scholarly journals Lightweight Conversion from Arithmetic to Boolean Masking for Embedded IoT Processor

2019 ◽  
Vol 9 (7) ◽  
pp. 1438
Author(s):  
HanBit Kim ◽  
Seokhie Hong ◽  
HeeSeok Kim
Keyword(s):  
Execution Time ◽  
Block Ciphers ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Arithmetic Operations ◽  
Conversion Algorithm ◽  
Computation Algorithm ◽  
Memory Cost ◽  
Execution Times ◽  
Additional Space

A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: “Boolean to Arithmetic (B2A)” and “Arithmetic to Boolean (A2B)”. The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require ( 2 ( k + 1 ) ) entries of length ( k + 1 ) -bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only ( 2 k ) ( k ) -bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from ( k + 1 ) -bit to ( k ) -bit, as a result, the memory use for the pre-computation table is reduced from ( 2 ( k + 1 ) ) ( k + 1 ) -bit to ( 2 k ) ( k ) -bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize’s algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize’s results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm.

scholarly journals Improved High-Order Conversion From Boolean to Arithmetic Masking

2018 ◽  
pp. 22-45 ◽  
Author(s):  
Luk Bettale ◽  
Jean-Sébastien Coron ◽  
Rina Zeitoun
Keyword(s):  
High Order ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Conversion Algorithm ◽  
Conversion Scheme

Masking is a very common countermeasure against side channel attacks. When combining Boolean and arithmetic masking, one must be able to convert between the two types of masking, and the conversion algorithm itself must be secure against side-channel attacks. An efficient high-order Boolean to arithmetic conversion scheme was recently described at CHES 2017, with complexity independent of the register size. In this paper we describe a simplified variant with fewer mask refreshing, and still with a proof of security in the ISW probing model. In practical implementations, our variant is roughly 25% faster.

Countermeasure for Cryptographic Chips to Resist Side-Channel Attacks

2009 ◽  
Vol 19 (11) ◽  
pp. 2990-2998 ◽  
Author(s):  
Tao ZHANG ◽  
Ming-Yu FAN
Keyword(s):  
Side Channel ◽  
Side Channel Attacks

scholarly journals ThermalAttackNet: Are CNNs Making It Easy to Perform Temperature Side-Channel Attack in Mobile Edge Devices?

2021 ◽  
Vol 13 (6) ◽  
pp. 146
Author(s):  
Somdip Dey ◽  
Amit Kumar Singh ◽  
Klaus McDonald-Maier
Keyword(s):  
Information Flow ◽  
Heat Dissipation ◽  
Side Channel ◽  
Side Channel Attack ◽  
Side Channel Attacks ◽  
Information Flow Control ◽  
On Chip ◽  
Temperature Side ◽  
Over Time ◽  
Memory Efficient

Side-channel attacks remain a challenge to information flow control and security in mobile edge devices till this date. One such important security flaw could be exploited through temperature side-channel attacks, where heat dissipation and propagation from the processing cores are observed over time in order to deduce security flaws. In this paper, we study how computer vision-based convolutional neural networks (CNNs) could be used to exploit temperature (thermal) side-channel attack on different Linux governors in mobile edge device utilizing multi-processor system-on-chip (MPSoC). We also designed a power- and memory-efficient CNN model that is capable of performing thermal side-channel attack on the MPSoC and can be used by industry practitioners and academics as a benchmark to design methodologies to secure against such an attack in MPSoC.

scholarly journals Timing attacks and local timing attacks against Barrett’s modular multiplication algorithm

2021 ◽  
Author(s):  
Johannes Mittmann ◽  
Werner Schindler
Keyword(s):  
Side Channel ◽  
Modular Exponentiation ◽  
Modular Multiplication ◽  
Multiplication Algorithm ◽  
Diffie Hellman ◽  
Mathematical Difficulties ◽  
Execution Times ◽  
Stochastic Properties ◽  
Timing Attacks ◽  
Theoretical Results

AbstractMontgomery’s and Barrett’s modular multiplication algorithms are widely used in modular exponentiation algorithms, e.g. to compute RSA or ECC operations. While Montgomery’s multiplication algorithm has been studied extensively in the literature and many side-channel attacks have been detected, to our best knowledge no thorough analysis exists for Barrett’s multiplication algorithm. This article closes this gap. For both Montgomery’s and Barrett’s multiplication algorithm, differences of the execution times are caused by conditional integer subtractions, so-called extra reductions. Barrett’s multiplication algorithm allows even two extra reductions, and this feature increases the mathematical difficulties significantly. We formulate and analyse a two-dimensional Markov process, from which we deduce relevant stochastic properties of Barrett’s multiplication algorithm within modular exponentiation algorithms. This allows to transfer the timing attacks and local timing attacks (where a second side-channel attack exhibits the execution times of the particular modular squarings and multiplications) on Montgomery’s multiplication algorithm to attacks on Barrett’s algorithm. However, there are also differences. Barrett’s multiplication algorithm requires additional attack substeps, and the attack efficiency is much more sensitive to variations of the parameters. We treat timing attacks on RSA with CRT, on RSA without CRT, and on Diffie–Hellman, as well as local timing attacks against these algorithms in the presence of basis blinding. Experiments confirm our theoretical results.

Sign in / Sign up

Export Citation Format

Share Document