Principles on the security of AES against first and second-order differential power analysis

J. Lu, J. Pan, J.I. Hartog, den

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

7 Citations (Scopus)
1 Downloads (Pure)

Abstract

The Advanced Encryption Standard (AES) is a 128-bit block cipher that is currently being widely used in smartcards. Differential Power Analysis (DPA) is a powerful technique used to attack a cryptographic implementation in a resource-limited application environment like smartcards. Despite the extensive research on DPA of AES, it seems none has explicitly addressed the fundamental issue: How many rounds of the beginning and end parts of an AES implementation should be protected in order to resist practical DPA attacks, namely first and second-order DPA attacks? Implementation designers may think that it is sufficient to protect the first and last one (or one and a half) rounds of AES, leaving the inner rounds unprotected or protected by simple countermeasures. In this paper, we show that power leakage of some intermediate values from the more inner rounds of AES can be exploited to conduct first and/or second-order DPA attacks by employing techniques such as fixing certain plaintext/ciphertext bytes. We give five general principles on DPA vulnerability of unprotected AES implementations, and then give several general principles on DPA vulnerability of protected AES implementations. These principles specify which positions of AES are vulnerable to first and second-order DPA. To justify the principles, we attack two recently proposed AES implementations that use two kinds of countermeasures to achieve a high resistance against power analysis, and demonstrate that they are even vulnerable to DPA. Finally, we conclude that at least the first two and a half rounds and the last three rounds should be secured for an AES implementation to be resistant against first and second-order DPA in practice. Keywords Side channel cryptanalysis - Advanced Encryption Standard - Differential power analysis
Original languageEnglish
Title of host publicationApplied Cryptography and Network Security (8th International Conference, ACNS 2010, Beijing, China, June 22-25, 2010. Proceedings)
EditorsJ. Zhou, M. Yung
Place of PublicationBerlin
PublisherSpringer
Pages168-185
ISBN (Print)978-3-642-13707-5
DOIs
Publication statusPublished - 2010

Publication series

NameLecture Notes in Computer Science
Volume6123
ISSN (Print)0302-9743

Fingerprint Dive into the research topics of 'Principles on the security of AES against first and second-order differential power analysis'. Together they form a unique fingerprint.

  • Cite this

    Lu, J., Pan, J., & Hartog, den, J. I. (2010). Principles on the security of AES against first and second-order differential power analysis. In J. Zhou, & M. Yung (Eds.), Applied Cryptography and Network Security (8th International Conference, ACNS 2010, Beijing, China, June 22-25, 2010. Proceedings) (pp. 168-185). (Lecture Notes in Computer Science; Vol. 6123). Springer. https://doi.org/10.1007/978-3-642-13708-2_11