Comprehensive Evaluation of AES Dual Ciphers as a Side-Channel Countermeasure
Amir Moradi, Oliver Mischke
International Conference on Information and Communications Security, ICICS 2013, Beijing, China, November 20 - 22, 2013.
Because of the isomorphisms in GF(2^8) there exist 240 different non-trivial dual ciphers of AES. While keeping the in- and outputs of a dual cipher equal to the original AES, all the intermediate values and operations can be different from that of the original one. A comprehensive list of these dual ciphers is given by an article presented at ASIACRYPT 2002, where it is mentioned that they might be used as a kind of side-channel attack countermeasure if the dual cipher is randomly selected. Later, in a couple of works performance figures and overhead penalty of hardware implementations of this scheme is reported. However, the suitability of using randomly selected dual ciphers as a power analysis countermeasure has never been thoroughly evaluated in practice. In this work we address the pitfalls and flaws of this scheme when used as a side-channel countermeasure. As evidence of our claims, we provide practical evaluation results based on a Virtex-5 FPGA platform. We realized a design which randomly selects between the 240 different dual ciphers at each AES computation. We also examined the side-channel leakage of the design under an information theoretic metric as well as its vulnerability to different attack models. As a result, we show that the protection provided by the scheme is negligible considering the increased costs in term of area and lower throughput.[DOI] [BibTeX] [pdf]