Transactions on Cryptographic Hardware and Embedded Systems, Volume 2024
Breaking Ground: A New Area Record for Low-Latency First-Order Masked SHA-3:
Advancing from the 4x Area Era to the 3x Area Era
README
Repository Overview
Welcome to the source code repository for the paper Breaking Ground: A New Area Record for Low-Latency First-Order Masked SHA-3, published in TCHES 2024 Issue 4. This repository contains all the code and resources necessary to reproduce the results presented in the paper.
Table of Contents:
Paper Abstract
SHA-3, the latest hash standard from NIST, is utilized by numerous cryptographic algorithms to handle sensitive information. Consequently, SHA-3 has become a prime target for side-channel attacks, with numerous studies demonstrating successful breaches in unprotected implementations. Masking, a countermeasure capable of providing theoretical security, has been explored in various studies to protect SHA-3. However, masking for hardware implementations may significantly increase area costs and introduce additional delays, substantially impacting the speed and area of higher-level algorithms. In particular, current low-latency first-order masked SHA-3 hardware implementations require more than four times the area of unprotected implementations. To date, the specific structure of SHA-3 has not been thoroughly analyzed for exploitation in the context of masking design, leading to difficulties in minimizing the associated area costs using existing methods.
We bridge this gap by conducting detailed leakage path and data dependency analyses on two-share masked SHA-3 implementations. Based on these analyses, we propose a compact and low-latency first-order SHA-3 masked hardware implementation, requiring only three times the area of unprotected implementations and almost no fresh random number demand. We also present a complete theoretical security proof for the proposed implementation in the glitch+register-transition-robust probing model. Additionally, we conduct leakage detection experiments using PROLEAD, TVLA and VerMI to complement the theoretical evidence. Compared to state-of-the-art designs, our implementation achieves a 28% reduction in area consumption. Our design can be integrated into first-order implementations of higher-level cryptographic algorithms, contributing to a reduction in overall area costs.
Authors and Affiliations
- Cankun Zhao
, BNRist, SIC, Tsinghua University, Beijing, China - Hang Zhao, BNRist, SIC, Tsinghua University, Beijing, China
- Jiangxue Liu, BNRist, SIC, Tsinghua University, Beijing, China
- Bohan Yang, BNRist, SIC, Tsinghua University, Beijing, China
- Wenping Zhu, BNRist, SIC, Tsinghua University, Beijing, China
- Shuying Yin, BNRist, SIC, Tsinghua University, Beijing, China
- Min Zhu, MUCSE, Wuxi, China
- Shaojun Wei, BNRist, SIC, Tsinghua University, Beijing, China
- Leibo Liu, BNRist, SIC, Tsinghua University, Beijing, China
Repository Content
This repository is divided into three main sections: hardware, software, and leakage assessments.
- Hardware Implementation:
- RTL Code: Implementation of the proposed SHA-3 design.
- Functional Simulation Scripts: Scripts to perform functional simulations of the hardware design.
- Synthesis Scripts: Scripts for synthesizing the hardware implementation.
- Security Analysis Tools:
- DOM-Keccak Leakage Analysis: Code for conducting leakage analysis on the SHA-3 implementation.
- Design Space Exploration: Programs for exploring different design configurations.
- Security Proofs: Code supporting the security proofs under the glitch+register-transition-robust probing model in the paper.
- Leakage Assessments:
- PROLEAD: Instructions, configuration files, output reports, and data processing scripts for testing our design using PROLEAD.
- Test Vector Leakage Assessment (TVLA): Our TVLA experiment instructions, RTL code for the testing board, and some testing scripts.
- VerMI: Detailed instructions for testing non-completeness of our design using VerMI.
Detailed instructions and usage information for each part can be found in the README files within the respective subdirectories.
Contact
Please contact Cankun Zhao (zck22@mails.tsinghua.edu.cn) if you have any questions, comments, if you found a bug that should be corrected, or if you want to reuse the codes or parts of them for your own research projects.
License
Copyright (c) 2024, Cankun Zhao, Leibo Liu. All rights reserved.
Please see LICENSE for further license instructions.