Side-channel attacks, which leverage physical information during encryption, are a significant threat to cryptographic hardware systems. One widely used countermeasure against such attacks is Threshold Implementation that employs randomness to disrupt the correlation between intermediate values and side-channel information. It consumes a massive amount of fresh randomness every clock for the refreshing process, which adds randomness to intermediate values to obtain uniformity. Thus, reducing the cost of randomness generation is a huge implementation challenge. This paper investigates the impact on the side-channel resistance of AES with threshold implementation when altering the conditions of input sharing or the PRNG algorithm used in refreshing. Furthermore, we meticulously conduct a comparative analysis of the hardware implementation cost of PRNGs based on either Keccak, XORSHIFT-ADD, or Linear Feedback Shift Register. This comprehensive study provides a clear understanding of the strengths and weaknesses of each PRNG, aiding in selecting the most suitable implementation for a given application. Then, we demonstrate that a key-recovery attack is possible when TI is implemented with unshared input values and that side-channel leakage occurs when the PRNG used in refreshing has a very short period.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PRNG-Oriented Side-Channel Security Evaluation for TI-AES

  • Yusaku Harada,
  • Maki Tsukahara,
  • Daiki Miyahara,
  • Yang Li,
  • Yuko Hara,
  • Kazuo Sakiyama

摘要

Side-channel attacks, which leverage physical information during encryption, are a significant threat to cryptographic hardware systems. One widely used countermeasure against such attacks is Threshold Implementation that employs randomness to disrupt the correlation between intermediate values and side-channel information. It consumes a massive amount of fresh randomness every clock for the refreshing process, which adds randomness to intermediate values to obtain uniformity. Thus, reducing the cost of randomness generation is a huge implementation challenge. This paper investigates the impact on the side-channel resistance of AES with threshold implementation when altering the conditions of input sharing or the PRNG algorithm used in refreshing. Furthermore, we meticulously conduct a comparative analysis of the hardware implementation cost of PRNGs based on either Keccak, XORSHIFT-ADD, or Linear Feedback Shift Register. This comprehensive study provides a clear understanding of the strengths and weaknesses of each PRNG, aiding in selecting the most suitable implementation for a given application. Then, we demonstrate that a key-recovery attack is possible when TI is implemented with unshared input values and that side-channel leakage occurs when the PRNG used in refreshing has a very short period.