Since the announcement of the Differential Power Analysis (DPA) by Paul Kocher and al., several countermeasures were proposed in order to protect software implementations of cryptographic algorithms. In an attempt to reduce the resulting memory and execution time overhead, Thomas Messerges recently proposed a general method that "masks" all the intermediate data. This masking strategy is possible if all the fundamental operations used in a given algorithm can be rewritten with masked input data, giving masked output data. This is easily seen to be the case in classical algorithms such as DES or RSA. However, for algorithms that combine Boolean and arithmetic functions, such as IDEA or several of the AES candidates, two di erent kinds of masking have to be used. There is thus a need for a method to convert back and forth between Boolean masking and arithmetic masking. In the present paper, we show that the 'BooleanToArithmetic' algorithm proposed by T. Messerges is not sucient to prevent Di erential Power Analysis. In a similar way, the 'ArithmeticToBoolean' algorithm is not secure either. © Springer-Verlag Berlin Heidelberg 2000.
CITATION STYLE
Coron, J. S., & Goubin, L. (2000). On Boolean and arithmetic masking against Differential Power Analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1965 LNCS, pp. 231–237). Springer Verlag. https://doi.org/10.1007/3-540-44499-8_18
Mendeley helps you to discover research relevant for your work.