A proposal for a new block encryption standard
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
A New Version of the Stream Cipher SNOW
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
A Sound Method for Switching between Boolean and Arithmetic Masking
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Secure multiple SBoxes implementation with arithmetically masked input
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Compiler-based side channel vulnerability analysis and optimized countermeasures application
Proceedings of the 50th Annual Design Automation Conference
| Hi-index | 0.00 |
A large number of secret key cryptographic algorithms combine Boolean and arithmetic instructions. To protect such algorithms against first order side channel analysis, it is necessary to perform conversions between Boolean masking and arithmetic masking. Louis Goubin proposed in [5] an efficient method to convert from Boolean to arithmetic masking. However the conversion method he also proposed in [5] to switch from arithmetic to Boolean is less efficient and could be a bottleneck in some implementations. Two faster methods were proposed in [2] and [9], both using precomputed tables. We show in this paper that the algorithm in [2] is bugged, and propose an efficient correction. Then, we propose an alternative to the algorithm in [9] with a valuable timing/ memory tradeoff. This new method offers better security in practice and is well adapted for 8-bit architectures in terms of time performance (3.3 times faster than Goubin's algorithm for one single conversion).