A fast and provably secure higher-order masking of AES S-box

Research output: Chapter in Book/Report/Conference proceedingConference contribution

54 Citations (Scopus)

Abstract

This paper proposes an efficient and secure higher-order masking algorithm for AES S-box that consumes the most computation time of the higher-order masked AES. During the past few years, much of the research has focused on finding higher-order masking schemes for this AES S-box, but these are still slow for embedded processors use. Our proposed higher-order masking of AES S-box is constructed based on the inversion operation over the composite field. We replace the subfield operations over the composite field into the table lookup operation, but these precomputation tables do not require much ROM space because these are the operations over GF(24). In the implementation results, we show that the higher-order masking scheme using our masked S-box is about 2.54 (second-order masking) and 3.03 (third-order masking) times faster than the fastest method among the existing higher-order masking schemes of AES.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages95-107
Number of pages13
Volume6917 LNCS
DOIs
Publication statusPublished - 2011 Oct 11
Event13th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2011 - Nara, Japan
Duration: 2011 Sep 282011 Oct 1

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6917 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other13th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2011
CountryJapan
CityNara
Period11/9/2811/10/1

Fingerprint

S-box
Masking
Higher Order
Table lookup
ROM
Composite materials
Composite
Embedded Processor
Look-up Table
Subfield
Tables
Inversion

Keywords

  • AES
  • differential power analysis
  • higher-order DPA
  • higher-order masking
  • side channel attack

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Kim, H., Hong, S., & Lim, J. I. (2011). A fast and provably secure higher-order masking of AES S-box. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6917 LNCS, pp. 95-107). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6917 LNCS). https://doi.org/10.1007/978-3-642-23951-9_7

A fast and provably secure higher-order masking of AES S-box. / Kim, HeeSeok; Hong, Seokhie; Lim, Jong In.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6917 LNCS 2011. p. 95-107 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6917 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, H, Hong, S & Lim, JI 2011, A fast and provably secure higher-order masking of AES S-box. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 6917 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6917 LNCS, pp. 95-107, 13th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2011, Nara, Japan, 11/9/28. https://doi.org/10.1007/978-3-642-23951-9_7
Kim H, Hong S, Lim JI. A fast and provably secure higher-order masking of AES S-box. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6917 LNCS. 2011. p. 95-107. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-23951-9_7
Kim, HeeSeok ; Hong, Seokhie ; Lim, Jong In. / A fast and provably secure higher-order masking of AES S-box. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6917 LNCS 2011. pp. 95-107 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{9275341d036347c48f06cee0396b655f,
title = "A fast and provably secure higher-order masking of AES S-box",
abstract = "This paper proposes an efficient and secure higher-order masking algorithm for AES S-box that consumes the most computation time of the higher-order masked AES. During the past few years, much of the research has focused on finding higher-order masking schemes for this AES S-box, but these are still slow for embedded processors use. Our proposed higher-order masking of AES S-box is constructed based on the inversion operation over the composite field. We replace the subfield operations over the composite field into the table lookup operation, but these precomputation tables do not require much ROM space because these are the operations over GF(24). In the implementation results, we show that the higher-order masking scheme using our masked S-box is about 2.54 (second-order masking) and 3.03 (third-order masking) times faster than the fastest method among the existing higher-order masking schemes of AES.",
keywords = "AES, differential power analysis, higher-order DPA, higher-order masking, side channel attack",
author = "HeeSeok Kim and Seokhie Hong and Lim, {Jong In}",
year = "2011",
month = "10",
day = "11",
doi = "10.1007/978-3-642-23951-9_7",
language = "English",
isbn = "9783642239502",
volume = "6917 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "95--107",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - A fast and provably secure higher-order masking of AES S-box

AU - Kim, HeeSeok

AU - Hong, Seokhie

AU - Lim, Jong In

PY - 2011/10/11

Y1 - 2011/10/11

N2 - This paper proposes an efficient and secure higher-order masking algorithm for AES S-box that consumes the most computation time of the higher-order masked AES. During the past few years, much of the research has focused on finding higher-order masking schemes for this AES S-box, but these are still slow for embedded processors use. Our proposed higher-order masking of AES S-box is constructed based on the inversion operation over the composite field. We replace the subfield operations over the composite field into the table lookup operation, but these precomputation tables do not require much ROM space because these are the operations over GF(24). In the implementation results, we show that the higher-order masking scheme using our masked S-box is about 2.54 (second-order masking) and 3.03 (third-order masking) times faster than the fastest method among the existing higher-order masking schemes of AES.

AB - This paper proposes an efficient and secure higher-order masking algorithm for AES S-box that consumes the most computation time of the higher-order masked AES. During the past few years, much of the research has focused on finding higher-order masking schemes for this AES S-box, but these are still slow for embedded processors use. Our proposed higher-order masking of AES S-box is constructed based on the inversion operation over the composite field. We replace the subfield operations over the composite field into the table lookup operation, but these precomputation tables do not require much ROM space because these are the operations over GF(24). In the implementation results, we show that the higher-order masking scheme using our masked S-box is about 2.54 (second-order masking) and 3.03 (third-order masking) times faster than the fastest method among the existing higher-order masking schemes of AES.

KW - AES

KW - differential power analysis

KW - higher-order DPA

KW - higher-order masking

KW - side channel attack

UR - http://www.scopus.com/inward/record.url?scp=80053483211&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80053483211&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-23951-9_7

DO - 10.1007/978-3-642-23951-9_7

M3 - Conference contribution

AN - SCOPUS:80053483211

SN - 9783642239502

VL - 6917 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 95

EP - 107

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -