Successfully Attacking Masked AES Hardware Implementations

S Mangard, N Pramstaller, ME Oswald

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

291 Citations (Scopus)


During the last years, several masking schemes for AES have been proposed to secure hardware implementations against DPA attacks. In order to investigate the effectiveness of these countermeasures in practice, we have designed and manufactured an ASIC. The chip features an unmasked and two masked AES-128 encryption engines that can be attacked independently. In addition to conventional DPA attacks on the output of registers, we have also mounted attacks on the output of logic gates. Based on simulations and physical measurements we show that the unmasked and masked implementations leak side-channel information due to glitches at the output of logic gates. It turns out that masking the AES S-Boxes does not prevent DPA attacks, if glitches occur in the circuit.
Translated title of the contributionSuccessfully Attacking Masked AES Hardware Implementations
Original languageEnglish
Title of host publicationCryptographic Hardware and Embedded Systems – CHES 2005
Subtitle of host publication7th International Workshop, Edinburgh, UK, August 29 – September 1, 2005. Proceedings
PublisherSpringer Berlin Heidelberg
Number of pages15
ISBN (Electronic)9783540284405
ISBN (Print)9783540284741
Publication statusPublished - 2005

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin Heidelberg

Bibliographical note

Editors: Rao, JR and Sunar, B
ISBN: 9783540284741
Publisher: Springer
Name and Venue of Conference: Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, August 29 - September 1, 2005
Conference Organiser: IACR

Cite this