A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile-and Why It Is Not

Cong Chen, Mohammad Farmani, Thomas and Eisenbarth

Abstract

This work explores the possibilities for practical Threshold Implementation (TI) with only two shares in order for a smaller design that needs less randomness but is still first-order leakage resistant. We present the first two-share Threshold Implementations of two lightweight block ciphers---Simon and Present. The implementation results show that two-share TI improves the compactness but usually further reduces the throughput when compared with first-order resistant three-share schemes. Our leakage analysis shows that two-share TI can retain perfect first-order resistance. However, the analysis also exposes a strong second-order leakage. All results are backed up by simulation as well as analysis of actual implementations.
Original languageEnglish
Title of host publicationAdvances in Cryptology – ASIACRYPT 2016
EditorsJung Hee Cheon, Tsuyoshi Takagi
Number of pages25
Volume10031
Place of PublicationBerlin, Heidelberg
PublisherSpringer Berlin Heidelberg
Publication date09.11.2016
Pages819-843
ISBN (Print)978-3-662-53886-9
ISBN (Electronic)978-3-662-53887-6
DOIs
Publication statusPublished - 09.11.2016
Event22th International Conference on the Theory and Application of Cryptology and Information Security - Hanoi, Viet Nam
Duration: 04.12.201608.12.2016

Fingerprint

Dive into the research topics of 'A Tale of Two Shares: Why Two-Share Threshold Implementation Seems Worthwhile-and Why It Is Not'. Together they form a unique fingerprint.

Cite this