The Design of Rijndael
A fully pipelined memoryless 17.8 Gbps AES-128 encryptor
FPGA '03 Proceedings of the 2003 ACM/SIGDA eleventh international symposium on Field programmable gate arrays
An ASIC Implementation of the AES SBoxes
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Essential Algebraic Structure within the AES
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Multiplicative Masking and Power Analysis of AES
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
An Optimized S-Box Circuit Architecture for Low Power AES Design
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A 10 Gbps Full-AES Crypto Design with a Twisted-BDD S-Box Architecture
ICCD '02 Proceedings of the 2002 IEEE International Conference on Computer Design: VLSI in Computers and Processors (ICCD'02)
A 3.84 gbits/s AES crypto coprocessor with modes of operation in a 0.18-μm CMOS technology
GLSVLSI '05 Proceedings of the 15th ACM Great Lakes symposium on VLSI
Provably secure masking of AES
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
A side-channel analysis resistant description of the AES s-box
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Pinpointing the side-channel leakage of masked AES hardware implementations
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Successfully attacking masked AES hardware implementations
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Correlation-enhanced power analysis collision attack
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Mixed bases for efficient inversion in F((22)2)2 and conversion matrices of SubBytes of AES
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Lightweight cryptography and DPA countermeasures: a survey
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
On side-channel resistant block cipher usage
ISC'10 Proceedings of the 13th international conference on Information security
Pushing the limits: a very compact and a threshold implementation of AES
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Improved collision-correlation power analysis on first order protected AES
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Intra-masking dual-rail memory on LUT implementation for tamper-resistant AES on FPGA
Proceedings of the ACM/SIGDA international symposium on Field Programmable Gate Arrays
Statistical tools flavor side-channel collision attacks
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
Block ciphers that are easier to mask: how far can we go?
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
AES side-channel countermeasure using random tower field constructions
Designs, Codes and Cryptography
Hi-index | 0.00 |
Implementations of the Advanced Encryption Standard (AES), including hardware applications with limited resources (e.g., smart cards), may be vulnerable to "side-channel attacks" such as differential power analysis. One countermeasure against such attacks is adding a random mask to the data; this randomizes the statistics of the calculation at the cost of computing "mask corrections." The single nonlinear step in each AES round is the "S-box" (involving a Galois inversion), which incurs the majority of the cost for mask corrections. Oswald et al.[1] showed how the "tower field" representation allows maintaining an additive mask throughout the Galois inverse calculation. This work applies a similar masking strategy to the most compact (unmasked) S-box to date[2]. The result is the most compact masked S-box so far, with "perfect masking" (by the definition of Blömer[3]) giving suitable implementations immunity to first-order differential side-channel attacks.