Abstract
Higher-order side channel analysis (HO-SCA) is a powerful technique against cryptographic implementations and the design of appropriate countermeasures is nowadays an important topic. In parallel, another class of attacks, called glitches attacks, have been investigated which exploit the hardware glitches phenomena occurring during the physical execution of algorithms. Some solutions have been proposed to counteract HO-SCA at any order or to defeat glitches attacks, but no work has until now focused on the definition of a sound countermeasure thwarting both attacks. We introduce in this paper a circuit model in which side-channel resistance in the presence of glitches effects can be characterized. This allows us to construct the first glitch free HO-SCA countermeasure. The new construction can be built from any Secure Multi-Party Computation protocol and, as an illustration, we propose to apply the protocol introduced by Ben-Or et al at STOC in 1988. The adaptation of the latter protocol to the context of side-channel analysis results in a completely new higher-order masking scheme, particularly interesting when addressing resistance in the presence of glitches. An application of our scheme to the AES block cipher is detailed, as well as an information theoretic evaluation of the new masking function that we call polynomial masking.
Similar content being viewed by others
References
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC ’88 Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM, New York (1988)
Blömer J., Merchan J.G., Krummel V.: Provably secure masking of AES. In: Matsui, M., Zuccherato, R. (eds.) SAC 2004, LNCS, vol.3357, pp. 69–83. Springer, Berlin (2004)
Chari, S., Jutla, C., Rao, J., Rohatgi, P.: A cautionary note regarding evaluation of AES candidates on smart-cards. In: Second AES Candidate Conference-AES 2 (March 1999)
Chari S., Jutla C., Rao J., Rohatgi P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) Advances in Cryptology-CRYPTO ’99, LNCS, vol.1666, pp. 398–412. Springer, Berlin (1999)
Coron J.-S.: A new DPA countermeasure based on permutation tables. In: Ostrovsky, R., Prisco, R.D., Visconti, I. (eds.) SCN 2008, LNCS, vol. 5229, pp. 278–292. Springer, Berlin (2008)
Daemen, J., Peeters, M., Assche, G., Rijmen, V.: The Noekeon Block Cipher. In: Proceedings of first NESSIE Workshop (2000). http://cryptonessie.org
Eisenbarth T., Paar C., Weghenkel B.: Building a side channel based disassembler. In: Gavrilova, M., Tan, C., Moreno, E. (eds.) Transactions on Computational Science X, Lecture Notes in Computer Science, vol. 6340, pp. 78–99. Springer, Berlin (2010)
Franklin, M., Yung, M.: Communication complexity of secure computation (extended abstract). In: STOC ’92 Proceedings of the Twenty-Fourth Annual ACM Symposium on Theory of Computing, pp. 699–710. ACM, New York (1992)
Fumaroli G., Martinelli A., Prouff E., Rivain M.: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 6544, pp. 262–280. Springer, Berlin (2010)
Gennaro, R. Rabin, M.O., Rabin, T.: Simplified vss and fact-track multiparty computations with applications to threshold cryptography. In: PODC, pp. 101–111 (1998)
Goldack, M.: Side-channel based reverse engineering for microcontrollers. Master’s thesis, Ruhr-Universität, Bochum, Germany (2008)
Goubin L., Patarin J.: DES and differential power analysis—the duplication method. In: Koç, Ç., Paar, C. (eds.) CHES ’99, LNCS, vol. 1717., pp. 158–172. Springer, Berlin (1999)
Ishai Y., Sahai A., Wagner D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 2729, pp. 463–481. Springer, Berlin (2003)
Joye M., Paillier P., Schoenmakers B.: On second-order differential power analysis. In: Rao, J., Sunar, B. (eds.) CHES 2005, LNCS, vol. 3659, pp. 293–308. Springer, Berlin (2005)
Kocher, P., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. Technical report, Cryptography Research (1998)
Lidl, R., Niederreiter, H.: Finite fields. In: Encyclopedia of Mathematics and its Applications, vol. 20, 2nd edn. Cambridge University Press (1997, Avec une introduction de P. M. Cohn)
Mangard S., Popp T., Gammel B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) Topics in Cryptology-CT-RSA 2005, LNCS, vol. 3376, pp. 351–365. Springer, Berlin (2005)
Mangard S., Schramm K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006, LNCS, vol. 4249, pp. 76–90. Springer, Berlin (2006)
Messerges T.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç., Paar, C. (eds.) CHES 2000, LNCS, vol. 1965, pp. 238–251. Springer, Berlin (2000)
Micali S., Reyzin L.: Physically observable cryptography (extended abstract). In: Naor, M. (eds.) Theory of Cryptography Conference-TCC 2004, Lecture Notes in Computer Science, vol. 2951, pp. 278–296. Springer, Berlin (2004)
Moradi A., Poschmann A., Ling S., Paar C., Wang H.: Pushing the limits: a very compact and a threshold implementation of aes. In: Paterson, K.G. (ed.) EUROCRYPT, LNCS, vol. 6632, pp. 69–88. Springer, Berlin (2011)
Nikova S., Rechberger C., Rijmen V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) IICICS’06, LNCS, vol. 4307, pp. 529–545. Springer, Berlin (2006)
Nikova S., Rijmen V., Schläffer M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008, LNCS, vol. 5461, pp. 218–234. Springer, Berlin (2008)
Nikova S., Rijmen V., Schläffer M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)
Piret G., Standaert F.-X.: Security analysis of higher-order Boolean masking schemes for Block Ciphers (with conditions of perfect masking). IET Inf. Secur. 2, 1–11 (2008)
Prouff E., Roche T.: Attack on a higher-order masking of the aes based on homographic functions. In: Gong, G., Gupta, K. (eds.) Progress in Cryptology-INDOCRYPT 2010, Lecture Notes in Computer Science, vol. 6498, pp. 262–281. Springer, Berlin (2010)
Rao, J., Sunar, B. (eds.): CHES 2005, LNCS, vol. 3659. Springer, Berlin (2005)
Rivain, M., Dottax, E., Prouff, E.: Block Ciphers implementations provably secure against second order side channel analysis. Cryptology ePrint Archive, Report 2008/021. http://eprint.iacr.org/ (2008)
Rivain M., Prouff E.: Provably secure higher-order masking of aes. In: Mangard, S., Standaert, F.-X. (eds.) CHES, LNCS, vol. 6225, pp. 413–427. Springer, Berlin (2010)
Schramm K., Paar C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006, LNCS, vol. 3860., pp. 208–225. Springer, Berlin (2006)
Shamir A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Standaert F.-X., Veyrat-Charvillon N., Oswald E., Gierlichs B., Medwed M., Kasper M., Mangard S.: The world is not enough: another look on second-order dpa. In: Abe, M. (ed.) Advances in Cryptology-ASIACRYPT 2010, Lecture Notes in Computer Science, vol. 6477, pp. 112–129. Springer, Berlin (2010)
Suzuki D., Saeki M., Ichikawa T.: DPA Leakage Models for CMOS Logic Circuits. In: Rao, J., Sunar, B. (eds.) CHES 2005, LNCS, vol. 3659, pp. 366–382. Springer, Berlin (2005)
Yao, A.C.-C.: How to generate and exchange secrets. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE Computer Society, Washington, DC (1986)
Author information
Authors and Affiliations
Corresponding author
Additional information
Part of this work has been conducted when Thomas Roche was Post-doc at the University of Paris 8, Département de mathématiques, 2, rue de la Liberté, 93526 Saint-Denis, France.
Part of this work has been done when Emmanuel Prouff was working for Oberthur Technologies, 71-73, rue des Hautes Pâtures, 92726 Nanterre, France.
Rights and permissions
About this article
Cite this article
Roche, T., Prouff, E. Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols. J Cryptogr Eng 2, 111–127 (2012). https://doi.org/10.1007/s13389-012-0033-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-012-0033-3