Skip to main content
SpringerLink
Log in
Book cover

International Conference on Smart Card Research and Advanced Applications

CARDIS 2014: Smart Card Research and Advanced Applications pp 35–48Cite as

Study of a Novel Software Constant Weight Implementation

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8968))

Abstract

While in the early 2000’s lots of research was focused on Differential Power Analysis of first and second-order, it seems the recent trend is of even higher-order. As this order grows, countermeasures such as masking need to be designed in a more generic way. In this paper, we introduce a new constant weight implementation of the AES extending the idea of the software dual-rail countermeasure proposed by Hoogvorst et al. at COSADE 2011. Notably, we illustrate its practicality on 16-bit microcontroller in terms of speed and complexity. This countermeasure applies to all devices that leak a function of the Hamming weight of the internal variables. Under this assumption, our constant weight implementation is theoretically inherently resistant to side-channel attacks of any order. A security evaluation is conducted to analyze its resistance when the leakage slightly deviates from the Hamming weight assumption. It reveals that the countermeasure remains as good as several well-known masking countermeasures. Moreover, the proposed countermeasure offers the possibility to detect some classes of faults.

Nicolas Debande — Work done when the author was at SAFRAN Morpho.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    For this implementation, the leakage corresponds to a bivariate attack, when the product combination is used by the adversary.

  2. 2.

    This leakage function corresponds to a hardware implementation. To the best of our knowledge, the leakage squeezing countermeasure has never been adapted into a software implementation, therefore we only consider an univariate leakage in our simulation.

References

  1. Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  2. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 441–458. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  4. Doget, J., Prouff, E., Rivain, M., Standaert, F.-X.: Univariate side channel attacks and leakage modeling. J. Crypt. Eng. 1(2), 123–144 (2011)

    Article  Google Scholar 

  5. Genelle, L., Prouff, E., Quisquater, M.: Thwarting higher-order side channel analysis with additive and multiplicative maskings. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 240–255. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  6. Gierlichs, B., Schmidt, J.-M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. Cryptology ePrint Archive, Report 2012678 (2012). http://eprint.iacr.org

  7. Grosso, V., Standaert, F.-X., Prouff, E.: Low entropy masking schemes, revisited. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 33–43. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  8. Han, Y., Zhou, Y., Liu, J.: Securing lightweight block cipher against power analysis attacks. In: Zhang, Y. (ed.) Future Wireless Networks and Information Systems. LNEE, vol. 143, pp. 379–390. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Herbst, C., Oswald, E., Mangard, S.: An AES smart card implementation resistant to power analysis attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Hoogvorst, P., Duc, G., Danger, J.-L.: Software implementation of dual-rail representation. In: COSADE (2011)

    Google Scholar 

  11. Kim, H., Hong, S., Lim, J.: A fast and provably secure higher-order masking of AES S-box. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 95–107. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  12. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  13. Maghrebi, H., Carlet, C., Guilley, S., Danger, J.-L.: Optimal first-order masking with linear and non-linear bijections. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 360–377. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  14. Nassar, M., Souissi, Y., Guilley, S., Danger, J.-L.: RSM: a small and fast countermeasure for AES, secure against first- and second-order zero-offset SCAs. In: DATE (TRACK A: “Application Design”, TOPIC A5: “Secure Systems”), pp. 1173–1178. IEEE Computer Society, Dresden, Germany, 12–16 March 2012

    Google Scholar 

  15. NIST/ITL/CSD. Advanced Encryption Standard (AES). FIPS PUB 197, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

  16. Oswald, E., Schramm, K.: An efficient masking scheme for AES software implementations. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 292–305. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Peeters, E., Standaert, F.-X., Donckers, N., Quisquater, J.-J.: Improved higher-order side-channel attacks with FPGA experiments. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 309–323. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Peeters, É., Standaert, F.-X., Quisquater, J.-J.: Power and electromagnetic analysis: Improved model, consequences and comparisons. Integ. VLSI J. 40, 52–60 (2007). doi:10.1016/j.vlsi.2005.12.013. Embedded Cryptographic Hardware

    Article  Google Scholar 

  19. Piret, G., Roche, T., Carlet, C.: PICARO – a block cipher allowing efficient higher-order side-channel resistance. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 311–328. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Preneel, B., Takagi, T. (eds.): CHES 2011. LNCS, vol. 6917. Springer, Heidelberg (2011)

    MATH  Google Scholar 

  21. Prouff, E., Rivain, M., Bévan, R.: Statistical analysis of second order differential power analysis. Cryptology ePrint Archive, Report 2010/646 (2010). http://eprint.iacr.org/

  22. Rauzy, P., Guilley, S., Najm, Z.: Formally proved security of assembly code against leakage. IACR Cryptol. ePrint Arch. 2013, 554 (2013)

    Google Scholar 

  23. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  24. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Veyrat-Charvillon, N., Standaert, F.-X.: Mutual information analysis: how, when and why? In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 429–443. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Acknowledgments

This work has been partially funded by the ANR projects E-MATA HARI and SPACES.

Author information

Authors and Affiliations

  1. SAFRAN Morpho, 18, Chaussée Jules César, 95520, Osny, France

    Victor Servant, Houssem Maghrebi & Julien Bringer

  2. SERMA Technologies (ITSEF), 3, Avenue Gustave Eiffel, 33608, Pessac, France

    Nicolas Debande

Authors
  1. Victor Servant
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicolas Debande
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Houssem Maghrebi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Julien Bringer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Victor Servant .

Editor information

Editors and Affiliations

  1. Technicolor, Los Altos, California, USA

    Marc Joye

  2. Ruhr University, Bochum, Nordrhein-Westfalen, Germany

    Amir Moradi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Servant, V., Debande, N., Maghrebi, H., Bringer, J. (2015). Study of a Novel Software Constant Weight Implementation. In: Joye, M., Moradi, A. (eds) Smart Card Research and Advanced Applications. CARDIS 2014. Lecture Notes in Computer Science(), vol 8968. Springer, Cham. https://doi.org/10.1007/978-3-319-16763-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-16763-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-16762-6

  • Online ISBN: 978-3-319-16763-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation