Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations

Stefan Mangard, Kai Schramm

Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, Oktober 10 - 13, 2006.


This article starts with a discussion of three di®erent attacks

on masked AES hardware implementations. This discussion leads to the conclusion that glitches in masked circuits pose the biggest threat to masked hardware implementations in practice. Motivated by this fact, we pinpointed which parts of masked AES S-boxes cause the glitches that lead to side-channel leakage. The analysis reveals that these glitches are caused by the switching characteristics of XOR gates in masked multipli- ers. Masked multipliers are basic building blocks of most recent proposals for masked AES S-boxes. We subsequently show that the side-channel leakage of the masked multipliers can be prevented by ful¯lling timing constraints for 3 . n XOR gates in each GF(2 n ) multiplier of an AES S-box. We also brie°y present two approaches on how these timing con- straints can be ful¯lled in practice


tags: AES, DPA, Glitches, Zero-Input DPA, Zero-O®set DPA