Multiplicative Masking for AES in Hardware
Hardware masked AES designs usually rely on Boolean masking and perform the computation of the S-box using the tower-field decomposition. On the other hand, splitting sensitive variables in a multiplicative way is more amenable for the computation of the AES S-box, as noted by Akkar and Giraud. Howe...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2018-08-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://tches.iacr.org/index.php/TCHES/article/view/7282 |
| _version_ | 1818640473179291648 |
|---|---|
| author | Lauren De Meyer Oscar Reparaz Begül Bilgin |
| author_facet | Lauren De Meyer Oscar Reparaz Begül Bilgin |
| author_sort | Lauren De Meyer |
| collection | DOAJ |
| description | Hardware masked AES designs usually rely on Boolean masking and perform the computation of the S-box using the tower-field decomposition. On the other hand, splitting sensitive variables in a multiplicative way is more amenable for the computation of the AES S-box, as noted by Akkar and Giraud. However, multiplicative masking needs to be implemented carefully not to be vulnerable to first-order DPA with a zero-value power model. Up to now, sound higher-order multiplicative masking schemes have been implemented only in software. In this work, we demonstrate the first hardware implementation of AES using multiplicative masks. The method is tailored to be secure even if the underlying gates are not ideal and glitches occur in the circuit. We detail the design process of first- and second-order secure AES-128 cores, which result in the smallest die area to date among previous state-of-the-art masked AES implementations with comparable randomness cost and latency. The first- and second-order masked implementations improve resp. 29% and 18% over these designs. We deploy our construction on a Spartan-6 FPGA and perform a side-channel evaluation. No leakage is detected with up to 50 million traces for both our first- and second-order implementation. For the latter, this holds both for univariate and bivariate analysis. |
| first_indexed | 2024-12-16T23:11:50Z |
| format | Article |
| id | doaj.art-2259a107e8494fefb1d4ca66fbc56094 |
| institution | Directory Open Access Journal |
| issn | 2569-2925 |
| language | English |
| last_indexed | 2024-12-16T23:11:50Z |
| publishDate | 2018-08-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj.art-2259a107e8494fefb1d4ca66fbc560942022-12-21T22:12:23ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252018-08-012018310.13154/tches.v2018.i3.431-468Multiplicative Masking for AES in HardwareLauren De Meyer0Oscar Reparaz1Begül Bilgin2imec - COSIC, KU Leuvenimec - COSIC, KU Leuven, Belgium; 2 Square inc., San Franciscoimec - COSIC, KU LeuvenHardware masked AES designs usually rely on Boolean masking and perform the computation of the S-box using the tower-field decomposition. On the other hand, splitting sensitive variables in a multiplicative way is more amenable for the computation of the AES S-box, as noted by Akkar and Giraud. However, multiplicative masking needs to be implemented carefully not to be vulnerable to first-order DPA with a zero-value power model. Up to now, sound higher-order multiplicative masking schemes have been implemented only in software. In this work, we demonstrate the first hardware implementation of AES using multiplicative masks. The method is tailored to be secure even if the underlying gates are not ideal and glitches occur in the circuit. We detail the design process of first- and second-order secure AES-128 cores, which result in the smallest die area to date among previous state-of-the-art masked AES implementations with comparable randomness cost and latency. The first- and second-order masked implementations improve resp. 29% and 18% over these designs. We deploy our construction on a Spartan-6 FPGA and perform a side-channel evaluation. No leakage is detected with up to 50 million traces for both our first- and second-order implementation. For the latter, this holds both for univariate and bivariate analysis.https://tches.iacr.org/index.php/TCHES/article/view/7282DPAMaskingGlitchesSharingAdaptiveBoolean |
| spellingShingle | Lauren De Meyer Oscar Reparaz Begül Bilgin Multiplicative Masking for AES in Hardware Transactions on Cryptographic Hardware and Embedded Systems DPA Masking Glitches Sharing Adaptive Boolean |
| title | Multiplicative Masking for AES in Hardware |
| title_full | Multiplicative Masking for AES in Hardware |
| title_fullStr | Multiplicative Masking for AES in Hardware |
| title_full_unstemmed | Multiplicative Masking for AES in Hardware |
| title_short | Multiplicative Masking for AES in Hardware |
| title_sort | multiplicative masking for aes in hardware |
| topic | DPA Masking Glitches Sharing Adaptive Boolean |
| url | https://tches.iacr.org/index.php/TCHES/article/view/7282 |
| work_keys_str_mv | AT laurendemeyer multiplicativemaskingforaesinhardware AT oscarreparaz multiplicativemaskingforaesinhardware AT begulbilgin multiplicativemaskingforaesinhardware |