Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations [chapter]

Stefan Mangard, Kai Schramm
2006 Lecture Notes in Computer Science  
This article starts with a discussion of three different attacks on masked AES hardware implementations. This discussion leads to the conclusion that glitches in masked circuits pose the biggest threat to masked hardware implementations in practice. Motivated by this fact, we pinpointed which parts of masked AES S-boxes cause the glitches that lead to side-channel leakage. The analysis reveals that these glitches are caused by the switching characteristics of XOR gates in masked multipliers.
more » ... ked multipliers are basic building blocks of most recent proposals for masked AES S-boxes. We subsequently show that the side-channel leakage of the masked multipliers can be prevented by fulfilling timing constraints for 3 · n XOR gates in each GF (2 n ) multiplier of an AES S-box. We also briefly present two approaches on how these timing constraints can be fulfilled in practice.
doi:10.1007/11894063_7 fatcat:qzakzmwjfzbwvmlpscu5vgznii