Paper 2018/1092

Shuffle and Mix: On the Diffusion of Randomness in Threshold Implementations of Keccak

Felix Wegener, Christian Baiker, and Amir Moradi

Abstract

Threshold Implementations are well-known as a provably firstorder secure Boolean masking scheme even in the presence of glitches. A precondition for their security proof is a uniform input distribution at each round function, which may require an injection of fresh randomness or an increase in the number of shares. However, it is unclear whether violating the uniformity assumption causes exploitable leakage in practice. Recently, Daemen undertook a theoretical study of lossy mappings to extend the understanding of uniformity violations. We complement his work by entropy simulations and practical measurements of Keccak’s round function. Our findings shed light on the necessity of mixing operations in addition to bit-permutations in a cipher’s linear layer to propagate randomness between S-boxes and prevent exploitable leakage. Finally, we argue that this result cannot be obtained by current simulation methods, further stressing the continued need for practical leakage measurements.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
side-channel analysisthreshold implementationuniformityKeccak
Contact author(s)
felix wegener @ rub de
History
2018-11-28: revised
2018-11-12: received
See all versions
Short URL
https://ia.cr/2018/1092
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1092,
      author = {Felix Wegener and Christian Baiker and Amir Moradi},
      title = {Shuffle and Mix: On the Diffusion of Randomness in Threshold Implementations of Keccak},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/1092},
      year = {2018},
      url = {https://eprint.iacr.org/2018/1092}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.