The Design of Rijndael
Towards Sound Approaches to Counteract Power-Analysis Attacks
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Securing the AES Finalists Against Power Analysis Attacks
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
DES and Differential Power Analysis (The "Duplication" Method)
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
An Implementation of DES and AES, Secure against Some Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Multiplicative Masking and Power Analysis of AES
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Current mask generation: a transistor level security against DPA attacks
SBCCI '05 Proceedings of the 18th annual symposium on Integrated circuits and system design
Overcoming glitches and dissipation timing skews in design of DPA-resistant cryptographic hardware
Proceedings of the conference on Design, automation and test in Europe
Computational Intelligence and Security
Side Channel Cryptanalysis of a Higher Order Masking Scheme
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design
Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches
Information Security and Cryptology --- ICISC 2008
A simple power-analysis (SPA) attack on implementations of the AES key expansion
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Design of a differential power analysis resistant masked AES S-box
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
ICISS'07 Proceedings of the 3rd international conference on Information systems security
A low overhead DPA countermeasure circuit based on ring oscillators
IEEE Transactions on Circuits and Systems II: Express Briefs
Secure multiplicative masking of power functions
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Thwarting higher-order side channel analysis with additive and multiplicative maskings
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Provably secure masking of AES
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
A side-channel analysis resistant description of the AES s-box
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Pinpointing the side-channel leakage of masked AES hardware implementations
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Provably secure s-box implementation based on fourier transform
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
On highly nonlinear s-boxes and their inability to thwart DPA attacks
INDOCRYPT'05 Proceedings of the 6th international conference on Cryptology in India
Higher order masking of the AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
DPA-resistant finite field multipliers and secure AES design
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Side-channel leakage of masked CMOS gates
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Secure and efficient AES software implementation for smart cards
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Small size, low power, side channel-immune AES coprocessor: design and synthesis results
AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard
Successfully attacking masked AES hardware implementations
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Secure AES hardware module for resource constrained devices
ESAS'04 Proceedings of the First European conference on Security in Ad-hoc and Sensor Networks
An efficient masking scheme for AES software implementations
WISA'05 Proceedings of the 6th international conference on Information Security Applications
An algebraic masking method to protect AES against power attacks
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
PKDPA: an enhanced probabilistic differential power attack methodology
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Randomized Instruction Injection to Counter Power Analysis Attacks
ACM Transactions on Embedded Computing Systems (TECS)
AES side-channel countermeasure using random tower field constructions
Designs, Codes and Cryptography
| Hi-index | 0.00 |
Software counter measures against side channel attacks considerably hinder performance of cryptographic algorithms in terms of memory or execution time or both. The challenge is to achieve secure implementation with as little extra cost as possible. In this paper we optimize a counter measure for the AES block cipher consisting in transforming a boolean mask to a multiplicative mask prior to a non-linear Byte Substitution operation (thus, avoiding S-box re-computations for every run or storing multiple S-box tables in RAM), while preserving a boolean mask everywhere else. We demonstrate that it is possible to achieve such transformation for a cost of two additional multiplications in the field.However, due to an inherent vulnerability of multiplicative masking to so-called zero attack, an additional care must be taken to securize its implementation. We describe one possible, although not perfect, approach to such an implementation which combines algebraic techniques and partial re-computation of S-boxes. This adds one more multiplication operation, and either occasional S-box re-computations or extra 528 bytes of memory to the total price of the counter measure.