Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings

Higher-order side channel attacks is a class of powerful techniques against cryptographic implementations. Their complexity grows exponentially with the order, but for small orders (e.g. 2 and 3) recent studies have demonstrated that they pose a serious threat in practice. In this context, it is today of great importance to design software countermeasures enabling to counteract higher-order side channel attacks for any arbitrary chosen order. At CHES 2010, Rivain and Prouff have introduced such a countermeasure for the AES. It works for any arbitrary chosen order and benefits from a formal resistance proof. Until now, it was the single one with such assets. By generalizing at any order a countermeasure introduced at ACNS 2010 by Genelle et al. , we propose in this paper an alternative to Rivain and Prouff's solution. The new scheme can also be proven secure at any order and has the advantage of being at least 2 times more efficient than the existing solutions for orders 2 and 3, while maintaining the RAM consumption lower than 200 bytes.

[1]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[2]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[3]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[4]  Elena Trichina,et al.  Simplified Adaptive Multiplicative Masking for AES , 2002, CHES.

[5]  Stefan Mangard,et al.  Secure and Efficient Masking of AES - A Mission Impossible? , 2004, IACR Cryptol. ePrint Arch..

[6]  Emmanuel Prouff,et al.  Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis , 2008, FSE.

[7]  Jean-Sébastien Coron,et al.  A New DPA Countermeasure Based on Permutation Tables , 2008, SCN.

[8]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[9]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[10]  Michaël Quisquater,et al.  Secure Multiplicative Masking of Power Functions , 2010, ACNS.

[11]  Eric Peeters,et al.  Improved Higher-Order Side-Channel Attacks with FPGA Experiments , 2005, CHES.

[12]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[13]  Michaël Quisquater,et al.  Montgomery's Trick and Fast Implementation of Masked AES , 2011, AFRICACRYPT.

[14]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[15]  Stefan Mangard,et al.  Template Attacks on Masking - Resistance Is Futile , 2007, CT-RSA.

[16]  Vinod Vaikuntanathan,et al.  Protecting Circuits from Leakage: the Computationally-Bounded and Noisy Cases , 2010, EUROCRYPT.

[17]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[18]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[19]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[20]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[21]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[22]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[23]  David A. Wagner,et al.  Towards Efficient Second-Order Power Analysis , 2004, CHES.