All-or-Nothing Transforms as a countermeasure to differential side-channel analysis

Side-channel attacks on hardware implementations of cryptographic algorithms have recently been the focus of much attention in the research community. Differential power analysis (DPA) has been shown to be particularly effective at retrieving secret information stored within an implementation. The design of DPA-resistant systems that are efficient in terms of speed and area poses a significant challenge. All-or-Nothing Transforms are cryptographic transforms, which are currently employed in numerous applications. We examine All-or-Nothing Encryption systems from the DPA perspective. This paper shows that All-or-Nothing cryptosystems, whilst not preventing side-channel leakage, do fundamentally inhibit DPA attacks. Furthermore, we develop extensions to the All-or-Nothing protocol to strengthen the DPA resistance of the cryptosystem, providing a practical alternative to masking countermeasures for symmetric ciphers.