Lightweight conversion from arithmetic to Boolean masking for embedded IoT processor

Han Bit Kim, Seokhie Hong, Hee Seok Kim

Research output: Contribution to journalArticle

Abstract

A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: "Boolean to Arithmetic (B2A)" and "Arithmetic to Boolean (A2B)". The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require (2 (k+1) ) entries of length (k + 1)-bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only (2 k )(k)-bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from (k + 1)-bit to (k)-bit, as a result, the memory use for the pre-computation table is reduced from (2 (k+1) )(k + 1)-bit to (2 k )(k)-bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize's algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize's results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm.

Original languageEnglish
Article number1438
JournalApplied Sciences (Switzerland)
Volume9
Issue number7
DOIs
Publication statusPublished - 2019 Apr 1

Fingerprint

masking
central processing units
Data storage equipment
attack
Internet of things
countermeasures
Random access storage
entry
Cryptography
costs

Keywords

  • Arithmetic to Boolean masking
  • ARX block ciphers
  • Side-channel attacks

ASJC Scopus subject areas

  • Materials Science(all)
  • Instrumentation
  • Engineering(all)
  • Process Chemistry and Technology
  • Computer Science Applications
  • Fluid Flow and Transfer Processes

Cite this

Lightweight conversion from arithmetic to Boolean masking for embedded IoT processor. / Kim, Han Bit; Hong, Seokhie; Kim, Hee Seok.

In: Applied Sciences (Switzerland), Vol. 9, No. 7, 1438, 01.04.2019.

Research output: Contribution to journalArticle

@article{565b41c522c149288648abac5c9b74be,
title = "Lightweight conversion from arithmetic to Boolean masking for embedded IoT processor",
abstract = "A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: {"}Boolean to Arithmetic (B2A){"} and {"}Arithmetic to Boolean (A2B){"}. The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require (2 (k+1) ) entries of length (k + 1)-bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only (2 k )(k)-bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from (k + 1)-bit to (k)-bit, as a result, the memory use for the pre-computation table is reduced from (2 (k+1) )(k + 1)-bit to (2 k )(k)-bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize's algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize's results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm.",
keywords = "Arithmetic to Boolean masking, ARX block ciphers, Side-channel attacks",
author = "Kim, {Han Bit} and Seokhie Hong and Kim, {Hee Seok}",
year = "2019",
month = "4",
day = "1",
doi = "10.3390/app9071438",
language = "English",
volume = "9",
journal = "Applied Sciences (Switzerland)",
issn = "2076-3417",
publisher = "Multidisciplinary Digital Publishing Institute",
number = "7",

}

TY - JOUR

T1 - Lightweight conversion from arithmetic to Boolean masking for embedded IoT processor

AU - Kim, Han Bit

AU - Hong, Seokhie

AU - Kim, Hee Seok

PY - 2019/4/1

Y1 - 2019/4/1

N2 - A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: "Boolean to Arithmetic (B2A)" and "Arithmetic to Boolean (A2B)". The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require (2 (k+1) ) entries of length (k + 1)-bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only (2 k )(k)-bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from (k + 1)-bit to (k)-bit, as a result, the memory use for the pre-computation table is reduced from (2 (k+1) )(k + 1)-bit to (2 k )(k)-bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize's algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize's results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm.

AB - A masking method is a widely known countermeasure against side-channel attacks. To apply a masking method to cryptosystems consisting of Boolean and arithmetic operations, such as ARX (Addition, Rotation, XOR) block ciphers, a masking conversion algorithm should be used. Masking conversion algorithms can be classified into two categories: "Boolean to Arithmetic (B2A)" and "Arithmetic to Boolean (A2B)". The A2B algorithm generally requires more execution time than the B2A algorithm. Using pre-computation tables, the A2B algorithm substantially reduces its execution time, although it requires additional space in RAM. In CHES2012, B. Debraize proposed a conversion algorithm that somewhat reduced the memory cost of using pre-computation tables. However, they still require (2 (k+1) ) entries of length (k + 1)-bit where k denotes the size of the processed data. In this paper, we propose a low-memory algorithm to convert A2B masking that requires only (2 k )(k)-bit. Our contributions are three-fold. First, we specifically show how to reduce the pre-computation table from (k + 1)-bit to (k)-bit, as a result, the memory use for the pre-computation table is reduced from (2 (k+1) )(k + 1)-bit to (2 k )(k)-bit. Second, we optimize the execution times of the pre-computation phase and the conversion phase, and determine that our pre-computation algorithm requires approximately half of the operations than Debraize's algorithm. The results of the 8/16/32-bit simulation show improved speed in the pre-computation phase and the conversion phase as compared to Debraize's results. Finally, we verify the security of the algorithm against side-channel attacks as well as the soundness of the proposed algorithm.

KW - Arithmetic to Boolean masking

KW - ARX block ciphers

KW - Side-channel attacks

UR - http://www.scopus.com/inward/record.url?scp=85064087110&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85064087110&partnerID=8YFLogxK

U2 - 10.3390/app9071438

DO - 10.3390/app9071438

M3 - Article

AN - SCOPUS:85064087110

VL - 9

JO - Applied Sciences (Switzerland)

JF - Applied Sciences (Switzerland)

SN - 2076-3417

IS - 7

M1 - 1438

ER -