Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Affine masking against higher-order side channel analysis
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Protecting AES with Shamir's secret sharing scheme
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Masking with randomized look up tables
Cryptography and Security
Masking vs. multiparty computation: how large is the gap for AES?
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
The classic "black-box" view of cryptographic devices such as smart cards has been invalidated by the advent of the technique of Differential Power Analysis (DPA) for observing intermediate variables during normal operation through side-channel observations. An information-theoretic approach leads to optimal DPA attacks and can provide an upper bound on the rate of information leakage, and thus provides a sound basis for evaluating countermeasures. This paper presents a novel technique of random affine mappings as a DPA countermeasure. The technique increases the number of intermediate variables that must be observed before gleaning any secret information and randomly varies these variables on every run. This is done without duplication of the processing of variables, allowing very efficient DPA resistant cipher implementations where the ciphers are designed to minimise overheads. A real-world system has been developed within the tight computational constraints of a smart card to exhibit first-order DPA-resistance for all key processing.