Paper 2022/1276
Second-Order Low-Randomness $d+1$ Hardware Sharing of the AES
Abstract
In this paper, we introduce a second-order masking of the AES using the minimal number of shares and a total of 1268 bits of randomness including the sharing of the plaintext and key. The masking of the S-box is based on the tower field decomposition of the inversion over bytes where the changing of the guards technique is used in order to re-mask the middle branch of the decomposition. The sharing of the S-box is carefully crafted such that it achieves first-order probing security without the use of randomness and such that the sharing of its output is uniform. Multi-round security is achieved by re-masking the state where we use a theoretical analysis based on the propagation of probed information to reduce the demand for fresh randomness per round. The result is a second-order masked AES which competes with the state-of-the-art in terms of latency and area, but reduces the randomness complexity over eight times over the previous known works. In addition to the corresponding theoretical analysis and proofs for the security of our masked design, it has been implemented on FPGA and evaluated via lab analysis.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. ACM Conference on Computer and Communications Security (CCS 2022)
- Keywords
- AES Hardware Low Randomness Masking Side-Channel Analysis
- Contact author(s)
-
siemen dhooghe @ esat kuleuven be
aein rezaeishahmirzadi @ rub de
amir moradi @ rub de - History
- 2022-09-26: approved
- 2022-09-26: received
- See all versions
- Short URL
- https://ia.cr/2022/1276
- License
-
CC BY-NC
BibTeX
@misc{cryptoeprint:2022/1276, author = {Siemen Dhooghe and Aein Rezaei Shahmirzadi and Amir Moradi}, title = {Second-Order Low-Randomness $d+1$ Hardware Sharing of the {AES}}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1276}, year = {2022}, url = {https://eprint.iacr.org/2022/1276} }