International Workshop on Cryptographic Hardware and Embedded Systems

CHES 2010: Cryptographic Hardware and Embedded Systems, CHES 2010 pp 413-427

Provably Secure Higher-Order Masking of AES

  • Matthieu Rivain
  • Emmanuel Prouff
Conference paper

DOI: 10.1007/978-3-642-15031-9_28

Volume 6225 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Rivain M., Prouff E. (2010) Provably Secure Higher-Order Masking of AES. In: Mangard S., Standaert FX. (eds) Cryptographic Hardware and Embedded Systems, CHES 2010. CHES 2010. Lecture Notes in Computer Science, vol 6225. Springer, Berlin, Heidelberg

Abstract

Implementations of cryptographic algorithms are vulnerable to Side Channel Analysis (SCA). To counteract it, masking schemes are usually involved which randomize key-dependent data by the addition of one or several random value(s) (the masks). When dth-order masking is involved (i.e. when d masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with the order d. The design of generic dth-order masking schemes taking the order d as security parameter is therefore of great interest for the physical security of cryptographic implementations. This paper presents the first generic dth-order masking scheme for AES with a provable security and a reasonable software implementation overhead. Our scheme is based on the hardware-oriented masking scheme published by Ishai et al. at Crypto 2003. Compared to this scheme, our solution can be efficiently implemented in software on any general-purpose processor. This result is of importance considering the lack of solution for d ≥ 3.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Matthieu Rivain
    • 1
  • Emmanuel Prouff
    • 2
  1. 1.CryptoExperts 
  2. 2.Oberthur Technologies