Skip to main content
SpringerLink
Log in

All-or-Nothing Transforms as a countermeasure to differential side-channel analysis

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Side-channel attacks on hardware implementations of cryptographic algorithms have recently been the focus of much attention in the research community. Differential power analysis (DPA) has been shown to be particularly effective at retrieving secret information stored within an implementation. The design of DPA-resistant systems that are efficient in terms of speed and area poses a significant challenge. All-or-Nothing Transforms are cryptographic transforms, which are currently employed in numerous applications. We examine All-or-Nothing Encryption systems from the DPA perspective. This paper shows that All-or-Nothing cryptosystems, whilst not preventing side-channel leakage, do fundamentally inhibit DPA attacks. Furthermore, we develop extensions to the All-or-Nothing protocol to strengthen the DPA resistance of the cryptosystem, providing a practical alternative to masking countermeasures for symmetric ciphers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. It is necessary to encode a message with EME1 prior to RSA encryption, in order for the scheme to be provably secure.

    Fig. 3
    figure 3

    OAEP and Inverse-OAEP Protocols

    Full size image

References

  1. Bellare, M., Boldyreva, A.: The security of chaffing and winnowing. In: Okamoto, T. (ed.) Advances in Cryptology—ASIACRYPT 2000, vol. 1976 of Lecture Notes in Computer Science, pp. 517–530. Springer, Berlin (2000)

  2. Bellare, M., Rogaway, P. (1994) Optimal asymmetric encryption. In: De Santis, A. (ed.) Advances in Cryptology—EUROCRYPT ’94, vol. 950 of Lecture Notes in Computer Science, pp. 92–111. Springer, Berlin (1994)

  3. Blaze, M.: High-bandwidth encryption with low-bandwidth smartcards. In: Gollmann, D. (ed.) Fast Software Encryption—FSE ’96, vol. 1039 of Lecture Notes in Computer Science, pp. 33–40. Springer, Berlin (1996)

  4. Boyko, V.: On All-or-Nothing Transforms and Password-Authenticated Key Exchange Protocols. PhD thesis, Massachusetts Institute of Technology (2000)

  5. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2004, vol. 3156 of Lecture Notes in Computer Science, pp. 16–29. Springer, Berlin (2004)

  6. Byers, J., Considine, J., Itkis, G., Cheng, M.C., Yeung, A.: Securing bulk content almost for free. J. Comput. Commun. Special Issue Internet Secur. 29, 290–290 (2006)

    Google Scholar 

  7. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) Advances in Cryptology—CRYPTO ’99, vol. 1666 of Lecture Notes in Computer Science, pp. 398–412. Springer, Berlin (1999)

  8. Coron, J.-S., Goubin, L.: On boolean and arithmetic masking against differential power analysis. In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2000, vol. 1965 of Lecture Notes in Computer Science, pp. 231–237. Springer, Berlin (2000)

  9. Desai, A.: The Security of All-or-Nothing Encryption (Extended Abstract)

  10. Dodis, Y.: Exposure-Resilient Cryptography. PhD thesis. Massachusetts Institute of Technology (2000)

  11. Dodis, Y., Sahai, A., Smith, A.: On perfect and adaptive security in exposure-resilient cryptography. In: Pfitzmann, B. (ed.) Advances in Cryptology—EUROCRYPT 2001, vol. 2045 of Lecture Notes in Computer Science, pp. 301–324. Springer, Berlin (2001)

  12. ECRYPT: ECRYPT Yearly Report on Algorithms and Keysizes (2005). http://www.ecrypt.eu.org (2006)

  13. ECRYPT: The eSTREAM portfolio. http://www.ecrypt.eu.org/stream/portfolio.pdf, April (2008)

  14. Ferguson, N., Schneier, B.: Practical Cryptography. Wiley, New York (2003)

    Google Scholar 

  15. Fumaroli, G., Martinelli, A., Prouff, E., Rivain, M.: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography—SAC 2010, vol. 6544 of Lecture Notes in Computer Science, pp. 262–280. Springer, Berlin (2010)

  16. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2001, vol. 2162 of Lecture Notes in Computer Science, pp. 251–261. Springer, Berlin (2001)

  17. Genelle, L., Prouff, E., Quisquater, M.: Thwarting higher-order side channel analysis with additive and multiplicative maskings. In Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2011, vol. 6917 of Lecture Notes in Computer Science, pp. 240–255. Springer, Berlin (2011)

  18. Giraud, C., Prouff, E.: A new approach to counteract DPA attacks on block ciphers. Private Commun. Previously online at http://eprint.iacr.org/2005/340; withdrawn (2005)

  19. Golić, J.D.: Techniques for random masking in hardware. IEEE Trans. Circuits Syst. I 54(2), 291–300 (2007)

    Article  MathSciNet  Google Scholar 

  20. Goubin, L., Patarin, J.: DES and differential power analysis, the duplication method. In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems—CHES ’99, vol. 1717 of Lecture Notes in Computer Science, pp. 158–172. Springer, Berlin (1999)

  21. Homsirikamol, E., Rogawski, M., Gaj, K.: Throughput vs. area trade-offs in high-speed architectures of five round 3 SHA-3 candidates implemented using Xilinx and Altera FPGAs. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005, vol. 6917 of Lecture Notes in Computer Science, pp. 491–506. Springer, Berlin (2011)

  22. IEEE: 1363a IEEE Standard Specifications for Public-Key Cryptography—Amendment 1: Additional Techniques (2004)

  23. Johnson, D.B., Matyas, S.M., Peyravian, M.: Encryption of Long Blocks Using a Short-Block Encryption Procedure. Submitted for inclusion in the IEEE P1363a Standard (1996)

  24. Johnson, D.B., Matyas, Jr. S.M.: Method and apparatus for encrypting long blocks using a short-block encryption procedure. US Patent # 5,870,470 (1999)

  25. Kocher, P.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) Advances in Cryptology—CRYPTO ’96, vol. 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer, Berlin (1996)

  26. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) Advances in Cryptology—CRYPTO ’99, vol. 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer, Berlin (1999)

  27. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Berlin (2007)

    Google Scholar 

  28. Mangard, S., Oswald, E., Standaert, F.-X.: One for all: unifying standard DPA attacks. IET Inf. Secur. 5(2), 100–110 (2011)

    Article  Google Scholar 

  29. Marnas, S.I., Angelis, L., Bleris, G.L.: All-or-nothing transforms using quasigroups. In: 1st Balkan Conference on Informatics, pp. 183–191 (2003)

  30. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton, FL (1996)

  31. National Institute of Standards and Technology: FIPS PUB 46-3. Data Encryption Standard (1999)

  32. National Institute of Standards and Technology: FIPS PUB 197. Advanced Encryption Standard (2001)

  33. National Institute of Standards and Technology: FIPS PUB 180-2. Secure Hash Standard (2002)

  34. Okeya, K.: Side channel attacks against HMACs based on block-cipher based hash functions. In: Batten, L.M., Safavi-Naini, R. (eds.) Information Security and Privacy—ACISP 2006, vol. 4058 of Lecture Notes in Computer Science, pp. 432–443. Springer, Berlin (2006)

  35. Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical second-order DPA attacks for masked smart card implementations of block ciphers. In: Pointcheval, D. (ed.) Topics in Cryptology—CT-RSA 2006, vol. 3860 of Lecture Notes in Computer Science, pp. 192–207. Springer, Berlin (2006)

  36. Oswald, E., Mangard, S., Pramstaller, N.: Secure and efficient masking of AES—a mission impossible? Cryptology ePrint Archive, Report 2004/134 (2004) http://eprint.iacr.org/

  37. Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.), Cryptographic Hardware and Embedded Systems—CHES 2005, vol. 3659 of Lecture Notes in Computer Science, pp. 172–186. Springer, Berlin (2005)

  38. Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In: Attali, I., Jensen, T.P. (eds.) Smart Card Programming and Security, International Conference on Research in Smart Cards—E-smart 2001, vol. 2140 of Lecture Notes in Computer Science, pp. 200–210. Springer, Berlin (2001)

  39. Rivest, R.L.: All-or-nothing encryption and the package transform. In: Biham, E. (ed.) Fast Software Encryption—FSE ’97, vol. 1267 of Lecture Notes in Computer Science, pp. 210–218. Springer, Berlin (1997)

  40. Standaert, F-X., Peeters, E., Quisquater, J-J.: On the masking countermeasure and higher-order power analysis attacks. In: International Symposium on Information Technology: Coding and Computing (ITCC 2005), vol. 1, pp. 562–567. IEEE Computer Society (2005)

  41. Standaert, F.-X., Peeters, E., Rouvroy, G., Quisquater, J.-J.: An overview of power analysis attacks against field programmable gate arrays. Proc. IEEE 94(2), 383–394 (2006)

    Article  Google Scholar 

  42. Tiri, K., Schaumont, P., Verbauwhede, I.: Side-channel leakage tolerant architectures. In: Third International Conference on Information Technology: New Generations (ITNG 2006), pp. 204–209. IEEE Computer Society (2006)

  43. von Willich, M.: A technique with an information-theoretic basis for protecting secret data from differential power attacks. In: Honary, B. (ed.) Cryptography and Coding, vol. 2260 of Lecture Notes in Computer Science, pp. 44–62. Springer, Berlin (2001)

  44. Zhang, R., Hanaoka, G., Imai, H.: On the security of cryptosystems with all-or-nothing transforms. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) Applied Cryptography and Network Security—ACNS 2004, vol. 3089 of Lecture Notes in Computer Science, pp. 76–90. Springer, Berlin (2004)

Download references

Acknowledgments

The authors would like to thank Christophe Giraud of Oberthur Technologies, for the helpful discussion on his work [18]. This research was supported in part by the Embark Initiative, operated by the Irish Research Council for Science, Engineering and Technology (IRCSET). The work described in this paper has also been supported in part by the European Commission through the ICT Programme under Contract ICT-2007-216676 ECRYPT II and the EPSRC via Grant EP/I005226/1.

Author information

Authors and Affiliations

  1. Department of Electrical and Electronic Engineering, University College Cork, Cork, Ireland

    Robert P. McEvoy, Colin C. Murphy & William P. Marnane

  2. Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, UK

    Michael Tunstall

  3. School of Computer Science and Statistics, Trinity College Dublin, Dublin 2, Ireland

    Claire Whelan

Authors
  1. Robert P. McEvoy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Tunstall
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Claire Whelan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Colin C. Murphy
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. William P. Marnane
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Tunstall.

Rights and permissions

Reprints and permissions

About this article

Cite this article

McEvoy, R.P., Tunstall, M., Whelan, C. et al. All-or-Nothing Transforms as a countermeasure to differential side-channel analysis. Int. J. Inf. Secur. 13, 291–304 (2014). https://doi.org/10.1007/s10207-013-0212-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-013-0212-y

Keywords

Search

Navigation