Enhanced DES Implementation Secure Against High-Order Differential Power Analysis in Smartcards
Since Differential Power Analysis (DPA) on DES in smart-cards was firstly published by Kocher et al. in 1999, many countermeasures have been proposed to protect cryptographic algorithms from the attack, of which masking is an efficient and easily implemented method. In this paper, after showing some attacks on Akkar et al. ’s improved DES implementation from FSE’04, we list and prove some basic requirements for a DES implementation using masking methods to defense High-Order DPA attacks, then present an enhancement of Akkar et al. ’s DES implementation, which requires only three random 32-bit masks and six additional S-Boxes to be generated every computation. Finally, we prove that three random 32-bit masks and six additional S-Boxes are the minimal cost for a DES implementation masking all the outputs of the S-Boxes of the sixteen rounds to be secure against High-Order DPA attacks.
KeywordsSmart-cards DES Simple power analysis (SPA) (High-Order) Differential power analysis (DPA) Boolean masking
Unable to display preview. Download preview PDF.
- 4.Char, S., Jutla, C., Rao, J., Rohatgi, R.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 398. Springer, Heidelberg (1999)Google Scholar
- 9.Kocher, P., Jaffe, J., Jun, B.: Introduction to Differential Power Analysis and Related Attacks, Technical Report, Cryptography Research Inc. (1998), Available from http://www.cryptography.com/dpa/technical/index.html
- 10.Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999)Google Scholar
- 13.National Bereau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46 (January 1977)Google Scholar