Provably Secure Higher-Order Masking of AES
نویسندگان
چکیده
Implementations of cryptographic algorithms are vulnerable to Side Channel Analysis (SCA). To counteract it, masking schemes are usually involved which randomize key-dependent data by the addition of one or several random value(s) (the masks). When dth-order masking is involved (i.e. when d masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with the order d. The design of generic dth-order masking schemes taking the order d as security parameter is therefore of great interest for the physical security of cryptographic implementations. This paper presents the first generic dth-order masking scheme for AES with a provable security and a reasonable software implementation overhead. Our scheme is based on the hardware-oriented masking scheme published by Ishai et al. at Crypto 2003. Compared to this scheme, our solution can be efficiently implemented in software on any general-purpose processor. This result is of importance considering the lack of solution for d > 3.
منابع مشابه
Using SIMD Instructions to Accelerate AES with Provably Secure Higher-Order Masking
As a widely used block cipher, AES has been the target of many attacks, including side-channel attacks. Masking is a countermeasure to mitigate side-channel attacks by hiding the intermediate values used in cryptographic algorithms with random values. However, the masking scheme, especially high-order masking, has large overhead. In this paper we study efficient implementations of the higher-or...
متن کاملProvably Secure Masking of AES
A general method to secure cryptographic algorithms against side-channel attacks is the use of randomization techniques and, in particular, masking. Roughly speaking, using random values unknown to an adversary one masks the input to a cryptographic algorithm. As a result, the intermediate results in the algorithm computation are uncorrelated to the input and the adversary cannot obtain any use...
متن کاملHigher Order Masking of the AES
The development of masking schemes to secure AES implementations against side channel attacks is a topic of ongoing research. Many different approaches focus on the AES S-box and have been discussed in the previous years. Unfortunately, to our knowledge most of these countermeasures only address firstorder DPA. In this article, we discuss the theoretical background of higher order DPA. We give ...
متن کاملSecure and Efficient Masking of AES - A Mission Impossible?
This document discusses masking approaches with a special focus on the AES S-box. Firstly, we discuss previously presented masking schemes with respect to their security and implementation. We conclude that algorithmic countermeasures to secure the AES algorithm against side-channel attacks have not been resistant against all first-order side-channel attacks. In this article, we introduce a new...
متن کاملCompositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler
The prevailing approach for building masked algorithms that can resist higher-order differential power analysis is to develop gadgets, that is, masked gates used as atomic blocks, that securely implement basic operations from the original algorithm, and then to compose these gadgets, introducing refresh operations at strategic places to guarantee that the complete circuit is protected. These co...
متن کامل