International Association for Cryptologic Research (IACR)
Abstract
All-or-Nothing Encryption was introduced by Rivest as a countermeasure to brute force key search attacks. This work identifies a new application for All-or-Nothing Transforms, as a protocol-level countermeasure to Differential Side-Channel Analysis (DSCA). We describe an extension to the All-or-Nothing protocol, that strengthens the DCSA resistance of the cryptosystem. The resultant scheme is a practical alternative to Boolean and arithmetic masking, used to protect implementations of encryption and decryption operations on electronic devices
