FewMul

Begül Bilgin, Svetla Nikova

April 30, 2017 - FewMul - Paris, France 1

FewDepth FewLength

2

Nutshell

Number of multiplications is not the only metric!

Especially when it comes to SCA countermeasures

1st-order security - can be generalised

3

Side Channel Analysis

Timing SoundPower Consumption EM RadiationTiming SoundPower Consumption EM Radiation

Security cryptographic algorithm

+ Security implementations

Input OutputCrypto

AlgorithmCrypto

Algorithm

Power Analysis

4

Device under attack

Clock generator, Power supply

• Simple Power Analysis • Differential Power Analysis • Correlation Power Analysis • ….

Time

• Simple Power Analysis • Differential Power Analysis • Correlation Power Analysis • ….

5

Differential Power Analysis

• Encryptions of different pt using the same key

• Target intermediate results (e.g. Sbox output)

Sbox

pti

keyi ⊕

outi

• Power consumption variation is small

• Detectable using statistics

• Guess keyi

• Group traces

• Wrong key guess → random grouping, no difference

• Correct key guess → correct grouping, difference

6

Differential Power Analysis

pt

1234…

abcd…

8aef…

0354...

7791…

c80d…

7e9e...

Take means

Take difference

S(pt1 ⊕ key1)&1

1

0

0

1

1

0

1

key1=00

[courtesy: B.Gierlichs]

7

Differential Power Analysis

pt

1234…

abcd…

8aef…

0354...

7791…

c80d…

7e9e...

S(pt1 ⊕ key1)&1

0

1

0

0

0

1

1

key1=2b

Take means

Take difference

Difference of Means

[courtesy: B.Gierlichs]

8

Differential Power Analysis

• CMOS: • Data dependent power consumption

0 —> 0 1 —> 1 0 —> 1 1 —> 0

00cc

• Divide and conquer principle

• Depend on a few key bits

9

0 —> 0 1 —> 1 0 —> 1 1 —> 0

00cc

0 —> 0 1 —> 1 0 —> 1 1 —> 0

cccc

CountermeasuresConstant power

Wave Dynamic Differential Logic (WDDL)Gate level - change every AND, XOR, … gate

Glitch Free Duplication (GliFreD)LUT level - duplicate&reg every LUT

10

S(x, y, z, ...) (a, b, c, ...)

Operates on sensitive (secret dependent) variable

Not only the nonlinear part of the algorithm

CountermeasuresMasking

11

(x1,y1,z1, ...)

(x2,y2,z2, ...)

⊥

=(x, y, z, ...)

S1 (a1,b1,c1, ...)

S2 (a2,b2,c2, ...)

Many different versions: Boolean, multiplicative, polynomial, …

=(a, b, c, ...)

⊥

Always active

No unmasking!

CountermeasuresMasking

12

Random input/output shares ➡ Random intermediate values

(x1,y1,z1, ...)

(x2,y2,z2, ...)

⊕

=(x, y, z, ...)

=(a, b, c, ...)

S1 (a1,b1,c1, ...)

S2 (a2,b2,c2, ...)

⊕

unshared shares HW mean

00,0 0

11,1 2

10,1 1

11,0 1

✓ 1st-order DPA security

Boolean Masking

13

(x1,y1,z1, ...)

(x2,y2,z2, ...)

⊥

=(x, y, z, ...)

S1 (a1,b1,c1, ...)

S2 (a2,b2,c2, ...)

=(a, b, c, ...)

⊥

Si might be linear

CountermeasuresMasking

14

(x1,y1,z1, ...)

(x2,y2,z2, ...)

⊥

=(x, y, z, ...)

S1 (a1,b1,c1, ...)

S2 (a2,b2,c2, ...)

=(a, b, c, ...)

⊥

Si might be AND gate, multiplication, any nonlinear layer, or any quadratic layer

CountermeasuresMasking

15

CountermeasuresTrichina AND gate

a1 = x1y1 ⊕ (x1y2 ⊕ (x2y1 ⊕ (x2y2 ⊕ z1)))a2 = z2

a = xy

16

CountermeasuresISW

c = a*b

Exponential areaLatency

Any Function

•Consolidated Masking Scheme (CMS) / Threshold Implementation (TI)

17

Countermeasures

Some Functions

•GliFreD

•Prouff-Roche

•DoM•ISW

Mult.

•Inner ProductAND

•WDDL•Trichina

18

1st-order TI

S1(x1,y1,z1, ...) (a1,b1,c1, ...)

S2(x2,y2,z2, ...) (a2,b2,c2, ...)

S3(x3,y3,z3, ...) (a3,b3,c3, ...)

⊕

⊕

⊕

⊕

= =(x, y, z, ...) (a, b, c, ...)

S1(x1,y1,z1, ...) (a1,b1,c1, ...)

S2(x2,y2,z2, ...) (a2,b2,c2, ...)

S3(x3,y3,z3, ...) (a3,b3,c3, ...)

⊕

⊕

⊕

⊕

= =(x, y, z, ...) (a, b, c, ...)

S4(x4,y4,z4, ...) (a4,b4,c4, ...)⊕ ⊕

td+1 shares

A=1+X+XY+XZ+YZ

nonlinear > 2 shares

19

1st-order TI

F1(x1,y1,z1, ...) (a1,b1,c1, ...)

F2(x2,y2,z2, ...) (a2,b2,c2, ...)

F3(x3,y3,z3, ...) (a3,b3,c3, ...)

⊕

⊕

⊕

⊕

= =(x, y, z, ...) (a, b, c, ...)

R1

R2

R3

G1

G2

G3

S = G o F

Separate non-linear functions with registers

Area / latency trade-off

20

1st-order TI

If the unshared function is a permutation, the shared function should also be a permutation.

Uniformity

• Apply re-maskinga1

a2

a3

a1 ⊕ m1

a2 ⊕ m2

a3 ⊕ m1 ⊕ m2

• Increase the number of shares

Area / randomness trade-off

S1(x1,y1,z1, ...) (a1,b1,c1, ...)

S2(x2,y2,z2, ...) (a2,b2,c2, ...)

S3(x3,y3,z3, ...) (a3,b3,c3, ...)

⊕

⊕

⊕

⊕

= =(x, y, z, ...) (a, b, c, ...)

A. Moradi, A. Poschmann, S. Ling, C. Paar, and H. Wang: Pushing the Limits: A Very Compact and a Threshold Implementation of AES. EUROCRYPT 2011

4244 GE + 5 pipeline stages in S-box + 48 bits extra randomness per S-box

21

1st-order TI of AES

lin.map

GF(24) sq.sc.

GF(24) inverter

inv.lin.map

8-bit4-bit1-bit

l1GF(24) multiplier

l1 l2

l2

l1l3

l1GF(24) multiplier

l1

GF(24) multiplier

Mult : 12 GF(22) multiplications

Depth : 4

Length: 18bits (3x2bits)

22

1st-order TI of AES

lin.map

GF(24) squarescaler

GF(24) multiplier

S1

......

S2

...

Ss

(x1, y1, z1, . . .)

(x2, y2, z2, . . .)

(xs, ys, zs, . . .)

(a1, b1, c1, . . .)

(as, bs, cs, . . .)

(a2, b2, c2, . . .)

�

�

�

�

�

�

= =

(x, y, z, . . .) (a, b, c, . . .)

GF(24) inverter

GF(24) multiplier

GF(24) multiplier

S1

......

S2

...

Ss

(x1, y1, z1, . . .)

(x2, y2, z2, . . .)

(xs, ys, zs, . . .)

(a1, b1, c1, . . .)

(as, bs, cs, . . .)

(a2, b2, c2, . . .)

�

�

�

�

�

�

= =

(x, y, z, . . .) (a, b, c, . . .)

inv.lin.map

3 pipeline stages in S-box + 32 bits extra randomness per S-box + 2838 GE

B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen: Trade-offs forThreshold Implementations Illustrated on AES. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2015

Mult : 3 GF(24) operations ~ 4 GF(24) mult.

Depth : 3

Length: 3x4bits (4bits)

23

Alternative AES Decompositions

Matthieu Rivain and Emmanuel Prouff. Provably secure higher-order masking of AES. CHES 2010

Craig Gentry, Shai Halevi, and Nigel P. Smart. Homomorphic evaluation of the AES circuit. CRYPTO 2012

4mult + 4depth + 24bits length

4mult + 3depth + 24bits length

24

Craig Gentry, Shai Halevi, and Nigel P. Smart. Homomorphic evaluation of the AES circuit. CRYPTO 2012

4mult + 3depth + 24bits length

4nonlinear + 4depth + 16bits length

Alternative AES Decompositions

Jean-Sebastien Coron, Aurelien Greuet, Emmanuel Prouff, and Rina Zeitoun.Faster Evaluation of SBoxes via Common Shares. CHES2016

Claude Carlet, Emmanuel Prouff, Matthieu Rivain, and Thomas Roche Algebraic Decomposition for Probing Security. CRYPTO2015

25Boyar and R. Peralta, “A small depth-16 circuit for the AES S- box,” in Information Security and Privacy Research 2012. Courtesy: Jia Hao Kong,Li-Minn Ang,and Kah Phooi Seng. A Very Compact AES-SPIHT Selective Encryption Computer Architecture Design with Improved S-Box.

Hindawi Publishing Corporation Journal of Engineering

AND depth 4

Optimised for #AND and logical depth

Alternative AES Decompositions

26

What is the issue?

• AES S-box is big and has a high degree

A. Poschmann, A. Moradi, K. Khoo, C.-W. Lim, H. Wang, and S. Ling. Side-channel resistant crypto for less than 2,300 GE

Present = oS1 S2 4x4

Sboxes:

cubic quadratics

B. Bilgin, S. Nikova, V. Nikov, V. Rijmen, N. Tokareva, and V. Vitkup,. Threshold Implementations of Small S-boxes

• Such a decomposition exists for many 4-bit S-boxes

unshared 3 shares

27

DES

Si 6 4

Si1 6 4Si2

Si3 Si4

4

2

•SubBytes ➙ Eight 6x4 Sboxes ! Each Sbox ➙ deg>2

•Implementing all is inefficient

28B.Bilgin, M. Knezevic, V. Nikov, S. Nikova, Compact Implementations of Multi-Sbox designs, Cardis 2015

DES

29

What is the issue?

• AES S-box is big and has a high degree

• Can we think of these issues during the design process?

S = o oS1 S2 … Sn o

30

What is the issue?

• AES S-box is big and has a high degree

• Can we think of these issues during the design process?

Erik Boss, Vincent Grosso, Tim Guneysu, Gregor Leander, Amir Moradi, and Tobias Schneider. Strong 8-bit S-boxes with Efficient Masking in Hardware, CHES 2016

31

What is the issue?

• AES S-box is big and has a high degree

• Can we think of these issues during the design process?

• Is high degree round function really necessary?

• Maybe not: Keccak, LowMC, MimC, …

D. Bozilov, B. Bilgin, and H. A. Sahin, A Note on 5-bit Quadratic Permutations’ Classification, In IACR Transactions on Symmetric Cryptology, 2017.

32

Conclusion

•First FewMul then SCA countermeasure can be

costly

•Consider SCA during design

•FewMul/FewDepth/FewLength trade-off

33

Thank you!