An optimized Bitsliced Masked Adder for ARM Thumb-2 Controllers

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F49777513%3A23520%2F22%3A43967505" target="_blank" >RIV/49777513:23520/22:43967505 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.appel.zcu.cz/" target="_blank" >https://www.appel.zcu.cz/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/AE54730.2022.9919884" target="_blank" >10.1109/AE54730.2022.9919884</a>

Jazyk výsledku

angličtina

Název v původním jazyce

An optimized Bitsliced Masked Adder for ARM Thumb-2 Controllers

Popis výsledku v původním jazyce

The modular addition is used as a non-linear operation in ARX ciphers because it achieves the requirement of introducing non-linearity in a cryptographic primitive while only taking one clock cycle to execute on most modern architectures. This makes ARX ciphers especially fast in softwareimplementations, but comes at the cost of making it harder to protect against side-channel information leakages using Boolean masking: the best known 2-shares masked adder for ARMThumb micro-controllers takes 83 instructions to add two 32-bit numbers together. Our approach is to operate in bitsliced mode, performing 32 additions in parallel on a 32-bit microcontroller. We show that, even after taking into account the cost of bitslicing before and after the encryption, it is possible to achieve a higher throughput on the tested ciphers (CRAX and ChaCha20) whenoperating in bitsliced mode. Furthermore, we prove that no first-order information leakage is happening in either simulated power traces and power traces acquired from real hardware,after sufficient countermeasures are put into place to guard against pipeline leakages.

Název v anglickém jazyce

An optimized Bitsliced Masked Adder for ARM Thumb-2 Controllers

Popis výsledku anglicky

The modular addition is used as a non-linear operation in ARX ciphers because it achieves the requirement of introducing non-linearity in a cryptographic primitive while only taking one clock cycle to execute on most modern architectures. This makes ARX ciphers especially fast in softwareimplementations, but comes at the cost of making it harder to protect against side-channel information leakages using Boolean masking: the best known 2-shares masked adder for ARMThumb micro-controllers takes 83 instructions to add two 32-bit numbers together. Our approach is to operate in bitsliced mode, performing 32 additions in parallel on a 32-bit microcontroller. We show that, even after taking into account the cost of bitslicing before and after the encryption, it is possible to achieve a higher throughput on the tested ciphers (CRAX and ChaCha20) whenoperating in bitsliced mode. Furthermore, we prove that no first-order information leakage is happening in either simulated power traces and power traces acquired from real hardware,after sufficient countermeasures are put into place to guard against pipeline leakages.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

27th International Conference on Applied Electronics

ISBN

978-1-66549-481-6

ISSN

1803-7232

e-ISSN

—

Počet stran výsledku

5

Strana od-do

—

Název nakladatele

IEEE

Místo vydání

Plzeň

Místo konání akce

Plzeň

Datum konání akce

6. 9. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—