Compact and secure design of masked AES S-box

Authors:
Babak Zakeri;Mahmoud Salmasizadeh;Amir Moradi;Mahmoud Tabandeh;Mohammad T. Manzuri Shalmani
Affiliations:
School of Electrical Engineering, Sharif University of Technology, Tehran, Iran;School of Electrical Engineering, Sharif University of Technology, Tehran, Iran and Electronic Research Center, Sharif University of Technology, Tehran, Iran;Department of Computer Engineering, Sharif University of Technology, Tehran, Iran;School of Electrical Engineering, Sharif University of Technology, Tehran, Iran;Department of Computer Engineering, Sharif University of Technology, Tehran, Iran
Venue:
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Year:
2007

Citing 7
Cited 2

Multiplicative Masking and Power Analysis of AES

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A side-channel analysis resistant description of the AES s-box

FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Pinpointing the side-channel leakage of masked AES hardware implementations

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
A systematic evaluation of compact hardware implementations for the rijndael s-box

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Side-channel leakage of masked CMOS gates

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Successfully attacking masked AES hardware implementations

CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Secure AES hardware module for resource constrained devices

ESAS'04 Proceedings of the First European conference on Security in Ad-hoc and Sensor Networks

Correlation-enhanced power analysis collision attack

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Lightweight cryptography and DPA countermeasures: a survey

FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Composite field arithmetic is known as an alternative method for lookup tables in implementation of S-box block of AES algorithm. The idea is to breakdown the computations to lower order fields and compute the inverse there. Recently this idea have been used both for reducing the area in implementation of S-boxes and masking implementations of AES algorithm. The most compact design using this technique is presented by Canright using only 92 gates for an S-box block. In another approach, IAIK laboratory has presented a masked implementation of AES algorithm with higher security comparing common masking methods using Composite field arithmetic. Our work in this paper is to use basic ideas of the two approaches above to get a compact masked S-box.We shall use the idea of masking inversion of IAIK's masked S-box but we will rewrite the equations using normal basis.We arrange the terms in these equations in a way that the optimized functions in Canright's compact S-box can be used for our design. An implementation of IAIK's masked S-box is also presented using Canright's polynomial functions to have a fair comparison between our design and IAIK's design. Moreover, we show that this design which uses two special normal basis for GF(16) and GF(4) is the smallest.We shall also prove the security of this design using some lemmas.