On the Duality of Probing and Fault Attacks

In this work we investigate the problem of simultaneous privacy and integrity protection in cryptographic circuits. We consider a white-box scenario with a powerful, yet limited attacker. A concise metric for the level of probing and fault security is introduced, which is directly related to the capabilities of a realistic attacker. In order to investigate the interrelation of probing and fault security we introduce a common mathematical framework based on the formalism of information and coding theory. The framework unifies the known linear masking schemes. We proof a central theorem about the properties of linear codes which leads to optimal secret sharing schemes. These schemes provide the lower bound for the number of masks needed to counteract an attacker with a given strength. The new formalism reveals an intriguing duality principle between the problems of probing and fault security, and provides a unified view on privacy and integrity protection using error detecting codes. Finally, we introduce a new class of linear tamper-resistant codes. These are eligible to preserve security against an attacker mounting simultaneous probing and fault attacks

Combining Certain Nonlinear Feedback Shift Registers

Abstract. Stream ciphers that deploy linear feedback shift registers (LFSRs) have been shown to be vulnerable under fast correlation attacks [20], [21], [14], algebraic attacks [7], [28], fast algebraic attacks [6], [1], and fault attacks [13]. We discuss certain nonlinear feedback shift registers (NLFSRs) recommended as substitutes for LFSRs in stream cipher systems.

Göttfert: Linear filtering of nonlinear shift register sequences

Abstract. Nonlinear n-stage feedback shift-register sequences over the finite field Fq of period q n − 1 are investigated under linear operations on sequences. We prove that all members of an easily described class of linear combinations of shifted versions of these sequences possess useful properties for cryptographic applications: large periods, large linear complexities and good distribution properties. They typically also have good maximum order complexity values as has been observed experimentally. A running key generator is introduced based on certain nonlinear feedback shift registers with modifiable linear feedforward output functions.

ACHTERBAHN: A Proposal for a Profile 2 Stream Cipher to ECRYPT’s Call for Stream Cipher Primitives

We propose a new additive binary stream cipher called Achterbahn. The keystream generator (KSG) consists of eight primitive binary nonlinear feedback shift registers (NLFSR’s). A binary N-stage feedback shift register is called primitive if it has a cycle of length 2 N − 1 containing all binary nonzero Ntuples. Each shift register has a configurable linear feedforward output function. The output sequences of the shift registers are combined by a balanced 4thorder correlation immune Boolean combining function of eight variables and of algebraic degree three. Due to the modifiable shift register output functions, the KSG is able to produce an ensemble of 2 64 (respectively of 2 80) cyclically inequivalent sequences. All sequences have periods larger than 2 207 and linear complexities larger than 2 85. The size of the secret key is 80 bits. The feedback functions of the driving NLFSR’s promote fast hardware implementations. In the high-speed implementation a throughput of more than 8 Gbps is reached

The Achterbahn Stream Cipher

Contents 1 Introduction 3 1.1 Abriefdescriptionofthekeystreamgenerator............. 3 2 Preliminaries 4 3 Detailed description of the keystream generator 8 3.1 TheBooleancombiningfunction..................... 8 3.2 Thefeedbackshiftregisters ....................... 9 3.3 Thelinearfeedforwardfunctions..................... 11 3.4 Linearcomplexityandperiodofthekeystream............. 14 3.5 Thereducedkeystreamgenerator .................... 16 4 The key-loading algorithm 17 5 Security properties 20 6 Parallel implementation 21 7 Comparison of hardware designs 23 7.1 Areaandpower.............................. 23 7.2 Throughput ................................ 24 7.3 Implementatione#ciency ........................ 25 7.4 Scalability ................................. 25 7.5 Discussion................................. 25 8 Mathematical Background 29 9Conclusion 38 1 Introduction The proposed stream cipher Achterbahn is a binary additive stream cipher. In a binary additive stream c

Side-channel leakage of masked CMOS gates

Abstract. There are many articles and patents on the masking of logic gates. However, the existing publications assume that a masked logic gate switches its output no more than once per clock cycle. Unfortunately, this assumption usually does not hold true in practice. In this article, we show that glitches occurring in circuits of masked gates make these circuits susceptible to classical first-order DPA attacks. Besides a thorough theoretical analysis of the DPA-resistance of masked gates in the presence of glitches, we also provide simulation results that confirm the theoretical elaborations. Glitches occur in every CMOS circuit. Consequently, the currently known masking schemes for CMOS gates do not prevent DPA attacks