DPA Countermeasure Based on the "Masking Method"
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
On Boolean and Arithmetic Masking against Differential Power Analysis
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation
Proceedings of the conference on Design, automation and test in Europe - Volume 1
Random Switching Logic: A New Countermeasure against DPA and Second-Order DPA at the Logic Level
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Masking and Dual-Rail Logic Don't Add Up
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Attack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Changing the odds against masked logic
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Provably secure s-box implementation based on fourier transform
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Combination of SW countermeasure and CPU modification on FPGA against power analysis
WISA'10 Proceedings of the 11th international conference on Information security applications
AES side-channel countermeasure using random tower field constructions
Designs, Codes and Cryptography
Hi-index | 0.00 |
At CHES 2006, Prouff et al. proposed a novel S-box calculation based on the discrete Fourier transform as a first-order DPA countermeasure. At CHES 2008, Coron et al. showed that the original countermeasure can be broken by first-order DPA due to a biased mask and they proposed an improved algorithm. This paper shows that there is still a flaw in the Coron's S-box algorithm with respect to a practical software implementation. We pre-process the power traces to separate them into two subgroups, each has a biased mask. For the separated power traces, we propose two post analysis methods to identify the key. One is based on CPA attack against one subgroup, and the other is utilizing the difference of means for two subgroups and a pattern matching. Finally, we compare these two attack methods and propose an algorithm level countermeasure to enhance the security of Coron's S-box.