Advertisement

Comprehensive Evaluation of AES Dual Ciphers as a Side-Channel Countermeasure

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8233)

Abstract

Because of the isomorphisms in GF(28) there exist 240 different non-trivial dual ciphers of AES. While keeping the in- and outputs of a dual cipher equal to the original AES, all the intermediate values and operations can be different from that of the original one. A comprehensive list of these dual ciphers is given by an article presented at ASIACRYPT 2002, where it is mentioned that they might be used as a kind of side-channel attack countermeasure if the dual cipher is randomly selected. Later, in a couple of works performance figures and overhead penalty of hardware implementations of this scheme is reported. However, the suitability of using randomly selected dual ciphers as a power analysis countermeasure has never been thoroughly evaluated in practice. In this work we address the pitfalls and flaws of this scheme when used as a side-channel countermeasure. As evidence of our claims, we provide practical evaluation results based on a Virtex-5 FPGA platform. We realized a design which randomly selects between the 240 different dual ciphers at each AES computation. We also examined the side-channel leakage of the design under an information theoretic metric as well as its vulnerability to different attack models. As a result, we show that the protection provided by the scheme is negligible considering the increased costs in term of area and lower throughput.

Keywords

Irreducible Polynomial Balance Property Collision Attack Cryptology ePrint Archive Correlation Power Analysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Side-channel attack standard evaluation board (sasebo). Further information are available via, http://www.morita-tech.co.jp/SASEBO/en/index.html
  2. 2.
    Akkar, M.-L., Giraud, C.: An Implementation of DES and AES, Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Barkan, E., Biham, E.: In How Many Ways Can You Write Rijndael? In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 160–175. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Barkan, E., Biham, E.: The Book of Rijndaels. Cryptology ePrint Archive, Report 2002/158 (2002), http://eprint.iacr.org/
  5. 5.
    Blömer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Bogdanov, A.: Multiple-Differential Side-Channel Collision Attacks on AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 30–44. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Canright, D., Batina, L.: A Very Compact “Perfectly Masked” S-Box for AES. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 446–459. Springer, Heidelberg (2008); the corrected version at Cryptology ePrint Archive, Report 2009/011 http://eprint.iacr.org/.CrossRefGoogle Scholar
  9. 9.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved Collision-Correlation Power Analysis on First Order Protected AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 49–62. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Genelle, L., Prouff, E., Quisquater, M.: Secure Multiplicative Masking of Power Functions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 200–217. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Genelle, L., Prouff, E., Quisquater, M.: Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 240–255. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Ghellar, F., Lubaszewski, M.: A novel AES cryptographic core highly resistant to differential power analysis attacks. In: Integrated Circuits and Systems Design - SBCCI 2008, pp. 140–145. ACM (2008)Google Scholar
  13. 13.
    Ghellar, F., Lubaszewski, M.: A novel AES cryptographic core highly resistant to differential power analysis attacks. Journal Integrated Circuits and Systems 4(1), 29–35 (2009)Google Scholar
  14. 14.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Golić, J.D., Tymen, C.: Multiplicative Masking and Power Analysis of AES. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002, vol. 2523, pp. 198–212. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Jing, M.-H., Chen, J.-H., Chen, Z.-H., Chang, Y.: The Secure DAES Design for Embedded System Application. In: Denko, M.K., et al. (eds.) EUC-WS 2007. LNCS, vol. 4809, pp. 617–626. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Jing, M.-H., Chen, Z.-H., Chen, J.-H., Chen, Y.-H.: Reconfigurable system for high-speed and diversified AES using FPGA. Microprocessors and Microsystems 31(2), 94–102 (2007)CrossRefGoogle Scholar
  18. 18.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer (2007)Google Scholar
  19. 19.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully Attacking Masked AES Hardware Implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Moradi, A., Mischke, O.: How Far Should Theory Be from Practice? In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 92–106. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  21. 21.
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-Enhanced Power Analysis Collision Attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Nikova, S., Rechberger, C., Rijmen, V.: Threshold Implementations Against Side-Channel Attacks and Glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. J. Cryptology 24(2), 292–321 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A Side-Channel Analysis Resistant Description of the AES S-Box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Paar, C.: Efficient VLSI Architectures for Bit-Parallel Computation in Galois Fields. PhD thesis, Institute for Experimental Mathematics, University of Essen, Germany (1994)Google Scholar
  26. 26.
    Prouff, E., Roche, T.: Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 63–78. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  27. 27.
    Raddum, H.: More Dual Rijndaels. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 142–147. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. 28.
    Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  29. 29.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A Compact Rijndael Hardware Architecture with S-Box Optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Wu, S.-Y., Lu, S.-C., Laih, C.-S.: Design of AES Based on Dual Cipher and Composite Field. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 25–38. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT SecurityRuhr University BochumGermany

Personalised recommendations