International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Provably Secure Masking of AES

Johannes Blömer
Jorge Guajardo Merchan
Volker Krummel
Search ePrint
Search Google
Abstract: A general method to secure cryptographic algorithm implementations against side-channel attacks is the use of randomization techniques and, in particular, masking. Roughly speaking, using random values unknown to an adversary one masks the input to a cryptographic algorithm. As a result, the intermediate results in the algorithm computation are uncorrelated to the input and the adversary cannot obtain any useful information from the side-channel. Unfortunately, previous AES randomization techniques have based their security on heuristics and experiments. Thus, flaws have been found which make AES randomized implementations still vulnerable to side-channel cryptanalysis. In this paper, we provide a formal notion of security for randomized maskings of arbitrary cryptographic algorithms. Furthermore, we present an AES randomization technique that is provably secure against side-channel attacks if the adversary is able to access a single intermediate result. Our randomized masking technique is quite general and it can be applied to arbitrary algorithms using only arithmetic operations over some even characteristic finite field. We notice that to our knowledge this is the first time that a randomization technique for the AES has been proven secure in a formal model.
  title={Provably Secure Masking of AES},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / AES, side-channel attacks, provable secure countermeasures, DPA, hardware implementation, security model},
  note={ 12538 received 30 Apr 2004},
  author={Johannes Blömer and Jorge Guajardo Merchan and Volker Krummel},