Hemin Rahimi, Amir Moradi

TSM+ and OTSM

Introduction

Tsm+ and otsm. Discover TSM+ & OTSM, new masking schemes to counter side-channel attacks. Secure iterative cipher designs like PRINCE & AES, ensuring composability and low-latency hardware protection against glitches.

Abstract

Among the countermeasures against side-channel analysis attacks, masking offers formal security guarantees and composability, yet remains challenging to implement efficiently in hardware due to physical defaults like glitches and transitions. Low-latency masking techniques aim to mitigate the performance penalties but can inadvertently compromise security in certain architectural contexts. In particular, the recently proposed Time Sharing Masking (TSM) technique enables single-cycle masked implementations with composability under the SNI and PINI notions but fails to satisfy stronger composability guarantees required in iterative designs, i.e., OPINI. In this work, we show that TSM-based constructions can exhibit first-order leakage when used in single-register feedback architecture, such as round-based implementations of ciphers. To address this, we propose two new masking schemes: TSM+, a more efficient variant of TSM satisfying only PINI (but not SNI), and OTSM, a construction satisfying OPINI, enabling secure round-based designs. Our improved round-based masked implementations of PRINCE and AES ensure security in latency-critical applications under both glitch- and transition-extended probing model while demanding for slightly more area consumption.

Review

This work addresses critical limitations in the practical application of masking countermeasures against side-channel analysis attacks, particularly in hardware implementations. The authors effectively highlight the persistent challenge of balancing efficiency and security, where physical defaults like glitches and transitions can inadvertently compromise low-latency masking techniques. While the recently proposed Time Sharing Masking (TSM) offered progress with single-cycle masked implementations and composability under SNI and PINI, the abstract clearly identifies a significant vulnerability: TSM's failure to satisfy the stronger OPINI composability required for iterative designs, such as round-based ciphers. This leads to a crucial finding that TSM-based constructions can exhibit first-order leakage in single-register feedback architectures, undermining their security in common cryptographic contexts. To counter these shortcomings, the paper proposes two distinct and valuable masking schemes. TSM+ is introduced as a more efficient variant of the original TSM, tailored to satisfy PINI, thereby offering an optimized solution for scenarios where SNI is not a stringent requirement. More importantly, OTSM is presented as a novel construction explicitly designed to achieve OPINI composability. This innovation is key, as it directly enables the secure implementation of iterative designs, filling a critical gap left by the original TSM technique. The distinction between the two proposed schemes, catering to different security and efficiency trade-offs, demonstrates a thoughtful approach to the complex landscape of hardware security. The practical impact of these new schemes is demonstrated through improved round-based masked implementations of PRINCE and AES. The abstract asserts that these implementations ensure security in latency-critical applications, a significant achievement given the inherent challenges of low-latency masking. Furthermore, the claim of security under both glitch- and transition-extended probing models is a strong indicator of robust design, addressing real-world physical attack vectors. While the improved security and efficiency come with a reported "slightly more area consumption," this trade-off is often acceptable, and indeed necessary, for achieving robust side-channel resistance in high-assurance hardware. This work appears to make a substantial contribution to the field by providing practical, composable, and secure masking solutions for iterative cryptographic designs.

Full Text

Comments

You need to be logged in to post a comment.