Guarding the First Order: The Rise of AES Maskings
Askeland, Amund; Dhooghe, S.; Petkova-Nikova, Svetla Iordanova; Rijmen, Vincent Stefaan; Zhang, Zhenda
Journal article, Peer reviewed
Accepted version
![Thumbnail](/bora-xmlui/bitstream/handle/11250/3119633/article-3404.pdf.jpg?sequence=5&isAllowed=y)
View/ Open
Date
2023Metadata
Show full item recordCollections
- Department of Informatics [928]
- Registrations from Cristin [9791]
Abstract
We provide three first-order hardware maskings of the AES, each allowing for a different trade-off between the number of shares and the number of register stages. All maskings use a generalization of the changing of the guards method enabling the re-use of random- ness between masked S-boxes. As a result, the maskings do not require fresh randomness while still allowing for a minimal number of shares and providing provable security in the glitch-extended probing model. The low-area variant has five cycles of latency and a serialized area cost of 8.13 kGE. The low-latency variant reduces the latency to three cycles while increasing the serialized area by 67.89% compared to the low-area variant. The maskings of the AES encryption are implemented on FPGA and evaluated with Test Vector Leakage Assessment (TVLA).