Abstract
This work focuses on side-channel resilient design strategies for symmetrickey cryptographic primitives targeting lightweight applications. In light of NIST’s lightweight cryptography project, design choices for block ciphers must consider not only security against traditional cryptanalysis, but also side-channel security, while adhering to low area and power requirements. In this paper, we explore design strategies for substitution-permutation network (SPN)-based block ciphers that make them amenable to low-cost threshold implementations (TI) - a provably secure strategy against side-channel attacks. The core building blocks for our strategy are cryptographically optimal 4×4 S-Boxes, implemented via repeated iterations of simple cellular automata (CA) rules. We present highly optimized TI circuits for such S-Boxes, that consume nearly 40% less area and power as compared to popular lightweight S-Boxes such as PRESENT and GIFT. We validate our claims via implementation results on ASIC using 180nm technology. We also present a comparison of TI circuits for two popular lightweight linear diffusion layer choices - bit permutations and MixColumns using almost-maximum-distance-separable (almost-MDS) matrices. We finally illustrate design paradigms that combine the aforementioned TI circuits for S-Boxes and diffusion layers to obtain fully side-channel secure SPN block cipher implementations with low area and power requirements.
Highlights
Lightweight cryptography has received great momentum with the proposal of a number of efficient symmetric-key cryptographic primitives in recent years
Our implementation results on ASIC (180nm technology) show that the most lightweight threshold implementations (TI) circuit among all cellular automata (CA)-based S-boxes has a 49.42% smaller area-footprint and consumes 52.3% less power as compared to the best-known TI of the PRESENT S-Box [PMK+11]
The same TI circuit leads to a 35.36% smaller area-footprint and consumes 44.46% less power as compared to a highly optimized TI of the GIFT S-Box
Summary
Lightweight cryptography has received great momentum with the proposal of a number of efficient symmetric-key cryptographic primitives in recent years. Design choices for lightweight cryptography typically focus on optimizing one or more essential implementationbased criteria, including (but not limited to) area, power, and throughput. These primitives must satisfy the basic security requirements against wellknown cryptanalytic attacks such as linear [MY93] and differential [BS91] cryptanalysis. Lightweight block ciphers follow various design principles, amongst which substitutionpermutation network (SPN) is highly popular. An SPN structure typically comprises several rounds, where each round has three operational layers - (a) a layer of nonlinear substitution-boxes (S-Boxes), (b) a linear permutation-layer, and (c) round-key-XOR. The impetus on lightweight cryptography has been further enhanced by NIST’s recent announcement of a lightweight cryptography project [MBTM17], seeking design choices targeting a variety of devices and applications.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
