Aria Shahverdi

Toward Practical Homomorphic Evaluation of Block Ciphers Using Prince

We present the homomorphic evaluation of the Prince block cipher. Our leveled implementation is based on a generalization of NTRU. We are motivated by the drastic bandwidth savings that may be achieved by scheme conversion. To unlock this advantage we turn to lightweight ciphers such as Prince. These ciphers were designed from scratch to yield fast and compact implementations on resource-constrained embedded platforms. We show that some of these ciphers have the potential to enable near practical homomorphic evaluation of block ciphers. Indeed, our analysis shows that Prince can be implemented using only a 24 level deep circuit. Using an NTRU based implementation we achieve an evaluation time of 3.3 s per Prince block – one and two orders of magnitude improvement over homomorphic AES implementations achieved using NTRU, and BGV-style homomorphic encryption libraries, respectively.

Silent Simon: A threshold implementation under 100 slices

Lightweight Cryptography aims at achieving security comparable to conventional cryptography at a much lower cost. Simon is a lightweight alternative to AES, as it shares same cryptographic parameters, but has been shown to be extremely area-efficient on FPGAs. However, in the embedded setting, protection against side channel analysis is often required. In this work we present a threshold implementation of Simon. The proposed core splits the information between three shares and achieves provable security against first order side-channel attacks. The core can be implemented in less than 100 slices of a low-cost FPGA, making it the world smallest threshold implementation of a block-cipher. Hence, the proposed core perfectly suits highly-constrained embedded systems including sensor nodes and RFIDs. Security of the proposed core is validated by provable arguments as well as practical DPA attacks and tests for leakage quantification.

Balanced Encoding to Mitigate Power Analysis: A Case Study

Most side channel countermeasures for software implementations of cryptography either rely on masking or randomize the execution order of the cryptographic implementation. This work proposes a countermeasure that has constant leakage in common linear leakage models. Constant leakage is achieved not only for internal state values, but also for their transitions. The proposed countermeasure provides perfect protection in the theoretical leakage model. To study the practical relevance of the proposed countermeasure, it is applied to a software implementation of the block cipher Prince. This case study allows us to give realistic values for resulting implementation overheads as well as for the resulting side channel protection levels that can be achieved in realistic implementation scenarios.

Tight Upper and Lower Bounds for Leakage-Resilient, Locally Decodable and Updatable Non-malleable Codes

In a recent result, Dachman-Soled et al. (TCC 2015) proposed a new notion called locally decodable and updatable non-malleable codes, which informally, provides the security guarantees of a non-malleable code while also allowing for efficient random access. They also considered locally decodable and updatable non-malleable codes that are leakage-resilient, allowing for adversaries who continually leak information in addition to tampering. Unfortunately, the locality of their construction in the continual setting was \(\varOmega (\log n)\), meaning that if the original message size was n blocks, then \(\varOmega (\log n)\) blocks of the codeword had to be accessed upon each decode and update instruction.

Lightweight Side Channel Resistance: Threshold Implementations of S imon

As networking has become major innovation driver for the Internet of Things as well as Networks on Chips, the need for effective cryptography in hardware is on a steep rise. Both cost and overall system security are the main challenges in many application scenarios, rather than high throughput. In this work we present area-optimized implementations of the lightweight block cipher Simon. All presented cores are protected against side channel attacks using threshold implementation, which applies secret sharing of different orders to prevent exploitable leakages. Implementation results show that, on FPGAs, the higher-order protected Simon core can be smaller than an unprotected AES core at the same security level against classic cryptanalysis. Also, the proposed secure cores consume less than 30 percent the power of any unprotected AES. Security of the proposed cores is validated by provable arguments as well as practical t-test based leakage detection methods. In fact, we show that the first-order protected Simon core does not have first-order leakage and is secure up to 10 million observations against higher-order attacks. The second-order secure implementation could not be exploited at all with up to 100 million observations.

Local Non-malleable Codes in the Bounded Retrieval Model

In a recent result, Dachman-Soled et al. (TCC ’15) proposed a new notion called locally decodable and updatable non-malleable codes, which informally, provides the security guarantees of a non-malleable code while also allowing for efficient random access. They also considered locally decodable and updatable non-malleable codes that are leakage-resilient, allowing for adversaries who continually leak information in addition to tampering.