Cryptographers’ Track at the RSA Conference

CT-RSA 2006: Topics in Cryptology – CT-RSA 2006 pp 208-225

Higher Order Masking of the AES

  • Kai Schramm
  • Christof Paar
Conference paper

DOI: 10.1007/11605805_14

Volume 3860 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Schramm K., Paar C. (2006) Higher Order Masking of the AES. In: Pointcheval D. (eds) Topics in Cryptology – CT-RSA 2006. CT-RSA 2006. Lecture Notes in Computer Science, vol 3860. Springer, Berlin, Heidelberg

Abstract

The development of masking schemes to secure AES implementations against side channel attacks is a topic of ongoing research. Many different approaches focus on the AES S-box and have been discussed in the previous years. Unfortunately, to our knowledge most of these countermeasures only address first-order DPA. In this article, we discuss the theoretical background of higher order DPA. We give the expected measurement costs an adversary has to deal with for different hardware models. Moreover, we present a masking scheme which protects an AES implementation against higher order DPA. We have implemented this masking scheme for various orders and present the corresponding performance details implementors will have to expect.

Keywords

AES Higher Order DPA Masking Countermeasure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Kai Schramm
    • 1
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT Security (HGI)Ruhr University Bochum, GermanyBochumGermany