How to construct pseudorandom permutations from single pseudorandom functions
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Securing the AES Finalists Against Power Analysis Attacks
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Using Second-Order Power Analysis to Attack DPA Resistant Software
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Differential Power Analysis in the Presence of Hardware Countermeasures
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
An Implementation of DES and AES, Secure against Some Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
Side Channel Cryptanalysis of a Higher Order Masking Scheme
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis
Fast Software Encryption
Attacking State-of-the-Art Software Countermeasures--A Case Study for AES
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
A New DPA Countermeasure Based on Permutation Tables
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Statistical Analysis of Second Order Differential Power Analysis
IEEE Transactions on Computers
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Practical second-order DPA attacks for masked smart card implementations of block ciphers
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Higher order masking of the AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
On second-order differential power analysis
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
An AES smart card implementation resistant to power analysis attacks
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Template attacks on masking—resistance is futile
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Provably secure higher-order masking of AES
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Affine masking against higher-order side channel analysis
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Power analysis attack and countermeasure on the Rabbit Stream Cipher (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Formal framework for the evaluation of waveform resynchronization algorithms
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Leakage squeezing countermeasure against high-order attacks
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Protecting AES with Shamir's secret sharing scheme
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Fresh re-keying: security against side-channel and fault attacks for low-cost devices
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
A code morphing methodology to automate power analysis countermeasures
Proceedings of the 49th Annual Design Automation Conference
Shuffling against side-channel attacks: a comprehensive study with cautionary note
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Attacks on implementations of cryptographic algorithms: side-channel and fault attacks
Proceedings of the 6th International Conference on Security of Information and Networks
| Hi-index | 0.00 |
Differential Power Analysis (DPA) is a powerful side channel key recovery attack that efficiently breaks block ciphers implementations. In software, two main techniques are usually applied to thwart them: masking and operations shuffling. To benefit from the advantages of the two techniques, recent works have proposed to combine them. However, the schemes which have been designed until now only provide limited resistance levels and some advanced DPA attacks have turned out to break them. In this paper, we investigate the combination of masking and shuffling. We moreover extend the approach with the use of higher-order masking and we show that it enables to significantly improve the security level of such a scheme. We first conduct a theoretical analysis in which the efficiency of advanced DPA attacks targeting masking and shuffling is quantified. Based on this analysis, we design a generic scheme combining higher-order masking and shuffling. This scheme is scalable and its security parameters can be chosen according to any desired resistance level. As an illustration, we apply it to protect a software implementation of AES for which we give several security/efficiency trade-offs.