8.3 Secure Processor Components

Time	Label	Presentation Title Authors
17:00	8.3.1	AUTOMATIC GENERATION OF FORMALLY-PROVEN TAMPER-RESISTANT GALOIS-FIELD MULTIPLIERS BASED ON GENERALIZED MASKING SCHEME Speaker: Rei Ueno, Tohoku University, JP Authors: Rei Ueno¹, Naofumi Homma¹, Sumio Morioka² and Takafumi Aoki¹ ¹Tohoku University, JP; ²Interstellar Technologies Inc., JP Abstract In this study, we propose a formal design system for tamper-resistant cryptographic hardwares based on Generalized Masking Scheme (GMS). The masking scheme, which is a stateof-the-art masking-based countermeasure against higher-order differential power analyses (DPAs), can securely construct any kind of Galois-field (GF) arithmetic circuits at the register transfer level description, while most other ones require specific physical design. In this study, we first present a formal design methodology of GMS-based GF arithmetic circuits based on a hierarchical dataflow graph, called GF arithmetic circuit graph (GF-ACG), and present a formal verification method for both functionality and security property based on Gr"obner basis. In addition, we propose an automatic generation system for GMS-based GF multipliers, which can synthesize a fifth-order 256-bit multiplier (whose input bit-length is 256 times 77) within 15 min. Download Paper (PDF; Only available from the DATE venue WiFi)
17:30	8.3.2	SCAM: SECURED CONTENT ADDRESSABLE MEMORY BASED ON HOMOMORPHIC ENCRYPTION Speaker: Song Bian, Kyoto University, JP Authors: Song Bian, Masayuki Hiromoto and Takashi Sato, Kyoto University, JP Abstract We propose an implementation of a secured content addressable memory (SCAM) based on homomorphic encryption (HE), where HE is used to compute the word matching function without the processor knowing what is being searched and the result of matching. By exploiting the shallow logic structure (XNOR followed by AND) of content addressable memory (CAM), we show that SCAM can be implemented with only additive homomorphism, greatly improving the efficiency of the HE algorithm. In the proposed method, the logic of homomorphic XNOR-AND is replaced with homomorphic XOR-OR, requiring only simple additions to be performed on the ciphertext. We also show that our scheme can be implemented by highly parallelizable and simple hardware architecture. Through experiment, we demonstrate that our software implementation is already 403x faster than the fastest known algorithm. With the help of hardware, we can achieve an energy reduction per word match by a factor of 477 million times, making our SCAM scheme much more practical. Download Paper (PDF; Only available from the DATE venue WiFi)
18:00	8.3.3	SPARX - A SIDE-CHANNEL PROTECTED PROCESSOR FOR ARX-BASED CRYPTOGRAPHY Speaker: Florian Bache, University of Bremen, DE Authors: Florian Bache¹, Tobias Schneider², Amir Moradi² and Tim Güneysu³ ¹University of Bremen, DE; ²Ruhr University Bochum, DE; ³University of Bremen & DFKI, DE Abstract ARX-based cryptographic algorithms are composed of only three elemental operations --- addition, rotation and exclusive or --- which are mixed to ensure adequate confusion and diffusion properties. While ARX-ciphers can easily be protected against timing attacks, special measures like masking have to be taken in order to prevent power and electromagnetic analysis. In this paper we present a processor architecture for ARX-based cryptography, that intrinsically guarantees first-order SCA resistance of any implemented algorithm. This is achieved by protecting the complete data path using a Boolean masking scheme with three shares. We evaluate our security claims by mapping an ARX-algorithm to the proposed architecture and using the common leakage detection methodology based on Student's t-test to certify the side-channel resistance of our processor. Download Paper (PDF; Only available from the DATE venue WiFi)
18:30		End of session

Time

Label

Presentation Title
Authors

17:00

8.3.1

AUTOMATIC GENERATION OF FORMALLY-PROVEN TAMPER-RESISTANT GALOIS-FIELD MULTIPLIERS BASED ON GENERALIZED MASKING SCHEME
Speaker:
Rei Ueno, Tohoku University, JP
Authors:
Rei Ueno¹, Naofumi Homma¹, Sumio Morioka² and Takafumi Aoki¹
¹Tohoku University, JP; ²Interstellar Technologies Inc., JP
Abstract
In this study, we propose a formal design system for tamper-resistant cryptographic hardwares based on Generalized Masking Scheme (GMS). The masking scheme, which is a stateof-the-art masking-based countermeasure against higher-order differential power analyses (DPAs), can securely construct any kind of Galois-field (GF) arithmetic circuits at the register transfer level description, while most other ones require specific physical design. In this study, we first present a formal design methodology of GMS-based GF arithmetic circuits based on a hierarchical dataflow graph, called GF arithmetic circuit graph (GF-ACG), and present a formal verification method for both functionality and security property based on Gr"obner basis. In addition, we propose an automatic generation system for GMS-based GF multipliers, which can synthesize a fifth-order 256-bit multiplier (whose input bit-length is 256 times 77) within 15 min.
Download Paper (PDF; Only available from the DATE venue WiFi)

17:30

8.3.2

SCAM: SECURED CONTENT ADDRESSABLE MEMORY BASED ON HOMOMORPHIC ENCRYPTION
Speaker:
Song Bian, Kyoto University, JP
Authors:
Song Bian, Masayuki Hiromoto and Takashi Sato, Kyoto University, JP
Abstract
We propose an implementation of a secured content addressable memory (SCAM) based on homomorphic encryption (HE), where HE is used to compute the word matching function without the processor knowing what is being searched and the result of matching. By exploiting the shallow logic structure (XNOR followed by AND) of content addressable memory (CAM), we show that SCAM can be implemented with only additive homomorphism, greatly improving the efficiency of the HE algorithm. In the proposed method, the logic of homomorphic XNOR-AND is replaced with homomorphic XOR-OR, requiring only simple additions to be performed on the ciphertext. We also show that our scheme can be implemented by highly parallelizable and simple hardware architecture. Through experiment, we demonstrate that our software implementation is already 403x faster than the fastest known algorithm. With the help of hardware, we can achieve an energy reduction per word match by a factor of 477 million times, making our SCAM scheme much more practical.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:00

8.3.3

SPARX - A SIDE-CHANNEL PROTECTED PROCESSOR FOR ARX-BASED CRYPTOGRAPHY
Speaker:
Florian Bache, University of Bremen, DE
Authors:
Florian Bache¹, Tobias Schneider², Amir Moradi² and Tim Güneysu³
¹University of Bremen, DE; ²Ruhr University Bochum, DE; ³University of Bremen & DFKI, DE
Abstract
ARX-based cryptographic algorithms are composed of only three elemental operations --- addition, rotation and exclusive or --- which are mixed to ensure adequate confusion and diffusion properties. While ARX-ciphers can easily be protected against timing attacks, special measures like masking have to be taken in order to prevent power and electromagnetic analysis. In this paper we present a processor architecture for ARX-based cryptography, that intrinsically guarantees first-order SCA resistance of any implemented algorithm. This is achieved by protecting the complete data path using a Boolean masking scheme with three shares. We evaluate our security claims by mapping an ARX-algorithm to the proposed architecture and using the common leakage detection methodology based on Student's t-test to certify the side-channel resistance of our processor.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:30

End of session

available at

Visit us at DATE 2017

Booth: 20+21

Booth: 30

Booth: 17

Booth: 26

Booth: 1

Booth: 23

Submissions

8.3 Secure Processor Components

DATE Smartphone App

Visit us at DATE 2017