[Cryptography] Power analysis hardening of AES through choice of mode and IV construction

Jacob Christian Munch-Andersen nohat at nohatcoder.dk
Fri Aug 12 11:28:52 EDT 2022


On Thu, Aug 11, 2022, at 8:26 PM, Phillip Hallam-Baker wrote:
> Perhaps if we designed a mode with integrated masking???

I have been giving this type of problem some thought, and in some contexts it is possible to avoid ever using the same key twice, you just need key chaining, like KEY[n] = permutation(KEY[n-1]). It doesn't work well with AES because the expanded keys are large relative to the encrypted data, but it is perfectly possible to work around that issue with a different algorithm. A bonus benefit is that it seems to destroy all possibilities for linear and differential cryptanalysis, as that rely on (at least) 2 blocks that get treated almost identically, and that doesn't happen if the key keeps on changing.

More info here: http://nohatcoder.dk/2022-07-15-1.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220812/de3207cc/attachment.htm>


More information about the cryptography mailing list