Higher Order Masking of the AES

  • Kai Schramm
  • Christof Paar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3860)

Abstract

The development of masking schemes to secure AES implementations against side channel attacks is a topic of ongoing research. Many different approaches focus on the AES S-box and have been discussed in the previous years. Unfortunately, to our knowledge most of these countermeasures only address first-order DPA. In this article, we discuss the theoretical background of higher order DPA. We give the expected measurement costs an adversary has to deal with for different hardware models. Moreover, we present a masking scheme which protects an AES implementation against higher order DPA. We have implemented this masking scheme for various orders and present the corresponding performance details implementors will have to expect.

Keywords

AES Higher Order DPA Masking Countermeasure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Akkar, M.-L., Giraud, C.: An Implementation of DES and AES Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Akkar, M.-L., Goubin, L.: A Generic Protection against High-Order Differential Power Analysis. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 192–205. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Akkar, M.-L., Bevan, R., Dischamp, P., Moyart, D.: Power Analysis, What Is Now Possible... In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 489–502. Springer, Heidelberg (2000)Google Scholar
  4. 4.
    Blömer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: A Cautionary Note Regarding the Evaluation of AES Candidates on Smart Cards. In: Proceedings: Second AES Candidate Conference (AES2), Rome, Italy (March 1999)Google Scholar
  7. 7.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Clavier, C., Coron, J.-S.: On Boolean and Arithmetic Masking against Differential Power Analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Courtois, N.T., Goubin, L.: An Algebraic Masking Method to Protect AES Against Power Attacks. Cryptology ePrint Archive: Report 2005/204 (2005), http://eprint.iacr.org/2005/204.pdf
  10. 10.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Berlin (2002)Google Scholar
  11. 11.
    Golic, J.D., Tymen, C.: Multiplicative Masking and Power Analysis of AES. In: Kaliski, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 198–212. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Joye, M., Paillier, P., Schoenmakers, B.: On Second-Order Differential Power Analysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 293–308. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis: Leaking Secrets. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Lemke, K., Schramm, K., Paar, C.: DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6 and the HMAC-Construction. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 205–219. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Messerges, T.S.: Securing the AES Finalists Against Power Analysis Attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, p. 150. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Messerges, T.S.: Using Second-Order Power Analysis to Attack DPA Resistant Software. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Investigations of Power Analysis Attacks on Smartcards. In: USENIX Workshop on Smartcard Technology, pp. 151–162 (1999)Google Scholar
  18. 18.
    Oswald, E., Schramm, K.: An Efficient Masking Scheme for AES Software Implementations. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 292–305. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Rostovtsev, A.G., Shemyakina, O.V.: AES Side Channel Attack Protection Using Random Isomorphisms. Cryptology ePrint Archive: Report 2005/087 (2005), http://eprint.iacr.org/2005/087.pdf
  20. 20.
    Trichina, E., Seta, D.S., Germani, L.: Simplified Adaptive Multiplicative Masking for AES. In: Kaliski, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 187–197. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Kai Schramm
    • 1
  • Christof Paar
    • 1
  1. 1.Horst Görtz Institute for IT Security (HGI)Ruhr University Bochum, GermanyBochumGermany

Personalised recommendations