A Fast and Provably Secure Higher-Order Masking of AES S-Box

  • HeeSeok Kim
  • Seokhie Hong
  • Jongin Lim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6917)

Abstract

This paper proposes an efficient and secure higher-order masking algorithm for AES S-box that consumes the most computation time of the higher-order masked AES. During the past few years, much of the research has focused on finding higher-order masking schemes for this AES S-box, but these are still slow for embedded processors use. Our proposed higher-order masking of AES S-box is constructed based on the inversion operation over the composite field. We replace the subfield operations over the composite field into the table lookup operation, but these precomputation tables do not require much ROM space because these are the operations over GF(24). In the implementation results, we show that the higher-order masking scheme using our masked S-box is about 2.54 (second-order masking) and 3.03 (third-order masking) times faster than the fastest method among the existing higher-order masking schemes of AES.

Keywords

AES side channel attack higher-order masking higher-order DPA differential power analysis 

References

  1. 1.
    NIST, FIPS 197: Advanced Encryption Standard (2001)Google Scholar
  2. 2.
    Atmel Corporation: Datasheet: ATmega128(L), http://www.atmel.com/products/avr/
  3. 3.
    Akkar, M.-L., Giraud, C.: An Implementation of DES and AES, Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Adams, C., Tavares, S.: The Structured Design of Cryptographically Good SBoxes. Journal of Cryptology 3(1), 27–42 (1990)MathSciNetMATHCrossRefGoogle Scholar
  5. 5.
    Blömer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    O’Connor, L.: On the Distribution of Characteristics in Bijective Mappings. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 360–370. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Coron, J.-S., Prouff, E., Rivain, M.: Side Channel Cryptanalysis of a Higher Order Masking Scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 28–44. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Handschuh, H., Preneel, B.: Blind Differential Cryptanalysis for Enhanced Power Attacks. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 163–173. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Herbst, C., Oswald, E., Mangard, S.: An AES Smart Card Implementation Resistant to Power Analysis Attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Ishai, Y., Sahai, A., Wagner, D.: Private Circuits: Securing Hardware against Probing Attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Kim, H., Kim, T., Han, D., Hong, S.: Efficient Masking Methods Appropriate for the Block Ciphers ARIA and AES. ETRI Journal 32(3), 370–379 (2010)CrossRefGoogle Scholar
  12. 12.
    Kim, J., Hong, S., Han, D., Lee, S.: Improved Side-Channel Attack on DES with the First Four Rounds Masked. ETRI Journal 31(5), 625–627 (2009)CrossRefGoogle Scholar
  13. 13.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Messerges, T.S.: Using Second-Order Power Analysis to Attack DPA Resistant Software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A Side-Channel Analysis Resistant Description of the AES S-Box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Oswald, E., Schramm, K.: An Efficient Masking Scheme for AES Software Implementations. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 292–305. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Rivain, M., Dottax, E., Prouff, E.: Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 127–143. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES, Cryptology ePrint Archive (2010), http://eprint.iacr.org/
  20. 20.
    Rudra, A., Dubey, P.K., Jutla, C.S., Kumar, V., Rao, J.R., Rohatgi, P.: Efficient Rijndael Encryption Implementation with Composite Field Arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–188. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Satoh, A., Morioka, S., Takano, K., Munetoh, S.: A Compact Rijndael Hardware Architecture with S-Box Optimization. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 239–254. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Schramm, K., Paar, C.: Higher Order Masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208–225. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • HeeSeok Kim
    • 1
  • Seokhie Hong
    • 1
  • Jongin Lim
    • 1
  1. 1.Center for Information Security TechnologiesKorea UniversityKorea

Personalised recommendations