In this paper, for the first time, we look at the problem in the face, and show that this interaction is not as intricate as it seems. In fact, any operation, even complex, can be directly protected against DPA of any given order, if it can be embedded in a group that has a compact representation. We show that a secure computation of a whole masked inverse can be done directly in this way, using the group of homographic transformations over the projective space (but not exactly, with some non-trivial technicalities). This is used to propose a general high-level algebraic method to protect AES against power attacks of any given order.
Category / Keywords: implementation / DPA, AES, power attacks, smart cards Date: received 28 Jun 2005, last revised 1 Jul 2005 Contact author: courtois at minrank org Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20050701:201408 (All versions of this report) Short URL: ia.cr/2005/204 Discussion forum: Show discussion | Start new discussion