Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
The Wide Trail Design Strategy
Proceedings of the 8th IMA International Conference on Cryptography and Coding
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Grain: a stream cipher for constrained environments
International Journal of Wireless and Mobile Computing
Side Channel Cryptanalysis of a Higher Order Masking Scheme
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
New Stream Cipher Designs
Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis
Fast Software Encryption
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Known-key distinguishers for some block ciphers
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
A very compact "Perfectly masked" S-box for AES
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Provably secure higher-order masking of AES
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Generic side-channel distinguishers: improvements and limitations
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Higher-order glitches free implementation of the AES using secure multi-party computation protocols
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
A fast and provably secure higher-order masking of AES S-box
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
A side-channel analysis resistant description of the AES s-box
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Higher order masking of the AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Side-channel leakage of masked CMOS gates
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
An efficient masking scheme for AES software implementations
WISA'05 Proceedings of the 6th international conference on Information Security Applications
PICARO: a block cipher allowing efficient higher-order side-channel resistance
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
PRINCE: a low-latency block cipher for pervasive computing applications
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
The design and analysis of lightweight block ciphers has been a very active research area over the last couple of years, with many innovative proposals trying to optimize different performance figures. However, since these block ciphers are dedicated to low-cost embedded devices, their implementation is also a typical target for side-channel adversaries. As preventing such attacks with countermeasures usually implies significant performance overheads, a natural open problem is to propose new algorithms for which physical security is considered as an optimization criteria, hence allowing better performances again. We tackle this problem by studying how much we can tweak standard block ciphers such as the AES Rijndael in order to allow efficient masking (that is one of the most frequently considered solutions to improve security against side-channel attacks). For this purpose, we first investigate alternative S-boxes and round structures. We show that both approaches can be used separately in order to limit the total number of non-linear operations in the block cipher, hence allowing more efficient masking. We then combine these ideas into a concrete instance of block cipher called Zorro. We further provide a detailed security analysis of this new cipher taking its design specificities into account, leading us to exploit innovative techniques borrowed from hash function cryptanalysis (that are sometimes of independent interest). Eventually, we conclude the paper by evaluating the efficiency of masked Zorro implementations in an 8-bit microcontroller, and exhibit their interesting performance figures.