An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

Hannes Groß; Stefan Mangard; Thomas Korak

doi:10.1007/978-3-319-52153-4_6

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

Hannes Groß^*, Stefan Mangard, Thomas Korak

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Passive physical attacks, like power analysis, pose a serious threat to the security of digital circuits. In this work, we introduce an efficient side-channel protected Advanced Encryption Standard (AES) hardware design that is completely scalable in terms of protection order. Therefore, we revisit the private circuits scheme of Ishai et al. [13] which is known to be vulnerable to glitches. We demonstrate how to achieve resistance against multivariate higher-order attacks in the presence of glitches for the same randomness cost as the private circuits scheme. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order.

Original language	English
Title of host publication	Topics in Cryptology – CT-RSA 2017
Place of Publication	Cham
Publisher	Springer
Pages	95-112
Number of pages	18
ISBN (Print)	978-3-319-52152-7
DOIs	https://doi.org/10.1007/978-3-319-52153-4_6
Publication status	Published - 2017
Event	Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2017: CT-RSA 2017 - San Francisco, United States Duration: 14 Feb 2017 → 17 Feb 2017 https://www.rambus.com/ct-rsa-2017/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	10159

Conference

Conference	Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2017
Abbreviated title	CT-RSA 2017
Country/Territory	United States
City	San Francisco
Period	14/02/17 → 17/02/17
Internet address	https://www.rambus.com/ct-rsa-2017/

Keywords

Domain-Oriented Masking
private circuits
threshold implementations
ISW
side-channel analysis
DPA
hardware security
AES

Access to Document

10.1007/978-3-319-52153-4_6

2016_domain_oriented_maskingAccepted author manuscript, 674 KBLicence: CC BY 4.0

EU - SOPHIA - Securing Software against Physical Attacks
Mangard, S.
1/09/16 → 31/08/21
Project: Research project
HECTOR - Hardware enable crypto and randomness
Korak, T., Mangard, S. & Mendel, F.
1/03/15 → 31/07/18
Project: Research project
SCALAS - Secure Contactless Applications based on Leakage-resilient cryptographic Schemes
Peßl, P. & Mangard, S.
1/07/14 → 31/12/16
Project: Research project

Cite this

Groß, H, Mangard, S & Korak, T 2017, An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order. in Topics in Cryptology – CT-RSA 2017. Lecture Notes in Computer Science, vol. 10159, Springer, Cham, pp. 95-112, Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2017, San Francisco, United States, 14/02/17. https://doi.org/10.1007/978-3-319-52153-4_6

@inproceedings{5ff22a64bbb14d5fb84485ab6606e1cd,

title = "An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order",

abstract = "Passive physical attacks, like power analysis, pose a serious threat to the security of digital circuits. In this work, we introduce an efficient side-channel protected Advanced Encryption Standard (AES) hardware design that is completely scalable in terms of protection order. Therefore, we revisit the private circuits scheme of Ishai et al. [13] which is known to be vulnerable to glitches. We demonstrate how to achieve resistance against multivariate higher-order attacks in the presence of glitches for the same randomness cost as the private circuits scheme. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order.",

keywords = "Domain-Oriented Masking, private circuits, threshold implementations, ISW, side-channel analysis, DPA, hardware security, AES",

author = "Hannes Gro{\ss} and Stefan Mangard and Thomas Korak",

year = "2017",

doi = "10.1007/978-3-319-52153-4_6",

language = "English",

isbn = "978-3-319-52152-7 ",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "95--112",

booktitle = "Topics in Cryptology – CT-RSA 2017",

note = "Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2017 : CT-RSA 2017, CT-RSA 2017 ; Conference date: 14-02-2017 Through 17-02-2017",

url = "https://www.rambus.com/ct-rsa-2017/",

}

TY - GEN

T1 - An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

AU - Groß, Hannes

AU - Mangard, Stefan

AU - Korak, Thomas

PY - 2017

Y1 - 2017

N2 - Passive physical attacks, like power analysis, pose a serious threat to the security of digital circuits. In this work, we introduce an efficient side-channel protected Advanced Encryption Standard (AES) hardware design that is completely scalable in terms of protection order. Therefore, we revisit the private circuits scheme of Ishai et al. [13] which is known to be vulnerable to glitches. We demonstrate how to achieve resistance against multivariate higher-order attacks in the presence of glitches for the same randomness cost as the private circuits scheme. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order.

AB - Passive physical attacks, like power analysis, pose a serious threat to the security of digital circuits. In this work, we introduce an efficient side-channel protected Advanced Encryption Standard (AES) hardware design that is completely scalable in terms of protection order. Therefore, we revisit the private circuits scheme of Ishai et al. [13] which is known to be vulnerable to glitches. We demonstrate how to achieve resistance against multivariate higher-order attacks in the presence of glitches for the same randomness cost as the private circuits scheme. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order.

KW - Domain-Oriented Masking

KW - private circuits

KW - threshold implementations

KW - ISW

KW - side-channel analysis

KW - DPA

KW - hardware security

KW - AES

U2 - 10.1007/978-3-319-52153-4_6

DO - 10.1007/978-3-319-52153-4_6

M3 - Conference paper

SN - 978-3-319-52152-7

T3 - Lecture Notes in Computer Science

SP - 95

EP - 112

BT - Topics in Cryptology – CT-RSA 2017

PB - Springer

CY - Cham

T2 - Topics in Cryptology - The Cryptographer's Track at the RSA Conference 2017

Y2 - 14 February 2017 through 17 February 2017

ER -

An Efficient Side-Channel Protected AES Implementation with Arbitrary Protection Order

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Projects

EU - SOPHIA - Securing Software against Physical Attacks

HECTOR - Hardware enable crypto and randomness

SCALAS - Secure Contactless Applications based on Leakage-resilient cryptographic Schemes

Cite this