Addition with Blinded Operands

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8622)

Abstract

The masking countermeasure is an efficient method to protect cryptographic algorithms against Differential Power Analysis (DPA) and similar attacks. For symmetric cryptosystems, two techniques are commonly used: Boolean masking and arithmetic masking. Conversion methods have been proposed for switching from Boolean masking to arithmetic masking, and conversely. The way conversion is applied depends on the combination of arithmetic and Boolean/logical operations executed by the underlying cryptographic algorithm.

This paper focuses on a combination of one addition with one or more Boolean operations. Building on a secure version of a binary addition algorithm (namely, the and-xor-and-double method), we show that conversions from Boolean masking to arithmetic masking can be avoided. We present an application of the new algorithm to the XTEA block-cipher.

Keywords

Masking methods Differential power analysis (DPA) Side-channel attacks Binary addition Block ciphers XTEA 

References

  1. 1.
    Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  2. 2.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  3. 3.
    Coron, J.-S., Goubin, L.: On boolean and arithmetic masking against differential power analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  4. 4.
    Coron, J.-S., Tchulkine, A.: A new algorithm for switching from arithmetic to boolean masking. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 89–97. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  5. 5.
    Debraize, B.: Efficient and provably secure methods for switching from arithmetic to boolean masking. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 107–121. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  6. 6.
    Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein hash function family. Submission to NIST (Round 3), October 2010. http://www.skein-hash.info/sites/default/files/skein1.3.pdf
  7. 7.
    Golić, J.D.: Techniques for random masking in hardware. IEEE Trans. Circuits Syst. 54(2), 291–300 (2007)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Goubin, L.: A sound method for switching between boolean and arithmetic masking. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 3–15. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  9. 9.
    Goubin, L., Patarin, J.: DES and differential power analysis (The “duplication” method). In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  10. 10.
    Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of \(3\)-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  11. 11.
    Knuth, D.E.: The Art of Computer Programming, vol. 2, 2nd edn. Addison-Wesley, Readin (1981)MATHGoogle Scholar
  12. 12.
    Knuth, D.E.: The Art of Computer Programming, vol. 4A. Addison-Wesley, Reading (2011)Google Scholar
  13. 13.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  14. 14.
    Lipmaa, H., Moriai, S.: Efficient algorithms for computing differential properties of addition. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 336–350. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  15. 15.
    Massey, J.L.: SAFER K-64: a byte-oriented block-ciphering algorithm. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 1–17. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  16. 16.
    Messerges, T.S.: Securing the AES finalists against power analysis attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  17. 17.
    Needham, R.M., Wheeler, D.J.: TEA extensions. Technical report, Computer Laboratory, University of Cambridge, October 1997. http://www.cl.cam.ac.uk/ftp/users/djw3/xtea.ps
  18. 18.
    Neiße, O., Pulkus, J.: Switching blindings with a view towards IDEA. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 230–239. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  19. 19.
    Örs, S.B., Gürkaynak, F.K., Oswald, E., Preneel, B.: Power-analysis attack on an ASIC AES implementation. In: International Conference on Information Technology: Coding and Computing (ITCC ’04), vol. 2, pp. 546–552. IEEE Computer Society (2004)Google Scholar
  20. 20.
    Trichina, E.: Combinational logic design for AES SubByte transformation on masked data. Cryptology ePrint Archive, Report 2003/236 (2003). http://eprint.iacr.org/2003/236
  21. 21.
    Wheeler, D.J., Needham, R.M.: TEA, a tiny encryption algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 363–366. Springer, Heidelberg (1995) CrossRefGoogle Scholar
  22. 22.
    Wheeler, D.J., Needham, R.M.: Corrections to XTEA. Technical report, Computer Laboratory, University of Cambridge, October 1998. http://www.movable-type.co.uk/scripts/xxtea.pdf

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.TechnicolorCesson-Sévigné CedexFrance
  2. 2.TechnicolorPalo AltoUSA

Personalised recommendations