Hardware Private Circuits: From Trivial Composition to Full Verification

Gaetan Cassiers, Benjamin Gregoire, Itamar Levi, Francois Xavier Standaert

Research output: Contribution to journalArticlepeer-review

41 Scopus citations

Abstract

The design of glitch-resistant higher-order masking schemes is an important challenge in cryptographic engineering. A recent work by Moos et al. (CHES 2019) showed that most published schemes (and all efficient ones) exhibit local or composability flaws at high security orders, leaving a critical gap in the literature on hardware masking. In this article, we first extend the simulatability framework of Belaïd et al. (EUROCRYPT 2016) and prove that a compositional strategy that is correct without glitches remains valid with glitches. We then use this extended framework to prove the first masked gadgets that enable trivial composition with glitches at arbitrary orders. We show that the resulting 'Hardware Private Circuits' approach the implementation efficiency of previous (flawed) schemes. We finally investigate how trivial composition can serve as a basis for a tool that allows verifying full masked hardware implementations (e.g., of complete block ciphers) at any security order from their HDL code. As side products, we improve the randomness complexity of the best published refreshing gadgets, show that some S-box representations allow latency reductions and confirm practical claims based on implementation results.

Original languageEnglish
Article number9190067
Pages (from-to)1677-1690
Number of pages14
JournalIEEE Transactions on Computers
Volume70
Issue number10
DOIs
StatePublished - 1 Oct 2021
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 1968-2012 IEEE.

Keywords

  • Cryptography
  • composability
  • glitch-Based leakages
  • masking countermeasure
  • physical defaults
  • side-channel attacks

Fingerprint

Dive into the research topics of 'Hardware Private Circuits: From Trivial Composition to Full Verification'. Together they form a unique fingerprint.

Cite this