PRNG-Oriented Side-Channel Security Evaluation for TI-AES
摘要
Side-channel attacks, which leverage physical information during encryption, are a significant threat to cryptographic hardware systems. One widely used countermeasure against such attacks is Threshold Implementation that employs randomness to disrupt the correlation between intermediate values and side-channel information. It consumes a massive amount of fresh randomness every clock for the refreshing process, which adds randomness to intermediate values to obtain uniformity. Thus, reducing the cost of randomness generation is a huge implementation challenge. This paper investigates the impact on the side-channel resistance of AES with threshold implementation when altering the conditions of input sharing or the PRNG algorithm used in refreshing. Furthermore, we meticulously conduct a comparative analysis of the hardware implementation cost of PRNGs based on either Keccak, XORSHIFT-ADD, or Linear Feedback Shift Register. This comprehensive study provides a clear understanding of the strengths and weaknesses of each PRNG, aiding in selecting the most suitable implementation for a given application. Then, we demonstrate that a key-recovery attack is possible when TI is implemented with unshared input values and that side-channel leakage occurs when the PRNG used in refreshing has a very short period.