Paper 2018/1092
Shuffle and Mix: On the Diffusion of Randomness in Threshold Implementations of Keccak
Felix Wegener, Christian Baiker, and Amir Moradi
Abstract
Threshold Implementations are well-known as a provably firstorder secure Boolean masking scheme even in the presence of glitches. A precondition for their security proof is a uniform input distribution at each round function, which may require an injection of fresh randomness or an increase in the number of shares. However, it is unclear whether violating the uniformity assumption causes exploitable leakage in practice. Recently, Daemen undertook a theoretical study of lossy mappings to extend the understanding of uniformity violations. We complement his work by entropy simulations and practical measurements of Keccak’s round function. Our findings shed light on the necessity of mixing operations in addition to bit-permutations in a cipher’s linear layer to propagate randomness between S-boxes and prevent exploitable leakage. Finally, we argue that this result cannot be obtained by current simulation methods, further stressing the continued need for practical leakage measurements.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- side-channel analysisthreshold implementationuniformityKeccak
- Contact author(s)
- felix wegener @ rub de
- History
- 2018-11-28: revised
- 2018-11-12: received
- See all versions
- Short URL
- https://ia.cr/2018/1092
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/1092,
author = {Felix Wegener and Christian Baiker and Amir Moradi},
title = {Shuffle and Mix: On the Diffusion of Randomness in Threshold Implementations of Keccak},
howpublished = {Cryptology ePrint Archive, Paper 2018/1092},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/1092}},
url = {https://eprint.iacr.org/2018/1092}
}
