Side Channel Attacks Database
|
|
|
|
|
|
Avoid Mask Re-use in Masked Galois Multipliers |
 |
|
|
D. Canright, |
|
|
IACR 2009 |
|
| Abstract: |
|
This work examines a weakness in re-using masks for masked Galois inversion, specifically in the masked Galois multipliers. Here we show that the mask re-use scheme included in our work[1] cannot result in perfect masking, regardless of the order in which the terms are added; explicit distributions are derived for each step. The same problem requires new masks in the subfield calculations, not included in [1]. Hence, for resistance to first-order differential attacks, the masked S-box must use distinct, independent masks for input and output bytes of the masked inverter, and new masks in the subfields, resulting in a larger size. |
|
| Paper Available At: |
|
http://eprint.iacr.org/2009/012 |
|
|
|
|
|
|
|
|
|
|
|
|
Cited By: |
|
|
|
|
|
|
|
|
|
Sort: |
|
This paper has been referenced 0 times, showing 1-10 |
Page 1 of 0
|
|
|
|
|
|
|
|
|
|
|
|
| Comments About Paper |
|
|
|
|
| Post a Comment |
|
|
 Enter the code shown:
|
| Name: |
|
| Email (optional) |
|
| Comment: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Direct any
comments, questions, omissions, criticizm here |
 |
|
|
|