 Hello everybody, this is Ahin and have the pleasure to present our paper entitled as second order security with almost no fresh randomness, which is a joint work with Amir Maradi. Masking schemes are one of the most popular content measures against side channel analysis. And, which is based on randomizing sensitive data during the execution of the cipher. So in masking a scheme, we usually divide the sensitive variable into some shares and the which make or forces the adversary to recombine the shares to recover the key. But how we can evaluate a given mask design. So to this end probing model was proposed. So adversity can probe the intermediate values and each probe are exact and independent. And it has been shown that security in this model also provides security in other models. And if any decombination of intermediate values does not reveal anything about the circuit, then the design is secure against these or their side channel attack. And due to its simple basis and seem due to its simplicity and its abstraction, probing model is basis for many proofs in such an analysis. However, it does not properly work in hardware implementations. And the reason behind these is glitches glitches are unwanted transition at the output of a combinatorial circuit. And these five usually are mainly due to the unbalanced path of the input of a combinatorial circuit. So, in this model when a probe plays on a gate, it propagates backward up to last synchronization point. So here is a simple logic circuit. So if you probe the output or one of the output, the probe propagates backward and the adversity have information about the all for input beats that are involved in the calculation of original probe. Tertial implementation is the first methodology which is immune against glitches. TI or tertial implementation is based on three condition correctness non-competence and uniformity, and the number of input share depends on the algebraic degree of the target function and also the security order D. However, D plus one sharing is independent of the algebraic degree of a target function and I here I brought a simple to input and gate first order secure design did a single bit fresh mask. So, in this methodology, the mask version is divided into two parts. One is called component function. So you can hear one of them here with this box and we have a register layer and each component function should be registered. And then we have a compression layer to generate two output shares. It has been shown that we can have a first order secure to input and get visa fresh mask in this paper. And the question is, can we extend it to the second order or not. So here I recommend to watch my presentation. About the paper reconciling first order masking scheme, because this is the extension of that algorithm and probably might be helpful to watch it before. Watch this video. So, let's start with a very simple to input and gate. And we would like to have a second order realization of two input and get two shares. So it forces us to use nine component function as you can see here to have second order non completeness. So the construction will be something like this we have nine component function register layer here and the compression layer here. So we want an algorithm to find a uniform sharing, which means a X one X zero and X two should be uniform and also the entire design should be glitch extended probing secure. So to this end we follow below steps. We make the set FL, which means that F zero to set F eight because we have nine component function, and each of each includes all two input constant three coordinate functions. So for example for F zero, which gets all zero and B zero, we have four different coordinate function, namely all zero B zero, all zero B zero plus all zero, all zero B zero plus B zero and also all zero B zero plus all zero plus B zero. So each set is one. And then, if we assume that F zero F one and F two are compressed, then we search for a top of which is glitch extended probing secure and also their X or which means that in this case, if I go back to the last slide, X zero is a balance function that the output has as many as one as zero. So what glitch extended probing secure means. So we have this construction. So it should be secure when I when the attacker put to probe on one in on F zero and one on F one. Because F one and F zero or second order non complete so we don't need to check a this one as it at most have two shares out of three shares. So the next one that we should check is one probe on the X or in the compression layer and one in the component function. So because of glitch extended probing model these will expand to three here. And we have to check these four probes and check the security of them. And then we have to check the next one and also the probe on the F two, which is a component function. Once we found find the top of which will face these checks and also secure in glitch x and the probing model, and also their X or which means that X zero is balance function then we add these, these functions to the set F zero one to and do we do the same to make two other sets and as the last step we search for the top of whose X or make a correct sharing so in tertiary implementation we make something correct and non complete and then we search for uniform sharing by adding correction terms but here we at first have something non complete and second order secure in glitch extended probing model and also uniform and then we find something correct and we see whether is there any correction or not. But it's not the end we have to check some more probes. So we get the first element from this set and the next one from the other set and the last element from the last set. So, so far we check whether these construction these construction and these concern is second order secure or not but we have to check whether if one probe is x zero which is expanded to three probes here, and also one probe on the other element means F zero here F three here is secure or not. So we have to do these checks as well, and then the other probe on this one and this one. So we have to put another probe on X one and these four should be checked but this one expands to three more probes or these set of six pros should be checked whether it's secure or not. And basically it has identical joint identical joint probability distribution or not. So we have a secure design, which means that this element and this element is secure we should do the same for this element and this one basically one probe here in the x zero which is expanded to three, and then one in each component function and one on X two. So we have to check this element and this element and see whether it's second order secure or not. And the last step is, whether this uniform or not. And if it was uniform and also have a correct sharing, then we found a solution. So as you can see, compared to the first order security it has way more checks, and the complexity of the algorithm is pretty high. So the application of this technique on to input and get the without fresh marks and with a single bit freshman leads to no solution, but we had, we have found many solution with two fresh mask beats for index or function which is a obby plus C for input variables for obby and say we have millions of solutions without fresh masks. So this motivated us to apply our technique to forward quality projections, and we know we have six classes of quadratic projections, and which means that using one of these classes and tool. We can build any forward quadratic projections. So we start with the simplest one, which has only one coordinate function, which is, which is quadratic here. And we already studied an index or, which is basically this coordinate function, but all solutions are not necessarily a joint, a jointly uniform solution so we search for a uniform sharing, and we found more than 500 solution which is the second order secure and also fulfill the joint uniformity. And of course without any fresh masks. So we further studied the next one. This one is a more a bit more complicated. It has two quadrant function with algebraic degree of two. Of course it requires more checks on because the attack I can put one probe on this coordinate function one in this coordinate function. And basically one on the compression layer of the first and one on the component function of the second one and the other probability is to put one probe on the compression layer of this coordinate function and one and on the compression layer of this function. We also found many solutions without fresh masks. And we also applied our technique to other quadratic projections, and we found some solutions. However, we found no solution for q 300. And it's not possible to realize three shares second order mask variant of this one, because basically this the coordinate function has all three month quadratic monomials of three inputs. But this class can be decomposed into two quadratic by junction. And we can make those decomposed functions a second order secure, but at the composition, we need some fresh masks. So here we have F and G, which is quadratic. So we should add some fresh mask in the compression layer and store the result in the register to make sure that the design, the whole design is still second order secure. So F is second order secure G is second order secure but composing them, not necessarily is second order secure. So because of that, in the compression layer we add some fresh mask, store the result in the register and before giving it to the next function and if the output of the G also goes to the another function nonlinear function then we should add some more fresh mask here. So as in cases study we applied our algorithm to catch up and catch up has a five with this box with quarter to coordinate functions. And you have designed a two share, which means the first order and three share Jesus. Second order round based implementation of catch up without any fresh mask. I would like to highlight that this is the first time the second order secure catch up without any fresh mask is presented. So here is the synthesis result. So as you can see we have we use no fresh mask the area overhead is roughly the same but we have a bit more delay. So basically the critical pass. So the next is the case study is skinny the for this box of skinny can be decomposed into two quadratic function. So you can see here and three affine functions, and all affine functions are a bit permutation and negation of the input and output so this means that you can construct a skinny encryption function with only eight fresh mass as you can see here. And then, as I said before, we have to add fresh mass at the interconnection of the two quadratic function to ensure the security and because affine functions are just bit permutation. We don't need to place any register here so basically we have one register before this box and to register layers before the compression and also one register after compression of the first quadratic bijection. So the next case study is Midori, it's pretty similar to the skinny, we can decompose it into two quadratic function, however, affine function are not just bit permutation like Midori so we can decompose it into quadratic function and basically integrate the a three into the this quadratic function also a two to the the other one and make the G and F. So basically we have two new quadratic bijections and we can apply our algorithm and it and we found more solution and actually we need more checks because of a one because the attacker can put a probe on a one on the X or and put one probe on the compression layer of F or compression layer of G. So, we have found several solution for F and G and as I said before we need eight bit fresh mass to connect or basically compose the G and F and the result of the A1 should be stored in register. Here is the general structure of the Midori and as I said the output of A1 should be stored in the register at the interconnection we need some fresh masks and before connection you always need register to ensure glitch extended probing security. So, the next case studies are present and prints and present spots also can be decomposed into two quadratic bijection like Midori and Eskini, and I'm not going to repeat the procedure for the present this box. And for prints, in the encryption function of prints, both S plus and its inverse are used. So, as a matter of fact, none of them can be decomposed into two quadratic bijection. So, we decompose it, the S box inverse into three quadratic bijection, which means the H, G and F are quadratic bijection and you have an input F on A1 and we should store the result of the A1 to the register and then compose the F, G and H. And as before at the interconnection of F and G and G and H we need fresh masks to ensure the security. To implement the S box we used the affine equivalence property of S box and S box inverse of prints which means that which means that with affine function A we can implement S in the round function. And basically we implement a secure version of S1 and we place A at the input and output of this inverse to implement this. So, here is the result. The S box has a security order tree with only three shares, we need only eight feet per S box. And the same hole for the Midori and present but prints is decomposed to three quadratic functions and as you can see the number of fresh masks is reduced. The area overhead is roughly the same as the state of the art and is very better than some proposed designs and actually the throughput of our design is the most in the prints. We have a work on present which this is only an S box implementation which needs more than 500 bit and more around 150 clocks like to perform only one present S box which is second order secure. And which is the cost of our implementation is extremely lower compared to the state of the art. We evaluate all our S box construction with silver, which is verification tool and does not simplify anything and has not any false positive or false negative, and we check our construction under the glitch exam the probing model. And because analyzing full encryption module is not possible with silver we implemented our design in FPGA and collected traces and perform the T test and all of the design were secure using 100 million traces. So, in this paper we introduce a methodology to achieve three shares second order secure implementation of quadratic functions without any fresh mask, but we need fresh mass when we are going to compose them. We also presented first order and second order secure design of ketchup without any fresh mask. We also applied our technique on some light with block cycle like a skinny me do your present and prints and presented second order variants of them. Thank you all for watching my presentation, please do not hesitate to contact me if you have any question or if you have any suggestion. Thank you very much.