Protecting AES with Shamir's Secret Sharing Scheme

Cryptographic algorithms embedded on physical devices are particularly vulnerable to Side Channel Analysis (SCA). The most common countermeasure for block cipher implementations is masking, which randomizes the variables to be protected by combining them with one or several random values. In this paper, we propose an original masking scheme based on Shamir's Secret Sharing scheme [22] as an alternative to Boolean masking. We detail its implementation for the AES using the same tool than Rivain and Prouff in CHES 2010 [16]: multiparty computation. We then conduct a security analysis of our scheme in order to compare it to Boolean masking. Our results show that for a given amount of noise the proposed scheme - implemented to the first order - provides the same security level as 3rd up to 4th order boolean masking, together with a better efficiency.

[1]  Guillaume Fumaroli,et al.  Masking against Higher-Order Side Channel Analysis ? , 2010 .

[2]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[3]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[4]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[5]  Bart Preneel,et al.  Revisiting Higher-Order DPA Attacks: Multivariate Mutual Information Analysis. , 2009 .

[6]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[7]  Manfred von Willich A Technique with an Information-Theoretic Basis for Protecting Secret Data from Differential Power Attacks , 2001, IMACC.

[8]  Emmanuel Prouff,et al.  Affine Masking against Higher-Order Side Channel Analysis , 2010, IACR Cryptol. ePrint Arch..

[9]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[10]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[11]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[12]  Markus Kasper,et al.  The World is Not Enough: Another Look on Second-Order DPA , 2010, IACR Cryptol. ePrint Arch..

[13]  Emmanuel Prouff,et al.  Statistical Analysis of Second Order Differential Power Analysis , 2009, IEEE Transactions on Computers.

[14]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[15]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[16]  Henk L. Muller,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001, Lecture Notes in Computer Science.

[17]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[18]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[19]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[20]  Emmanuel Prouff,et al.  Theoretical and practical aspects of mutual information-based side channel analysis , 2010, Int. J. Appl. Cryptogr..

[21]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[22]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[23]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[24]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[25]  T. Kanade,et al.  Topics in Cryptology - CT-RSA 2009 , 2009 .

[26]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[27]  S. Griffis EDITOR , 1997, Journal of Navigation.

[28]  Emmanuel Prouff,et al.  Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers , 2009, CHES.

[29]  Matthieu Rivain,et al.  Higher-order Masking and Shuing for Software Implementations of Block Ciphers - Extended Version ? - , 2009 .

[30]  Emmanuel Prouff Smart Card Research and Advanced Applications - 10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Leuven, Belgium, September 14-16, 2011, Revised Selected Papers , 2011, CARDIS.

[31]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.