Principles on the Security of AES against First and Second-Order Differential Power Analysis

The Advanced Encryption Standard (AES) is a 128-bit block cipher that is currently being widely used in smartcards. Differential Power Analysis (DPA) is a powerful technique used to attack a cryptographic implementation in a resource-limited application environment like smartcards. Despite the extensive research on DPA of AES, it seems none has explicitly addressed the fundamental issue: How many rounds of the beginning and end parts of an AES implementation should be protected in order to resist practical DPA attacks, namely first and second-order DPA attacks? Implementation designers may think that it is sufficient to protect the first and last one (or one and a half) rounds of AES, leaving the inner rounds unprotected or protected by simple countermeasures. In this paper, we show that power leakage of some intermediate values from the more inner rounds of AES can be exploited to conduct first and/or second-order DPA attacks by employing techniques such as fixing certain plaintext/ciphertext bytes. We give five general principles on DPA vulnerability of unprotected AES implementations, and then give several general principles on DPA vulnerability of protected AES implementations. These principles specify which positions of AES are vulnerable to first and second-order DPA. To justify the principles, we attack two recently proposed AES implementations that use two kinds of countermeasures to achieve a high resistance against power analysis, and demonstrate that they are even vulnerable to DPA. Finally, we conclude that at least the first two and a half rounds and the last three rounds should be secured for an AES implementation to be resistant against first and second-order DPA in practice.

[1]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[2]  Alex Biryukov,et al.  Two New Techniques of Side-Channel Cryptanalysis , 2007, CHES.

[3]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[4]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[5]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[6]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[7]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[8]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[9]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[10]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[11]  Ingrid Verbauwhede,et al.  Cryptographic hardware and embedded systems : CHES 2007 : 9th International Workshop, Vienna, Austria, September 10-13, 2007 : proceedings , 2007 .

[12]  Louis Goubin,et al.  Two Power Analysis Attacks against One-Mask Methods , 2004, FSE.

[13]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[14]  Bart Preneel,et al.  Blind Differential Cryptanalysis for Enhanced Power Attacks , 2006, Selected Areas in Cryptography.

[15]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[16]  Erik P. de Vink,et al.  An Operation-Based Metric for CPA Resistance , 2008, SEC.

[17]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[18]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[19]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[20]  Christophe Giraud,et al.  Provably Secure S-Box Implementation Based on Fourier Transform , 2006, CHES.

[21]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[22]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[23]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[24]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[25]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[26]  Stefan Mangard,et al.  Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[27]  Jiqiang Lu,et al.  Enhanced DES Implementation Secure Against High-Order Differential Power Analysis in Smartcards , 2005, ACISP.

[28]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[29]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[30]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[31]  Jiqiang Lv On two DES implementations secure against differential power analysis in smart-cards , 2006 .

[32]  Pankaj Rohatgi,et al.  Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[33]  Sangjin Lee,et al.  Improving the Upper Bound on the Maximum Differential and the Maximum Linear Hull Probability for SPN Structures and AES , 2003, FSE.

[34]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[35]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[36]  Louis Goubin,et al.  A Generic Protection against High-Order Differential Power Analysis , 2003, FSE.

[37]  Elisabeth Oswald,et al.  An Efficient Masking Scheme for AES Software Implementations , 2005, WISA.

[38]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[39]  Stefan Mangard,et al.  Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis , 2007, ACNS.

[40]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[41]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[42]  Jerry den Hartog,et al.  You Cannot Hide behind the Mask: Power Analysis on a Provably Secure S-Box Implementation , 2009, WISA.

[43]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[44]  Marine Minier,et al.  A Collision Attack on 7 Rounds of Rijndael , 2000, AES Candidate Conference.