Guarding the First Order: The Rise of AES Maskings
Askeland, Amund; Dhooghe, S.; Petkova-Nikova, Svetla Iordanova; Rijmen, Vincent Stefaan; Zhang, Zhenda
Journal article, Peer reviewed
Accepted version
Permanent lenke
https://hdl.handle.net/11250/3119633Utgivelsesdato
2023Metadata
Vis full innførselSamlinger
- Department of Informatics [1001]
- Registrations from Cristin [11151]
Sammendrag
We provide three first-order hardware maskings of the AES, each allowing for a different trade-off between the number of shares and the number of register stages. All maskings use a generalization of the changing of the guards method enabling the re-use of random- ness between masked S-boxes. As a result, the maskings do not require fresh randomness while still allowing for a minimal number of shares and providing provable security in the glitch-extended probing model. The low-area variant has five cycles of latency and a serialized area cost of 8.13 kGE. The low-latency variant reduces the latency to three cycles while increasing the serialized area by 67.89% compared to the low-area variant. The maskings of the AES encryption are implemented on FPGA and evaluated with Test Vector Leakage Assessment (TVLA).