Secure Cryptographic Module Implementation and Mathematics

  • Dooho Choi
  • Yongjae Choi
  • Yousung Kang
  • Seungkwang Lee
Conference paper
Part of the Mathematics for Industry book series (MFI, volume 1)


Cryptographic Engineering is defined by the discipline of using cryptography to solve human problems (from the Wikipedia [1]). Main focus of the cryptographic engineering is to implement the cryptographic primitives based on mathematics to the real world device as the manner of software or hardware. Therefore, to study the cryptographic engineering field, mathematics backgrounds are needed as well as the computer engineering and computer science. In this article, we briefly review the trend of the cryptographic engineering field for the last decade. After that, side-channel attack for the crypto modules are introduced and several efforts are explained for preventing the side-channel attack in the area of the cryptographic engineering.


Cryptographic engineering Side channel attack SCARF Side channel analysis resistant framework WBC White-box cryptography Masking Shuffling 



This work was supported by the KLA-SCARF project, the ICT R&D program of ETRI (Research on Key Leakage Analysis and Response Technologies).


  1. 1.
    Definition of cryptographic engineering by Wikipedia. Available online at
  2. 2.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of CRYPTO 1999, LNCS 1666, pp. 388–397 (1999)Google Scholar
  3. 3.
    Kocher, P.: Timing attacks on implementations of Diffe-Hellman, RSA, DSS and other systems. In: Proceedings of CRYPTO 1996, LNCS 1109, pp. 104–113 (1996)Google Scholar
  4. 4.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)CrossRefMATHMathSciNetGoogle Scholar
  5. 5.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)CrossRefMATHMathSciNetGoogle Scholar
  6. 6.
    Bernstein, D.: Cache-timing attacks on AES. Retrieved 10 Nov 2011. Available online at (2011)
  7. 7.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th conference on USENIX Security Symposium, pp. 1–14 (2003)Google Scholar
  8. 8.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Proceedings of CHES 2014, LNCS 3156, pp. 135–152 (2004)Google Scholar
  9. 9.
    Gandolfi, K, Mourtel, C., Oliveier, F.: Electromagnetic analysis: concrete results. In: Proceedings of CHES 2001, LNCS 2162, pp. 255–265 (2001)Google Scholar
  10. 10.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Proceedings of CRYPTO 1997, LNCS 1294, pp. 513–525 (1997)Google Scholar
  11. 11.
    Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards, Springer (2007)Google Scholar
  12. 12.
    SCARF project. Available online at
  13. 13.
    SASEBO and SAKURA project. Available online at
  14. 14.
    National Security Research Institute: The ARIA Specification.
  15. 15.
    Kwon, D., Kim, J., Park, S., Sung, S., Sohn, Y., Song, J., Yeom, Y., Yoon, E., Lee, S., Lee, J., Chee, S., Han, D., Hong, J.: New block cipher: ARIA. In: Proceedings of ICISC 2003, LNCS 2971, pp. 432–445 (2003)Google Scholar
  16. 16.
    Kang, J., Choi, D., Choi, Y., Han, D.-G.: Secure hardware implementation of ARIA based on adaptive random masking technique. ETRI J. 34(2), 76–86 (2012)CrossRefGoogle Scholar
  17. 17.
    Koera Internet & Security Agency: Block Cipher Algorithm SEED.
  18. 18.
    Kim, H., Cho, Y., Choi, D., Han, D.-G., Hong, S.: Efficient masked implementation for SEED based on combined masking. ETRI J. 33(2), 267–274 (2011)CrossRefGoogle Scholar
  19. 19.
    Chow, S., Eisen, P., Johnson, H., Oorschot, P.C.V.: White-box cryptography and an AES implementation. In: Proceedings of SAC 2002, LNCS 2595, pp. 250–270 (2003)Google Scholar
  20. 20.
    Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Proceedings of SAC 2004, LNCS 3357, pp. 227–240 (2004)Google Scholar
  21. 21.
    Michiels, W., Gorissen, P., Hollmann, H.D.: Cryptanalysis of a generic class of white-box implementations. In: Proceedings of SAC 2009, LNCS 5867, pp. 414–428 (2009)Google Scholar
  22. 22.
    Tolhuizen, L.: Improved cryptanalysis of an AES implementation. In: Proceedings of the 33rd WIC Symposium on Information Theory, (2012)Google Scholar
  23. 23.
    Bringer, J., Chabanne, H., Dottax, E.: White box cryptography: another attempt. In: IACR Cryptology ePrint Archive, Report 2006/468,
  24. 24.
    Mulder, Y.D., Roelse, P., Preneel, B.: Cryptanalysis of the Xiao-Lai white-box AES implementation. In: Proceedings of SAC 2004, LNCS 3357, pp. 34–49 (2004)Google Scholar
  25. 25.
    Mulder, Y.D., Wyseur, B., Preneel, B.: Cryptanalysis of a perturbated white-box AES implementation. In: Proceedings of INDOCRYPT 2010, LNCS 6498, pp. 292–310 (2010)Google Scholar
  26. 26.
    Lepoint, T., Rivain, M., Mulder, Y.D., Roelse, P., Preneel, B.: Two attacks on a white-box AES implementation. In: Proceedings of the workshop on selected areas in cryptography (2013)Google Scholar

Copyright information

© Springer Japan 2014

Authors and Affiliations

  • Dooho Choi
    • 1
  • Yongjae Choi
    • 2
  • Yousung Kang
    • 2
  • Seungkwang Lee
    • 2
  1. 1.Cyber Security Research Laboratory at ETRIUniversity of Science and Technology(UST)DaejeonSouth Korea
  2. 2.Cyber Security Research Laboratory at ETRIDaejeonSouth Korea

Personalised recommendations