zbMATH — the first resource for mathematics

Hardware implementation and side-channel analysis of Lapin. (English) Zbl 1337.94096
Benaloh, Josh (ed.), Topics in cryptology – CT-RSA 2014. The cryptographer’s track at the RSA conference 2014, San Francisco, CA, USA, February 25–28, 2014. Proceedings. Berlin: Springer (ISBN 978-3-319-04851-2/pbk). Lecture Notes in Computer Science 8366, 206-226 (2014).
Summary: Lapin is a new authentication protocol that has been designed for low-cost implementations. In a work from RFIDsec 2012, D. J. Berstein and T. Lange [Lect. Notes Comput. Sci. 7739, 137–148 (2013; Zbl 1337.94093)] argued that at similar (mathematical) security levels, Lapin’s performances are below the ones of block cipher based authentication. In this paper, we suggest that as soon as physical security (e.g. against side-channel attacks) is taken into account, this criticism can be mitigated. For this purpose, we start by investigating masked hardware implementations of Lapin, and discuss the gains obtained over software ones. Next, we observe that the structure of our implementations significantly differs from block cipher ones (for which most results in side-channel analysis apply), hence raising questions regarding how to evaluate physical security in this case. We then provide first results of side-channel analyzes against unprotected and masked Lapin. Despite interesting properties of the masked implementations, our conclusions are still contrasted because of the on-chip randomness requirements of Lapin protocol. These results give strong incentive to design similar but deterministic protocols, e.g. based on the recently introduced learning with rounding assumption.
For the entire collection see [Zbl 1283.94001].

94A62 Authentication, digital signatures and secret sharing
Full Text: DOI