements. The calibration device was verified at laboratory that the maximum of error is 0.072%. It was applied to calibrate a 60-channel resistance strain gage indicator to approve its practical applicability. The result shows that the designed calibration device can realize automatic calibration and the efficiency is increased by 40%.

Revealing the Weakness of Addition Chain Based Masked SBox Implementations

Addition chain is a well-known approach for implementing higher-order masked SBoxes. However, this approach induces more computations of intermediate monomials over F2n, which in turn leak more information related to the sensitive variables and may decrease its side-channel resistance consequently. In this paper, we introduce a new notion named polygon degree to measure the resistance of monomial computations. With the help of this notion, we select several typical addition chain implementations with the strongest or the weakest resistance. In practical experiments based on an ARM Cortex-M4 architecture, we collect power and electromagnetic traces in consideration of different noise levels. The results show that the resistance of the weakest masked SBox implementation is close to that of an unprotected implementation, while the strongest one can also be broken with fewer than 1,500 traces due to extra leakages. Moreover, we study the resistance of addition chain implementations against profiled attacks. We find that some monomials with smaller output size leak more information than the SBox output. The work by Duc et al. at JOC 2019 showed that for a balanced function, the smaller the output size is, the less information is leaked. Thus, our attacks demonstrate that this property of balanced functions does not apply to unbalanced functions.

Information Leakages in Code-based Masking: A Unified Quantification Approach

This paper presents a unified approach to quantifying the information leakages in the most general code-based masking schemes. Specifically, by utilizing a uniform representation, we highlight first that all code-based masking schemes’ side-channel resistance can be quantified by an all-in-one framework consisting of two easy-tocompute parameters (the dual distance and the number of conditioned codewords) from a coding-theoretic perspective. In particular, we use signal-to-noise ratio (SNR) and mutual information (MI) as two complementary metrics, where a closed-form expression of SNR and an approximation of MI are proposed by connecting both metrics to the two coding-theoretic parameters. Secondly, considering the connection between Reed-Solomon code and SSS (Shamir’s Secret Sharing) scheme, the SSS-based masking is viewed as a particular case of generalized code-based masking. Hence as a straightforward application, we evaluate the impact of public points on the side-channel security of SSS-based masking schemes, namely the polynomial masking, and enhance the SSS-based masking by choosing optimal public points for it. Interestingly, we show that given a specific security order, more shares in SSS-based masking leak more information on secrets in an information-theoretic sense. Finally, our approach provides a systematic method for optimizing the side-channel resistance of every code-based masking. More precisely, this approach enables us to select optimal linear codes (parameters) for the generalized code-based masking by choosing appropriate codes according to the two coding-theoretic parameters. Summing up, we provide a best-practice guideline for the application of code-based masking to protect cryptographic implementations.

The potential of FFNN and MLP-FFA approaches in prediction of Manning coefficient in ripple and dune bedforms

An accurate prediction of roughness coefficient is of substantial importance for river management. The current study applies two artificial intelligence methods namely; Feed Forward Neural Network (FFNN) and Multilayer Perceptron Firefly Algorithm (MLP-FFA) to predict the Manning roughness coefficient in channels with dune and ripple bedforms. In this regard, based on the flow and sediment particles properties various models were developed and tested using some available experimental data sets. The obtained results showed that the applied methods had high efficiency in the Manning coefficient modeling. It was found that both flow and sediment properties were effective in modeling process. Sensitivity analysis proved the Reynolds number plays a key role in the modeling of channel resistance with dune bedform and Froude number and the ratio of the hydraulic radius to the median grain diameter play key roles in the modeling of channel resistance with ripple bedform. Furthermore, for assessing the best-applied model dependability, uncertainty analysis was performed and obtained results showed an allowable degree of uncertainty for the MLP-FFA model in roughness coefficient modeling.

Bias-controlled multi-functional transport properties of InSe/BP van der Waals heterostructures

Van der Waals (vdW) heterostructures, consisting of a variety of low-dimensional materials, have great potential use in the design of a wide range of functional devices thanks to their atomically thin body and strong electrostatic tunability. Here, we demonstrate multi-functional indium selenide (InSe)/black phosphorous (BP) heterostructures encapsulated by hexagonal boron nitride. At a positive drain bias (VD), applied on the BP while the InSe is grounded, our heterostructures show an intermediate gate voltage (VBG) regime where the current hardly changes, working as a ternary transistor. By contrast, at a negative VD, the device shows strong negative differential transconductance characteristics; the peak current increases up to ~5 μA and the peak-to-valley current ratio reaches 1600 at VD = −2 V. Four-terminal measurements were performed on each layer, allowing us to separate the contributions of contact resistances and channel resistance. Moreover, multiple devices with different device structures and contacts were investigated, providing insight into the operation principle and performance optimization. We systematically investigated the influence of contact resistances, heterojunction resistance, channel resistance, and the thickness of BP on the detailed operational characteristics at different VD and VBG regimes.

A Side-Channel-Resistant Implementation of SABER

The candidates for the NIST Post-Quantum Cryptography standardization have undergone extensive studies on efficiency and theoretical security, but research on their side-channel security is largely lacking. This remains a considerable obstacle for their real-world deployment, where side-channel security can be a critical requirement. This work describes a side-channel-resistant instance of Saber, one of the lattice-based candidates, using masking as a countermeasure. Saber proves to be very efficient to masking due to two specific design choices: power-of-two moduli and limited noise sampling of learning with rounding. A major challenge in masking lattice-based cryptosystems is the integration of bit-wise operations with arithmetic masking, requiring algorithms to securely convert between masked representations. The described design includes a novel primitive for masked logical shifting on arithmetic shares and adapts an existing masked binomial sampler for Saber. An implementation is provided for an ARM Cortex-M4 microcontroller, and its side-channel resistance is experimentally demonstrated. The masked implementation features a 2.5x overhead factor, significantly lower than the 5.7x previously reported for a masked variant of NewHope. Masked key decapsulation requires less than 3,000,000 cycles on the Cortex-M4 and consumes less than 12kB of dynamic memory, making it suitable for deployment in embedded platforms.