Abstract
The effort in reducing the area of AES implementations has largely been focused on Application-Specific Integrated Circuits (ASICs) in which a tower field construction leads to a small design of the AES S-box. In contrast, a naïve implementation of the AES S-box has been the status-quo on Field-Programmable Gate Arrays (FPGAs). A similar discrepancy holds for masking schemes – a wellknown side-channel analysis countermeasure – which are commonly optimized to achieve minimal area in ASICs.In this paper we demonstrate a representation of the AES S-box exploiting rotational symmetry which leads to a 50% reduction of the area footprint on FPGA devices. We present new AES implementations which improve on the state of the art and explore various trade-offs between area and latency. For instance, at the cost of increasing 4.5 times the latency, one of our design variants requires 25% less look-up tables (LUTs) than the smallest known AES on Xilinx FPGAs by Sasdrich and Güneysu at ASAP 2016. We further explore the protection of such implementations against first-order side-channel analysis attacks. Targeting the small area footprint on FPGAs, we introduce a heuristic-based algorithm to find a masking of a given function with d + 1 shares. Its application to our new construction of the AES S-box allows us to introduce the smallest masked AES implementation on Xilinx FPGAs, to-date.
Highlights
Ever since the introduction of Differential Power Analysis (DPA) by Kocher et al [KJJ99], protecting cryptographic devices against Side-Channel Analysis (SCA) has been a challenging and active area of research
Our result reduces the number of occupied look-up tables (LUTs) to 50% compared to a case with dependency on all eight variables
It is difficult to compare these results to state-of-the-art masked AES implementations [BGN+15, CRB+16, GMK17, UHA17b] since they target an Application-Specific Integrated Circuits (ASICs) platform
Summary
Ever since the introduction of Differential Power Analysis (DPA) by Kocher et al [KJJ99], protecting cryptographic devices against Side-Channel Analysis (SCA) has been a challenging and active area of research. We speak of a dth-order DPA attack when the adversary exploits the statistical moments of the SCA leakages (e.g., power consumption) up to order d. In 2003, Ishai et al [ISW03] introduced the d-probing model, in which a very powerful attacker has the ability to probe the exact values of up to d intermediate variables. Security in this model has been related to more realistic adversary scenarios such as the noisy leakage [CJRR99] and the bounded moment leakage model [BDF+17]. In 2005 it was noted by Mangard et al [MPO05] that the Boolean masking schemes which are secure in sequential platforms [Tri, ISW03] still exhibit side-channel leakage when implemented
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
