Cryptology ePrint Archive: Report 2002/091

Multiplicative Masking and Power Analysis of AES

Jovan Dj. Golić

Abstract: The recently proposed multiplicative masking countermeasure against power analysis attacks on AES is interesting as it does not require the costly recomputation and RAM storage of S-boxes for every run of AES. This is important for applications where the available space is very limited such as the smart card applications. Unfortunately, it is here shown that this method is in fact inherently vulnerable to differential power analysis. Other possible random masking methods are also discussed.

Category / Keywords: secret-key cryptography / AES, differential power analysis, countermeasures, multiplicative masking

Publication Info: Presented at (internal) Gemplus Quarterly meeting, La Ciotat, France, October 30-31, 2001.

Date: received 8 Jul 2002

Contact author: jovan golic at gemplus com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20020708:211750 (All versions of this report)

Short URL: ia.cr/2002/091

Discussion forum: Show discussion | Start new discussion