Communications of the ACM
Evaluation of polynomials by computer
Communications of the ACM
Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
A Compact Rijndael Hardware Architecture with S-Box Optimization
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Securing the AES Finalists Against Power Analysis Attacks
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
A Fast and Secure Implementation of Sflash
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Using Second-Order Power Analysis to Attack DPA Resistant Software
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
An Implementation of DES and AES, Secure against Some Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Side Channel Cryptanalysis of a Higher Order Masking Scheme
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Evaluation of the Masked Logic Style MDPL on a Prototype Chip
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis
Fast Software Encryption
Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches
Information Security and Cryptology --- ICISC 2008
A generic method for secure Sbox implementation
WISA'07 Proceedings of the 8th international conference on Information security applications
Provably secure higher-order masking of AES
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
A fast and provably secure higher-order masking of AES S-box
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Thwarting higher-order side channel analysis with additive and multiplicative maskings
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Provably secure masking of AES
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Higher order masking of the AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Side-channel leakage of masked CMOS gates
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Successfully attacking masked AES hardware implementations
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Protecting circuits from leakage: the computationally-bounded and noisy cases
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
On the use of shamir's secret sharing against side-channel analysis
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Analysis and improvement of the generic higher-order masking scheme of FSE 2012
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
Masking is a common countermeasure against side-channel attacks. The principle is to randomly split every sensitive intermediate variable occurring in the computation into d+1 shares, where d is called the masking order and plays the role of a security parameter. The main issue while applying masking to protect a block cipher implementation is to design an efficient scheme for the s-box computations. Actually, masking schemes with arbitrary order only exist for Boolean circuits and for the AES s-box. Although any s-box can be represented as a Boolean circuit, applying such a strategy leads to inefficient implementation in software. The design of an efficient and generic higher-order masking scheme was hence until now an open problem. In this paper, we introduce the first masking schemes which can be applied in software to efficiently protect any s-box at any order. We first describe a general masking method and we introduce a new criterion for an s-box that relates to the best efficiency achievable with this method. Then we propose concrete schemes that aim to approach the criterion. Specifically, we give optimal methods for the set of power functions, and we give efficient heuristics for the general case. As an illustration we apply the new schemes to the DES and PRESENT s-boxes and we provide implementation results.