Protecting AES against side-channel analysis using wire-tap codes

We introduce a general protection of data against side channel analysis (SCA) based on wire-tap codes. We focus in this paper on an application for the AES cipher. We analyse the behaviour of our countermeasure against different kinds of SCA. Our results show that this protection is an excellent alternative to classical masking methods as it comes with the secrecy property of wire-tap coding, practical resistance against first and second-order DPA. Moreover, we point out that it brings two novel features: the possibility to unmask without the knowledge of the mask and its capability to detect some faults.

[1]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[2]  Stefan Tillich,et al.  Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[3]  Yang Li,et al.  Security Evaluation of a DPA-Resistant S-Box Based on the Fourier Transform , 2009, ICICS.

[4]  Manfred von Willich A Technique with an Information-Theoretic Basis for Protecting Secret Data from Differential Power Attacks , 2001, IMACC.

[5]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[6]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[7]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[8]  Ingrid Verbauwhede,et al.  Revisiting Higher-Order DPA Attacks: , 2010, CT-RSA.

[9]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[10]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[11]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[12]  Jörn-Marc Schmidt,et al.  Coding Schemes for Arithmetic and Logic Operations - How Robust Are They? , 2009, WISA.

[13]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[14]  Lawrence H. Ozarow,et al.  Wire-tap channel II , 1984, AT&T Bell Lab. Tech. J..

[15]  Christophe Giraud,et al.  Provably Secure S-Box Implementation Based on Fourier Transform , 2006, CHES.

[16]  A. Robert Calderbank,et al.  Capacity Achieving Codes for the Wire Tap Channel with Applications to Quantum Key Distribution , 2004, ArXiv.

[17]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[18]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[19]  Marc Joye,et al.  On Second-Order Differential Power Analysis , 2005, CHES.

[20]  Emmanuel Prouff,et al.  Theoretical and practical aspects of mutual information-based side channel analysis , 2010, Int. J. Appl. Cryptogr..

[21]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[22]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[23]  Stefan Mangard,et al.  Secure and Efficient Masking of AES - A Mission Impossible? , 2004, IACR Cryptol. ePrint Arch..