Skip to main content
SpringerLink
Log in

Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols

Extended version

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Higher-order side channel analysis (HO-SCA) is a powerful technique against cryptographic implementations and the design of appropriate countermeasures is nowadays an important topic. In parallel, another class of attacks, called glitches attacks, have been investigated which exploit the hardware glitches phenomena occurring during the physical execution of algorithms. Some solutions have been proposed to counteract HO-SCA at any order or to defeat glitches attacks, but no work has until now focused on the definition of a sound countermeasure thwarting both attacks. We introduce in this paper a circuit model in which side-channel resistance in the presence of glitches effects can be characterized. This allows us to construct the first glitch free HO-SCA countermeasure. The new construction can be built from any Secure Multi-Party Computation protocol and, as an illustration, we propose to apply the protocol introduced by Ben-Or et al at STOC in 1988. The adaptation of the latter protocol to the context of side-channel analysis results in a completely new higher-order masking scheme, particularly interesting when addressing resistance in the presence of glitches. An application of our scheme to the AES block cipher is detailed, as well as an information theoretic evaluation of the new masking function that we call polynomial masking.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC ’88 Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM, New York (1988)

  2. Blömer J., Merchan J.G., Krummel V.: Provably secure masking of AES. In: Matsui, M., Zuccherato, R. (eds.) SAC 2004, LNCS, vol.3357, pp. 69–83. Springer, Berlin (2004)

    Google Scholar 

  3. Chari, S., Jutla, C., Rao, J., Rohatgi, P.: A cautionary note regarding evaluation of AES candidates on smart-cards. In: Second AES Candidate Conference-AES 2 (March 1999)

  4. Chari S., Jutla C., Rao J., Rohatgi P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) Advances in Cryptology-CRYPTO ’99, LNCS, vol.1666, pp. 398–412. Springer, Berlin (1999)

    Google Scholar 

  5. Coron J.-S.: A new DPA countermeasure based on permutation tables. In: Ostrovsky, R., Prisco, R.D., Visconti, I. (eds.) SCN 2008, LNCS, vol. 5229, pp. 278–292. Springer, Berlin (2008)

    Google Scholar 

  6. Daemen, J., Peeters, M., Assche, G., Rijmen, V.: The Noekeon Block Cipher. In: Proceedings of first NESSIE Workshop (2000). http://cryptonessie.org

  7. Eisenbarth T., Paar C., Weghenkel B.: Building a side channel based disassembler. In: Gavrilova, M., Tan, C., Moreno, E. (eds.) Transactions on Computational Science X, Lecture Notes in Computer Science, vol. 6340, pp. 78–99. Springer, Berlin (2010)

    Google Scholar 

  8. Franklin, M., Yung, M.: Communication complexity of secure computation (extended abstract). In: STOC ’92 Proceedings of the Twenty-Fourth Annual ACM Symposium on Theory of Computing, pp. 699–710. ACM, New York (1992)

  9. Fumaroli G., Martinelli A., Prouff E., Rivain M.: Affine masking against higher-order side channel analysis. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography, Lecture Notes in Computer Science, vol. 6544, pp. 262–280. Springer, Berlin (2010)

    Google Scholar 

  10. Gennaro, R. Rabin, M.O., Rabin, T.: Simplified vss and fact-track multiparty computations with applications to threshold cryptography. In: PODC, pp. 101–111 (1998)

  11. Goldack, M.: Side-channel based reverse engineering for microcontrollers. Master’s thesis, Ruhr-Universität, Bochum, Germany (2008)

  12. Goubin L., Patarin J.: DES and differential power analysis—the duplication method. In: Koç, Ç., Paar, C. (eds.) CHES ’99, LNCS, vol. 1717., pp. 158–172. Springer, Berlin (1999)

    Google Scholar 

  13. Ishai Y., Sahai A., Wagner D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO, Lecture Notes in Computer Science, vol. 2729, pp. 463–481. Springer, Berlin (2003)

    Google Scholar 

  14. Joye M., Paillier P., Schoenmakers B.: On second-order differential power analysis. In: Rao, J., Sunar, B. (eds.) CHES 2005, LNCS, vol. 3659, pp. 293–308. Springer, Berlin (2005)

    Google Scholar 

  15. Kocher, P., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks. Technical report, Cryptography Research (1998)

  16. Lidl, R., Niederreiter, H.: Finite fields. In: Encyclopedia of Mathematics and its Applications, vol. 20, 2nd edn. Cambridge University Press (1997, Avec une introduction de P. M. Cohn)

  17. Mangard S., Popp T., Gammel B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) Topics in Cryptology-CT-RSA 2005, LNCS, vol. 3376, pp. 351–365. Springer, Berlin (2005)

    Chapter  Google Scholar 

  18. Mangard S., Schramm K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006, LNCS, vol. 4249, pp. 76–90. Springer, Berlin (2006)

    Google Scholar 

  19. Messerges T.: Using second-order power analysis to attack DPA resistant software. In: Koç, Ç., Paar, C. (eds.) CHES 2000, LNCS, vol. 1965, pp. 238–251. Springer, Berlin (2000)

    Google Scholar 

  20. Micali S., Reyzin L.: Physically observable cryptography (extended abstract). In: Naor, M. (eds.) Theory of Cryptography Conference-TCC 2004, Lecture Notes in Computer Science, vol. 2951, pp. 278–296. Springer, Berlin (2004)

    Google Scholar 

  21. Moradi A., Poschmann A., Ling S., Paar C., Wang H.: Pushing the limits: a very compact and a threshold implementation of aes. In: Paterson, K.G. (ed.) EUROCRYPT, LNCS, vol. 6632, pp. 69–88. Springer, Berlin (2011)

    Google Scholar 

  22. Nikova S., Rechberger C., Rijmen V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) IICICS’06, LNCS, vol. 4307, pp. 529–545. Springer, Berlin (2006)

    Google Scholar 

  23. Nikova S., Rijmen V., Schläffer M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008, LNCS, vol. 5461, pp. 218–234. Springer, Berlin (2008)

    Google Scholar 

  24. Nikova S., Rijmen V., Schläffer M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)

    Article  MATH  Google Scholar 

  25. Piret G., Standaert F.-X.: Security analysis of higher-order Boolean masking schemes for Block Ciphers (with conditions of perfect masking). IET Inf. Secur. 2, 1–11 (2008)

    Article  Google Scholar 

  26. Prouff E., Roche T.: Attack on a higher-order masking of the aes based on homographic functions. In: Gong, G., Gupta, K. (eds.) Progress in Cryptology-INDOCRYPT 2010, Lecture Notes in Computer Science, vol. 6498, pp. 262–281. Springer, Berlin (2010)

    Chapter  Google Scholar 

  27. Rao, J., Sunar, B. (eds.): CHES 2005, LNCS, vol. 3659. Springer, Berlin (2005)

    Google Scholar 

  28. Rivain, M., Dottax, E., Prouff, E.: Block Ciphers implementations provably secure against second order side channel analysis. Cryptology ePrint Archive, Report 2008/021. http://eprint.iacr.org/ (2008)

  29. Rivain M., Prouff E.: Provably secure higher-order masking of aes. In: Mangard, S., Standaert, F.-X. (eds.) CHES, LNCS, vol. 6225, pp. 413–427. Springer, Berlin (2010)

    Google Scholar 

  30. Schramm K., Paar C.: Higher order masking of the AES. In: Pointcheval, D. (ed.) CT-RSA 2006, LNCS, vol. 3860., pp. 208–225. Springer, Berlin (2006)

    Google Scholar 

  31. Shamir A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  32. Standaert F.-X., Veyrat-Charvillon N., Oswald E., Gierlichs B., Medwed M., Kasper M., Mangard S.: The world is not enough: another look on second-order dpa. In: Abe, M. (ed.) Advances in Cryptology-ASIACRYPT 2010, Lecture Notes in Computer Science, vol. 6477, pp. 112–129. Springer, Berlin (2010)

    Chapter  Google Scholar 

  33. Suzuki D., Saeki M., Ichikawa T.: DPA Leakage Models for CMOS Logic Circuits. In: Rao, J., Sunar, B. (eds.) CHES 2005, LNCS, vol. 3659, pp. 366–382. Springer, Berlin (2005)

    Google Scholar 

  34. Yao, A.C.-C.: How to generate and exchange secrets. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE Computer Society, Washington, DC (1986)

Download references

Author information

Authors and Affiliations

  1. ANSSI, 51 boulevard de La Tour-Maubourg, 75700, Paris, France

    Thomas Roche & Emmanuel Prouff

Authors
  1. Thomas Roche
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanuel Prouff
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Roche.

Additional information

Part of this work has been conducted when Thomas Roche was Post-doc at the University of Paris 8, Département de mathématiques, 2, rue de la Liberté, 93526 Saint-Denis, France.

Part of this work has been done when Emmanuel Prouff was working for Oberthur Technologies, 71-73, rue des Hautes Pâtures, 92726 Nanterre, France.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Roche, T., Prouff, E. Higher-order glitch free implementation of the AES using Secure Multi-Party Computation protocols. J Cryptogr Eng 2, 111–127 (2012). https://doi.org/10.1007/s13389-012-0033-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-012-0033-3

Keywords

Search

Navigation