Article

Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers

Authors:

Matthieu Rivain,

Emmanuel Prouff,

Julien DogetAuthors Info & Claims

CHES '09: Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems

Pages 171 - 188

https://doi.org/10.1007/978-3-642-04138-9_13

Published: 30 August 2009 Publication History

Abstract

Differential Power Analysis (DPA) is a powerful side channel key recovery attack that efficiently breaks block ciphers implementations. In software, two main techniques are usually applied to thwart them: masking and operations shuffling. To benefit from the advantages of the two techniques, recent works have proposed to combine them. However, the schemes which have been designed until now only provide limited resistance levels and some advanced DPA attacks have turned out to break them. In this paper, we investigate the combination of masking and shuffling. We moreover extend the approach with the use of higher-order masking and we show that it enables to significantly improve the security level of such a scheme. We first conduct a theoretical analysis in which the efficiency of advanced DPA attacks targeting masking and shuffling is quantified. Based on this analysis, we design a generic scheme combining higher-order masking and shuffling. This scheme is scalable and its security parameters can be chosen according to any desired resistance level. As an illustration, we apply it to protect a software implementation of AES for which we give several security/efficiency trade-offs.

References

[1]

Akkar, M.-L., Giraud, C.: An Implementation of DES and AES, Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309-318. Springer, Heidelberg (2001)

Digital Library

[2]

Chari, S., Jutla, C., Rao, J., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398-412. Springer, Heidelberg (1999)

Digital Library

[3]

Clavier, C., Coron, J.-S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252-263. Springer, Heidelberg (2000)

Digital Library

[4]

Coron, J.-S.: A New DPA Countermeasure Based on Permutation Tables. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 278-292. Springer, Heidelberg (2008)

Digital Library

[5]

Coron, J.-S., Prouff, E., Rivain, M.: Side Channel Cryptanalysis of a Higher Order Masking Scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 28-44. Springer, Heidelberg (2007)

Digital Library

[6]

FIPS PUB 197. Advanced Encryption Standard. National Institute of Standards and Technology (November 2001)

[7]

Goubin, L., Patarin, J.: DES and Differential Power Analysis - The Duplication Method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158-172. Springer, Heidelberg (1999)

Digital Library

[8]

Herbst, P., Oswald, E., Mangard, S.: An AES Smart Card Implementation Resistant to Power Analysis Attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239-252. Springer, Heidelberg (2006)

Digital Library

[9]

Joye, M., Paillier, P., Schoenmakers, B.: On Second-order Differential Power Analysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 293-308. Springer, Heidelberg (2005)

Digital Library

[10]

Knuth, D.: The Art of Computer Programming, 3rd edn., vol. 2. Addison-Wesley, Reading (1988)

[11]

Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388-397. Springer, Heidelberg (1999)

Digital Library

[12]

Mangard, S.: Hardware Countermeasures against DPA - A Statistical Analysis of Their Effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222-235. Springer, Heidelberg (2004)

[13]

Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks - Revealing the Secrets of Smartcards. Springer, Heidelberg (2007)

Digital Library

[14]

Messerges, T.: Securing the AES Finalists against Power Analysis Attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150-164. Springer, Heidelberg (2001)

Digital Library

[15]

Messerges, T.: Using Second-order Power Analysis to Attack DPA Resistant Software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238-251. Springer, Heidelberg (2000)

Digital Library

[16]

Oswald, E., Mangard, S.: Template Attacks on Masking--Resistance is Futile. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 243-256. Springer, Heidelberg (2006)

Digital Library

[17]

Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical Second-order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 192-207. Springer, Heidelberg (2006)

Digital Library

[18]

Patarin, J.: How to Construct Pseudorandom and Super Pseudorandom Permutation from one Single Pseudorandom Function. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 256-266. Springer, Heidelberg (1993)

Digital Library

[19]

Pieprzyk, J.: How to Construct Pseudorandom Permutations from Single Pseudorandom Functions Advances. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 140-150. Springer, Heidelberg (1991)

Digital Library

[20]

Prouff, E., Rivain, M., Bévan, R.: Statistical Analysis of Second Order Differential Power Analysis. IEEE Trans. Comput. 58(6), 799-811 (2009)

Digital Library

[21]

Rivain, M., Dottax, E., Prouff, E.: Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 127-143. Springer, Heidelberg (2008)

Digital Library

[22]

Rivain, M., Prouff, E., Doget, J.: Higher-order Masking and Shuffling for Software Implementations of Block Ciphers. Cryptology ePrint Archive (2009), http://eprint.iacr.org/

[23]

Schramm, K., Paar, C.: Higher Order Masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 208-225. Springer, Heidelberg (2006)

Digital Library

[24]

Standaert, F.-X., Peeters, E., Rouvroy, G., Quisquater, J.-J.: An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays. IEEE 94(2), 383-394 (2006)

[25]

Tillich, S., Herbst, C.: Attacking State-of-the-Art Software Countermeasures-A Case Study for AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 228-243. Springer, Heidelberg (2008)

Digital Library

[26]

Tillich, S., Herbst, C., Mangard, S.: Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 141-157. Springer, Heidelberg (2007)

Digital Library

[27]

Wasserman, L.: All of Statistics: A Concise Course in Statistical Inference. Springer Texts in Statistics (2005)

Cited By

Belleville NMasure L(2024)Combining Loop Shuffling and Code PolyMorphism for Enhanced AES Side-Channel SecurityConstructive Side-Channel Analysis and Secure Design10.1007/978-3-031-57543-3_14(260-280)Online publication date: 9-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57543-3_14
Koblah DGanji FForte DTajik SOkhravi HWang C(2022)Hardware Moving Target Defenses against Physical AttacksProceedings of the 9th ACM Workshop on Moving Target Defense10.1145/3560828.3564010(25-36)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560828.3564010
Jin CZhou YQiu XFeng QZhang Q(2022)Breaking real-world COTS USIM cards with unknown side-channel countermeasuresComputers and Security10.1016/j.cose.2021.102531113:COnline publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1016/j.cose.2021.102531
Show More Cited By

Recommendations

Hiding Higher-Order Univariate Leakages by Shuffling Polynomial Masking Schemes: A More Efficient, Shuffled, and Higher-Order Masked AES S-box
TIS '16: Proceedings of the 2016 ACM Workshop on Theory of Implementation Security

Polynomial masking is a glitch-resistant and higher-order masking scheme based upon Shamir's secret sharing scheme and multi-party computation protocols. Polynomial masking was first introduced at CHES 2011, while a 1st-order implementation of the AES S-...
Higher order masking of the AES
CT-RSA'06: Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology

The development of masking schemes to secure AES implementations against side channel attacks is a topic of ongoing research. Many different approaches focus on the AES S-box and have been discussed in the previous years. Unfortunately, to our knowledge ...
Practical second-order DPA attacks for masked smart card implementations of block ciphers
CT-RSA'06: Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology

In this article we describe an improved concept for second-order differential-power analysis (DPA) attacks on masked smart card implementations of block ciphers. Our concept allows to mount second-order DPA attacks in a rather simple way: a second-order ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CHES '09: Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems

August 2009

469 pages

ISBN:9783642041372

Editors:
Christophe Clavier
Département de Mathématiques et d'Informatique, Université de Limoges, Limoges, France 87000
,
Kris Gaj
ECE Department, George Mason University, Fairfax, USA 22030

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 30 August 2009

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Belleville NMasure L(2024)Combining Loop Shuffling and Code PolyMorphism for Enhanced AES Side-Channel SecurityConstructive Side-Channel Analysis and Secure Design10.1007/978-3-031-57543-3_14(260-280)Online publication date: 9-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57543-3_14
Koblah DGanji FForte DTajik SOkhravi HWang C(2022)Hardware Moving Target Defenses against Physical AttacksProceedings of the 9th ACM Workshop on Moving Target Defense10.1145/3560828.3564010(25-36)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3560828.3564010
Jin CZhou YQiu XFeng QZhang Q(2022)Breaking real-world COTS USIM cards with unknown side-channel countermeasuresComputers and Security10.1016/j.cose.2021.102531113:COnline publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1016/j.cose.2021.102531
Udvarhelyi BBronchain OStandaert F(2021)Security Analysis of Deterministic Re-keying with Masking and Shuffling: Application to ISAPConstructive Side-Channel Analysis and Secure Design10.1007/978-3-030-89915-8_8(168-183)Online publication date: 25-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-89915-8_8
Coron JSpignoli L(2021)Secure Wire Shuffling in the Probing ModelAdvances in Cryptology – CRYPTO 202110.1007/978-3-030-84252-9_8(215-244)Online publication date: 16-Aug-2021
https://dl.acm.org/doi/10.1007/978-3-030-84252-9_8
Biryukov AUdovenko A(2021)Dummy Shuffling Against Algebraic Attacks in White-Box ImplementationsAdvances in Cryptology – EUROCRYPT 202110.1007/978-3-030-77886-6_8(219-248)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-77886-6_8
Ouladj MGuilley SProuff E(2020)On the Implementation Efficiency of Linear Regression-Based Side-Channel AttacksConstructive Side-Channel Analysis and Secure Design10.1007/978-3-030-68773-1_8(147-172)Online publication date: 1-Apr-2020
https://dl.acm.org/doi/10.1007/978-3-030-68773-1_8
Masure LDumas CProuff E(2019)Gradient Visualization for General Characterization in Profiling AttacksConstructive Side-Channel Analysis and Secure Design10.1007/978-3-030-16350-1_9(145-167)Online publication date: 3-Apr-2019
https://dl.acm.org/doi/10.1007/978-3-030-16350-1_9
Bogdanov ARivain MVejre PWang J(2019)Higher-Order DCA against Standard Side-Channel CountermeasuresConstructive Side-Channel Analysis and Secure Design10.1007/978-3-030-16350-1_8(118-141)Online publication date: 3-Apr-2019
https://dl.acm.org/doi/10.1007/978-3-030-16350-1_8
Fahd SAfzal MAbbas HIqbal WWaheed S(2018)Correlation power analysis of modes of encryption in AES and its countermeasuresFuture Generation Computer Systems10.1016/j.future.2017.06.00483:C(496-509)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1016/j.future.2017.06.004
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten