CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Compact Rijndael Hardware Architecture with S-Box Optimization
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Using Second-Order Power Analysis to Attack DPA Resistant Software
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
An Implementation of DES and AES, Secure against Some Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Multiplicative Masking and Power Analysis of AES
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
An Optimized S-Box Circuit Architecture for Low Power AES Design
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Simplified Adaptive Multiplicative Masking for AES
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Provably secure masking of AES
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
A side-channel analysis resistant description of the AES s-box
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Practical second-order DPA attacks for masked smart card implementations of block ciphers
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Higher order masking of the AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Side-channel leakage of masked CMOS gates
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Small size, low power, side channel-immune AES coprocessor: design and synthesis results
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Successfully attacking masked AES hardware implementations
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Masked dual-rail pre-charge logic: DPA-resistance without routing constraints
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Masking at gate level in the presence of glitches
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
On second-order differential power analysis
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
DPA leakage models for CMOS logic circuits
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Proceedings of the 44th annual Design Automation Conference
Dual-rail transition logic: A logic style for counteracting power analysis attacks
Computers and Electrical Engineering
Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches
Information Security and Cryptology --- ICISC 2008
Practical Attacks on Masked Hardware
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Side-Channel Leakage in Masked Circuits Caused by Higher-Order Circuit Effects
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Vulnerability modeling of cryptographic hardware to power analysis attacks
Integration, the VLSI Journal
Design of a differential power analysis resistant masked AES S-box
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Compact and secure design of masked AES S-box
ICICS'07 Proceedings of the 9th international conference on Information and communications security
A very compact "Perfectly masked" S-box for AES
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Correlation-enhanced power analysis collision attack
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
On side-channel resistant block cipher usage
ISC'10 Proceedings of the 13th international conference on Information security
Correlation power analysis based on switching glitch model
WISA'10 Proceedings of the 11th international conference on Information security applications
Leakage squeezing countermeasure against high-order attacks
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
First principal components analysis: a new side channel distinguisher
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Higher-order glitches free implementation of the AES using secure multi-party computation protocols
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Masking with randomized look up tables
Cryptography and Security
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Hardware trojan design and detection: a practical evaluation
Proceedings of the Workshop on Embedded Systems Security
On measurable side-channel leaks inside ASIC design primitives
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
This article starts with a discussion of three different attacks on masked AES hardware implementations. This discussion leads to the conclusion that glitches in masked circuits pose the biggest threat to masked hardware implementations in practice. Motivated by this fact, we pinpointed which parts of masked AES S-boxes cause the glitches that lead to side-channel leakage. The analysis reveals that these glitches are caused by the switching characteristics of XOR gates in masked multipliers. Masked multipliers are basic building blocks of most recent proposals for masked AES S-boxes. We subsequently show that the side-channel leakage of the masked multipliers can be prevented by fulfilling timing constraints for 3 $\textperiodcentered$n XOR gates in each GF(2n) multiplier of an AES S-box. We also briefly present two approaches on how these timing constraints can be fulfilled in practice.