Higher Order Masking of the AES
نویسندگان
چکیده
The development of masking schemes to secure AES implementations against side channel attacks is a topic of ongoing research. Many different approaches focus on the AES S-box and have been discussed in the previous years. Unfortunately, to our knowledge most of these countermeasures only address firstorder DPA. In this article, we discuss the theoretical background of higher order DPA. We give the expected measurement costs an adversary has to deal with for different hardware models. Moreover, we present a masking scheme which protects anAES implementation against higher orderDPA. Wehave implemented this masking scheme for various orders and present the corresponding performance details implementors will have to expect.
منابع مشابه
Using SIMD Instructions to Accelerate AES with Provably Secure Higher-Order Masking
As a widely used block cipher, AES has been the target of many attacks, including side-channel attacks. Masking is a countermeasure to mitigate side-channel attacks by hiding the intermediate values used in cryptographic algorithms with random values. However, the masking scheme, especially high-order masking, has large overhead. In this paper we study efficient implementations of the higher-or...
متن کاملAffine Masking against Higher-Order Side Channel Analysis
In the last decade, an effort has been made by the research community to find efficient ways to thwart side channel analysis (SCA) against physical implementations of cryptographic algorithms. A common countermeasure for implementations of block ciphers is Boolean masking which randomizes by the bitwise addition of one or several random value(s) to the variables to be protected. However, advanc...
متن کاملFPGA Implementation of AES Algorithm Resistant Power Analysis attacks
In order to be more effectively resist differential power analysis attacks, the improved fixed value masking algorithm is proposed for resource-constrained smart card based on fixed value masking and random masking. Firstly, a number of random numbers are selected and prestored in on-chip ROM for generating the corresponding byte-substitution table. It does not increase much power and hardware ...
متن کاملProvably Secure Higher-Order Masking of AES
Implementations of cryptographic algorithms are vulnerable to Side Channel Analysis (SCA). To counteract it, masking schemes are usually involved which randomize key-dependent data by the addition of one or several random value(s) (the masks). When dth-order masking is involved (i.e. when d masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with ...
متن کاملSecure and Efficient Masking of AES - A Mission Impossible?
This document discusses masking approaches with a special focus on the AES S-box. Firstly, we discuss previously presented masking schemes with respect to their security and implementation. We conclude that algorithmic countermeasures to secure the AES algorithm against side-channel attacks have not been resistant against all first-order side-channel attacks. In this article, we introduce a new...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006