Paul Kocher et al. introduced in 1998 [5] and published in 1999 [6] the concept of “Differential Power Analysis,” also known as DPA as a method of encrypted messages. The initial targets were symmetric cryptosystems such as the Data Encryption Standard (DES) or Advanced Encryption Standard (AES) candidates, but public-key cryptosystems have since proven equally vulnerable to DPA attacks.
In 1999, Chari et al. [2] suggested a generic countermeasure that consisted of separating all the intermediate variables. A similar “duplication” method was proposed by Goubin et al. [4], in a particular case. These general methods generally sharply increase the amount of memory or the computation time required, as noted by Chari et al. Furthermore, it has been demonstrated that even the intermediate steps can be attacked by DPA, so the separation of the variables must be performed in every step of the algorithm. This makes the question of additional memory and computation time even more crucial, particularly for embedded systems such as smart cards.
In 2000, Thomas Messerges [8] studied DPA attacks applied to the AES candidates. He developed a general countermeasure that consisted of masking all the inputs and outputs of each elementary operation executed by the microprocessor. This generic technique allowed him to assess the impact of these countermeasures on the five AES candidates.
However, for algorithms that combine Boolean functions and arithmetic functions, it is necessary to use two types of masks. One therefore needs a method for converting between the Boolean masking and the arithmetic masking. This is typically the case for IDEA [7] and for three of the AES candidates: MARS [1], RC6 [9] and Twofish [10].
T. Messerges [8] has proposed an algorithm for performing this conversion. Unfortunately, Coron and Goubin [3] have described a specific attack showing that the “BooleanToArithmetic” algorithm proposed by T. Messerges is insufficient for protecting oneself against DPA. Likewise, his “ArithmeticToBoolean” algorithm isn't foolproof either.