# On Boolean and Arithmetic Masking against Differential Power Analysis

## Abstract

Since the announcement of the Differential Power Analysis (DPA) by Paul Kocher and al., several countermeasures were proposed in order to protect software implementations of cryptographic algorithms. In an attempt to reduce the resulting memory and execution time overhead, Thomas Messerges recently proposed a general method that “masks” all the intermediate data. This masking strategy is possible if all the fundamental operations used in a given algorithm can be rewritten with masked input data, giving masked output data. This is easily seen to be the case in classical algorithms such as DES or RSA. However, for algorithms that combine Boolean and arithmetic functions, such as IDEA or several of the AES candidates, two different kinds of masking have to be used. There is thus a need for a method to convert back and forth between Boolean masking and arithmetic masking. In the present paper, we show that the ‘BooleanToArithmetic’ algorithm proposed by T. Messerges is not sufficient to prevent Differential Power Analysis. In a similar way, the ‘ArithmeticToBoolean’ algorithm is not secure either.

## Keywords

Physical attacks Differential Power Analysis Electric consumption AES IDEA Smartcards Masking Techniques## References

- 1.Eli Biham and Adi Shamir, “Power Analysis of the Key Scheduling of the AES Candidates”, in
*Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference*, March 1999. http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm. - 2.C. Burwick, D. Coppersmith, E. D’Avignon, R. Gennaro, S. Halevi, C. Jutla, S. M. Matyas, L. O’Connor, M. Peyravian, D. Safford, and N. Zunic, “MARS-A Candidate Cipher for AES”, NIST AES Proposal, Jun 1998.Google Scholar
- 3.Suresh Chari, Charantjit S. Jutla, Josyula R. Rao and Pankaj Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards”, in
*Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference*, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999. - 4.Suresh Chari, Charantjit S. Jutla, Josyula R. Rao and Pankaj Rohatgi, “Towards Sound Approaches to Counteract Power-Analysis Attacks”, in
*Proceedings of Advances in Cryptology CRYPTO’99*, Springer-Verlag, 1999, pp. 398–41Google Scholar - 5.Jean-Sébastien Coron, “Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems”, in
*Proceedings of Workshop on Cryptographic Hardware and Embedded Systems*, Springer-Verlag, August 1999, pp. 292–302.Google Scholar - 6.John Daemen and Vincent Rijmen, “Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals”, in
*Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference*, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999. - 7.John Daemen, Michael Peters and Gilles Van Assche, “Bitslice Ciphers and Power Analysis Attacks”, in
*Proceedings of Fast Software Encryption Workshop 2000*, Springer-Verlag, April 2000.Google Scholar - 8.Paul N. Fahn and Peter K. Pearson, “IPA: A New Class of Power Attacks”, in
*Proceedings of Workshop on Cryptographic Hardware and Embedded Systems*, Springer-Verlag, August 1999, pp. 173–186.Google Scholar - 9.Louis Goubin and Jacques Patarin, “DES and Differential Power Analysis-The Duplication Method”, in
*Proceedings of Workshop on Cryptographic Hardware and Embedded Systems*, Springer-Verlag, August 1999, pp. 158–172.Google Scholar - 10.Paul Kocher, Joshua Jaffe and Benjamin Jun, “Introduction to Differential Power Analysis and Related Attacks”, http://www.cryptography.com/dpa/technical, 1998.
- 11.Paul Kocher, Joshua Jaffe and Benjamin Jun, “Differential Power Analysis”, in
*Proceedings of Advances in Cryptology-CRYPTO’99*, Springer-Verlag, 1999, pp. 388–397.Google Scholar - 12.X. Lai and J. Massey, “A Proposal for a New Block Encryption Standard”, in
*Advances in Cryptology-EUROCRYPT’ 90 Proceedings*, Springer-Verlag, 1991, pp. 389–404.Google Scholar - 13.Thomas S. Messerges, “Securing the AES Finalists Against Power Analysis Attacks”, in
*Proceedings of Fast Software Encryption Workshop 2000*, Springer-Verlag, April 2000.Google Scholar - 14.Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan, “Investigations of Power Analysis Attacks on Smartcards”, in
*Proceedings of USENIX Workshop on Smartcard Technology*, May 1999, pp. 151–161.Google Scholar - 15.Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards”, in
*Proceedings ofWorkshop on Cryptographic Hardware and Embedded Systems*, Springer-Verlag, August 1999, pp. 144–157.Google Scholar - 16.R. L. Rivest, M. J. B. Robshaw, R. Sidney and Y. L. Yin, “The RC6 Block Cipher”, v1.1, August 20, 1998.Google Scholar
- 17.B. Schneier, J. Kemsey, D. Whiting, D. Wagner, C. Hall and N. Ferguson, “Twofish: A 128-Bit Block Cipher”, AES submission available at: http://www.nist.gov/aes.