Using SIMD Instructions to Accelerate AES with Provably Secure Higher-Order Masking
نویسندگان
چکیده
As a widely used block cipher, AES has been the target of many attacks, including side-channel attacks. Masking is a countermeasure to mitigate side-channel attacks by hiding the intermediate values used in cryptographic algorithms with random values. However, the masking scheme, especially high-order masking, has large overhead. In this paper we study efficient implementations of the higher-order masking algorithm for AES on processors with SIMD instructions. The SIMD instructions process multiple data items simultaneously, thus reducing the total execution time. The proposed implementation can defeat timing attacks, cache attacks, and power analysis attacks. On Intel processor with SSE3, our second order masking implementation is 6.8 times faster than previously reported results, and our third order masking is 5.6 times faster.
منابع مشابه
Provably Secure Masking of AES
A general method to secure cryptographic algorithms against side-channel attacks is the use of randomization techniques and, in particular, masking. Roughly speaking, using random values unknown to an adversary one masks the input to a cryptographic algorithm. As a result, the intermediate results in the algorithm computation are uncorrelated to the input and the adversary cannot obtain any use...
متن کاملProvably Secure Higher-Order Masking of AES
Implementations of cryptographic algorithms are vulnerable to Side Channel Analysis (SCA). To counteract it, masking schemes are usually involved which randomize key-dependent data by the addition of one or several random value(s) (the masks). When dth-order masking is involved (i.e. when d masks are used per key-dependent variable), the complexity of performing an SCA grows exponentially with ...
متن کاملHigher Order Masking of the AES
The development of masking schemes to secure AES implementations against side channel attacks is a topic of ongoing research. Many different approaches focus on the AES S-box and have been discussed in the previous years. Unfortunately, to our knowledge most of these countermeasures only address firstorder DPA. In this article, we discuss the theoretical background of higher order DPA. We give ...
متن کاملSecure and Efficient Masking of AES - A Mission Impossible?
This document discusses masking approaches with a special focus on the AES S-box. Firstly, we discuss previously presented masking schemes with respect to their security and implementation. We conclude that algorithmic countermeasures to secure the AES algorithm against side-channel attacks have not been resistant against all first-order side-channel attacks. In this article, we introduce a new...
متن کاملCompositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler
The prevailing approach for building masked algorithms that can resist higher-order differential power analysis is to develop gadgets, that is, masked gates used as atomic blocks, that securely implement basic operations from the original algorithm, and then to compose these gadgets, introducing refresh operations at strategic places to guarantee that the complete circuit is protected. These co...
متن کامل