Extending Randomness-Free First-Order Masking Schemes and Applications to Masking-Friendly S-boxes

Authors

  • Lixuan Wu School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
  • Yanhong Fan School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China; Quan Cheng Shandong Laboratory, Jinan, China
  • Weijia Wang Quan Cheng Shandong Laboratory, Jinan, China; School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China
  • Bart Preneel imec-COSIC, KU Leuven, Leuven, Belgium
  • Meiqin Wang Quan Cheng Shandong Laboratory, Jinan, China; School of Cyber Science and Technology, Shandong University, Qingdao, China; Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, China

DOI:

https://doi.org/10.46586/tches.v2025.i1.340-366

Keywords:

Extended first-order masking, Non-linear compression, Friendly masking scheme, PRINCE

Abstract

Masking has emerged as a widely adopted countermeasure against side-channel attacks. However, the implementation of masking schemes faces several challenges, including hardware area, latency and the overhead associated with fresh randomness generation. To eliminate the implementation cost caused by fresh randomness, Shahmirzadi et al. introduced a methodology for constructing 2-share first-order masking schemes without randomness at CHES 2021. In this work, we extend Shahmirzadi et al.’s method to find masked implementations for more S-boxes and further reduce the hardware overhead. We propose the concept of a non-linear compression layer, a comprehensive share assignment strategy based on a linear compression layer, and corresponding optimization techniques. Based on these techniques, we construct the first randomness-free first-order masking schemes for the PRINCE S-box and its inverse, reduce the hardware overhead of masking schemes for multiple S-boxes, and design new masking-friendly S-boxes. Particularly for the SKINNY S-box, the reduction is 21% and 15% in area and power consumption, respectively. To validate the security of masked implementations, we not only employ the automated tools SILVER and PROLEAD but also conduct FPGA-based experiments.

Downloads

Published

2024-12-09

Issue

Vol. 2025 No. 1

Section

Articles

License

Copyright (c) 2024 Lixuan Wu, Yanhong Fan, Weijia Wang, Bart Preneel, Meiqin Wang

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Extending Randomness-Free First-Order Masking Schemes and Applications to Masking-Friendly S-boxes. (2024). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025(1), 340-366. https://doi.org/10.46586/tches.v2025.i1.340-366