Abstract
Since the announcement of the Differential Power Analysis (DPA) by Paul Kocher and al., several countermeasures were proposed in order to protect software implementations of cryptographic algorithms. In an attempt to reduce the resulting memory and execution time overhead, a general method was recently proposed, consisting in “masking” all the intermediate data.
This masking strategy is possible if all the fundamental operations used in a given algorithm can be rewritten with masked input data, giving masked output data. This is easily seen to be the case in classical algorithms such as DES or RSA.
However, for algorithms that combine boolean and arithmetic functions, such as IDEA or several of the AES candidates, two different kinds of masking have to be used. There is thus a need for a method to convert back and forth between boolean masking and arithmetic masking. A first solution to this problem was proposed by Thomas Messerges in [15], but was unfortunately shown (see [6]) insufficient to prevent DPA. In the present paper, we present two new practical algorithms for the conversion, that are proven secure against DPA.
The first one (“BooleanToArithmetic”) uses a constant number of elementary operations, namely 7, on the registers of the processor. The number of elementary operations for the second one (“Arithmetic To-Boolean”), namely 5K + 5, is proportional to the size K (in bits) of the processor registers.
Chapter PDF
Similar content being viewed by others
Key words
References
Eli Biham and Adi Shamir, “Power Analysis of the Key Scheduling of the AES Candidates”, in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.
Carolynn Burwick, Don Coppersmith, Edward D’ Avignon, Rosario Gennaro, Shai Halevi, Charanjit Jutla, Stephen M. Matyas, Luke O’ Connor, Mohammad Peyra-vian, David Safford and Nevenko Zunic, “MARS-A Candidate Cipher for AES”, NIST AES Proposal, June 1998. Available at: http://www.research.ibm.com/security/mars.pdf
Suresh Chari, Charantjit S. Jutla, Josyula R. Rao and Pankaj Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards”, in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.
Suresh Chari, Charantjit S. Jutla, Josyula R. Rao and Pankaj Rohatgi, “Towards Sound Approaches to Counteract Power-Analysis Attacks”, in Proceedings of Advances in Cryptology-CRYPTO’99, Springer-Verlag, 1999, pp. 398–412.
Jean-Srébastien Coron, “Resistance Against Differential Power Analysis for Ellipticc Curve Cryptosystems”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 292–302.
Jean-Sébastien Coron and Louis Goubin, “On Boolean and Arithmetic Masking against Differential Power Analysis”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 2000.
John Daemen and Vincent Rijmen, “Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals”, in Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.htm, March 1999.
John Daemen, Michael Peters and Gilles Van Assche, “Bitslice Ciphers and Power Analysis Attacks”, in Proceedings of Fast Software Encryption Workshop 2000, Springer-Verlag, April 2000.
Paul N. Fahn and Peter K. Pearson, “IPA: A New Class of Power Attacks”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 173–186.
Louis Goubin and J. Patarin, “Procédé de sécurisation d’un ensemble électronique de cryptographie á clé secréte contre les attaques par analyse physique”, European Patent, Schlumberger, February 4th, 1999, Publication Number: 2789535.
Louis Goubin and Jacques Patarin, “DES and Differential Power Analysis-The Duplication Method”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 158–172.
Paul Kocher, Joshua Jaffe and Benjamin Jun, “Introduction to Differential Power Analysis and Related Attacks”, http://www.cryptography.com/dpa/technical, 1998.
Paul Kocher, Joshua Jaffe and Benjamin Jun, “Differential Power Analysis”, in Proceedings of Advances in Cryptology-CRYPTO’99, Springer-Verlag, 1999, pp. 388–397.
Xuejia Lai and James Massey, “A Proposal for a New Block Encryption Standard”, in Advances in Cryptology-EUROCRYPT’ 90 Proceedings, Springer-Verlag, 1991, pp. 389–404.
Thomas S. Messerges, “Securing the AES Finalists Against Power Analysis Attacks”, in Proceedings of Fast Software Encryption Workshop 2000, Springer-Verlag, April 2000.
Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan, “Investigations of Power Analysis Attacks on Smartcards”, in Proceedings of USENIX Workshop on Smartcard Technology, May 1999, pp. 151–161.
Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer-Verlag, August 1999, pp. 144–157.
Ronald L. Rivest, Matthew J.B. Robshaw, Ray Sidney and Yiqun L. Yin, “The RC6 Block Cipher”, v1.1, August 20, 1998. Available at: ftp://ftp.rsasecurity.com/pub/rsalabs/aes/rc6v11.pdf
Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall and Niels Ferguson, “Twofish: A 128-Bit Block Cipher”, June 15, 1998, AES submission available at: http://www.counterpane.com/twofish.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Goubin, L. (2001). A Sound Method for Switching between Boolean and Arithmetic Masking. In: Koç, Ç.K., Naccache, D., Paar, C. (eds) Cryptographic Hardware and Embedded Systems — CHES 2001. CHES 2001. Lecture Notes in Computer Science, vol 2162. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44709-1_2
Download citation
DOI: https://doi.org/10.1007/3-540-44709-1_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42521-2
Online ISBN: 978-3-540-44709-2
eBook Packages: Springer Book Archive