Advertisement

Multiplicative Masking and Power Analysis of AES

  • Jovan D. Golić
  • Christophe Tymen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2523)

Abstract

The recently proposed multiplicative masking countermeasure against power analysis attacks on AES is interesting as it does not require the costly recomputation and RAM storage of S-boxes for every run of AES. This is important for applications where the available space is very limited such as the smart card applications. Unfortunately, it is here shown that this method is in fact inherently vulnerable to differential power analysis. However, it is also shown that the multiplicative masking method can be modified so as to provide resistance to differential power analysis of nonideal but controllable security level, at the expense of increased computational complexity. Other possible random masking methods are also discussed.

Keywords

AES differential power analysis countermeasures multiplicative masking 

References

  1. 1.
    M.-L. Akkar, R. Bevan, P. Dischamp, and D. Moyart, “Power analysis, what is now possible...,” Advances in Cryptology-Asiacrypt 2000, Lecture Notes in Computer Science, vol. 1976, pp. 489–502, 2000.CrossRefGoogle Scholar
  2. 2.
    M.-L. Akkar and C. Giraud, “An implementation of DES and AES, secure against some attacks,” Cryptographic Hardware and Embedded Systems-CHES 2001, Lecture Notes in Computer Science, vol. 2162, pp. 309–318, 2001.CrossRefGoogle Scholar
  3. 3.
    S. Chari, C. Jutla, J. Rao, and P. Rohatgi, “Towards sound approaches to counteract power-analysis attacks,” Advances in Cryptology-CRYPTO’ 99, Lecture Notes in Computer Science, vol. 1666, pp. 398–412, 1999.Google Scholar
  4. 4.
    J.-S. Coron, P. Kocher, and D. Naccache, “Statistics and secret leakage,” Financial Cryptography-FC 2000, Lecture Notes in Computer Science, vol. 1962, pp. 157–173, 2001.CrossRefGoogle Scholar
  5. 5.
    J.-S. Coron and L. Goubin, “On Boolean and arithmetic masking against differential power analysis,” Cryptographic Hardware and Embedded Systems-CHES 2000, Lecture Notes in Computer Science, vol. 1965, pp. 231–237, 2000.CrossRefGoogle Scholar
  6. 6.
    J. Daemen and V. Rijmen, “AES proposal: Rijndael,” 1999, available at http://www.nist.gov/aes/.
  7. 7.
    L. Goubin and J. Patarin, “DES and differential power analysis: The duplication method,” Cryptographic Hardware and Embedded Systems-CHES’ 99, Lecture Notes in Computer Science, vol. 1717, pp. 158–172, 1999.Google Scholar
  8. 8.
    D. E. Knuth, The Art of Computer Programming, Vol. 2, Addison-Wesley, Reading, MA, 1973.Google Scholar
  9. 9.
    P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” Advances in Cryptology-CRYPTO’ 99, Lecture Notes in Computer Science, vol. 1666, pp. 388–397, 1999.Google Scholar
  10. 10.
    T. Messerges, “Securing the AES finalists against power analysis attacks,” Fast Software Encryption-FSE 2000, Lecture Notes in Computer Science, vol. 1978, pp. 150–164, 2001.CrossRefGoogle Scholar
  11. 11.
    T. Messerges, “Using second-order power analysis to attack DPA resistant software,” Cryptographic Hardware and Embedded Systems-CHES 2000, Lecture Notes in Computer Science, vol. 1965, pp. 238–251, 2000.CrossRefGoogle Scholar
  12. 12.
    R. Schroeppel, H. Orman, S. O'Malley, and O. Spatscheck, “Fast key exchange with elliptic curve systems,” Advances in Cryptology-CRYPTO’ 95, Lecture Notes in Computer Science, vol. 963, pp. 43–56, 1995.Google Scholar
  13. 13.
    J. H. Silverman, “Fast multiplication in finite fields GF(2N),” Cryptographic Hardware and Embedded Systems-CHES’ 99, Lecture Notes in Computer Science, vol. 1717, pp. 122–134, 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Jovan D. Golić
    • 1
  • Christophe Tymen
    • 2
    • 3
  1. 1.Rome CryptoDesign CenterGemplusRomeItaly
  2. 2.Gemplus Card InternationalIssy-les-MoulineauxFrance
  3. 3.École Normale SupérieureParis Cedex 05France

Personalised recommendations