Efficient Conversion Method from Arithmetic to Boolean Masking in Constrained Devices

Abstract

A common technique employed for preventing a side channel analysis is Boolean masking. However, the application of this scheme is not so straightforward when it comes to block ciphers based on Addition-Rotation-Xor structure. In order to address this issue, since 2000, scholars have investigated schemes for converting Arithmetic to Boolean (AtoB) masking and Boolean to Arithmetic (BtoA) masking schemes. However, these solutions have certain limitations. The time performance of the AtoB scheme is extremely unsatisfactory because of the high complexity ofmathcal {O}(k) where k is the size of arithmetic operation. At the FSE 2015, an improved algorithm with time complexitymathcal {O}(\log k) based on the Kogge-Stone carry look-ahead adder was suggested. Despite its efficiency, this algorithm cannot consider for constrained environments. Although the original algorithm inherently extends to low-resource devices, there is no advantage in time performance; we call this variant as the generic variant. In this study, we suggest an enhanced variant algorithm to apply to constrained devices. Our solution is based on the principle of the Kogge-Stone carry look-ahead adder, and it uses a divide and conquer approach. In addition, we prove the security of our new algorithm against first-order attack. By reducing the main loop complexity to rceil from log (k-1) where l is the size of register bit, we can expect the reasonable time complexity for our variant algorithms. In implementation results based on this fact, when k=64 and the register bit size of a chip is 8, 16 or 32, we obtain 58%, 72%, or 68% improvement, respectively, over the results obtained using the generic variant. When applying those algorithms to first-order SPECK, we also achieve roughly 40% improvement. Moreover, our proposal extends to higher-order countermeasures as previous study.