• PDF / 469,997 Bytes
• 11 Pages / 430 x 660 pts Page_size
• 24 Downloads / 187 Views

DOWNLOAD

REPORT

2

MTech Student, Department of Computer Science and Engg., Indian Institute of Technology, Kharagpur, India [email protected] Assistant Professor, Department of Computer Science and Engg., Indian Institute of Technology, Madras, India [email protected] 3 Professor, Department of Computer Science and Engg., Indian Institute of Technology, Kharagpur, India [email protected]

Abstract. Gate level masking is one of the most popular countermeasures against Differential Power Attack (DPA). The present paper proposes a masking technique for AND gates, which are then used to build a balanced and masked multiplier in GF (2n ). The circuits are shown to be computationally secure and have no glitches which are dependent on unmasked data. Finally, the masked multiplier in GF (24 ) is used to implement a masked AES S-Box in GF (24 )2 . Power measurements are taken to support the claim of random power consumption.

1

Introduction

Rijndael-AES (Advanced Encryption Standard) has become the worldwide choice in the field of symmetric key cryptography since October 2001. Since then lots of research work have been carried out on the design and implementations of the AES block cipher. With the imposing threat of side-channel attacks, which exploit weakness in the implementation, design of all cryptographic algorithms required a revisit. Hence for AES, various design architectures have been reported [1,2,3] to make it more and more secured against various side channel attacks. The side channel attacks based on the power consumption of the crypto-device are the hardest to tackle. This attack was first introduced by Paul Kocher et. al. in [4] and subsequently extended by many researchers[5,6,7,8,9]. In [10] the first practical power analysis of AES hardware implementation was proposed. Several research works have been carried out to develop design alternatives to overcome power based side-channel leakages from the AES implementations. One way of tackling the problem is the use of masked gates in AES implementations to prevent side-channel leakage. Several patents exist on the gate level masking strategies [11,12]. Various techniques for random masking in hardware has been presented in [13]. Although as is shown in [14], masked cryptographic circuits may cause leakage against ”higher order DPAs”, masking K. Srinathan, C. Pandu Rangan, M. Yung (Eds.): Indocrypt 2007, LNCS 4859, pp. 373–383, 2007. c Springer-Verlag Berlin Heidelberg 2007 

374

K. Kumar, D. Mukhopadhyay, and D. RoyChowdhury

is still one of the most popular safeguards. Also as proved in [15], using distinct mask values one can protect against higher order DPAs. However, in case of practical CMOS circuits it is natural that the output of internal gates switch more than once before stabilizing depending on the path delay inside the circuit [16]. The results on DPA attacks of masked gates, reported in [17] demonstrate that all proposed masked gates are vulnerable to power based side-channel leakage in the presence of glitches. The work in [18] discusses three diffe

Recommend Documents

Near and Far Collision Attack on Masked AES

141 84 168MB

Exploiting Linearity in White-Box AES with Differential Computation Analysis

185 112 393KB

Towards the Design of a Stronger AES: AES with Key Dependent Shift Rows (KDSR)

160 95 1006KB

Design and Analysis of Low-Power SRAM

193 13 37MB

New Results on Impossible Differential Cryptanalysis of Reduced AES

170 66 181KB

Research on Differential Power Analysis of Lightweight Block Cipher LED

195 97 168MB

S-NET: A Confusion Based Countermeasure Against Power Attacks for SBOX

212 81 30MB

SBOX under PVT variation

148 101 899KB

The Design of Rijndael The Advanced Encryption Standard (AES)

184 63 3MB

Design and Analysis of an Improvised Fully Differential Amplifier

142 67 52MB

Power Transformer Differential Protection Through Gradient of the Differential Current

200 91 984KB

Masked Shame

167 40 2MB