Characterization of Linear Structures
Designs, Codes and Cryptography
Using Second-Order Power Analysis to Attack DPA Resistant Software
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Design principles for tamper-resistant smartcard processors
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Gaussian Mixture Models for Higher-Order Side Channel Analysis
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Practical Attacks on Masked Hardware
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Statistical Analysis of Second Order Differential Power Analysis
IEEE Transactions on Computers
Mutual Information Analysis: How, When and Why?
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
A generic method for secure Sbox implementation
WISA'07 Proceedings of the 8th international conference on Information security applications
A stochastic model for differential side channel cryptanalysis
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Towards super-exponential side-channel security with efficient leakage-resilient PRFs
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
RSM: a small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs
DATE '12 Proceedings of the Conference on Design, Automation and Test in Europe
Hi-index | 0.00 |
We introduce a masking strategy for hardware that prevents any side-channel attacker from recovering uniquely the secret key of a cryptographic device. In this masking scheme, termed homomorphic, the sensitive data is exclusive-ored with a random value that belongs to a given set. We show that if this masking set is concealed, then no information about the cryptographic key leaks. If the masking set is public (or disclosed), then any (high-order) attack reveals a group of equiprobable keys. Those results are applied to the case of the AES, where sensitive variables are bytes. To any mask corresponds a masked substitution box. We prove that there exists a homomorphic masking with 16 masks (hence a number of substitution boxes equal to that of the same algorithm without masking) that resists mono-variate first-, second-, and third-order side-channel attacks. Furthermore, even if the masking set is public, each byte of the correct key is found only ex æquo with 15 incorrect ones, making the side-channel analysis insufficient alone -- the remaining key space shall be explored by other means (typically exhaustive search). Thus, our homomorphic masking strategy allows both to increase the number of side-channel measurements and to demand for a final non negligible brute-forcing (of complexity 16NB = 264 for AES, that has NB = 16 substitution boxes). The hardware implementation of the Rotating Substitution boxes Masking (RSM) is a practical instantiation of our homomorphic masking countermeasure.