Effect of glitches against masked AES S-box implementation and countermeasure

Masking of gates is one of the most popular techniques to prevent differential power analysis (DPA) of AES algorithm. It has been shown that the logic circuits used in the implementation of cryptographic algorithms leak side-channel information inspite of masking, which can be exploited, in differential power attacks. The phenomenon in CMOS circuits responsible for the leakage of masked circuits is known as glitching. Motivated by this fact, the authors analyse the effect of glitches in CMOS circuits against masked implementation of the AES S-box. The authors explicitly demonstrate that glitches do not affect always. There exists a relation between combinational path delay of the circuit and timing difference of input vectors to the circuit, which has a bearance on the amount of information leaked by the masked gates. A balanced masked S-box circuit is proposed where the inputs are synchronised by sequential components. Detailed SPICE results are shown to support the claim that the modifications indeed reduce the vulnerability of the masked AES S-box against DPA attacks.