A technique with an information-theoretic basis for protecting secret data from differential power attacks

Abstract

The classic “black-box” view of cryptographic devices such as smart cards has been invalidated by the advent of the technique of Differential Power Analysis (DPA) for observing intermediate variables during normal operation through side-channel observations. An information-theoretic approach leads to optimal DPA attacks and can provide an upper bound on the rate of information leakage, and thus provides a sound basis for evaluating countermeasures. This paper presents a novel technique of random affine mappings as a DPA countermeasure. The technique increases the number of intermediate variables that must be observed before gleaning any secret information and randomly varies these variables on every run. This is done without duplication of the processing of variables, allowing very efficient DPA resistant cipher implementations where the ciphers are designed to minimise overheads. A realworld system has been developed within the tight computational constraints of a smart card to exhibit first-order DPA-resistance for all key processing.