Skip to main content
SpringerLink
Log in

AES side-channel countermeasure using random tower field constructions

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Masking schemes to secure AES implementations against side-channel attacks is a topic of ongoing research. The most sensitive part of the AES is the non-linear SubBytes operation, in particular, the inversion in GF(28), the Galois field of 28 elements. In hardware implementations, it is well known that the use of the tower of extensions \({GF(2)\subset GF(2^2)\subset GF(2^4)\subset GF(2^8)}\) leads to a more efficient inversion. We propose to use a random isomorphism instead of a fixed one. Then, we study the effect of this randomization in terms of security and efficiency. Considering the field extension GF(28)/GF(24), the inverse operation leads to computation of its norm in GF(24). Hence, in order to thwart side-channel attack, we manage to spread the values of norms over GF(24). Combined with a technique of boolean masking in tower fields, our countermeasure strengthens resistance against first-order differential side-channel attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Akkar M., Giraud C.: An implementation of DES and AES, Secure against some attacks. In: CHES 2001. Lecture Notes in Computer Science, vol. 2162, pp. 309–318. Springer, Heidelberg (2001).

  2. ATMEL: ATmega 2561 data sheet (2011). http://www.atmel.com/dyn/resources/prod_documents/doc2549.pdf.

  3. Blömer J., Guajardo J., Krummel V.: Provably secure masking of AES. In: Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 3357, pp. 69–83. Springer, Heidelberg (2005).

  4. Brier E., Clavier C., Olivier F.: Correlation power analysis with a leakage model. In: CHES 2004. Lecture Notes in Computer Science, vol. 3156, pp. 135–152. Springer, Heidelberg (2004).

  5. Brier E., Déchène I., Joye M.: Unified point addition formulæ for elliptic curve cryptosystems. In: Nedjah N., Mourelle L.M. (eds.) Embedded Cryptographic Hardware: Methodologies and Architectures, pp. 247–256. Nova Science, New York (2004).

  6. Canright D.: A very compact S-box for AES. In: CHES 2005. Lecture Notes in Computer Science, vol. 3659, pp. 441–455. Springer, Heidelberg (2005).

  7. Canright D., Batina L.: A very compact “perfectly masked” S-Box for AES. In: ACNS 2008, pp. 446–459. Springer, Heidelberg (2008).

  8. Coron J., Kizhvatov I.: Analysis of the split mask countermeasure for embedded systems. In: Proceedings of the 4th Workshop on Embedded Systems Security, Grenoble, pp. 1–10 (2009).

  9. Coron J., Giraud C., Prouff E., Rivain M.: Attack and improvement of a secure S-box calculation based on the Fourier transform. In: CHES 2008. Lecture Notes in Computer Science, vol. 5154, pp. 1–14. Springer, Heidelberg (2008).

  10. Doget J., Prouff E., Rivain M., Standaert F.-X.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)

    Article  Google Scholar 

  11. Genelle L., Prouff E., Quisquater M.: Secure multiplicative masking of power functions. In: ACNS 2010. Lecture Notes in Computer Science, vol. 6123, pp. 200–217. Springer, Heidelberg (2010).

  12. Genelle L., Prouff E., Quisquater M.: Montgomery’s trick and fast implementation of masked AES. In: AFRICACRYPT 2011. Lecture Notes in Computer Science, vol. 6737, pp. 153–169. Springer, Heidelberg (2011).

  13. Gierlichs B., Batina L., Tuyls P., Preneel B.: Mutual information analysis—a generic side-channel distinguisher. In: CHES 2008. Lecture Notes in Computer Science, vol. 5154, pp. 426–442. Springer, Heidelberg (2008).

  14. Golić J., Tymen C.: Multiplicative masking and power analysis of AES. In: CHES 2002, Lecture Notes in Computer Science, vol. 2535, pp. 31–47. Springer, Heidelberg (2002).

  15. Itoh K., Takenaka M., Torii N.: DPA countermeasure based on the “masking method”. In: ICISC 2001. Lecture Notes in Computer Science, vol. 2288, pp. 440–456. Springer, Heidelberg (2002).

  16. Kocher P., Jaffe J., Jun B.: Differential power analysis. In: CRYPTO 1999. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).

  17. Li Y., Sakiyama K., Kawamura S., Komano Y., Ohta K.: Security evaluation of a DPA-resistant S-Box based on the Fourier transform. In: Information and Communications Security, Lecture Notes in Computer Science, vol. 5927, pp. 3–16. Springer, Heidelberg (2009).

  18. Mangard S., Pramstaller N., Oswald E.: Successfully attacking masked AES hardware implementations. In: CHES 2005. Lecture Notes in Computer Science, vol. 3659, pp. 157–171. Springer, Heidelberg (2005).

  19. Mangard S., Oswald E., Standaert F.-X.: One for all–all for one: Unifying standard DPA attacks. IET Information Security, Cryptology ePrint Archive, Report 2009/449 (in press) (2009).

  20. Messerges T.: Securing the AES finalists against power analysis attacks. In: Fast Software Encryption. Lecture Notes in Computer Science, vol. 1978, pp. 293–301. Springer, Heidelberg (2001).

  21. Messerges T.S., Dabbish E.A., Sloan R.H.: Investigations of power analysis attacks on smartcards. In: USENIX Workshop on Smartcard Technology, Chicago, pp. 151–162 (1999).

  22. Messerges T.S., Dabbish E.A., Sloan R.H.: Power analysis attacks of modular exponentiation in smartcard. In: CHES 1999. Lecture Notes in Computer Science, vol. 1717, pp. 144–157. Springer, Heidelberg (1999).

  23. Morioka S., Satoh A.: An optimized S-Box circuit architecture for low power AES design. In: CHES 2002. Lecture Notes in Computer Science, vol. 2523, pp. 271–295. Springer, Heidelberg (2002).

  24. National Institute Standards and Technology: Data encryption standard (DES). Publication 46–2 (1993).

  25. National Institute Standards and Technology: Advanced encryption standard (AES). Publication 197 (2001).

  26. Nikova S., Rijmen V., Schläffer M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)

    Article  MATH  Google Scholar 

  27. Nogami Y., Nekado K., Toyota T., Hongo N.Y.M.: Mixed bases for efficient inversion in \({\mathbb{F}_{((2^2)^2)^2}}\) and conversion matrices of SubBytes of AES. In: CHES 2010. Lecture Notes in Computer Science, vol. 6225, pp. 234–247. Springer, Heidelberg (2010).

  28. Oswald E., Schramm K.: An efficient masking scheme for AES software implementations. In: Information Security Applications. Lecture Notes in Computer Science, vol. 3786, pp. 292–305. Springer, Heidelberg (2006).

  29. Oswald E., Mangard S., Pramstaller N.: Secure and efficient masking of AES-A mission impossible. Cryptology ePrint Archive, Report 2004/134 (2004).

  30. Oswald E., Mangard S., Pramstaller N., Rijmen V.: A side-channel analysis resistant description of the AES S-Box. In: Fast Software Encryption. Lecture Notes in Computer Science, vol. 3557, pp. 413–423. Springer, Heidelberg (2005).

  31. Prouff E., Roche T.: Higher-order glitches free implementation of the AES using secure multi-party computation protocols. In: CHES 2011. Lecture Notes in Computer Science, vol. 6917, pp. 63–78. Springer, Heidelberg (2011).

  32. Prouff E., Giraud C., Aumônier S.: Provably secure S-box implementation based on Fourier transform. In: CHES 2006. Lecture Notes in Computer Science, vol. 4249, pp. 216–230. Springer, Heidelberg (2006).

  33. Rostovtsev A., Shemyakina O.: AES side channel attack protection using random isomorphisms. Cryptology ePrint Archive, Report 2005/087 (2005).

  34. Rudra A., Dubey P., Jutla C., Kumar V., Rao J., Rohatgi P.: Efficient Rijndael encryption implementation with composite field arithmetic. In: CHES 2001. Lecture Notes in Computer Science, vol. 2162, pp. 171–184. Springer, Heidelberg (2001).

  35. Standaert F.X., Malkin T., Yung M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT 2009. Lecture Notes in Computer Science, vol. 5479, pp. 443–461. Springer, Heidelberg (2009).

  36. Trichina E., Korkishko L.: Secure and efficient AES software implementation for smart cards. In: Information Security Applications. Lecture Notes in Computer Science, vol. 3325, pp. 425–439. Springer, Heidelberg (2005).

  37. Trichina, E., De Seta D., Germani L.: Simplified adaptive multiplicative masking for AES. In: CHES 2002. Lecture Notes in Computer Science, vol. 2523, pp. 71–85. Springer, Heidelberg (2003).

  38. Wolkerstorfer J., Oswald E., Lamberger M.: An ASIC implementation of the AES SBoxes. In: CT-RSA 2002. Lecture Notes in Computer Science, vol. 2271, pp. 29–52. Springer, Heidelberg (2002).

Download references

Author information

Authors and Affiliations

  1. Aix-Marseille University, IML, ERISCS, 13288, Marseille Cedex 09, France

    Alexis Bonnecaze

  2. Université de Provence, LATP, 13453, Marseille Cedex 13, France

    Pierre Liardet

  3. Inside Secure, Avenue de la Victoire, Z.I. Rousset, 13790, Rousset, France

    Alexandre Venelli

Authors
  1. Alexis Bonnecaze
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierre Liardet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexandre Venelli
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alexis Bonnecaze.

Additional information

Communicated by C. Cid.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bonnecaze, A., Liardet, P. & Venelli, A. AES side-channel countermeasure using random tower field constructions. Des. Codes Cryptogr. 69, 331–349 (2013). https://doi.org/10.1007/s10623-012-9670-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-012-9670-x

Keywords

Mathematics Subject Classification

Search

Navigation