Journal of Cryptographic Engineering

, Volume 2, Issue 2, pp 111–127 | Cite as

Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols

Extended version
  • Thomas Roche
  • Emmanuel Prouff
Regular Paper


Higher-order side channel analysis (HO-SCA) is a powerful technique against cryptographic implementations and the design of appropriate countermeasures is nowadays an important topic. In parallel, another class of attacks, called glitches attacks, have been investigated which exploit the hardware glitches phenomena occurring during the physical execution of algorithms. Some solutions have been proposed to counteract HO-SCA at any order or to defeat glitches attacks, but no work has until now focused on the definition of a sound countermeasure thwarting both attacks. We introduce in this paper a circuit model in which side-channel resistance in the presence of glitches effects can be characterized. This allows us to construct the first glitch free HO-SCA countermeasure. The new construction can be built from any Secure Multi-Party Computation protocol and, as an illustration, we propose to apply the protocol introduced by Ben-Or et al at STOC in 1988. The adaptation of the latter protocol to the context of side-channel analysis results in a completely new higher-order masking scheme, particularly interesting when addressing resistance in the presence of glitches. An application of our scheme to the AES block cipher is detailed, as well as an information theoretic evaluation of the new masking function that we call polynomial masking.


Side-channel analysis Higher-order masking scheme Glitch freeness Shamir secret sharing scheme Multi-party computation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC ’88 Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM, New York (1988)Google Scholar
  2. 2.
    Blömer J., Merchan J.G., Krummel V.: Provably secure masking of AES. In: Matsui, M., Zuccherato, R. (eds.) SAC 2004, LNCS, vol.3357, pp. 69–83. Springer, Berlin (2004)Google Scholar
  3. 3.
    Chari, S., Jutla, C., Rao, J., Rohatgi, P.: A cautionary note regarding evaluation of AES candidates on smart-cards. In: Second AES Candidate Conference-AES 2 (March 1999)Google Scholar
  4. 4.
    Chari S., Jutla C., Rao J., Rohatgi P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) Advances in Cryptology-CRYPTO ’99, LNCS, vol.1666, pp. 398–412. Springer, Berlin (1999)Google Scholar
  5. 5.
    Coron J.-S.: A new DPA countermeasure based on permutation tables. In: Ostrovsky, R., Prisco, R.D., Visconti, I. (eds.) SCN 2008, LNCS, vol. 5229, pp. 278–292. Springer, Berlin (2008)Google Scholar
  6. 6.
    Daemen, J., Peeters, M., Assche, G., Rijmen, V.: The Noekeon Block Cipher. In: Proceedings of first NESSIE Workshop (2000).
  7. 7.
    Eisenbarth T., Paar C., Weghenkel B.: Building a side channel based disassembler. In: Gavrilova, M., Tan, C., Moreno, E. (eds.) Transactions on Computational Science X, Lecture Notes in Computer Science, vol. 6340, pp. 78–99. Springer, Berlin (2010)Google Scholar
  8. 8.
    Franklin, M., Yung, M.: Communication complexity of secure computation (extended abstract). In: STOC ’92 Proceedings of the Twenty-Fourth Annual ACM Symposium on Theory of Computing, pp. 699–710. ACM, New York (1992)Google Scholar
  9. 9.
    Fumaroli G., Martinelli A., Prouff E., Rivain M.: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 6544, pp. 262–280. Springer, Berlin (2010)Google Scholar
  10. 10.
    Gennaro, R. Rabin, M.O., Rabin, T.: Simplified vss and fact-track multiparty computations with applications to threshold cryptography. In: PODC, pp. 101–111 (1998)Google Scholar
  11. 11.
    Goldack, M.: Side-channel based reverse engineering for microcontrollers. Master’s thesis, Ruhr-Universität, Bochum, Germany (2008)Google Scholar
  12. 12.
    Goubin L., Patarin J.: DES and differential power analysis—the duplication method. In: Koç, Ç., Paar, C. (eds.) CHES ’99, LNCS, vol. 1717., pp. 158–172. Springer, Berlin (1999)Google Scholar
  13. 13.
    Ishai Y., Sahai A., Wagner D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 2729, pp. 463–481. Springer, Berlin (2003)Google Scholar
  14. 14.
    Joye M., Paillier P., Schoenmakers B.: On second-order differential power analysis. In: Rao, J., Sunar, B. (eds.) CHES 2005, LNCS, vol. 3659, pp. 293–308. Springer, Berlin (2005)Google Scholar
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. Technical report, Cryptography Research (1998)Google Scholar
  16. 16.
    Lidl, R., Niederreiter, H.: Finite fields. In: Encyclopedia of Mathematics and its Applications, vol. 20, 2nd edn. Cambridge University Press (1997, Avec une introduction de P. M. Cohn)Google Scholar
  17. 17.
    Mangard S., Popp T., Gammel B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) Topics in Cryptology-CT-RSA 2005, LNCS, vol. 3376, pp. 351–365. Springer, Berlin (2005)CrossRefGoogle Scholar
  18. 18.
    Mangard S., Schramm K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006, LNCS, vol. 4249, pp. 76–90. Springer, Berlin (2006)Google Scholar
  19. 19.
    Messerges T.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç., Paar, C. (eds.) CHES 2000, LNCS, vol. 1965, pp. 238–251. Springer, Berlin (2000)Google Scholar
  20. 20.
    Micali S., Reyzin L.: Physically observable cryptography (extended abstract). In: Naor, M. (eds.) Theory of Cryptography Conference-TCC 2004, Lecture Notes in Computer Science, vol. 2951, pp. 278–296. Springer, Berlin (2004)Google Scholar
  21. 21.
    Moradi A., Poschmann A., Ling S., Paar C., Wang H.: Pushing the limits: a very compact and a threshold implementation of aes. In: Paterson, K.G. (ed.) EUROCRYPT, LNCS, vol. 6632, pp. 69–88. Springer, Berlin (2011)Google Scholar
  22. 22.
    Nikova S., Rechberger C., Rijmen V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) IICICS’06, LNCS, vol. 4307, pp. 529–545. Springer, Berlin (2006)Google Scholar
  23. 23.
    Nikova S., Rijmen V., Schläffer M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008, LNCS, vol. 5461, pp. 218–234. Springer, Berlin (2008)Google Scholar
  24. 24.
    Nikova S., Rijmen V., Schläffer M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)zbMATHCrossRefGoogle Scholar
  25. 25.
    Piret G., Standaert F.-X.: Security analysis of higher-order Boolean masking schemes for Block Ciphers (with conditions of perfect masking). IET Inf. Secur. 2, 1–11 (2008)CrossRefGoogle Scholar
  26. 26.
    Prouff E., Roche T.: Attack on a higher-order masking of the aes based on homographic functions. In: Gong, G., Gupta, K. (eds.) Progress in Cryptology-INDOCRYPT 2010, Lecture Notes in Computer Science, vol. 6498, pp. 262–281. Springer, Berlin (2010)CrossRefGoogle Scholar
  27. 27.
    Rao, J., Sunar, B. (eds.): CHES 2005, LNCS, vol. 3659. Springer, Berlin (2005)Google Scholar
  28. 28.
    Rivain, M., Dottax, E., Prouff, E.: Block Ciphers implementations provably secure against second order side channel analysis. Cryptology ePrint Archive, Report 2008/021. (2008)
  29. 29.
    Rivain M., Prouff E.: Provably secure higher-order masking of aes. In: Mangard, S., Standaert, F.-X. (eds.) CHES, LNCS, vol. 6225, pp. 413–427. Springer, Berlin (2010)Google Scholar
  30. 30.
    Schramm K., Paar C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006, LNCS, vol. 3860., pp. 208–225. Springer, Berlin (2006)Google Scholar
  31. 31.
    Shamir A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    Standaert F.-X., Veyrat-Charvillon N., Oswald E., Gierlichs B., Medwed M., Kasper M., Mangard S.: The world is not enough: another look on second-order dpa. In: Abe, M. (ed.) Advances in Cryptology-ASIACRYPT 2010, Lecture Notes in Computer Science, vol. 6477, pp. 112–129. Springer, Berlin (2010)CrossRefGoogle Scholar
  33. 33.
    Suzuki D., Saeki M., Ichikawa T.: DPA Leakage Models for CMOS Logic Circuits. In: Rao, J., Sunar, B. (eds.) CHES 2005, LNCS, vol. 3659, pp. 366–382. Springer, Berlin (2005)Google Scholar
  34. 34.
    Yao, A.C.-C.: How to generate and exchange secrets. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE Computer Society, Washington, DC (1986)Google Scholar

Copyright information

© Springer-Verlag 2012

Authors and Affiliations

  1. 1.ANSSIParisFrance

Personalised recommendations