Paper 2005/204

An Algebraic Masking Method to Protect AES Against Power Attacks

Nicolas Courtois and Louis Goubin

Abstract

The central question in constructing a secure and efficient masking method for AES is to address the interaction between additive masking and the inverse S-box of Rijndael. All recently proposed methods to protect AES against power attacks try to avoid this problem and work by decomposing the inverse in terms of simpler operations that are more easily protected against DPA by generic methods. In this paper, for the first time, we look at the problem in the face, and show that this interaction is not as intricate as it seems. In fact, any operation, even complex, can be directly protected against DPA of any given order, if it can be embedded in a group that has a compact representation. We show that a secure computation of a whole masked inverse can be done directly in this way, using the group of homographic transformations over the projective space (but not exactly, with some non-trivial technicalities). This is used to propose a general high-level algebraic method to protect AES against power attacks of any given order.

Metadata
Available format(s)
PDF PS
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
DPAAESpower attackssmart cards
Contact author(s)
courtois @ minrank org
History
2005-07-01: revised
2005-06-29: received
See all versions
Short URL
https://ia.cr/2005/204
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2005/204,
      author = {Nicolas Courtois and Louis Goubin},
      title = {An Algebraic Masking Method to Protect AES Against Power Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2005/204},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/204}},
      url = {https://eprint.iacr.org/2005/204}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.