Abstract
A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: “Boolean to Arithmetic (B2A)” and “Arithmetic to Boolean (A2B)”. The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require ( 2 ( k + 1 ) ) entries of length ( k + 1 ) -bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only ( 2 k ) ( k ) -bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from ( k + 1 ) -bit to ( k ) -bit, as a result, the memory use for the pre-computation table is reduced from ( 2 ( k + 1 ) ) ( k + 1 ) -bit to ( 2 k ) ( k ) -bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize’s algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize’s results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm.
Highlights
Side-channel attacks exploit various types of physical leakage—including power consumption, electromagnetic radiation, running time, etc.—during the execution of a cryptographic algorithm on a real device [1,2,3]
We propose an extremely low-memory algorithm that converts from arithmetic masking to Boolean masking
Boolean and arithmetic masking are used for algorithms that consist of Boolean and arithmetic operations, such as ARX block ciphers [9,10,11], cryptographic hash functions [13], and stream ciphers [14]
Summary
Side-channel attacks exploit various types of physical leakage—including power consumption, electromagnetic radiation, running time, etc.—during the execution of a cryptographic algorithm on a real device [1,2,3]. Boolean masking uses an XOR (exclusive or) to blind values such as x 0 = x ⊕ r, and arithmetic masking uses an algebraic operation such as A = ( x − r ) mod 2k These two types of masking should be selectively used for cryptographic algorithms that consist of Boolean and arithmetic operations such as ARX (Addition, Rotation, XOR) block ciphers [9,10,11], cryptographic hash functions [12,13], and stream ciphers [14]. Boolean operations (AND, XOR, SHIFT, etc.) and arithmetic operations (Addition, Subtraction, Multiplication, etc.) can be efficiently computed using Boolean masking and arithmetic masking, respectively; it is very difficult to execute arithmetic operations in Boolean masking and to execute Boolean operations in arithmetic masking This problem can be solved using a masking conversion algorithm between Boolean and arithmetic masking
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
