Article

Higher order masking of the AES

Authors:

Christof PaarAuthors Info & Claims

CT-RSA'06: Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology

Pages 208 - 225

https://doi.org/10.1007/11605805_14

Published: 13 February 2006 Publication History

Abstract

The development of masking schemes to secure AES implementations against side channel attacks is a topic of ongoing research. Many different approaches focus on the AES S-box and have been discussed in the previous years. Unfortunately, to our knowledge most of these countermeasures only address first-order DPA. In this article, we discuss the theoretical background of higher order DPA. We give the expected measurement costs an adversary has to deal with for different hardware models. Moreover, we present a masking scheme which protects an AES implementation against higher order DPA. We have implemented this masking scheme for various orders and present the corresponding performance details implementors will have to expect.

References

[1]

M.-L. Akkar and C. Giraud. An Implementation of DES and AES Secure against Some Attacks. In Ç. K. Koç., D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems -- CHES 2001, volume LNCS 2162, pages 309-318. Springer-Verlag, 2001.

Digital Library

[2]

M.-L. Akkar and L. Goubin. A Generic Protection against High-Order Differential Power Analysis. In T. Johansson, editor, Fast Software Encryption -- FSE 2003, volume 2887, pages 192-205. Springer-Verlag, 2003.

[3]

Mehdi-Laurent Akkar, Régis Bevan, Paul Dischamp, and Didier Moyart. Power Analysis, What Is Now Possible... In Tatsuaki Okamoto, editor, Advances in Cryptology - ASIACRYPT 2000, volume LNCS 1976, pages 489-502. Springer, 2000.

Digital Library

[4]

J. Blömer, J. Guajardo, and V. Krummel. Provably Secure Masking of AES. In H. Handschuh and M. Anwar Hasan, editors, Selected Areas in Cryptography -- SAC 2004, volume 3357, pages 69-83. Springer-Verlag, August 2004.

Digital Library

[5]

E. Brier, C. Clavier, and F. Olivier. Correlation Power Analysis with a Leakage Model. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems -- CHES 2004, volume 3156, pages 16-29. Springer-Verlag, 2004.

[6]

S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi. A Cautionary Note Regarding the Evaluation of AES Candidates on Smart Cards. In Proceedings: Second AES Candidate Conference (AES2), Rome, Italy, March 1999.

[7]

S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi. Towards Sound Approaches to Counteract Power-Analysis Attacks. In Advances in Cryptology -- CRYPTO '99, volume LNCS 1666, pages 398 - 412. Springer-Verlag, August 1999.

Digital Library

[8]

C. Clavier and J.-S. Coron. On Boolean and Arithmetic Masking against Differential Power Analysis. In Ç. K. Koç. and C. Paar, editors, Cryptographic Hardware and Embedded Systems -- CHES 2000, volume LNCS 1965, pages 231 - 237. Springer-Verlag, 2000.

Digital Library

[9]

N. T. Courtois and L. Goubin. An Algebraic Masking Method to Protect AES Against Power Attacks. http://eprint.iacr.org/2005/204.pdf, 2005. Cryptology ePrint Archive: Report 2005/204.

[10]

J. Daemen and V. Rijmen. The Design of Rijndael. Springer Verlag, Berlin, 2002.

Digital Library

[11]

J. D. Golic and C. Tymen. Multiplicative Masking and Power Analysis of AES. In B.S. Kaliski, Ç.K. Koç., and C. Paar, editors, Cryptographic Hardware and Embedded Systems -- CHES 2002, volume 2523, pages 198-212. Springer-Verlag, 2002.

Digital Library

[12]

M. Joye, P. Paillier, and B. Schoenmakers. On Second-Order Differential Power Analysis. In accepted to Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer-Verlag, 2005.

Digital Library

[13]

P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis: Leaking Secrets. In Advances in Cryptology -- CRYPTO '99, volume LNCS 1666, pages 388-397. Springer-Verlag, 1999.

Digital Library

[14]

K. Lemke, K. Schramm, and C. Paar. DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6 and the HMAC-Construction. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems -- CHES 2004, volume 3156, pages 205-219. Springer-Verlag, August 2004.

[15]

T. S. Messerges. Securing the AES Finalists Against Power Analysis Attacks. In B. Schneier, editor, Fast Software Encryption -- FSE 2000, volume LNCS 1978, pages 150 - 164. Springer-Verlag, 2000.

Digital Library

[16]

T. S. Messerges. Using Second-Order Power Analysis to Attack DPA Resistant Software. In Ç. K. Koç. and C. Paar, editors, Cryptographic Hardware and Embedded Systems -- CHES 2000, volume LNCS 1965, pages 238 - 251. Springer-Verlag, 2000.

Digital Library

[17]

T. S. Messerges, E. A. Dabbish, and R. H. Sloan. Investigations of Power Analysis Attacks on Smartcards. In USENIX Workshop on Smartcard Technology, pages 151-162, 1999.

Digital Library

[18]

E. Oswald and K. Schramm. An Efficient Masking Scheme for AES Software Implementations. In Workshop on Information Security Applications -- WISA 2005. Springer-Verlag, 2005.

Digital Library

[19]

A. G. Rostovtsev and O.V. Shemyakina. AES Side Channel Attack Protection Using Random Isomorphisms. http://eprint.iacr.org/2005/087.pdf, 2005. Cryptology ePrint Archive: Report 2005/087.

[20]

E. Trichina, D.S. Seta, and L. Germani. Simplified AdaptiveMultiplicativeMasking for AES. In B.S. Kaliski, Ç. K. Koç., and C. Paar, editors, Cryptographic Hardware and Embedded Systems -- CHES 2002, volume 2523, pages 187-197. Springer-Verlag, 2002.

Digital Library

[21]

J. Waddle and D. Wagner. Towards Efficient Second-Order Power Analysis. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems -- CHES 2004, volume 3156, pages 1-15. Springer-Verlag, 2004.

Cited By

Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Wu LPerin GPicek S(2023)Not so Difficult in the End: Breaking the Lookup Table-Based Affine Masking SchemeSelected Areas in Cryptography – SAC 202310.1007/978-3-031-53368-6_5(82-96)Online publication date: 14-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-53368-6_5
Ghosal ARoychowdhury D(2022)Strengthening the Security of AES Against Differential Fault AttackNetwork and System Security10.1007/978-3-031-23020-2_41(727-744)Online publication date: 9-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-23020-2_41
Show More Cited By

Index Terms

Higher order masking of the AES
1. Information systems
  1. Data management systems
    1. Data structures
      1. Data layout
        Data encryption
2. Security and privacy
  1. Cryptography

Index terms have been assigned to the content through auto-classification.

Recommendations

Side Channel Cryptanalysis of a Higher Order Masking Scheme
CHES '07: Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems

In the recent years, DPA attacks have been widely investigated. In particular, 2-nd order DPA have been improved and successfully applied to break many masked implementations. In this context a higher order masking scheme has been proposed by Schramm ...
Orthogonal Direct Sum Masking
Proceedings of the 8th IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Securing the Internet of Things - Volume 8501

Secure elements, such as smartcards or trusted platform modules (TPMs), must be protected against implementation-level attacks. Those include side-channel and fault injection attacks. We introduce ODSM, Orthogonal Direct Sum Masking, a new computation ...
Related-key rectangle attacks on reduced AES-192 and AES-256
FSE'07: Proceedings of the 14th international conference on Fast Software Encryption

This paper examines the security of AES-192 and AES-256 against a related-key rectangle attack. We find the following new attacks: 8-round reduced AES-192 with 2 related keys, 10-round reduced AES-192 with 64 or 256 related keys and 9-round reduced AES-...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

CT-RSA'06: Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology

February 2006

364 pages

ISBN:3540310339

Editor:
David Pointcheval
Ecole Normale Supérieure - LIENS/CNRS/INRIA, France

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 13 February 2006

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

55
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Wu LPerin GPicek S(2023)Not so Difficult in the End: Breaking the Lookup Table-Based Affine Masking SchemeSelected Areas in Cryptography – SAC 202310.1007/978-3-031-53368-6_5(82-96)Online publication date: 14-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-53368-6_5
Ghosal ARoychowdhury D(2022)Strengthening the Security of AES Against Differential Fault AttackNetwork and System Security10.1007/978-3-031-23020-2_41(727-744)Online publication date: 9-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-23020-2_41
Nikova SRechberger CRijmen V(2022)Threshold Implementations Against Side-Channel Attacks and GlitchesInformation and Communications Security10.1007/11935308_38(529-545)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/11935308_38
Gao PXie HSong FChen T(2021)A Hybrid Approach to Formal Verification of Higher-Order Masked Arithmetic ProgramsACM Transactions on Software Engineering and Methodology10.1145/342801530:3(1-42)Online publication date: 11-Feb-2021
https://dl.acm.org/doi/10.1145/3428015
Belaïd SRivain MTaleb AVergnaud D(2021)Dynamic Random Probing Expansion with Quasi Linear Asymptotic ComplexityAdvances in Cryptology – ASIACRYPT 202110.1007/978-3-030-92075-3_6(157-188)Online publication date: 6-Dec-2021
https://dl.acm.org/doi/10.1007/978-3-030-92075-3_6
Gao PGrundy JLe Goues CLo D(2020)Formal verification of masking countermeasures for arithmetic programsProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3418920(1385-1387)Online publication date: 21-Dec-2020
https://dl.acm.org/doi/10.1145/3324884.3418920
Ouladj MGuilley SProuff E(2020)On the Implementation Efficiency of Linear Regression-Based Side-Channel AttacksConstructive Side-Channel Analysis and Secure Design10.1007/978-3-030-68773-1_8(147-172)Online publication date: 1-Apr-2020
https://dl.acm.org/doi/10.1007/978-3-030-68773-1_8
Gao PZhang JSong FWang C(2019)Verifying and Quantifying Side-channel Resistance of Masked Software ImplementationsACM Transactions on Software Engineering and Methodology10.1145/333039228:3(1-32)Online publication date: 18-Jul-2019
https://dl.acm.org/doi/10.1145/3330392
Landry SLinge YProuff E(2019)Monomial Evaluation of Polynomial Functions Protected by Threshold ImplementationsInformation Security Theory and Practice10.1007/978-3-030-41702-4_5(66-84)Online publication date: 11-Dec-2019
https://dl.acm.org/doi/10.1007/978-3-030-41702-4_5
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents