Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations
This article starts with a discussion of three different attacks on masked AES hardware implementations. This discussion leads to the conclusion that glitches in masked circuits pose the biggest threat to masked hardware implementations in practice. Motivated by this fact, we pinpointed which parts of masked AES S-boxes cause the glitches that lead to side-channel leakage. The analysis reveals that these glitches are caused by the switching characteristics of XOR gates in masked multipliers. Masked multipliers are basic building blocks of most recent proposals for masked AES S-boxes. We subsequently show that the side-channel leakage of the masked multipliers can be prevented by fulfilling timing constraints for 3 \(\textperiodcentered\) n XOR gates in each GF(2 n ) multiplier of an AES S-box. We also briefly present two approaches on how these timing constraints can be fulfilled in practice.
KeywordsAES DPA Glitches Zero-Offset DPA Zero-Input DPA Masking Delay Chains
- 7.Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
- 11.Morioka, S., Akishita, T.: A DPA-resistant Compact AES S-Box Circuit using Additive Mask. In: Computer Security Composium (CSS) Proceedings, October 16, 2004, September 2004, pp. 679–684 (2004) (in Japanese only)Google Scholar
- 13.National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), Available online at: http://www.itl.nist.gov/fipspubs/
- 19.Suzuki, D., Saeki, M., Ichikawa, T.: Random Switching Logic: A Countermeasure against DPA based on Transition Probability. Cryptology ePrint Archive Report 2004/346 (2004), http://eprint.iacr.org/