Skip to main content
SpringerLink
Log in

On Masked Galois-Field Multiplication for Authenticated Encryption Resistant to Side Channel Analysis

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10815))

Abstract

This paper presents a side-channel attack on masked Galois-field (GF) multiplication used in authenticated encryptions including AES-GCM and a new countermeasure against the proposed attack. While the previous side-channel attack is likely to recover the full key of GHASH in AES-GCM, no countermeasure has been discussed and evaluated until now. In this paper, we first apply a straightforward masking countermeasure to GF multiplication for GHASH and show that the masked GF multiplication is resistant to the previous attack. We then show the straightforward masked GHASH can be defeated by a new attack utilizing the variance of power trace. The feasibility of the new attack is demonstrated by an experiment with power traces measured from a smart card operating the masked GHASH. Finally, we propose a new masking countermeasure against the proposed attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Side-channel attack standard evaluation board (sasebo). http://www.rcis.aist.go.jp/special/SASEBO

  2. Belaïd, S., Coron, J.-S., Fouque, P.-A., Gérard, B., Kammerer, J.-G., Prouff, E.: Improved side-channel analysis of finite-field multiplication. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 395–415. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_20

    Chapter  Google Scholar 

  3. Belaïd, S., Fouque, P.-A., Gérard, B.: Side-channel analysis of multiplications in GF(2128). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 306–325. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_17

    Chapter  MATH  Google Scholar 

  4. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Trade-offs for threshold implementations illustrated on AES. IEEE Trans. Comput. Aided Des. Integr. Syst. 34(7), 1188–1200 (2015)

    Article  Google Scholar 

  5. Böck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P.: Nonce-disrespecting adversaries: practical forgeny attacks on GCM in TLS. In: 10th USENIX Workshop on Offensive Technologies (WOOT 16), pp. 1–13. USENIX Association (2016)

    Google Scholar 

  6. De Cnudde, T., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with \(d+1\) shares in hardware. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 194–212. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_10

    Chapter  Google Scholar 

  7. Cryptographic competitions: Caesar: competition for authenticated encryption: security, applicability, and robustness (2016). https://competitions.cr.yp.to/caesar.html

  8. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_27

    Chapter  Google Scholar 

  9. Jaffe, J.: A first-order DPA attack against AES in counter mode with unknown initial counter. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 1–13. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_1

    Chapter  Google Scholar 

  10. Joux, A.: A authentication failures in NIST version of GCM (2006). http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Series-Drafts/GCM/Joux_comments.pdf

  11. Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_1

    Chapter  Google Scholar 

  12. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  13. Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_12

    Chapter  Google Scholar 

  14. McGrew, D.A., Viega, J.: The Galois/Counter Mode of operation (GCM) (2005). http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/gcm-revised-spec.pdf

  15. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24, 292–321 (2011)

    Article  MathSciNet  Google Scholar 

  16. Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A side-channel analysis resistant description of the AES S-box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005). https://doi.org/10.1007/11502760_28

    Chapter  Google Scholar 

  17. Pessl, P., Mangard, S.: Enhancing side-channel analysis of binary-field multiplication with bit reliability. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 255–270. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_15

    Chapter  Google Scholar 

  18. Poschmann, A., Moradi, A., Khoo, K., Lim, C.W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24, 322–334 (2011)

    Article  MathSciNet  Google Scholar 

  19. Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_37

    Chapter  Google Scholar 

  20. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007). https://doi.org/10.1007/978-0-387-38162-6

    Book  MATH  Google Scholar 

  21. Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Design, Automation and Test in Europe Conference and Exhibition (DATE), vol. 1, pp. 246–251 (2004)

    Google Scholar 

  22. Trichina, E.: Combinational logic design for AES SubBytes transformation on masked data. Cryptology ePrint Archive, Report 2003/236 (2003). http://eprint.iacr.org/2003/236

  23. Ueno, R., Homma, N., Aoki, T.: Toward more efficient DPA-resistant AES hardware architecture based on threshold implementation. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 50–64. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64647-3_4

    Chapter  Google Scholar 

  24. Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_19

    Chapter  Google Scholar 

Download references

Acknowledgment

We would like to show our greatest appreciation to Dr. S. Belaïd, and Dr. B. Gérard for their valuable and insightful comments. This work has been supported by JSPS KAKENHI Grants No. 17H00729.

Author information

Authors and Affiliations

  1. Tohoku University, Aramaki Aza Aoba 6–6–05, Aoba-ku, Sendai-shi, 980-8579, Japan

    Hirokazu Oshida, Rei Ueno, Naofumi Homma & Takafumi Aoki

Authors
  1. Hirokazu Oshida
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rei Ueno
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Naofumi Homma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Takafumi Aoki
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hirokazu Oshida .

Editor information

Editors and Affiliations

  1. Open Security Research, Shenzhen, China

    Junfeng Fan

  2. KU Leuven, Leuven, Belgium

    Benedikt Gierlichs

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Oshida, H., Ueno, R., Homma, N., Aoki, T. (2018). On Masked Galois-Field Multiplication for Authenticated Encryption Resistant to Side Channel Analysis. In: Fan, J., Gierlichs, B. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2018. Lecture Notes in Computer Science(), vol 10815. Springer, Cham. https://doi.org/10.1007/978-3-319-89641-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-89641-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-89640-3

  • Online ISBN: 978-3-319-89641-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation