Study of a Novel Software Constant Weight Implementation
While in the early 2000’s lots of research was focused on Differential Power Analysis of first and second-order, it seems the recent trend is of even higher-order. As this order grows, countermeasures such as masking need to be designed in a more generic way. In this paper, we introduce a new constant weight implementation of the AES extending the idea of the software dual-rail countermeasure proposed by Hoogvorst et al. at COSADE 2011. Notably, we illustrate its practicality on 16-bit microcontroller in terms of speed and complexity. This countermeasure applies to all devices that leak a function of the Hamming weight of the internal variables. Under this assumption, our constant weight implementation is theoretically inherently resistant to side-channel attacks of any order. A security evaluation is conducted to analyze its resistance when the leakage slightly deviates from the Hamming weight assumption. It reveals that the countermeasure remains as good as several well-known masking countermeasures. Moreover, the proposed countermeasure offers the possibility to detect some classes of faults.
KeywordsConstant weight Information theoretic analysis Side-channel analysis AES Software implementation
This work has been partially funded by the ANR projects E-MATA HARI and SPACES.
- 6.Gierlichs, B., Schmidt, J.-M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. Cryptology ePrint Archive, Report 2012678 (2012). http://eprint.iacr.org
- 10.Hoogvorst, P., Duc, G., Danger, J.-L.: Software implementation of dual-rail representation. In: COSADE (2011)Google Scholar
- 14.Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against first- and second-order zero-offset SCAs. In: DATE (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”), pp. 1173–1178. IEEE Computer Society, Dresden, Germany, 12–16 March 2012Google Scholar
- 15.NIST/ITL/CSD. Advanced Encryption Standard (AES). FIPS PUB 197, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
- 21.Prouff, E., Rivain, M., Bévan, R.: Statistical analysis of second order differential power analysis. Cryptology ePrint Archive, Report 2010/646 (2010). http://eprint.iacr.org/
- 22.Rauzy, P., Guilley, S., Najm, Z.: Formally proved security of assembly code against leakage. IACR Cryptol. ePrint Arch. 2013, 554 (2013)Google Scholar