Abstract
Since the announcement of the Differential Power Analysis (DPA) by Paul Kocher and al., several countermeasures were proposed in order to protect software implementations of cryptographic algorithms. In an attempt to reduce the resulting memory and execution time overhead, Thomas Messerges recently proposed a general method that “masks” all the intermediate data. This masking strategy is possible if all the fundamental operations used in a given algorithm can be rewritten with masked input data, giving masked output data. This is easily seen to be the case in classical algorithms such as DES or RSA. However, for algorithms that combine Boolean and arithmetic functions, such as IDEA or several of the AES candidates, two different kinds of masking have to be used. There is thus a need for a method to convert back and forth between Boolean masking and arithmetic masking. In the present paper, we show that the ‘BooleanToArithmetic’ algorithm proposed by T. Messerges is not sufficient to prevent Differential Power Analysis. In a similar way, the ‘ArithmeticToBoolean’ algorithm is not secure either.
Chapter PDF
Similar content being viewed by others
Keywords
References
Eli Biham and Adi Shamir, “Power Analysis of the Key Scheduling of the AES Candidates”, in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, March 1999. http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm.
C. Burwick, D. Coppersmith, E. D’Avignon, R. Gennaro, S. Halevi, C. Jutla, S. M. Matyas, L. O’Connor, M. Peyravian, D. Safford, and N. Zunic, “MARS-A Candidate Cipher for AES”, NIST AES Proposal, Jun 1998.
Suresh Chari, Charantjit S. Jutla, Josyula R. Rao and Pankaj Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards”, in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.
Suresh Chari, Charantjit S. Jutla, Josyula R. Rao and Pankaj Rohatgi, “Towards Sound Approaches to Counteract Power-Analysis Attacks”, in Proceedings of Advances in Cryptology CRYPTO’99, Springer-Verlag, 1999, pp. 398–41
Jean-Sébastien Coron, “Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 292–302.
John Daemen and Vincent Rijmen, “Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals”, in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.
John Daemen, Michael Peters and Gilles Van Assche, “Bitslice Ciphers and Power Analysis Attacks”, in Proceedings of Fast Software Encryption Workshop 2000, Springer-Verlag, April 2000.
Paul N. Fahn and Peter K. Pearson, “IPA: A New Class of Power Attacks”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 173–186.
Louis Goubin and Jacques Patarin, “DES and Differential Power Analysis-The Duplication Method”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 158–172.
Paul Kocher, Joshua Jaffe and Benjamin Jun, “Introduction to Differential Power Analysis and Related Attacks”, http://www.cryptography.com/dpa/technical, 1998.
Paul Kocher, Joshua Jaffe and Benjamin Jun, “Differential Power Analysis”, in Proceedings of Advances in Cryptology-CRYPTO’99, Springer-Verlag, 1999, pp. 388–397.
X. Lai and J. Massey, “A Proposal for a New Block Encryption Standard”, in Advances in Cryptology-EUROCRYPT’ 90 Proceedings, Springer-Verlag, 1991, pp. 389–404.
Thomas S. Messerges, “Securing the AES Finalists Against Power Analysis Attacks”, in Proceedings of Fast Software Encryption Workshop 2000, Springer-Verlag, April 2000.
Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan, “Investigations of Power Analysis Attacks on Smartcards”, in Proceedings of USENIX Workshop on Smartcard Technology, May 1999, pp. 151–161.
Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards”, in Proceedings ofWorkshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 144–157.
R. L. Rivest, M. J. B. Robshaw, R. Sidney and Y. L. Yin, “The RC6 Block Cipher”, v1.1, August 20, 1998.
B. Schneier, J. Kemsey, D. Whiting, D. Wagner, C. Hall and N. Ferguson, “Twofish: A 128-Bit Block Cipher”, AES submission available at: http://www.nist.gov/aes.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coron, JS., Goubin, L. (2000). On Boolean and Arithmetic Masking against Differential Power Analysis. In: Koç, Ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems — CHES 2000. CHES 2000. Lecture Notes in Computer Science, vol 1965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44499-8_18
Download citation
DOI: https://doi.org/10.1007/3-540-44499-8_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41455-1
Online ISBN: 978-3-540-44499-2
eBook Packages: Springer Book Archive