Low-Latency Hardware Private Circuits2022
Research Hub B: Eingebettete Sicherheit
RC 6: Next-Generation Implementation Security
Over the last years, the rise of the Internet of Things ( IoT ), and the connection of mobile – and hence physically accessible – devices, immensely enhanced the demand for fast and secure hardware implementations of cryptographic algorithms which offer thorough
protection against Side-Channel Analysis (SCA ) attacks. Among a variety of proposed countermeasures against SCA, masking has transpired to be a promising candidate, attracting significant attention in both, academia and industry. Here, abstract adversary models have been derived, aiming to accurately model real-world attack scenarios, while being sufficiently simple to enable formally proving the SCA resilience of masked implementations on an algorithmic level. In the context of hardware implementations, the robust probing model has become highly relevant for proving SCA resilience due to its capability to model physical defaults like glitches and data transitions. As constructing a correct and secure masked variant of large and complex circuits is a challenging task, a new line of research has recently emerged, aiming to design small, masked subcircuits – realizing for instance a simple AND gate – which still guarantee security when composed to a larger circuit. Although several designs realizing such composable subcircuits – commonly
referred to as gadgets – have been proposed, negligible research was conducted in order to find trade-offs between different overhead metrics, like randomness requirement, latency, and area consumption.
In this work, we present HPC3, a hardware gadget which is trivially composable under the notion of PINI in the glitch-extended robust probing model. HPC3 realizes a two-input AND gate in one clock cycle which is generalized for any arbitrary security order. Existing state-of-the-art PINI-gadgets either require a latency of two clock cycles or are limited to first-order security. In short, HPC3 enables the designer to trade double the randomness for half the latency compared to existing gadgets, providing high flexibility and enabling the designer to gain significantly more speed in real-time applications.