Randomness Generation for Secure Hardware Masking – Unrolled Trivium to the Rescue
Authors
Gaëtan Cassiers, Loïc Masure, Charles Momin, Thorben Moos, Amir Moradi, François-Xavier Standaert
Gaëtan Cassiers
Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium
gaetan dot cassiers at uclouvain dot be
gaetan dot cassiers at uclouvain dot be
Loïc Masure
Université de Montpellier, LIRMM, CNRS, Montpellier, France
loic dot masure at lirmm dot fr
loic dot masure at lirmm dot fr
Thorben Moos
Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium
thorben dot moos at uclouvain dot be
thorben dot moos at uclouvain dot be
Amir Moradi
TU Darmstadt, Darmstadt, Germany
amir dot moradi at tu-darmstadt dot de
amir dot moradi at tu-darmstadt dot de
François-Xavier Standaert
Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium
francois-xavier dot standaert at uclouvain dot be
francois-xavier dot standaert at uclouvain dot be
Abstract
Masking is a prominent strategy to protect cryptographic implementations against side-channel analysis. Its popularity arises from the exponential security gains that can be achieved for (approximately) quadratic resource utilization. Many variants of the countermeasure tailored for different optimization goals have been proposed. The common denominator among all of them is the implicit demand for robust and high entropy randomness. Simply assuming that uniformly distributed random bits are available, without taking the cost of their generation into account, leads to a poor understanding of the efficiency vs. security tradeoff of masked implementations. This is especially relevant in case of hardware masking schemes which are known to consume large amounts of random bits per cycle due to parallelism. Currently, there seems to be no consensus on how to most efficiently derive many pseudo-random bits per clock cycle from an initial seed and with properties suitable for masked hardware implementations. In this work, we evaluate a number of building blocks for this purpose and find that hardware-oriented stream ciphers like Trivium and its reduced-security variant Bivium B outperform most competitors when implemented in an unrolled fashion. Unrolled implementations of these primitives enable the flexible generation of many bits per cycle, which is crucial for satisfying the large randomness demands of state-of-the-art masking schemes. According to our analysis, only Linear Feedback Shift Registers (LFSRs), when also unrolled, are capable of producing long non-repetitive sequences of random-looking bits at a higher rate per cycle for the same or lower cost as Trivium and Bivium B. Yet, these instances do not provide black-box security as they generate only linear outputs. We experimentally demonstrate that using multiple output bits from an LFSR in the same masked implementation can violate probing security and even lead to harmful randomness cancellations. Circumventing these problems, and enabling an independent analysis of randomness generation and masking, requires the use of cryptographically stronger primitives like stream ciphers. As a result of our studies, we provide an evidence-based estimate for the cost of securely generating $n$ fresh random bits per cycle. Depending on the desired level of black-box security and operating frequency, this cost can be as low as $20n$ to $30n$ ASIC gate equivalents (GE) or $3n$ to $4n$ FPGA look-up tables (LUTs), where $n$ is the number of random bits required. Our results demonstrate that the cost per bit is (sometimes significantly) lower than estimated in previous works, incentivizing parallelism whenever exploitable. This provides further motivation to potentially move low randomness usage from a primary to a secondary design goal in hardware masking research.
References
[ABL08]
François Arnault, Thierry P. Berger, and Cédric Lauradoux. F-FCSR Stream Ciphers. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 170–178. Springer 2008. DOI: 10.1007/978-3-540-68351-3_13
[Alf96]
P Alfke. Efficient Shift Registers, LFSR Counters, and Long-Pseudo-Random Generators. 1996.
[AZ21]
Mark D. Aagaard and Nusa Zidaric. ASIC Benchmarking of Round 2 Candidates in the NIST Lightweight Cryptography Standardization Process: (Preliminary Results). IACR Cryptol. ePrint Arch., 2021.
[BBC+08]
Côme Berbain, Olivier Billet, Anne Canteaut, Nicolas T. Courtois, Blandine Debraize, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin, and Hervé Sibert. Decimv2. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 140–151. Springer 2008. DOI: 10.1007/978-3-540-68351-3_11
[BBC+20]
Davide Bellizia, Olivier Bronchain, Gaëtan Cassiers, Vincent Grosso, Chun Guo, Charles Momin, Olivier Pereira, Thomas Peters, and François-Xavier Standaert. Mode-Level vs. Implementation-Level Physical Security in Symmetric Cryptography - A Practical Guide Through the Leakage-Resistance Jungle. In Daniele Micciancio and Thomas Ristenpart, editors, Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part I, volume 12170 of Lecture Notes in Computer Science, pages 369–400. 2020. Springer. DOI: 10.1007/978-3-030-56784-2_13
[BBD+16]
Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, Pierre-Yves Strub, and Rébecca Zucchini. Strong Non-Interference and Type-Directed Higher-Order Masking. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 116–129. 2016. ACM. DOI: 10.1145/2976749.2978427
[BBP+16]
Sonia Belaïd, Fabrice Benhamouda, Alain Passelègue, Emmanuel Prouff, Adrian Thillard, and Damien Vergnaud. Randomness Complexity of Private Circuits for Multiplication. In Marc Fischlin and Jean-Sébastien Coron, editors, Advances in Cryptology - EUROCRYPT 2016 - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part II, volume 9666 of Lecture Notes in Computer Science, pages 616–648. 2016. Springer. DOI: 10.1007/978-3-662-49896-5_22
[BCF+15]
Sonia Belaïd, Jean-Sébastien Coron, Pierre-Alain Fouque, Benoît Gérard, Jean-Gabriel Kammerer, and Emmanuel Prouff. Improved Side-Channel Analysis of Finite-Field Multiplication. In Tim Güneysu and Helena Handschuh, editors, Cryptographic Hardware and Embedded Systems - CHES 2015 - 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, volume 9293 of Lecture Notes in Computer Science, pages 395–415. 2015. Springer. DOI: 10.1007/978-3-662-48324-4_20
[BCG+12]
Julia Borghoff, Anne Canteaut, Tim Güneysu, Elif Bilge Kavun, Miroslav Knezevic, Lars R. Knudsen, Gregor Leander, Ventzislav Nikov, Christof Paar, Christian Rechberger, Peter Rombouts, Søren S. Thomsen, and Tolga Yalçin. PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract. In Xiaoyun Wang and Kazue Sako, editors, Advances in Cryptology - ASIACRYPT 2012 - 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6, 2012. Proceedings, volume 7658 of Lecture Notes in Computer Science, pages 208–225. 2012. Springer. DOI: 10.1007/978-3-642-34961-4_14
[BCM23]
Subhadeep Banik, Daniel Collins, and Willi Meier. Near Collision Attack Against Grain V1. In Mehdi Tibouchi and Xiaofeng Wang, editors, Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Kyoto, Japan, June 19-22, 2023, Proceedings, Part I, volume 13905 of Lecture Notes in Computer Science, pages 178–207. 2023. Springer. DOI: 10.1007/978-3-031-33488-7_7
[BCPZ16]
Alberto Battistello, Jean-Sébastien Coron, Emmanuel Prouff, and Rina Zeitoun. Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme. In Benedikt Gierlichs and Axel Y. Poschmann, editors, Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings, volume 9813 of Lecture Notes in Computer Science, pages 23–39. 2016. Springer. DOI: 10.1007/978-3-662-53140-2_2
[BD00]
Eli Biham and Orr Dunkelman. Cryptanalysis of the A5/1 GSM Stream Cipher. In Bimal K. Roy and Eiji Okamoto, editors, Progress in Cryptology - INDOCRYPT 2000, First International Conference in Cryptology in India, Calcutta, India, December 10-13, 2000, Proceedings, volume 1977 of Lecture Notes in Computer Science, pages 43–51. 2000. Springer. DOI: 10.1007/3-540-44495-5_5
[BD08]
Steve Babbage and Matthew Dodd. The MICKEY Stream Ciphers. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 191–209. Springer 2008. DOI: 10.1007/978-3-540-68351-3_15
[BDPA10]
Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. Sponge-Based Pseudo-Random Number Generators. In Stefan Mangard and François-Xavier Standaert, editors, Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings, volume 6225 of Lecture Notes in Computer Science, pages 33–47. 2010. Springer. DOI: 10.1007/978-3-642-15031-9_3
[BDPA13]
Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche. Keccak. In Thomas Johansson and Phong Q. Nguyen, editors, Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings, volume 7881 of Lecture Notes in Computer Science, pages 313–314. 2013. Springer. DOI: 10.1007/978-3-642-38348-9_19
[Ber08]
Daniel J. Bernstein. The Salsa20 Family of Stream Ciphers. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 84–97. Springer 2008. DOI: 10.1007/978-3-540-68351-3_8
[BFG14]
Sonia Belaïd, Pierre-Alain Fouque, and Benoît Gérard. Side-Channel Analysis of Multiplications in GF(2128) - Application to AES-GCM. In Palash Sarkar and Tetsu Iwata, editors, Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings, Part II, volume 8874 of Lecture Notes in Computer Science, pages 306–325. 2014. Springer. DOI: 10.1007/978-3-662-45608-8_17
[BGN+14a]
Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. Higher-Order Threshold Implementations. In Palash Sarkar and Tetsu Iwata, editors, Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014, Proceedings, Part II, volume 8874 of Lecture Notes in Computer Science, pages 326–343. 2014. Springer. DOI: 10.1007/978-3-662-45608-8_18
[BGN+14b]
Begül Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. A More Efficient AES Threshold Implementation. In David Pointcheval and Damien Vergnaud, editors, Progress in Cryptology - AFRICACRYPT 2014 - 7th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 28-30, 2014. Proceedings, volume 8469 of Lecture Notes in Computer Science, pages 267–284. 2014. Springer. DOI: 10.1007/978-3-319-06734-6_17
[BGW98]
Marc Briceno, Ian Goldberg, and David Wagner. A pedagogical implementation of A5/1. 1998.
[Bir08]
Alex Biryukov. Design of a New Stream Cipher-LEX. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 48–56. Springer 2008. DOI: 10.1007/978-3-540-68351-3_5
[BKL+17]
Daniel J. Bernstein, Stefan Kölbl, Stefan Lucks, Pedro Maat Costa Massolino, Florian Mendel, Kashif Nawaz, Tobias Schneider, Peter Schwabe, François-Xavier Standaert, Yosuke Todo, and Benoît Viguier. Gimli : A Cross-Platform Permutation. In Wieland Fischer and Naofumi Homma, editors, Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings, volume 10529 of Lecture Notes in Computer Science, pages 299–320. 2017. Springer. DOI: 10.1007/978-3-319-66787-4_15
[BKSQ07]
Philippe Bulens, Kassem Kalach, François-Xavier Standaert, and Jean-Jacques Quisquater. FPGA Implementations of eSTREAM Phase-2 Focus Candidates with Hardware Profile. 2007.
[BLM+05]
An Braeken, Joseph Lano, Nele Mentens, Bart Preneel, and Ingrid Verbauwhede. SFINKS: A Synchronous Stream Cipher for Restricted Hardware Environments. 2005.
[BM82]
Manuel Blum and Silvio Micali. How to Generate Cryptographically Strong Sequences of Pseudo Random Bits. In 23rd Annual Symposium on Foundations of Computer Science, Chicago, Illinois, USA, 3-5 November 1982, pages 112–117. 1982. IEEE Computer Society. DOI: 10.1109/SFCS.1982.72
[BMA+18]
Subhadeep Banik, Vasily Mikhalev, Frederik Armknecht, Takanori Isobe, Willi Meier, Andrey Bogdanov, Yuhei Watanabe, and Francesco Regazzoni. Towards Low Energy Stream Ciphers. IACR Trans. Symmetric Cryptol., 2018(2):1–19, 2018. DOI: 10.13154/TOSC.V2018.I2.1-19
[BMV07]
Sanjay Burman, Debdeep Mukhopadhyay, and Kamakoti Veezhinathan. LFSR Based Stream Ciphers Are Vulnerable to Power Attacks. In K. Srinathan, C. Pandu Rangan, and Moti Yung, editors, Progress in Cryptology - INDOCRYPT 2007, 8th International Conference on Cryptology in India, Chennai, India, December 9-13, 2007, Proceedings, volume 4859 of Lecture Notes in Computer Science, pages 384–392. 2007. Springer. DOI: 10.1007/978-3-540-77026-8_30
[BRS+10]
Lawrence E. Bassham, Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Elaine B. Barker, Stefan D. Leigh, Mark Levenson, Mark Vangel, David L. Banks, Nathanael Alan Heckert, James F. Dray, and San Vo. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications - Rev. 1a. NIST Special Publication (SP) 800-22, 2010.
[Can06]
Christophe De Cannière. Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles. In Sokratis K. Katsikas, Javier López, Michael Backes, Stefanos Gritzalis, and Bart Preneel, editors, Information Security, 9th International Conference, ISC 2006, Samos Island, Greece, August 30 - September 2, 2006, Proceedings, volume 4176 of Lecture Notes in Computer Science, pages 171–186. 2006. Springer. DOI: 10.1007/11836810_13
[Can11a]
Anne Canteaut. Combination Generator. In Henk C. A. van Tilborg and Sushil Jajodia, editors, Encyclopedia of Cryptography and Security, 2nd Ed, pages 222–224. Springer 2011. DOI: 10.1007/978-1-4419-5906-5_338
[Can11b]
Anne Canteaut. Correlation Attack for Stream Ciphers. In Henk C. A. van Tilborg and Sushil Jajodia, editors, Encyclopedia of Cryptography and Security, 2nd Ed, pages 261–262. Springer 2011. DOI: 10.1007/978-1-4419-5906-5_339
[Can11c]
Anne Canteaut. Filter Generator. In Henk C. A. van Tilborg and Sushil Jajodia, editors, Encyclopedia of Cryptography and Security, 2nd Ed, pages 458–460. Springer 2011. DOI: 10.1007/978-1-4419-5906-5_349
[CBG+17]
Thomas De Cnudde, Begül Bilgin, Benedikt Gierlichs, Ventzislav Nikov, Svetla Nikova, and Vincent Rijmen. Does Coupling Affect the Security of Masked Implementations?. In Sylvain Guilley, editor, Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Paris, France, April 13-14, 2017, Revised Selected Papers, volume 10348 of Lecture Notes in Computer Science, pages 1–18. 2017. Springer. DOI: 10.1007/978-3-319-64647-3_1
[CCF+16]
Anne Canteaut, Sergiu Carpov, Caroline Fontaine, Tancrède Lepoint, María Naya-Plasencia, Pascal Paillier, and Renaud Sirdey. Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression. In Thomas Peyrin, editor, Fast Software Encryption - 23rd International Conference, FSE 2016, Bochum, Germany, March 20-23, 2016, Revised Selected Papers, volume 9783 of Lecture Notes in Computer Science, pages 313–333. 2016. Springer. DOI: 10.1007/978-3-662-52993-5_16
[CFAF13]
Abdelkarim Cherkaoui, Viktor Fischer, Alain Aubert, and Laurent Fesquet. A Self-Timed Ring Based True Random Number Generator. In 19th IEEE International Symposium on Asynchronous Circuits and Systems, ASYNC 2013, Santa Monica, CA, USA, May 19-22, 2013, pages 99–106. 2013. IEEE Computer Society. DOI: 10.1109/ASYNC.2013.15
[CFFA13]
Abdelkarim Cherkaoui, Viktor Fischer, Laurent Fesquet, and Alain Aubert. A Very High Speed True Random Number Generator with Entropy Assessment. In Guido Bertoni and Jean-Sébastien Coron, editors, Cryptographic Hardware and Embedded Systems - CHES 2013 - 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings, volume 8086 of Lecture Notes in Computer Science, pages 179–196. 2013. Springer. DOI: 10.1007/978-3-642-40349-1_11
[CGLS21]
Gaëtan Cassiers, Benjamin Grégoire, Itamar Levi, and François-Xavier Standaert. Hardware Private Circuits: From Trivial Composition to Full Verification. IEEE Trans. Computers, 70(10):1677–1690, 2021. DOI: 10.1109/TC.2020.3022979
[CGP+12]
Jean-Sébastien Coron, Christophe Giraud, Emmanuel Prouff, Soline Renner, Matthieu Rivain, and Praveen Kumar Vadnala. Conversion of Security Proofs from One Leakage Model to Another: A New Issue. In Werner Schindler and Sorin A. Huss, editors, Constructive Side-Channel Analysis and Secure Design - Third International Workshop, COSADE 2012, Darmstadt, Germany, May 3-4, 2012. Proceedings, volume 7275 of Lecture Notes in Computer Science, pages 69–81. 2012. Springer. DOI: 10.1007/978-3-642-29912-4_6
[CJRR99]
Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. Towards Sound Approaches to Counteract Power-Analysis Attacks. In Michael J. Wiener, editor, Advances in Cryptology - CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 398–412. 1999. Springer. DOI: 10.1007/3-540-48405-1_26
[CMM14]
Abhishek Chakraborty, Bodhisatwa Mazumdar, and Debdeep Mukhopadhyay. Fibonacci LFSR vs. Galois LFSR: Which is More Vulnerable to Power Attacks?. In Rajat Subhra Chakraborty, Vashek Matyas, and Patrick Schaumont, editors, Security, Privacy, and Applied Cryptography Engineering - 4th International Conference, SPACE 2014, Pune, India, October 18-22, 2014. Proceedings, volume 8804 of Lecture Notes in Computer Science, pages 14–27. 2014. Springer. DOI: 10.1007/978-3-319-12060-7_2
[CP08]
Christophe De Cannière and Bart Preneel. Trivium. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 244–266. Springer 2008. DOI: 10.1007/978-3-540-68351-3_18
[CRB+16]
Thomas De Cnudde, Oscar Reparaz, Begül Bilgin, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. Masking AES with d+1 Shares in Hardware. In Benedikt Gierlichs and Axel Y. Poschmann, editors, Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings, volume 9813 of Lecture Notes in Computer Science, pages 194–212. 2016. Springer. DOI: 10.1007/978-3-662-53140-2_10
[CS20]
Gaëtan Cassiers and François-Xavier Standaert. Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference. IEEE Trans. Inf. Forensics Secur., 15:2542–2555, 2020. DOI: 10.1109/TIFS.2020.2971153
[CS21]
Gaëtan Cassiers and François-Xavier Standaert. Provably Secure Hardware Masking in the Transition- and Glitch-Robust Probing Model: Better Safe than Sorry. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(2):136–158, 2021. DOI: 10.46586/TCHES.V2021.I2.136-158
[DDF14]
Alexandre Duc, Stefan Dziembowski, and Sebastian Faust. Unifying Leakage Models: From Probing Attacks to Noisy Leakage. In Phong Q. Nguyen and Elisabeth Oswald, editors, Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings, volume 8441 of Lecture Notes in Computer Science, pages 423–440. 2014. Springer. DOI: 10.1007/978-3-642-55220-5_24
[DEMS20]
Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schläer. Status Update on Ascon v1. 2. Submission to the NIST LWC competition, 2020.
[DFH+16]
Stefan Dziembowski, Sebastian Faust, Gottfried Herold, Anthony Journault, Daniel Masny, and François-Xavier Standaert. Towards Sound Fresh Re-keying with Hard (Physical) Learning Problems. In Matthew Robshaw and Jonathan Katz, editors, Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part II, volume 9815 of Lecture Notes in Computer Science, pages 272–301. 2016. Springer. DOI: 10.1007/978-3-662-53008-5_10
[DFS15]
Alexandre Duc, Sebastian Faust, and François-Xavier Standaert. Making Masking Security Proofs Concrete - Or How to Evaluate the Security of Any Leaking Device. In Elisabeth Oswald and Marc Fischlin, editors, Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I, volume 9056 of Lecture Notes in Computer Science, pages 401–429. 2015. Springer. DOI: 10.1007/978-3-662-46800-5_16
[DK05]
Joan Daemen and Paris Kitsos. The self-synchronizing stream cipher Mosquito: eSTREAM documentation, version 2. 2005.
[DK08]
Joan Daemen and Paris Kitsos. The Self-synchronizing Stream Cipher Moustique. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 210–223. Springer 2008. DOI: 10.1007/978-3-540-68351-3_16
[DMMR20]
Joan Daemen, Pedro Maat Costa Massolino, Alireza Mehrdad, and Yann Rotella. The Subterranean 2.0 Cipher Suite. IACR Trans. Symmetric Cryptol., 2020(S1):262–294, 2020. DOI: 10.13154/tosc.v2020.iS1.262-294
[E02]
Specification of the Bluetooth System - Version 1.1. Accessed: 2024-01-08. http://www.tscm.com/BluetoothSpec.pdf.
[FD02]
Viktor Fischer and Milos Drutarovský. True Random Number Generator Embedded in Reconfigurable Hardware. In Burton S. Kaliski Jr., Çetin Kaya Koç, and Christof Paar, editors, Cryptographic Hardware and Embedded Systems - CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pages 415–430. 2002. Springer. DOI: 10.1007/3-540-36400-5_30
[FGP+18]
Sebastian Faust, Vincent Grosso, Santos Merino Del Pozo, Clara Paglialonga, and François-Xavier Standaert. Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018(3):89–120, 2018. DOI: 10.13154/tches.v2018.i3.89-120
[FL14]
Viktor Fischer and David Lubicz. Embedded Evaluation of Randomness in Oscillator Based Elementary TRNG. In Lejla Batina and Matthew Robshaw, editors, Cryptographic Hardware and Embedded Systems - CHES 2014 - 16th International Workshop, Busan, South Korea, September 23-26, 2014. Proceedings, volume 8731 of Lecture Notes in Computer Science, pages 527–543. 2014. Springer. DOI: 10.1007/978-3-662-44709-3_29
[Fon11a]
Caroline Fontaine. Clock-Controlled Generator. In Henk C. A. van Tilborg and Sushil Jajodia, editors, Encyclopedia of Cryptography and Security, 2nd Ed, pages 211–212. Springer 2011. DOI: 10.1007/978-1-4419-5906-5_337
[Fon11b]
Caroline Fontaine. Shrinking Generator. In Henk C. A. van Tilborg and Sushil Jajodia, editors, Encyclopedia of Cryptography and Security, 2nd Ed, pages 1197–1198. Springer 2011. DOI: 10.1007/978-1-4419-5906-5_373
[GB08]
Tim Good and Mohammed Benaissa. ASIC Hardware Performance. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 267–293. Springer 2008. DOI: 10.1007/978-3-540-68351-3_19
[GBC+08]
Benedikt Gierlichs, Lejla Batina, Christophe Clavier, Thomas Eisenbarth, Aline Gouget, Helena Handschuh, Timo Kasper, Kerstin Lemke-Rust, Stefan Mangard, Amir Moradi, and Elisabeth Oswald. Susceptibility of eSTREAM Candidates towards Side Channel Analysis. 2008.
[GGK05]
Berndt M. Gammel, Rainer Göttfert, and Oliver Kniffler. The Achterbahn Stream Cipher. 2005.
[GGV05]
Carmi Gressel, Ran Granot, and Gabi Vago. ZK-Crypt - a Compact Stream Cipher and more. 2005.
[GLB+06]
Frank K. Gürkaynak, Peter Luethi, Nico Bernold, René Blattmann, Victoria M Goode, Marcel Marghitola, Hubert Kaeslin, Norbert Felber, and Wolfgang Fichtner. Hardware Evaluation of Estream Candidates. 2006.
[GM17]
Hannes Groß and Stefan Mangard. Reconciling d+1 Masking in Hardware and Software. In Wieland Fischer and Naofumi Homma, editors, Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, Taipei, Taiwan, September 25-28, 2017, Proceedings, volume 10529 of Lecture Notes in Computer Science, pages 115–136. 2017. Springer. DOI: 10.1007/978-3-319-66787-4_6
[GMK08]
Danilo Gligoroski, Smile Markovski, and Svein J. Knapskog. The Stream Cipher Edon80. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 152–169. Springer 2008. DOI: 10.1007/978-3-540-68351-3_12
[GMK16]
Hannes Groß, Stefan Mangard, and Thomas Korak. Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. In Begül Bilgin, Svetla Nikova, and Vincent Rijmen, editors, Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016 Vienna, Austria, October, 2016, pages 3. 2016. ACM. DOI: 10.1145/2996366.2996426
[GMK17]
Hannes Groß, Stefan Mangard, and Thomas Korak. An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order. In Helena Handschuh, editor, Topics in Cryptology - CT-RSA 2017 - The Cryptographers' Track at the RSA Conference 2017, San Francisco, CA, USA, February 14-17, 2017, Proceedings, volume 10159 of Lecture Notes in Computer Science, pages 95–112. 2017. Springer. DOI: 10.1007/978-3-319-52153-4_6
[GSB07]
Kris Gaj, Gabriel Southern, and Ramakrishna Bachimanchi. Comparison of hardware performance of selected Phase II eSTREAM candidates. 2007.
[GSF13]
Vincent Grosso, François-Xavier Standaert, and Sebastian Faust. Masking vs. Multiparty Computation: How Large Is the Gap for AES?. In Guido Bertoni and Jean-Sébastien Coron, editors, Cryptographic Hardware and Embedded Systems - CHES 2013 - 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings, volume 8086 of Lecture Notes in Computer Science, pages 400–416. 2013. Springer. DOI: 10.1007/978-3-642-40349-1_23
[GSP13]
Vincent Grosso, François-Xavier Standaert, and Emmanuel Prouff. Low Entropy Masking Schemes, Revisited. In Aurélien Francillon and Pankaj Rohatgi, editors, Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Berlin, Germany, November 27-29, 2013. Revised Selected Papers, volume 8419 of Lecture Notes in Computer Science, pages 33–43. 2013. Springer. DOI: 10.1007/978-3-319-08302-5_3
[HCK+08]
David Hwang, Mark Chaney, Shashi Prashanth Karanam, Nick Ton, and Kris Gaj. Comparison of FPGA-Targeted Hardware Implementations of eSTREAM Stream Cipher Candidates. 2008.
[HJM07]
Martin Hell, Thomas Johansson, and Willi Meier. Grain: a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput., 2(1):86–93, 2007. DOI: 10.1504/IJWMC.2007.013798
[HJMM06]
Martin Hell, Thomas Johansson, Alexander Maximov, and Willi Meier. A Stream Cipher Proposal: Grain-128. In Proceedings 2006 IEEE International Symposium on Information Theory, ISIT 2006, The Westin Seattle, Seattle, Washington, USA, July 9-14, 2006, pages 1614–1618. 2006. IEEE. DOI: 10.1109/ISIT.2006.261549
[HKM17]
Matthias Hamann, Matthias Krause, and Willi Meier. LIZARD - A Lightweight Stream Cipher for Power-constrained Devices. IACR Trans. Symmetric Cryptol., 2017(1):45–79, 2017. DOI: 10.13154/tosc.v2017.i1.45-79
[HL11]
Zhenyu Huang and Dongdai Lin. Attacking Bivium and Trivium with the Characteristic Set Method. In Abderrahmane Nitaj and David Pointcheval, editors, Progress in Cryptology - AFRICACRYPT 2011 - 4th International Conference on Cryptology in Africa, Dakar, Senegal, July 5-7, 2011. Proceedings, volume 6737 of Lecture Notes in Computer Science, pages 77–91. 2011. Springer. DOI: 10.1007/978-3-642-21969-6_5
[ISW03]
Yuval Ishai, Amit Sahai, and David A. Wagner. Private Circuits: Securing Hardware against Probing Attacks. In Dan Boneh, editor, Advances in Cryptology - CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003, Proceedings, volume 2729 of Lecture Notes in Computer Science, pages 463–481. 2003. Springer. DOI: 10.1007/978-3-540-45146-4_27
[JD06]
Antoine Joux and Pascal Delaunay. Galois LFSR, Embedded Devices and Side Channel Weaknesses. In Rana Barua and Tanja Lange, editors, Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006, Proceedings, volume 4329 of Lecture Notes in Computer Science, pages 436–451. 2006. Springer. DOI: 10.1007/11941378_31
[JHK08]
Cees J. A. Jansen, Tor Helleseth, and Alexander Kholosha. Cascade Jump Controlled Sequence Generator and Pomaranch Stream Cipher. In Matthew J. B. Robshaw and Olivier Billet, editors, New Stream Cipher Designs - The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 224–243. Springer 2008. DOI: 10.1007/978-3-540-68351-3_17
[KDB+22]
Satyam Kumar, Vishnu Asutosh Dasu, Anubhab Baksi, Santanu Sarkar, Dirmanto Jap, Jakub Breier, and Shivam Bhasin. Side Channel Attack On Stream Ciphers: A Three-Step Approach To State/Key Recovery. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022(2):166–191, 2022. DOI: 10.46586/tches.v2022.i2.166-191
[KJJ99]
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In Michael J. Wiener, editor, Advances in Cryptology - CRYPTO '99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pages 388–397. 1999. Springer. DOI: 10.1007/3-540-48405-1_25
[KM22a]
David Knichel and Amir Moradi. Composable Gadgets with Reused Fresh Masks First-Order Probing-Secure Hardware Circuits with only 6 Fresh Masks. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022(3):114–140, 2022. DOI: 10.46586/tches.v2022.i3.114-140
[KM22b]
David Knichel and Amir Moradi. Low-Latency Hardware Private Circuits. In Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi, editors, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022, pages 1799–1812. 2022. ACM. DOI: 10.1145/3548606.3559362
[KMMS22]
David Knichel, Amir Moradi, Nicolai Müller, and Pascal Sasdrich. Automated Generation of Masked Hardware. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022(1):589–629, 2022. DOI: 10.46586/tches.v2022.i1.589-629
[KSM20]
David Knichel, Pascal Sasdrich, and Amir Moradi. SILVER - Statistical Independence and Leakage Verification. In Shiho Moriai and Huaxiong Wang, editors, Advances in Cryptology - ASIACRYPT 2020 - 26th International Conference on the Theory and Application of Cryptology and Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings, Part I, volume 12491 of Lecture Notes in Computer Science, pages 787–816. 2020. Springer. DOI: 10.1007/978-3-030-64837-4_26
[KSM22]
David Knichel, Pascal Sasdrich, and Amir Moradi. Generic Hardware Private Circuits Towards Automated Generation of Composable Secure Gadgets. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022(1):323–344, 2022. DOI: 10.46586/tches.v2022.i1.323-344
[KSPS13]
Paris Kitsos, Nicolas Sklavos, George Provelengios, and Athanassios N. Skodras. FPGA-based performance analysis of stream ciphers ZUC, Snow3g, Grain V1, Mickey V2, Trivium and E0. Microprocess. Microsystems, 37(2):235–245, 2013. DOI: 10.1016/j.micpro.2012.09.007
[KY10]
Elif Bilge Kavun and Tolga Yalçin. A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications. In Siddika Berna Örs Yalçin, editor, Radio Frequency Identification: Security and Privacy Issues - 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010, Revised Selected Papers, volume 6370 of Lecture Notes in Computer Science, pages 258–269. 2010. Springer. DOI: 10.1007/978-3-642-16822-2_20
[LBS22]
Itamar Levi, Davide Bellizia, and François-Xavier Standaert. Tight-ES-TRNG: Improved Construction and Robustness Analysis. SN Comput. Sci., 3(4):321, 2022. DOI: 10.1007/s42979-022-01219-5
[LLL20]
Bohan Li, Meicheng Liu, and Dongdai Lin. FPGA implementations of Grain v1, Mickey 2.0, Trivium, Lizard and Plantlet. Microprocess. Microsystems, 78:103210, 2020. DOI: 10.1016/j.micpro.2020.103210
[LMMR21]
Gregor Leander, Thorben Moos, Amir Moradi, and Shahram Rasoolzadeh. The SPEEDY Family of Block Ciphers Engineering an Ultra Low-Latency Cipher from Gate Level for Secure Processor Architectures. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(4):510–545, 2021. DOI: 10.46586/tches.v2021.i4.510-545
[MAM16]
Vasily Mikhalev, Frederik Armknecht, and Christian Müller. On Ciphers that Continuously Access the Non-Volatile Key. IACR Trans. Symmetric Cryptol., 2016(2):52–79, 2016. DOI: 10.13154/tosc.v2016.i2.52-79
[MB07]
Alexander Maximov and Alex Biryukov. Two Trivial Attacks on Trivium. In Carlisle M. Adams, Ali Miri, and Michael J. Wiener, editors, Selected Areas in Cryptography, 14th International Workshop, SAC 2007, Ottawa, Canada, August 16-17, 2007, Revised Selected Papers, volume 4876 of Lecture Notes in Computer Science, pages 36–55. 2007. Springer. DOI: 10.1007/978-3-540-77360-3_3
[MCB+22]
Awaleh Houssein Meraneh, Christophe Clavier, Hélène Le Bouder, Julien Maillard, and Gaël Thomas. Blind Side Channel on the Elephant LFSR. In Sabrina De Capitani di Vimercati and Pierangela Samarati, editors, Proceedings of the 19th International Conference on Security and Cryptography, SECRYPT 2022, Lisbon, Portugal, July 11-13, 2022, pages 25–34. 2022. SCITEPRESS. DOI: 10.5220/0011135300003283
[MCS22]
Charles Momin, Gaëtan Cassiers, and François-Xavier Standaert. Handcrafting: Improving Automated Masking in Hardware with Manual Optimizations. In Josep Balasch and Colin O'Flynn, editors, Constructive Side-Channel Analysis and Secure Design - 13th International Workshop, COSADE 2022, Leuven, Belgium, April 11-12, 2022, Proceedings, volume 13211 of Lecture Notes in Computer Science, pages 257–275. 2022. Springer. DOI: 10.1007/978-3-030-99766-3_12
[MM22]
Nicolai Müller and Amir Moradi. PROLEAD A Probing-Based Hardware Leakage Detection Tool. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022(4):311–348, 2022. DOI: 10.46586/tches.v2022.i4.311-348
[MMSS19]
Thorben Moos, Amir Moradi, Tobias Schneider, and François-Xavier Standaert. Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2019(2):256–292, 2019. DOI: 10.13154/tches.v2019.i2.256-292
[MMW18]
Lauren De Meyer, Amir Moradi, and Felix Wegener. Spin Me Right Round Rotational Symmetry for FPGA-Specific AES. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018(3):596–626, 2018. DOI: 10.13154/tches.v2018.i3.596-626
[Moo19]
Thorben Moos. Static Power SCA of Sub-100 nm CMOS ASICs and the Insecurity of Masking Schemes in Low-Noise Environments. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2019(3):202–232, 2019. DOI: 10.13154/tches.v2019.i3.202-232
[MPG05]
Stefan Mangard, Thomas Popp, and Berndt M. Gammel. Side-Channel Leakage of Masked CMOS Gates. In Alfred Menezes, editor, Topics in Cryptology - CT-RSA 2005, The Cryptographers' Track at the RSA Conference 2005, San Francisco, CA, USA, February 14-18, 2005, Proceedings, volume 3376 of Lecture Notes in Computer Science, pages 351–365. 2005. Springer. DOI: 10.1007/978-3-540-30574-3_24
[MRB18]
Lauren De Meyer, Oscar Reparaz, and Begül Bilgin. Multiplicative Masking for AES in Hardware. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018(3):431–468, 2018. DOI: 10.13154/tches.v2018.i3.431-468
[MS11]
Marcel Medwed and François-Xavier Standaert. Extractors against side-channel attacks: weak or strong?. J. Cryptogr. Eng., 1(3):231–241, 2011. DOI: 10.1007/S13389-011-0014-Y
[NRR06]
Svetla Nikova, Christian Rechberger, and Vincent Rijmen. Threshold Implementations Against Side-Channel Attacks and Glitches. In Peng Ning, Sihan Qing, and Ninghui Li, editors, Information and Communications Security, 8th International Conference, ICICS 2006, Raleigh, NC, USA, December 4-7, 2006, Proceedings, volume 4307 of Lecture Notes in Computer Science, pages 529–545. 2006. Springer. DOI: 10.1007/11935308_38
[NRS08]
Svetla Nikova, Vincent Rijmen, and Martin Schläffer. Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches. In Pil Joong Lee and Jung Hee Cheon, editors, Information Security and Cryptology - ICISC 2008, 11th International Conference, Seoul, Korea, December 3-5, 2008, Revised Selected Papers, volume 5461 of Lecture Notes in Computer Science, pages 218–234. 2008. Springer. DOI: 10.1007/978-3-642-00730-9_14
[oEiCE04]
European Network of Excellence in Cryptology (ECRYPT). eSTREAM: the ECRYPT Stream Cipher Project. 2004.
[OGL05]
Sean O'Neil, Benjamin Gittins, and Howard Landman. VEST - Hardware-Dedicated Stream Ciphers. 2005.
[oSN17]
National Institute of Standards and Technology (NIST). Lightweight Cryptography. 2017.
[PMB+16]
Oto Petura, Ugo Mureddu, Nathalie Bochard, Viktor Fischer, and Lilian Bossuet. A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices. In Paolo Ienne, Walid A. Najjar, Jason Helge Anderson, Philip Brisk, and Walter Stechele, editors, 26th International Conference on Field Programmable Logic and Applications, FPL 2016, Lausanne, Switzerland, August 29 - September 2, 2016, pages 1–10. 2016. IEEE. DOI: 10.1109/FPL.2016.7577379
[PP10]
Christof Paar and Jan Pelzl. Understanding Cryptography - A Textbook for Students and Practitioners. Springer 2010. DOI: 10.1007/978-3-642-04101-3
[PR13]
Emmanuel Prouff and Matthieu Rivain. Masking against Side-Channel Attacks: A Formal Security Proof. In Thomas Johansson and Phong Q. Nguyen, editors, Advances in Cryptology - EUROCRYPT 2013, 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Athens, Greece, May 26-30, 2013. Proceedings, volume 7881 of Lecture Notes in Computer Science, pages 142–159. 2013. Springer. DOI: 10.1007/978-3-642-38348-9_9
[PYR+16]
Stjepan Picek, Bohan Yang, Vladimir Rozic, Jo Vliegen, Jori Winderickx, Thomas De Cnudde, and Nele Mentens. PRNGs for Masking Applications and Their Mapping to Evolvable Hardware. In Kerstin Lemke-Rust and Michael Tunstall, editors, Smart Card Research and Advanced Applications - 15th International Conference, CARDIS 2016, Cannes, France, November 7-9, 2016, Revised Selected Papers, volume 10146 of Lecture Notes in Computer Science, pages 209–227. 2016. Springer. DOI: 10.1007/978-3-319-54669-8_13
[Rad06]
Havard Raddum. Cryptanalytic results on Trivium. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/039, 2006.
[RBN+15]
Oscar Reparaz, Begül Bilgin, Svetla Nikova, Benedikt Gierlichs, and Ingrid Verbauwhede. Consolidating Masking Schemes. In Rosario Gennaro and Matthew Robshaw, editors, Advances in Cryptology - CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part I, volume 9215 of Lecture Notes in Computer Science, pages 764–783. 2015. Springer. DOI: 10.1007/978-3-662-47989-6_37
[Rep15]
Oscar Reparaz. A note on the security of Higher-Order Threshold Implementations. IACR Cryptol. ePrint Arch., 2015.
[Rog07]
Marcin Rogawski. Hardware evaluation of eSTREAM Candidates: Grain, Lex, Mickey128, Salsa20 and Trivium. 2007.
[RSV09]
Mathieu Renauld, François-Xavier Standaert, and Nicolas Veyrat-Charvillon. Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA. In Christophe Clavier and Kris Gaj, editors, Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings, volume 5747 of Lecture Notes in Computer Science, pages 97–111. 2009. Springer. DOI: 10.1007/978-3-642-04138-9_8
[SBHM20]
Pascal Sasdrich, Begül Bilgin, Michael Hutter, and Mark E. Marson. Low-Latency Hardware Masking with Application to AES. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2020(2):300–326, 2020. DOI: 10.13154/tches.v2020.i2.300-326
[Sch96]
Bruce Schneier. Applied cryptography - protocols, algorithms, and source code in C, 2nd Edition. Wiley 1996.
[SM15]
Tobias Schneider and Amir Moradi. Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations. In Tim Güneysu and Helena Handschuh, editors, Cryptographic Hardware and Embedded Systems - CHES 2015 - 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, volume 9293 of Lecture Notes in Computer Science, pages 495–513. 2015. Springer. DOI: 10.1007/978-3-662-48324-4_25
[SM21]
Aein Rezaei Shahmirzadi and Amir Moradi. Second-Order SCA Security with almost no Fresh Randomness. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(3):708–755, 2021. DOI: 10.46586/tches.v2021.i3.708-755
[SNO]
Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 2: SNOW 3G Specification. Accessed: 2024-01-08. https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf.
[SPY+10]
François-Xavier Standaert, Olivier Pereira, Yu Yu, Jean-Jacques Quisquater, Moti Yung, and Elisabeth Oswald. Leakage Resilient Cryptography in Practice. In Ahmad-Reza Sadeghi and David Naccache, editors, Towards Hardware-Intrinsic Security - Foundations and Practice, pages 99–134. Springer 2010. DOI: 10.1007/978-3-642-14452-3_5
[SSD19]
Shravani Shahapure, Virendra Sule, and Rohin D. Daruwala. Internal State Recovery Attack on Stream Ciphers: Breaking BIVIUM. In Shivam Bhasin, Avi Mendelson, and Mridul Nandi, editors, Security, Privacy, and Applied Cryptography Engineering - 9th International Conference, SPACE 2019, Gandhinagar, India, December 3-7, 2019, Proceedings, volume 11947 of Lecture Notes in Computer Science, pages 34–49. 2019. Springer. DOI: 10.1007/978-3-030-35869-3_5
[TIM+18]
Yosuke Todo, Takanori Isobe, Willi Meier, Kazumaro Aoki, and Bin Zhang. Fast Correlation Attack Revisited - Cryptanalysis on Full Grain-128a, Grain-128, and Grain-v1. In Hovav Shacham and Alexandra Boldyreva, editors, Advances in Cryptology - CRYPTO 2018 - 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2018, Proceedings, Part II, volume 10992 of Lecture Notes in Computer Science, pages 129–159. 2018. Springer. DOI: 10.1007/978-3-319-96881-0_5
[UHM+20]
Rei Ueno, Naofumi Homma, Sumio Morioka, Noriyuki Miura, Kohei Matsuda, Makoto Nagata, Shivam Bhasin, Yves Mathieu, Tarik Graba, and Jean-Luc Danger. High Throughput/Gate AES Hardware Architectures Based on Datapath Compression. IEEE Trans. Computers, 69(4):534–548, 2020. DOI: 10.1109/TC.2019.2957355
[WSLM05]
Doug Whiting, Bruce Schneier, Stefan Lucks, and Frederic Muller. Phelix: Fast Encryption and Authentication in a Single Cryptographic Primitive. 2005.
[YE13]
Xin Ye and Thomas Eisenbarth. On the Vulnerability of Low Entropy Masking Schemes. In Aurélien Francillon and Pankaj Rohatgi, editors, Smart Card Research and Advanced Applications - 12th International Conference, CARDIS 2013, Berlin, Germany, November 27-29, 2013. Revised Selected Papers, volume 8419 of Lecture Notes in Computer Science, pages 44–60. 2013. Springer. DOI: 10.1007/978-3-319-08302-5_4
[YRG+18]
Bohan Yang, Vladimir Rozic, Milos Grujic, Nele Mentens, and Ingrid Verbauwhede. ES-TRNG: A High-throughput, Low-area True Random Number Generator based on Edge Sampling. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018(3):267–292, 2018. DOI: 10.13154/tches.v2018.i3.267-292
[YSPY10]
Yu Yu, François-Xavier Standaert, Olivier Pereira, and Moti Yung. Practical leakage-resilient pseudorandom generators. In Ehab Al-Shaer, Angelos D. Keromytis, and Vitaly Shmatikov, editors, Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8, 2010, pages 141–151. 2010. ACM. DOI: 10.1145/1866307.1866324
[ZUC]
Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification. Accessed: 2024-01-08. https://www.gsma.com/aboutus/wp-content/uploads/2014/12/eea3eia3zucv16.pdf.
PDF
History
Submitted: 2024-01-09
Accepted: 2024-06-04
Published: 2024-07-08
Accepted: 2024-06-04
Published: 2024-07-08
How to cite
Gaëtan Cassiers, Loïc Masure, Charles Momin, Thorben Moos, Amir Moradi, and François-Xavier Standaert, "Randomness Generation for Secure Hardware Masking – Unrolled Trivium to the Rescue," IACR Communications in Cryptology, vol. 1, no. 2, Jul 08, 2024, doi: 10.62056/akdkp2fgx.
License
Copyright is held by the author(s)
This work is licensed under a Creative Commons Attribution (CC BY) license.