Efficient Implementation Of Higher-Order DPA Countermeasures For The AES Using The ARM Neon Instructlon Set

Real-world implementations of cryptographic algorithms are vulnerable to various forms of side-channel attacks, including Differential Power Analysis (DPA). Masking is a widely used countermeasure to protect block ciphers, such as Advanced Encryption Standard (AES), against DPA attacks. The underlying principle is to split each sensitive intermediate variable manipulated by the algorithm into several shares and process these shares separately. High-order DPA attacks exploit the joint leakage of a number of intermediate variables and can defeat lower-order masking schemes, whereby the order denotes the number of intermediate variables that need to be probed at the same time. The complexity of performing a high-order DPA attack grows exponentially as the order increases, which means it suffices to counteract practical high-order attacks with a d-th order masking scheme for a certain order d. However, the main difficulty of any high-order masking scheme is how to efficiently mask the non-linear S-box transformation. The literature contains two basic approaches to solve this problem, namely ISW-based techniques and table re-computation methods. At CHES 2010, Rivain and Prouff (RP) proposed a provably secure generic d-th order masking scheme for the AES, which falls into the first category. Though the original RP countermeasure contains a flaw due to the integration with a mask refreshing procedure, it motivated the design of high-order masking schemes for arbitrary S-boxes and remains the most efficient countermeasure for the AES in terms of quantity of required secure non-linear field multiplications.In order to facilitate the deployment of higher-order masking for the AES in practice, we developed an efficient implementation of the RP countermeasure (with the flaw fixed) using the ARM NEON instruction set. After a comprehensive complexity analysis, we conclude that the RP countermeasure with n shares for each sensitive variable requires O(n2) field multiplications and random number generations, which are both performance-critical parts and can be executed with only 15 instructions in our implementation thanks to the richness of the NEON instruction set. Our simulations of various different implementations show that the performance penalty caused through the integration of DPA countermeasures in our implementation is significantly lower than in previous works. For example, our second-order DPA countermeasure (with three shares for each sensitive variable) is only nine times slower than the baseline implementation that does not contain DPA countermeasure but is resistant against cache-timing attacks. These simulations also indicate that our implementation is efficient enough to be deployed in practice.