Binary Ring-LWE Hardware with Power Side-Channel Countermeasures

Aydin Aysu^a, Michael Orshansky^b and Mohit Tiwari^c
The University of Texas at Austin, Austin, TX, USA
^aaydinay@utexas.edu
^btiwari@utexas.edu
^corshansky@utexas.edu

ABSTRACT

We describe the first hardware implementation of a quantum‐secure encryption scheme along with its lowcost power side‐channel countermeasures. The encryption uses an implementation‐friendly Binary‐Ring‐Learning‐with‐Errors (BRLWE) problem with binary errors that can be efficiently generated in hardware. We demonstrate that a direct implementation of BRLWE exhibits vulnerability to power side‐channel attacks, even to Simple Power Analysis, due to the nature of binary coefficients. We mitigate this vulnerability with a redundant addition and memory update. To further protect against Differential Power Analysis (DPA), we use a B‐RLWE specific opportunity to construct a lightweight yet effective countermeasure based on randomization of intermediate states and masked threshold decoding. On a SAKURAG FPGA board, we show that our method increases the required number of measurements for DPA attacks by 40× compared to unprotected design. Our results also quantify the trade-off between side-channel security and hardware area-cost of B-RLWE.

---

Full Text (PDF)

© 2018 EDAA. All rights reserved.