Communications of the ACM
The Design of Rijndael
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Essential Algebraic Structure within the AES
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches
Information Security and Cryptology --- ICISC 2008
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
A very compact "Perfectly masked" S-box for AES
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Correlation-enhanced power analysis collision attack
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Provably secure higher-order masking of AES
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Mutual Information Analysis: a Comprehensive Study
Journal of Cryptology - Special Issue on Hardware and Security
Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches
Journal of Cryptology - Special Issue on Hardware and Security
Side-Channel Resistant Crypto for Less than 2,300 GE
Journal of Cryptology - Special Issue on Hardware and Security
Higher-order glitches free implementation of the AES using secure multi-party computation protocols
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Protecting AES with Shamir's secret sharing scheme
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Threshold implementations against side-channel attacks and glitches
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
A side-channel analysis resistant description of the AES s-box
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Successfully attacking masked AES hardware implementations
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Statistical tools flavor side-channel collision attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Threshold implementations of all 3×3 and 4×4 s-boxes
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
How far should theory be from practice?: evaluation of a countermeasure
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
Several masking schemes to protect cryptographic implementations against side-channel attacks have been proposed. A few considered the glitches, and provided security proofs in presence of such inherent phenomena happening in logic circuits. One which is based on multi-party computation protocols and utilizes Shamir's secret sharing scheme was presented at CHES 2011. It aims at providing security for hardware implementations --- mainly of AES --- against those sophisticated side-channel attacks that also take glitches into account. One part of this article deals with the practical issues and relevance of the aforementioned masking scheme. Following the recommendations given in the extended version of the mentioned article, we first provide a guideline on how to implement the scheme for the simplest settings. Constructing an exemplary design of the scheme, we provide practical side-channel evaluations based on a Virtex-5 FPGA. Our results demonstrate that the implemented scheme is indeed secure against univariate power analysis attacks given a basic measurement setup. In the second part of this paper we show how using very simple changes in the measurement setup opens the possibility to exploit multivariate leakages while still performing a univariate attack. Using these techniques the scheme under evaluation can be defeated using only a moderate number of measurements. This is applicable not only to the scheme showcased here, but also to most other known masking schemes where the shares of sensitive values are processed in adjacent clock cycles.