Split-and-merge approach to protect against DFA attacks

摘要

A device for performing a mapping an input message to an output message by a keyed cryptographic operation, wherein the keyed cryptographic operation includes a plurality of rounds. To protect against differential fault analysis attacks, the cryptographic operation is modified to apply a secret sharing approach to one of the rounds. Also, a portion of the computations are split into first and second shares, where the first share uses a first weight and the second share uses a second weight. The final operations are again merged into a single matrix multiplication. Cryptographic operations that have a substitution function and an affine transformation can be protected in this way.