Name
Abstract | ||
|---|---|---|
Because of the isomorphisms in GF(28) there exist 240 different non-trivial dual ciphers of AES. While keeping the in- and outputs of a dual cipher equal to the original AES, all the intermediate values and operations can be different from that of the original one. A comprehensive list of these dual ciphers is given by an article presented at ASIACRYPTä2002, where it is mentioned that they might be used as a kind of side-channel attack countermeasure if the dual cipher is randomly selected. Later, in a couple of works performance figures and overhead penalty of hardware implementations of this scheme is reported. However, the suitability of using randomly selected dual ciphers as a power analysis countermeasure has never been thoroughly evaluated in practice. In this work we address the pitfalls and flaws of this scheme when used as a side-channel countermeasure. As evidence of our claims, we provide practical evaluation results based on a Virtex-5 FPGA platform. We realized a design which randomly selects between the 240 different dual ciphers at each AES computation. We also examined the side-channel leakage of the design under an information theoretic metric as well as its vulnerability to different attack models. As a result, we show that the protection provided by the scheme is negligible considering the increased costs in term of area and lower throughput. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1007/978-3-319-02726-5_18 | ICICS |
Field | DocType | Citations |
Countermeasure,Power analysis,Cipher,Attack model,Key schedule,Computer science,Arithmetic,Algorithm,Field-programmable gate array,Side channel attack,Collision attack,Distributed computing | Conference | 1 |
PageRank | References | Authors |
0.35 | 29 | 2 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Amir Moradi | 1 | 960 | 80.66 |
| Oliver Mischke | 2 | 204 | 11.53 |