In this work, the authors propose some alternative hardware efficient masking schemes dedicated to protect the Advanced Encryption Standard (AES) against higher order differential power analysis (DPA). In general, the existing masking schemes all have in common an intrinsic trade-off between the two main parameters of interest, namely the generation of fresh random masking values and the cost of hardware implementation. The design of efficient masking schemes which are non-expensive in both aspects appears to be a difficult task. In this study, the authors propose a second-order threshold implementation of AES, which is characterised by a beneficial trade-off between the two parameters. More precisely, compared to the masking scheme of De Cnudde et al. at CHES 2016, which currently attains the best practical trade-off, the proposed masking scheme requires 28.4% less random masking bits, whereas the implementation cost is slightly increased for about 13.7% (thus the chip area is 1.4 kGE larger). This masking scheme has been used to implement AES on an field-programmable gate array (FPGA) platform and its resistance against the second-order DPA in a simulated attack environment has been confirmed.

References

1. 1)
  - 11. Mangard, S., Popp, T., Gammel, B.: ‘Side-channel leakage of masked CMOS gates’. Topics in Cryptology-CT-RSA 2005, San Francisco, CA, USA, 2005 (LNCS, 3376), pp. 351–365.
2. 2)
  - 16. Rivain, M., Prouff, E.: ‘Provably secure higher-order masking of AES’. Cryptographic Hardware and Embedded Systems-CHES 2010, Santa Barbara, California, USA, 2010 (LNCS, 6225), pp. 413–427.
3. 3)
  - 19. De Cnudde, T., Reparaz, O., Bilgin, B.: ‘Masking AES with d + 1 shares in hardware’. Cryptographic Hardware and Embedded Systems-CHES 2016, Santa Barbara, California, USA, 2016 (LNCS, 9813), pp. 194–212.
4. 4)
  - 12. Moradi, A., Mischke, O., Eisenbarth, T.: ‘Correlation-enhanced power analysis collision attack’. Cryptographic Hardware and Embedded Systems-CHES 2010, Santa Barbara, California, USA, 2010 (LNCS, 6225), pp. 125–139.
5. 5)
  - 22. Duc, A., Dziembowski, S., Faust, S.: ‘Unifying leakage models: from probing attacks to noisy leakage’. Advances in Cryptology-EUROCRYPT 2014, Copenhagen, Denmark, 2014 (LNCS, 8441), pp. 423–440.
6. 6)
  - 18. De Cnudde, T., Bilgin, B., Reparaz, O.: ‘Higher-order threshold implementation of the AES S-box’. Smart Card Research and Advanced Applications-CARDIS 2015, Paris, France, 2015 (LNCS, 9514), pp. 259–272.
7. 7)
  - 5. Prouff, E., Rivain, M., Bevan, R.: ‘Statistical analysis of second order differential power analysis’, IACR Cryptology ePrint Archive, 2010, 646, Available at https://eprint.iacr.org/2010/646.pdf.
8. 8)
  - 6. Schramm, K., Paar, C.: ‘Higher order masking of the AES’. Topics in Cryptology-CT-RSA 2006, San Jose, CA, USA, 2010 (LNCS, 3860), pp. 208–225.
9. 9)
  - 4. Akkar, M., Giraud, C.: ‘An implementation of DES and AES, secure against some attacks’. Cryptographic Hardware and Embedded Systems-CHES 2001, Paris, France, 2001 (LNCS, 2162), pp. 309–318.
10. 10)
  - 10. Mangard, S., Pramstaller, N., Oswald, E.: ‘Successfully attacking masked AES hardware implementations’. Cryptographic Hardware and Embedded Systems-CHES 2005, Edinburgh, UK, 2005 (LNCS, 3659), pp. 157–171.
11. 11)
  - 24. Canright, D.: ‘A very compact S-box for AES’. Cryptographic Hardware and Embedded Systems-CHES 2005, Edinburgh, UK, 2005 (LNCS, 3659), pp. 441–455.
12. 12)
  - 1. Koeune, F., Standaert, F.: ‘A tutorial on physical security and side-channel attacks’. Foundations of Security Analysis and Design III: FOSAD 2004/2005, New York, NY, USA, 2005 (LNCS, 3655), pp. 78–108.
13. 13)
  - 21. ‘NanGate Open Cell Librar’. Available at http://www.nangate.com/.
14. 14)
  - 14. Fumaroli, G., Martinelli, A., Prouff, E.: ‘Affine masking against higher-order side channel analysis’. Selected Areas in Cryptography-SAC 2010, Waterloo, Ontario, Canada, 2010 (LNCS, 6544), pp. 262–280.
15. 15)
  - 15. Ishai, Y., Sahai, A., Wagner, D.: ‘Private circuits: securing hardware against probing attacks’. Advances in Cryptology-CRYPTO 2003, Santa Barbara, California, USA, 2003 (LNCS, 2729), pp. 463–481.
16. 16)
  - 8. Goubin, L., Patarin, J.: ‘DES and differential power analysis the ‘duplication’ method’. Cryptographic Hardware and Embedded Systems-CHES 1999, Worcester, MA, USA, 1999 (LNCS, 1717), pp. 158–172.
17. 17)
  - 7. Chari, S., Jutla, C., Rao, J., et al: ‘Towards sound approaches to counteract power-analysis attacks’. Advances in Cryptology-CRYPTO 1999, Santa Barbara, California, USA, 1999 (LNCS, 1666), pp. 398–412.
18. 18)
  - 13. Nikova, S., Rechberger, C., Rijmen, V.: ‘Threshold implementations against side-channel attacks and glitches’. Information and Communications Security-ICICS 2006, Raleigh, NC, USA, 2006 (LNCS, 4307), pp. 529–545.
19. 19)
  - 2. Kocher, P., Jaffe, J., Jun, B.: ‘Differential power analysis’. Advances in Cryptology-CRYPTO 1999, Santa Barbara, California, USA, 1999 (LNCS, 1666), pp. 388–397.
20. 20)
  - 3. Daemen, J., Rijmen, V.: ‘The design of Rijndael: AES-the advanced encryption standard’ (Springer Science & Business Media, USA, 2013).
21. 21)
  - 17. Bilgin, B., Gierlichs, B., Nikova, S.: ‘A more efficient AES threshold implementation’. Progress in Cryptology-AFRICACRYPT 2014, Africa, Marrakesh, Morocco, 2014 (LNCS, 8469), pp. 267–284.
22. 22)
  - 20. Gross, H., Mangard, S., Korak, T.: ‘Domain-oriented masking: compact masked hardware implementations with arbitrary protection order’, IACR Cryptology ePrint Archive, 2016, 486, Available at https://eprint.iacr.org/2016/486.pdf.
23. 23)
  - 9. Messerges, T.: ‘Securing the AES finalists against power analysis attacks’. Fast Software Encryption-FSE 2000, New York, NY, USA, 2001 (LNCS, 1978), pp. 150–164.
24. 24)
  - 23. Bilgin, B.: ‘Threshold implementations: as countermeasure against higher-order differential power analysis’ (University of Twente, Netherlands, 2015).

New second-order threshold implementation of AES

References

Related content