Seminar on Security of Embedded Electronic Systems

Home     Presentation     Previous years

Begul Bilgin

Threshold Implementations

Differential power analysis (DPA) attacks exploit the information leaked during a computation, by means of power consumption, to extract the secret value. DPA has proven many hardware implementations of cryptographic algorithms to be vulnerable. Many countermeasures are proposed to thwart such attacks one of which is masking. With masking, data is split into several shares to randomize the data and so the power consumption of a process with that data. However, the glitches that occur in hardware can still leak unintended information with standard masking.

Threshold implementation (TI) is a masking method based on secret sharing and multi-party computation. TI relies on three properties, namely correctness, non-completeness and uniformity, and it provides provable security even in the presence of glitches as long as shares leak independently.

In the first part of this talk, we focus on the theoretical aspect of TI and discuss why each of these three properties are required and how to satisfy them. In the second part, we investigate a TI of AES. We also show a trade of between area and the amount of fresh randomness required.