Two Power Analysis Attacks against One-Mask Methods

Akkar, Mehdi-Laurent; Bevan, Régis; Goubin, Louis

doi:10.1007/978-3-540-25937-4_21

Cited by 37 publications

(25 citation statements)

References 15 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this context, three masking methods have been proposed: two of them [2,9] are based on the idea of combining Boolean and multiplicative masking operations and the third one is based on the idea of masking the individual logic operations required to compute a F 256 inverse. A simplification of [2] was introduced in [26] but it has been recently found in [1] that the simplifications lead to further vulnerabilities against DPA. Thus, we do not consider it any further in this work.…”

Section: Additive Masking and The Aesmentioning

confidence: 99%

Provably Secure Masking of AES

Blömer

Guajardo

Krummel

2004

Lecture Notes in Computer Science

217

177

View full text Add to dashboard Cite

Abstract.A general method to secure cryptographic algorithms against side-channel attacks is the use of randomization techniques and, in particular, masking. Roughly speaking, using random values unknown to an adversary one masks the input to a cryptographic algorithm. As a result, the intermediate results in the algorithm computation are uncorrelated to the input and the adversary cannot obtain any useful information from the side-channel. Unfortunately, previous AES randomization techniques have based their security on heuristics and experiments. Thus, flaws have been found which make AES randomized implementations still vulnerable to side-channel cryptanalysis. In this paper, we provide a formal notion of security for randomized maskings of arbitrary cryptographic algorithms. Furthermore, we present an AES randomization technique that is provably secure against side-channel attacks if the adversary is able to access a single intermediate result. Our randomized masking technique is quite general and it can be applied to arbitrary algorithms using only arithmetic operations over some finite field. To our knowledge this is the first time that a randomization technique for the AES has been proven secure in a formal model.

show abstract

Section: Additive Masking and The Aesmentioning

confidence: 99%

Provably Secure Masking of AES

Blömer

Guajardo

Krummel

2004

Lecture Notes in Computer Science

217

177

View full text Add to dashboard Cite

show abstract

“…However two of them, [2] and [13], are both susceptible to a certain type of (first-order) differential side-channel attack, the zero-value attack. The latter one has turned out to be vulnerable even to standard differential side-channel attacks as well [1]. The countermeasure presented in [6] is not suitable for hardware implementations.…”

Section: Introductionmentioning

confidence: 99%

A Side-Channel Analysis Resistant Description of the AES S-Box

Oswald¹,

Mangard²,

Pramstaller³

et al. 2005

Lecture Notes in Computer Science

234

183

View full text Add to dashboard Cite

Abstract. So far, efficient algorithmic countermeasures to secure the AES algorithm against (first-order) differential side-channel attacks have been very expensive to implement. In this article, we introduce a new masking countermeasure which is not only secure against first-order sidechannel attacks, but which also leads to relatively small implementations compared to other masking schemes implemented in dedicated hardware. Our approach is based on shifting the computation of the finite field inversion in the AES S-box down to GF (4). In this field, the inversion is a linear operation and therefore it is easy to mask. Summarizing, the new masking scheme combines the concepts of multiplicative and additive masking in such a way that security against firstorder side-channel attacks is maintained, and that small implementations in dedicated hardware can be achieved.

show abstract

“…Masking method was initially suggested by Akkar et al, and during the past years, several different masking schemes have been proposed in [12] [13] [14], and soon followed by attacks aiming at these schemes such as [11].…”

Section: The Masking Methodsmentioning

confidence: 99%

On the Leakage between Arithmetic Components of DES Algorithm

Ge¹,

Guo²,

Mao³

et al. 2015

Proceedings of the 2015 International Conference on Computer Science and Intelligent Communication

View full text Add to dashboard Cite

Abstract-Security of cryptographic embedded devices has become a prevalent concern, especially since the introduction of Differential Power Analysis (DPA) by Paul Kocher et al. In the past years, many efforts have been made to improve the resistance against Side Channel Attack (SCA) of cryptographic devices. Among the countermeasures, masking is a typical and efficient strategy. However, a number of effective attacks on masked cryptographic devices have been developed in recent years, and this paper continues this line of research. On theory, a DES with a masking scheme is secure under first order SCA, but we dig out a new leakage problem which makes it possible to attack a masked DES without using higher-order power analysis. Concretely, we perform a first-order correlation power analysis based on the leakage relationship between two different arithmetic components of DES. And the reason for this leakage is analyzed and verified by us through simulation and real card attacks.

show abstract

Two Power Analysis Attacks against One-Mask Methods

Cited by 37 publications

References 15 publications

Provably Secure Masking of AES

Provably Secure Masking of AES

A Side-Channel Analysis Resistant Description of the AES S-Box

On the Leakage between Arithmetic Components of DES Algorithm

Contact Info

Product

Resources

About