Major credit card companies are planning to convert most of credit cards with magnetic stripe into smart cards within a few years. And usage of smart cards are increasing in such fields like transportation, electronic money, ID cards, etc. Major advantage of smart cards is that internal data like secret key can be used for internal processing and only the result is open to the public access.
However, the internal data kept inside smart cards and used internally can be found out using side channel attack. When cryptographic processing is occurred using input message and secret key, information like power consumption or electromagnetic radiation may be leaked. In side channel attack, the information is used to find out the secret key. Sometimes, attackers utilize timing information or induced faults during computation. Differential Power Analysis (DPA) is a kind of side channel attacks that makes use of power consumption information. DPA is a real threat because attackers can mount DPA with relatively cheap equipments and without knowing the internal implementation. Countermeasures against DPA can be divided into two categories. One is by hardware and the other is by software. Smart card chips manufactured recently are equipped with hardware countermeasures. But it is generally recognized that DPA can be prevented effectively only by using both hardware and software countermeasures.
AES is the standard block cipher selected by NIST to replace DES in 2000. Masking methods were proposed as software countermeasure against DPA. But previous masking methods are vulnerable to Second Order DPA (SODPA) and can be made simpler in regard to memory and processing requirement.
In this thesis, simple fixed-value masking method that is resistant to SODPA and more efficient than previous methods is proposed and analyzed. The required memory for storing mask is 33% of previous method and the number of xor operation for applying mask is 18% of previous method. In practice, ...