Abstract
The recently proposed multiplicative masking countermeasure against power analysis attacks on AES is interesting as it does not require the costly recomputation and RAM storage of S-boxes for every run of AES. This is important for applications where the available space is very limited such as the smart card applications. Unfortunately, it is here shown that this method is in fact inherently vulnerable to differential power analysis. However, it is also shown that the multiplicative masking method can be modified so as to provide resistance to differential power analysis of nonideal but controllable security level, at the expense of increased computational complexity. Other possible random masking methods are also discussed.
Chapter PDF
Similar content being viewed by others
References
M.-L. Akkar, R. Bevan, P. Dischamp, and D. Moyart, “Power analysis, what is now possible...,” Advances in Cryptology-Asiacrypt 2000, Lecture Notes in Computer Science, vol. 1976, pp. 489–502, 2000.
M.-L. Akkar and C. Giraud, “An implementation of DES and AES, secure against some attacks,” Cryptographic Hardware and Embedded Systems-CHES 2001, Lecture Notes in Computer Science, vol. 2162, pp. 309–318, 2001.
S. Chari, C. Jutla, J. Rao, and P. Rohatgi, “Towards sound approaches to counteract power-analysis attacks,” Advances in Cryptology-CRYPTO’ 99, Lecture Notes in Computer Science, vol. 1666, pp. 398–412, 1999.
J.-S. Coron, P. Kocher, and D. Naccache, “Statistics and secret leakage,” Financial Cryptography-FC 2000, Lecture Notes in Computer Science, vol. 1962, pp. 157–173, 2001.
J.-S. Coron and L. Goubin, “On Boolean and arithmetic masking against differential power analysis,” Cryptographic Hardware and Embedded Systems-CHES 2000, Lecture Notes in Computer Science, vol. 1965, pp. 231–237, 2000.
J. Daemen and V. Rijmen, “AES proposal: Rijndael,” 1999, available at http://www.nist.gov/aes/.
L. Goubin and J. Patarin, “DES and differential power analysis: The duplication method,” Cryptographic Hardware and Embedded Systems-CHES’ 99, Lecture Notes in Computer Science, vol. 1717, pp. 158–172, 1999.
D. E. Knuth, The Art of Computer Programming, Vol. 2, Addison-Wesley, Reading, MA, 1973.
P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” Advances in Cryptology-CRYPTO’ 99, Lecture Notes in Computer Science, vol. 1666, pp. 388–397, 1999.
T. Messerges, “Securing the AES finalists against power analysis attacks,” Fast Software Encryption-FSE 2000, Lecture Notes in Computer Science, vol. 1978, pp. 150–164, 2001.
T. Messerges, “Using second-order power analysis to attack DPA resistant software,” Cryptographic Hardware and Embedded Systems-CHES 2000, Lecture Notes in Computer Science, vol. 1965, pp. 238–251, 2000.
R. Schroeppel, H. Orman, S. O'Malley, and O. Spatscheck, “Fast key exchange with elliptic curve systems,” Advances in Cryptology-CRYPTO’ 95, Lecture Notes in Computer Science, vol. 963, pp. 43–56, 1995.
J. H. Silverman, “Fast multiplication in finite fields GF(2N),” Cryptographic Hardware and Embedded Systems-CHES’ 99, Lecture Notes in Computer Science, vol. 1717, pp. 122–134, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Golić, J.D., Tymen, C. (2003). Multiplicative Masking and Power Analysis of AES. In: Kaliski, B.S., Koç, ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems - CHES 2002. CHES 2002. Lecture Notes in Computer Science, vol 2523. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36400-5_16
Download citation
DOI: https://doi.org/10.1007/3-540-36400-5_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00409-7
Online ISBN: 978-3-540-36400-9
eBook Packages: Springer Book Archive