Abstract
Modular addition is an important component of many cryptographic algorithms such as ARX-ciphers and lattice-based post-quantum secure schemes. In order to protect devices that execute these algorithms against side-channel attacks, countermeasures such as masking must be applied. However, if an implementation needs to be secured against multivariate attacks, univariately secure masking schemes do not suffice. In this work, we focus on hardware architectures for higher-order masked addition circuits. We present and discuss three adder designs that are protected with a provably secure masking scheme. Concretely, we discuss Kogge–Stone, Sklansky and Brent–Kung adders regarding their suitability for high-order masking and their performance in this setting. All architectures are fully pipelined and achieve a throughput of one addition per cycle. In order to achieve multivariate security at arbitrary orders, we use HPC2 Gadgets that satisfy the PINI security notion. Additionally, we apply a first-order secure threshold implementation scheme to the adder variants and compare their performance in the univariate case.
Highlights
Modular addition in the ring Z2n is a core part of several cryptographic schemes.For example, in Addition-Rotation-XOR (ARX) ciphers they perform similar function to S-boxes in classical block ciphers, being the only non-linear part of the algorithm
Contribution In this work we study how addition operations can be protected against side-channel attacks in the hardware context using Boolean masking
We propose three different designs for parallel-prefix addition circuits that can generically be masked at arbitrary order using gadgets that follow the Probe Isolating Non Interference (PINI) security notion
Summary
Modular addition in the ring Z2n is a core part of several cryptographic schemes.For example, in Addition-Rotation-XOR (ARX) ciphers they perform similar function to S-boxes in classical block ciphers, being the only non-linear part of the algorithm. ARX constructions, such as SPECK or SALSA20, combine this arithmetic function with the Boolean exclusive or operation (XOR) and a bit-wise rotation to produce a secure algorithm. Contribution In this work we study how addition operations can be protected against side-channel attacks in the hardware context using Boolean masking. We propose three different designs for parallel-prefix addition circuits that can generically be masked at arbitrary order using gadgets that follow the Probe Isolating Non Interference (PINI) security notion. To this end, we study their suitability for masking and compare them regarding their area and randomness requirements as well as their latency. The proposed adder structures are: 1. A Kogge–Stone adder with a latency of log n-cycles
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
