Balanced Dual-Mask Protection Scheme for GIFT Cipher Against Power Attacks

Abstract

Currently NIST is working towards the standardization of lightweight cryptography (LWC). Although the cryptanalytic strength of LWC is currently under deep scrutiny, the LWC implementation security has not been yet widely explored. GIFT block cipher is the main building block of many of the LWC NIST candidates and therefore has the potential to be part of the next lightweight crypto-standard. Hence it is important to understand its implementation vulnerabilities such as side-channel attacks (SCAs). Although SCAs have been evaluated for hardware implementations, no analysis or countermeasures have been proposed yet for software implementations. This work evaluates GIFT 128-bit software implementations (protected and unprotected) against power-based SCAs. Our protected implementation is based on a new lightweight countermeasure consisting of two balanced and masked SBoxes. Our results show that GIFT's SBox (or SubCell function) is vulnerable against profiled and non-profiled attacks when unprotected or protected implementations based on existing balancing or masking techniques are used. On the other hand, our proposed countermeasure that smartly combines balancing and masking offers full protection with negligible overhead.