{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T22:23:27Z","timestamp":1776983007416,"version":"3.51.4"},"reference-count":47,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2018,9,19]],"date-time":"2018-09-19T00:00:00Z","timestamp":1537315200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1314540"],"award-info":[{"award-number":["1314540"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Authenticated ciphers, which combine the cryptographic services of confidentiality, integrity, and authentication into one algorithmic construct, can potentially provide improved security and efficiencies in the processing of sensitive data. However, they are vulnerable to side-channel attacks such as differential power analysis (DPA). Although the Test Vector Leakage Assessment (TVLA) methodology has been used to confirm improved resistance of block ciphers to DPA after application of countermeasures, extension of TVLA to authenticated ciphers is non-trivial, since authenticated ciphers have expanded input and output requirements, complex interfaces, and long test vectors which include protocol necessary to describe authenticated cipher operations. In this research, we upgrade the FOBOS test architecture with capability to perform TVLA on authenticated ciphers. We show that FPGA implementations of the CAESAR Round 3 candidates ACORN, Ascon, CLOC (with AES and TWINE primitives), SILC (with AES, PRESENT, and LED primitives), JAMBU (with AES and SIMON primitives), and Ketje Jr.; as well as AES-GCM, are vulnerable to 1st order DPA. We then use threshold implementations to protect the above cipher implementations against 1st order DPA, and verify the effectiveness of countermeasures using the TVLA methodology. Finally, we compare the unprotected and protected cipher implementations in terms of area, performance (maximum frequency and throughput), throughput-to-area (TP\/A) ratio, power, and energy per bit (E\/bit). Our results show that ACORN consumes the lowest number of resources, has the highest TP\/A ratio, and is the most energy-efficient of all DPA-resistant implementations. However, Ketje Jr. has the highest throughput.<\/jats:p>","DOI":"10.3390\/cryptography2030026","type":"journal-article","created":{"date-parts":[[2018,9,19]],"date-time":"2018-09-19T10:50:31Z","timestamp":1537354231000},"page":"26","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Comparison of Cost of Protection against Differential Power Analysis of Selected Authenticated Ciphers"],"prefix":"10.3390","volume":"2","author":[{"given":"William","family":"Diehl","sequence":"first","affiliation":[{"name":"The Bradley Department of Electrical and Computer Engineering, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abubakr","family":"Abdulgadir","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, George Mason University, Fairfax, VA 22030, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Farnoud","family":"Farahmand","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, George Mason University, Fairfax, VA 22030, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jens-Peter","family":"Kaps","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, George Mason University, Fairfax, VA 22030, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kris","family":"Gaj","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, George Mason University, Fairfax, VA 22030, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2018,9,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Diehl, W., Abdulgadir, A., Farahmand, F., Kaps, J.P., and Gaj, K. (May, January 30). Comparison of Cost of Protection Against Differential Power Analysis of Selected Authenticated Ciphers. Proceedings of the 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), Washington, DC, USA.","DOI":"10.1109\/HST.2018.8383904"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Rogaway, P. (2002, January 18\u201322). Authenticated-Encryption with Associated-Data. Proceedings of the ACM Conference on Computer and Communications Security (CCS\u201902), Washington, DC, USA.","DOI":"10.1145\/586123.586125"},{"key":"ref_3","unstructured":"(2018, September 12). CAESAR Competition for Authenticated Encryption: Security, Applicability, and Robustness. Available online: http:\/\/competitions.cr.yp.to\/caesar.html."},{"key":"ref_4","unstructured":"Bernstein, D. (2018, September 16). Cryptographic Competitions. Available online: https:\/\/groups.google.com\/forum\/#!forum\/crypto-competitions."},{"key":"ref_5","unstructured":"(2018, September 16). Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process, NIST, Available online: https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/final-lwc-submission-requirements-august2018.pdf."},{"key":"ref_6","unstructured":"Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., and Rohatgi, P. (2013, January 24\u201326). Test Vector Leakage Assessment (TVLA) Methodology in Practice. Proceedings of the International Cryptographic Module Conference, Gaithersburg Area, MD, USA."},{"key":"ref_7","unstructured":"Goodwill, G., Jun, B., Jaffe, J., and Rohatgi, P. (September, January 25). A Testing Methodology for Side Channel Resistance Validation. In Proceedings of the NIST Non-Invasive Attack Testing Workshop, Todai-ji Cultural Center Nara, Japan."},{"key":"ref_8","unstructured":"CERG (2018, September 12). Flexible Open-Source workBench for Side-Channel Analysis (FOBOS). Available online: https:\/\/cryptography.gmu.edu\/fobos\/."},{"key":"ref_9","unstructured":"Homsirikamol, E., Diehl, W., Ferozpuri, A., Farahmand, F., Yalla, P., Kaps, J., and Gaj, K. (2018, September 19). CAESAR Hardware API. Available online: https:\/\/eprint.iacr.org\/2016\/626.pdf."},{"key":"ref_10","unstructured":"Homsirikamol, E., Diehl, W., Ferozpuri, A., Farahmand, F., Yalla, P., Kaps, J., and Gaj, K. (2018, September 16). Addendum to the CAESAR Hardware API v1.0. Available online: https:\/\/cryptography.gmu.edu\/athena\/CAESAR_HW_API\/CAESAR_HW_API_v1.0_Addendum.pdf."},{"key":"ref_11","unstructured":"CERG (2018, September 16). Development Package for Hardware Implementations Compliant with the CAESAR Hardware API, v2.0. Available online: https:\/\/cryptography.gmu.edu\/athena\/index.php?id=CAESAR."},{"key":"ref_12","unstructured":"Wu, H. (2018, September 16). ACORN, A Lightweight Authenticated Cipher (v3). Available online: https:\/\/competitions.cr.yp.to\/round3\/acornv3.pdf."},{"key":"ref_13","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., and Schl\u00e4ffer, M. (2018, September 16). ASCON v1.2. Available online: https:\/\/competitions.cr.yp.to\/round3\/asconv12.pdf."},{"key":"ref_14","unstructured":"Iwata, T., Minematsu, K., Guo, J., Morioka, S., and Kobayashi, E. (2018, September 12). CLOC and SILC v3. Available online: https:\/\/competitions.cr.yp.to\/round3\/clocsilcv3.pdf."},{"key":"ref_15","unstructured":"Wu, H., and Huang, T. (2018, September 16). The JAMBU Lightweight Authenticated Encryption Mode. Available online: http:\/\/www3.ntu.edu.sg\/home\/wuhj\/research\/caesar\/caesar.html."},{"key":"ref_16","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., and Van Keer, R. (2018, September 16). CAESAR Submission: Ketje V2. Available online: https:\/\/competitions.cr.yp.to\/round3\/ketjev2.pdf."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Dworkin, M. (2018, September 12). Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (GCM) and GMAC, Available online: https:\/\/www.nist.gov\/publications\/recommendation-block-cipher-modes-operation-galoiscounter-mode-gcm-and-gmac?pub_id=51288.","DOI":"10.6028\/NIST.SP.800-38Gr1-draft"},{"key":"ref_18","unstructured":"CERG (2018, September 16). GMU Source Code of CAESAR Round 3 Candidates. Available online: https:\/\/cryptography.gmu.edu\/athena\/index.php?id=CAESAR_source_codes."},{"key":"ref_19","unstructured":"Huang, T. (2018, September 16). Round 3 Hardware Submission: ACORN. Available online: https:\/\/groups.google.com\/forum\/#!forum\/crypto-competitions."},{"key":"ref_20","unstructured":"Iwata, T. (2018, September 16). HW for CLOC and SILC 64-bit BC. Available online: https:\/\/groups.google.com\/forum\/#!forum\/crypto-competitions."},{"key":"ref_21","unstructured":"Huang, T. (2018, September 16). SIMON-JAMBU. Available online: https:\/\/groups.google.com\/forum\/#!forum\/crypto-competitions."},{"key":"ref_22","unstructured":"Bertoni, G. (2018, September 12). Ketje-Keyak Team. Available online: https:\/\/github.com\/guidobertoni\/caesar_gmu_vhdl."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Nikova, S., Rechberger, C., and Rijmen, V. (2006, January 4\u20137). Threshold Implementations Against Side-Channel Attacks and Glitches. Proceedings of the International Conference on Information and Communications Security, Raleigh, NC, USA.","DOI":"10.1007\/11935308_38"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1145\/359168.359176","article-title":"How to Share a Secret","volume":"22","author":"Shamir","year":"1979","journal-title":"Commun. ACM"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Yao, A. (1982, January 3\u20135). Protocols for Secure Computation. Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, Chicago, IL, USA.","DOI":"10.1109\/SFCS.1982.38"},{"key":"ref_26","unstructured":"Mangard, S., Pramstaller, N., and Oswald, E. (September, January 29). Successfully attacking masked AES hardware implementations. Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., and Rijmen, V. (2014). A More Efficient AES Threshold Implementation. Lecture Notes in Computer Science, Proceedings of the 7th International Conference on Cryptology in Africa, Marrakesh, Morocco, 28\u201330 May 2014, Springer.","DOI":"10.1007\/978-3-319-06734-6_17"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Moradi, A., Poschmann, A., Ling, S., Paar, C., and Wang, H. (2011). Pushing the Limits: A Very Compact and a Threshold Implementation of AES. Lecture Notes in Computer Science, Proceedings of the 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 15\u201319 May 2011, Springer.","DOI":"10.1007\/978-3-642-20465-4_6"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/s41635-017-0021-2","article-title":"An Evaluation of Lightweight Block Ciphers for Resource-Constrained Applications: Area, Performance, and Security","volume":"1","author":"Sadhukhan","year":"2017","journal-title":"J. Hardw. Syst. Secur."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Diehl, W., Abdulgadir, A., Kaps, J., and Gaj, K. (2018). Comparing the Cost of Protecting Selected Lightweight Block Ciphers Against Differential Power Analysis in Low-Cost FPGAs. Computers, 7.","DOI":"10.3390\/computers7020028"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Vliegen, J., Reparaz, O., and Mentens, N. (2017, January 3\u20135). Maximizing the throughput of threshold-protected AES-GCM implementations on FPGA. Proceedings of the 2nd International Verification and Security Workshop (IVSW), Thessaloniki, Greece.","DOI":"10.1109\/IVSW.2017.8031559"},{"key":"ref_32","first-page":"446","article-title":"A Very Compact \u2018Perfectly Masked\u2019 S-Box for AES","volume":"5037","author":"Canright","year":"2008","journal-title":"Appl. Cryptogr. Netw. Secur."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Gaj, K., and Chodowiec, P. (2009). FPGA and ASIC Implementations of AES. Cryptographic Engineering, Springer.","DOI":"10.1007\/978-0-387-71817-0_10"},{"key":"ref_34","unstructured":"Ferguson, N. (2018, September 16). Authentication Weaknesses in AES-GCM, Microsoft Corporation, Available online: https:\/\/csrc.nist.gov\/csrc\/media\/projects\/block-cipher-techniques\/documents\/bcm\/comments\/cwc-gcm\/ferguson2.pdf."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/978-3-540-74735-2_1","article-title":"A First-Order DPA Attack Against AES in Counter","volume":"Volume 4727","author":"Paillier","year":"2007","journal-title":"Cryptographic Hardware and Embedded Systems\u2014CHES 2007"},{"key":"ref_36","first-page":"306","article-title":"Side Channel Analysis of Multiplications in GF(2128)","volume":"Volume 8874","author":"Sarkar","year":"2014","journal-title":"Advances in Cryptology\u2014ASIACRYPT 2014"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"661","DOI":"10.1109\/TC.2016.2614504","article-title":"Lightweight Side Channel Resistance: Threshold Implementations of Simon","volume":"66","author":"Shahverdi","year":"2017","journal-title":"IEEE Trans. Comput."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"322","DOI":"10.1007\/s00145-010-9086-6","article-title":"Side-Channel Resistant Crypto for Less than 2300 GE","volume":"24","author":"Poschmann","year":"2011","journal-title":"J. Cryptol."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Kutzner, S., Nguyen, P., Poschmann, A., and Wang, H. (2018, September 12). On 3-Share Threshold Implementations for 4-Bit S-Boxes. Available online: https:\/\/eprint.iacr.org\/2012\/509.pdf.","DOI":"10.1007\/978-3-642-40026-1_7"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Rivain, M., and Prouff, E. (2010, January 17\u201320). Provably Secure Higher-Order Masking of AES. Proceedings of the International Workshop on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-642-15031-9_28"},{"key":"ref_41","unstructured":"Homsirikamol, E., Yalla, P., Farahmand, F., Diehl, W., Ferozpuri, A., Kaps, J., and Gaj, K. (2018, September 16). Implementer\u2019s Guide to the CAESAR Hardware API v2.0. Available online: https:\/\/cryptography.gmu.edu\/athena\/CAESAR_HW_API\/CAESAR_HW_Implementers_Guide_v2.0.pdf."},{"key":"ref_42","unstructured":"CERG (2018, September 16). Automated Tool for Hardware Evaluation (ATHENa). Available online: https:\/\/cryptography.gmu.edu\/athena\/."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"470","DOI":"10.1016\/j.micpro.2016.10.006","article-title":"Ascon hardware implementations and side-channel evaluation","volume":"52","author":"Wenger","year":"2017","journal-title":"Microprocess. Microsyst. Embed. Hardw. Des."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Kocher, P., Jaffe, J., and Jun, B. (1999, January 15\u201319). Differential Power Analysis. Proceedings of the 19th International Conference on Cryptology (CRYPTO 99), Santa Barbara, CA, USA.","DOI":"10.1007\/3-540-48405-1_25"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1007\/s13389-011-0006-y","article-title":"Introduction to Differential Power Analysis","volume":"1","author":"Kocher","year":"2011","journal-title":"J. Cryptogr. Eng."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1007\/s13389-016-0120-y","article-title":"Leakage Assessment Methodology","volume":"6","author":"Schneider","year":"2016","journal-title":"J. Cryptogr. Eng."},{"key":"ref_47","unstructured":"Kern, R. (2018, September 16). A Simple File Format for NumPy Arrays. Available online: https:\/\/docs.scipy.org\/doc\/numpy-1.14.0\/neps\/npy-format.html."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/3\/26\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:21:26Z","timestamp":1760196086000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/3\/26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,9,19]]},"references-count":47,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2018,9]]}},"alternative-id":["cryptography2030026"],"URL":"https:\/\/doi.org\/10.3390\/cryptography2030026","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,9,19]]}}}