An area-efficient shuffling scheme for AES implementation on FPGA

Power analysis attack is an efficient way to retrieve the sensitive information from the hardware implementation of modern cryptographic algorithms, such as Advance Encryption Standard (AES). First-order masking could defend against Differential Power Analysis (DPA) attack without extra hardware support. However, it is vulnerable to Higher-Order Differential Power Analysis (HODPA) attack. HODPA attack could be avoided using a higher order masking scheme, but it takes up huge hardware resources. In this paper, we propose a low cost shuffling scheme for FPGA based AES implementations, which is able to efficiently resist against HODPA attack. We reuse our previous masked S-box proposed in [20-21] to reduce hardware resources and defend against glitch attacks. Also, we reorder the executing sequence of the MixColumns and the AddRoundKey transformations in the first-second, the last and the second to last rounds. It is difficult for the attackers to find the “real” attacking points in our proposed design. The experimental results show that our proposed design is only 5.6% larger than the masking only scheme.

[1]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[2]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[3]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[4]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[5]  Claude Carlet,et al.  Higher-Order Masking Schemes for S-Boxes , 2012, FSE.

[6]  Jun Han,et al.  VLSI implementation of an AES algorithm resistant to Differential Power Analysis attack , 2007, 2007 7th International Conference on ASIC.

[7]  Seokhie Hong,et al.  A Fast and Provably Secure Higher-Order Masking of AES S-Box , 2011, CHES.

[8]  Elisabeth Oswald,et al.  An Efficient Masking Scheme for AES Software Implementations , 2005, WISA.

[9]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[10]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[11]  Ingrid Verbauwhede,et al.  Revisiting Higher-Order DPA Attacks: , 2010, CT-RSA.

[12]  Yajun Ha,et al.  FPGA-Based 40.9-Gbits/s Masked AES With Area Optimization for Storage Area Network , 2013, IEEE Transactions on Circuits and Systems II: Express Briefs.

[13]  A. Ghazel,et al.  SRAM-FPGA implementation of masked S-Box based DPA countermeasure for AES , 2008, 2008 3rd International Design and Test Workshop.

[14]  Emmanuel Prouff,et al.  Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers , 2009, CHES.

[15]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[16]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[17]  Elena Trichina,et al.  Secure AES Hardware Module for Resource Constrained Devices , 2004, ESAS.

[18]  Emmanuel Prouff,et al.  Attack on a Higher-Order Masking of the AES Based on Homographic Functions , 2010, INDOCRYPT.

[19]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[20]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[21]  Lars R. Knudsen,et al.  Advanced Encryption Standard (AES) - An Update , 1999, IMACC.

[22]  Wei Zhao,et al.  FPGA based optimization for masked AES implementation , 2011, 2011 IEEE 54th International Midwest Symposium on Circuits and Systems (MWSCAS).