Efficient Masking Methods Appropriate for the Block Ciphers ARIA and AES

In this paper, we propose efficient masking methods for ARIA and AES. In general, a masked S-box (MS) block can be constructed in different ways depending on the implementation platform, such as hardware and software. However, the other components of ARIA and AES have less impact on the implementation cost. We first propose an efficient masking structure by minimizing the number of mask corrections under the assumption that we have an MS block. Second, to make a secure and efficient MS block for ARIA and AES, we propose novel methods to solve the table size problem for the MS block in a software implementation and to reduce the cost of a masked inversion which is the main part of the MS block in the hardware implementation.

[1]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[2]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[3]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[4]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[5]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[6]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[7]  Sangjin Lee,et al.  Design and Implementation of Unified Hardware for 128-Bit Block Ciphers ARIA and AES , 2007 .

[8]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[9]  Carlisle M. Adams,et al.  The structured design of cryptographically good s-boxes , 1990, Journal of Cryptology.

[10]  ChangKyun Kim,et al.  Differential Side Channel Analysis Attacks on FPGA Implementations of ARIA , 2007 .

[11]  Daesung Kwon,et al.  New Block Cipher: ARIA , 2003, ICISC.

[12]  Akashi Satoh,et al.  A Compact Rijndael Hardware Architecture with S-Box Optimization , 2001, ASIACRYPT.

[13]  Elena Trichina,et al.  Simplified Adaptive Multiplicative Masking for AES , 2002, CHES.

[14]  Luke O'Connor,et al.  On the distribution of characteristics in bijective mappings , 1994, Journal of Cryptology.

[15]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[16]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[17]  Elisabeth Oswald,et al.  An Efficient Masking Scheme for AES Software Implementations , 2005, WISA.

[18]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[19]  JaeCheol Ha,et al.  Differential Power Analysis on Block Cipher ARIA , 2005, HPCC.

[20]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[21]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[22]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[23]  Jongin Lim,et al.  Information Security and Cryptology - ICISC 2003 , 2003, Lecture Notes in Computer Science.

[24]  Helena Handschuh,et al.  Selected Areas in Cryptography, 11th International Workshop, SAC 2004, Waterloo, Canada, August 9-10, 2004, Revised Selected Papers , 2004, Selected Areas in Cryptography.

[25]  Amir Moradi,et al.  Compact and Secure Design of Masked AES S-Box , 2007, ICICS.

[26]  Bart Preneel,et al.  Power Analysis of an FPGA: Implementation of Rijndael: Is Pipelining a DPA Countermeasure? , 2004, CHES.

[27]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.