## CryptoDB

Authors: Thomas De Cnudde , KU Leuven, imec-COSIC, Belgium Maik Ender , Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany Amir Moradi , Horst Görtz Institute for IT Security, Ruhr-Universität Bochum DOI: 10.13154/tches.v2018.i2.123-148 URL: https://tches.iacr.org/index.php/TCHES/article/view/877 Search ePrint Search Google MaskingHardware masking schemes have shown many advances in the past few years. Through a series of publications their implementation cost has dropped significantly and flaws have been fixed where present. Despite these advancements it seems that a limit has been reached when implementing masking schemes on FPGA platforms. Indeed, even with a correct transition from the masking scheme to the masking realization (i.e., when the implementation is not buggy) it has been shown that the implementation can still exhibit unexpected leakage, e.g., through variations in placement and routing. In this work, we show that the reason for such unexpected leakages is the violation of an underlying assumption made by all masking schemes, i.e., that the leakage of the circuit is a linear sum of leakages associated to each share. In addition to the theory of VLSI which supports our claim, we perform a wide range of experiments based on an FPGA) to find out under what circumstances this causes a masked hardware implementation to show undesirable leakage. We further illustrate case studies, where publicly-known secure designs exhibit first-order leakage when being operated at certain conditions.
##### BibTeX
@article{tches-2018-28958,
journal={Transactions on Cryptographic Hardware and Embedded Systems},
publisher={Ruhr-Universität Bochum},
volume={2018, Issue 2},
pages={123-148},
url={https://tches.iacr.org/index.php/TCHES/article/view/877},
doi={10.13154/tches.v2018.i2.123-148},
author={Thomas De Cnudde and Maik Ender and Amir Moradi},
year=2018
}