ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Efficient Masking Methods Appropriate for the Block Ciphers ARIA and AES

  • Kim, Hee-Seok (Center for Information Security Technologies (CIST), Korea University) ;
  • Kim, Tae-Hyun (Institute Attached to ETRI) ;
  • Han, Dong-Guk (Department of Mathematics, Kookmin University) ;
  • Hong, Seok-Hie (Center for Information Security Technologies (CIST), Korea University)
  • Received : 2009.03.17
  • Accepted : 2009.11.03
  • Published : 2010.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper, we propose efficient masking methods for ARIA and AES. In general, a masked S-box (MS) block can be constructed in different ways depending on the implementation platform, such as hardware and software. However, the other components of ARIA and AES have less impact on the implementation cost. We first propose an efficient masking structure by minimizing the number of mask corrections under the assumption that we have an MS block. Second, to make a secure and efficient MS block for ARIA and AES, we propose novel methods to solve the table size problem for the MS block in a software implementation and to reduce the cost of a masked inversion which is the main part of the MS block in the hardware implementation.

Keywords

References

  1. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Int. Conf. Cryptology, 1999, pp. 388-397.
  2. J. Ha et al., "Differential Power Analysis on Block Cipher ARIA," HPCC, LNCS, vol. 3726, 2005, pp. 541-548.
  3. J.D. Golic and C. Tymen, "Multiplicative Masking and Power Analysis of AES," CHES, LNCS, vol. 2523, 2002, pp. 198-212.
  4. C. Kim, M. Schläffer, and S. Moon, "Differential Side Channel Analysis Attacks on FPGA Implementations of ARIA," ETRI J., vol. 30, no.2, Apr. 2008, pp. 315-325. https://doi.org/10.4218/etrij.08.0107.0167
  5. F.X. Standaert, S.B. Ors, and B. Preneel, "Power Analysis of an FPGA Implementation of Rijndael: Is Pipelining a DPA Countermeasure?" CHES, LNCS, vol. 3156, 2004, pp. 30-44.
  6. T. Messerges, "Using Second-Order Power Analysis to Attack DPA Resistant Software," CHES, LNCS, vol. 1965, 2000, pp. 238-251.
  7. T. Messerges, "Securing the AES Finalists Against Power Analysis Attacks," FSE, LNCS, vol. 1978, 2000, pp. 150-164.
  8. E. Trichina, D.S. Seta, and L. Germani, "Simplified Adaptive Multiplicative Masking for AES," CHES, LNCS, vol. 2523, 2002, pp. 187-197.
  9. K. Schramm and C. Paar, "Higher Order Masking of the AES," LNCS, vol. 3860, 2006, pp. 208-225.
  10. M. L. Akkar and C. Giraud, "An Implementation of DES and AES, Secure Against Some Attacks," CHES, LNCS, vol. 2162, 2001, pp. 309-318.
  11. J. Blomer, J. Guajardo, and V. Krummel. "Provably Secure Masking of AES," SAC, LNCS, vol. 3357, 2005, pp. 69-83.
  12. E. Oswald et al., "A Side-Channel Analysis Resistant Description of the AES S-Box," FSE, LNCS, vol. 3557, 2005, pp. 413-423.
  13. B. Zakeri et al., "Compact and Secure Design of Masked AES SBox," Lecture Notes in Computer Science, vol. 4861, 2007, pp. 216-229.
  14. S. Mangard, N. Pramstaller, and E. Oswald, "Successfully Attacking Masked AES Hardware Implementations," CHES, LNCS, vol. 3659, 2005, pp. 157-171.
  15. D. Kwon et al.,"New Block Cipher: ARIA," ICISC, LNCS, vol. 2971, 2004, pp. 432-445.
  16. J. Daemen and V. Rijmen, The Design of Rijndael: AES - The Advanced Encryption Standard, Springer, 2002.
  17. C. Adams and S. Tavares, "The Structured Design of Cryptographically Good SBoxes," J. of Cryptology, vol. 3, no. 1, 1990, pp. 27-42.
  18. L. O'Connor, "On the Distribution of Characteristics in Bijective Mappings," Eurocrypt, LNCS, vol. 765, 1994, pp. 360-370.
  19. A. Satoh et al., "A Compact Rijndael Hardware Architecture with S-Box Optimization," ASIACRYPT, LNCS, vol. 2248, 2001, pp. 239-254.
  20. Atmel Corporation. Datasheet: ATmega128(L). http://www.atmel.com/products/avr/.
  21. C. Herbst, E. Oswald, and S. Mangard, "An AES Smart Card Implementation Resistant to Power Analysis Attacks," ACNS, LNCS, vol. 3989, 2006, pp. 239-252.
  22. E. Oswald and K. Schramm. "An Efficient Masking Scheme for AES Software Implementations," WISA, LNCS, vol. 3786, 2006, pp. 292-305.
  23. B. Koo et al., "Design and Implementation of Unified Hardware for 128-Bit Block Ciphers ARIA and AES," ETRI J., vol. 29, no. 6, Dec. 2007, pp. 80-82.
  24. J. Wolkerstorfer, E. Oswald, and M. Lamberger, "An ASIC Implementation of the AES SBoxes," CT-RSA, LNCS, vol. 2271, 2002, pp. 67-78.

Cited by

  1. Generalized Hardware Post-processing Technique for Chaos-Based Pseudorandom Number Generators vol.35, pp.3, 2010, https://doi.org/10.4218/etrij.13.0112.0677
  2. 전력 분석에 안전한 AES에 대한 새로운 종류의 충돌쌍 공격 vol.2, pp.9, 2010, https://doi.org/10.3745/ktccs.2013.2.9.393
  3. Blacklist를 활용한 선택적 평문 충돌 쌍 공격 vol.24, pp.6, 2010, https://doi.org/10.13089/jkiisc.2014.24.6.1103
  4. New Type of Collision Attack on First-Order Masked AESs vol.38, pp.2, 2010, https://doi.org/10.4218/etrij.16.0114.0854
  5. Multilevel information fusion for cryptographic substitution box construction based on inevitable random noise in medical imaging vol.11, pp.1, 2010, https://doi.org/10.1038/s41598-021-93344-z