Cankun Zhao
Beijing National Research Center for Information Science and Technology, School of Integrated Circuits, Tsinghua University, Beijing, China

Hang Zhao
Beijing National Research Center for Information Science and Technology, School of Integrated Circuits, Tsinghua University, Beijing, China

Jiangxue Liu
Beijing National Research Center for Information Science and Technology, School of Integrated Circuits, Tsinghua University, Beijing, China

Bohan Yang
Beijing National Research Center for Information Science and Technology, School of Integrated Circuits, Tsinghua University, Beijing, China

Wenping Zhu
Beijing National Research Center for Information Science and Technology, School of Integrated Circuits, Tsinghua University, Beijing, China

Shuying Yin
Beijing National Research Center for Information Science and Technology, School of Integrated Circuits, Tsinghua University, Beijing, China

Min Zhu
Wuxi Micro Innovation Integrated Circuit Design Co., Ltd., Wuxi, China

Shaojun Wei
Beijing National Research Center for Information Science and Technology, School of Integrated Circuits, Tsinghua University, Beijing, China

Leibo Liu
Beijing National Research Center for Information Science and Technology, School of Integrated Circuits, Tsinghua University, Beijing, China

Keywords: SHA-3, Keccak, Masking, Side-Channel Attacks, Glitch, Hardware Implementation, Low Latency

Abstract

SHA-3, the latest hash standard from NIST, is utilized by numerous cryptographic algorithms to handle sensitive information. Consequently, SHA-3 has become a prime target for side-channel attacks, with numerous studies demonstrating successful breaches in unprotected implementations. Masking, a countermeasure capable of providing theoretical security, has been explored in various studies to protect SHA-3. However, masking for hardware implementations may significantly increase area costs and introduce additional delays, substantially impacting the speed and area of higher-level algorithms. In particular, current low-latency first-order masked SHA-3 hardware implementations require more than four times the area of unprotected implementations. To date, the specific structure of SHA-3 has not been thoroughly analyzed for exploitation in the context of masking design, leading to difficulties in minimizing the associated area costs using existing methods. We bridge this gap by conducting detailed leakage path and data dependency analyses on two-share masked SHA-3 implementations. Based on these analyses, we propose a compact and low-latency first-order SHA-3 masked hardware implementation, requiring only three times the area of unprotected implementations and almost no fresh random number demand. We also present a complete theoretical security proof for the proposed implementation in the glitch+register-transition-robust probing model. Additionally, we conduct leakage detection experiments using PROLEAD, TVLA and VerMI to complement the theoretical evidence. Compared to state-of-theart designs, our implementation achieves a 28% reduction in area consumption. Our design can be integrated into first-order implementations of higher-level cryptographic algorithms, contributing to a reduction in overall area costs.