[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content
Springer Nature Link
Log in

Yet Another Size Record for AES: A First-Order SCA Secure AES S-Box Based on \(\mathrm {GF}(2^8)\) Multiplication

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11389))

  • 880 Accesses

Abstract

It is well known that Canright’s tower field construction leads to a very small, unprotected AES S-box circuit by recursively embedding Galois Field operations into smaller fields. The current size record for the AES S-box by Boyar, Matthews and Peralta improves the original design with optimal subcomponents, while maintaining the overall tower-field structure. Similarly, all small state-of-the-art first-order SCA-secure AES S-box constructions are based on a tower field structure.

We demonstrate that a smaller first-order secure AES S-box is achievable by representing the field inversion as a multiplication chain of length 4. Based on this representation, we showcase a very compact S-box circuit with only one \(\mathrm {GF}(2^8)\)-multiplier instance. Thereby, we introduce a new high-level representation of the AES S-box and set a new record for the smallest first-order secure implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Side-channel AttacK User Reference Architecture. http://satoh.cs.uec.ac.jp/SAKURA/index.html

  2. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Trade-offs for threshold implementations illustrated on AES. IEEE Trans. CAD Integr. Circuits Syst. 34(7), 1188–1200 (2015). https://doi.org/10.1109/TCAD.2015.2419623

    Article  MATH  Google Scholar 

  3. Boyar, J., Matthews, P., Peralta, R.: Logic minimization techniques with applications to cryptology. J. Cryptology 26(2), 280–312 (2013). https://doi.org/10.1007/s00145-012-9124-7

    Article  MathSciNet  MATH  Google Scholar 

  4. Canright, D.: A very compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). https://doi.org/10.1007/11545262_32

    Chapter  Google Scholar 

  5. Cnudde, T.D., Ender, M., Moradi, A.: Hardware masking, revisited. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 123–148 (2018). https://doi.org/10.13154/tches.v2018.i2.123-148

    Article  Google Scholar 

  6. De Cnudde, T., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with \(d+1\) shares in hardware. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 194–212. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_10

    Chapter  Google Scholar 

  7. De Meyer, L., Reparaz, O., Bilgin, B.: Multiplicative masking for AES in hardware. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 431–468 (2018). https://doi.org/10.13154/tches.v2018.i3.431-468

    Article  Google Scholar 

  8. Faust, S., Grosso, V., Merino Del Pozo, S., Paglialonga, C., Standaert, F.X.: Composable masking schemes in the presence of physical defaults and the robust probing model. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 89–120 (2018). https://doi.org/10.13154/tches.v2018.i3.89-120. https://tches.iacr.org/index.php/TCHES/article/view/7270

    Article  Google Scholar 

  9. Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for Side channel resistance validation. In: NIST Non-invasive Attack Testing Workshop (2011)

    Google Scholar 

  10. Groß, H., Mangard, S., Korak, T.: Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. IACR Cryptology ePrint Archive 2016, p. 486 (2016). http://eprint.iacr.org/2016/486

  11. Moradi, A.: Advances in Side-channel Security (2016), Habilitation thesis, Ruhr University Bochum, Germany

    Google Scholar 

  12. Moradi, A., Mischke, O.: On the simplicity of converting leakages from multivariate to univariate - (case study of a glitch-resistant masking scheme). In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 1–20. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40349-1_1

    Chapter  Google Scholar 

  13. Moradi, A., Standaert, F.: Moments-correlating DPA. In: Bilgin, B., Nikova, S., Rijmen, V. (eds.) Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016, Vienna, Austria, October 2016, pp. 5–15. ACM (2016). https://doi.org/10.1145/2996366.2996369

  14. Nikova, S., Nikov, V., Rijmen, V.: Decomposition of permutations in a finite field. IACR Cryptology ePrint Archive 2018, p. 103 (2018). http://eprint.iacr.org/2018/103

  15. Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_37

    Chapter  Google Scholar 

  16. Schneider, T., Moradi, A.: Leakage assessment methodology - a clear roadmap for side-channel evaluations. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_25

    Chapter  Google Scholar 

  17. Ueno, R., Homma, N., Aoki, T.: Toward more efficient DPA-resistant AES hardware architecture based on threshold implementation. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 50–64. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64647-3_4

    Chapter  Google Scholar 

  18. Wegener, F., Moradi, A.: A first-order SCA resistant AES without fresh randomness. In: Fan, J., Gierlichs, B. (eds.) COSADE 2018. LNCS, vol. 10815, pp. 245–262. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89641-0_14

    Chapter  Google Scholar 

Download references

Acknowledgments

The work described in this paper has been supported in part by the German Federal Ministry of Education and Research BMBF (grant nr. 16KIS0666 SysKit_HW).

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr University Bochum, Bochum, Germany

    Felix Wegener & Amir Moradi

Authors
  1. Felix Wegener
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amir Moradi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Felix Wegener .

Editor information

Editors and Affiliations

  1. Rambus - Cryptography Research, Rotterdam, Zuid-Holland, The Netherlands

    Begül Bilgin

  2. Nagravision, Cheseaux-sur-Lausanne, Vaud, Switzerland

    Jean-Bernard Fischer

A ANFs for Linear and Affine Functions in our Design

A ANFs for Linear and Affine Functions in our Design

To enhance the reproducibility of our results, we provide the algebraic normal form for all linear/affine functions used in our design.

ANF of power-map \(x^4\) in \(\mathrm {GF}(2^8)\):

$$\begin{aligned} y_0^4&= x_0 + x_2 + x_3 + x_5 + x_6 + x_7 \\ y_1^4&= x_2 + x_3 + x_4 + x_5 + x_6 \\ y_2^4&= x_4 + x_5 + x_7 \\ y_3^4&= x_2 + x_3 + x_4 \\ y_4^4&= x_1 + x_2 + x_4 + x_5 + x_6 \\ y_5^4&= x_3 + x_6 \\ y_6^4&= x_4 + x_7 \\ y_7^4&= x_3 + x_5 + x_6 + x_7 \end{aligned}$$

ANF of power-map \(x^8\) in \(\mathrm {GF}(2^8)\):

$$\begin{aligned} y_0^8&= x_0 + x_1 + x_3 \\ y_1^8&= x_1 + x_2 + x_3 \\ y_2^8&= x_2 + x_4 + x_5 \\ y_3^8&= x_1 + x_2 + x_6 \\ y_4^8&= x_1 + x_2 + x_3 + x_5 \\ y_5^8&= x_3 + x_4 + x_6 + x_7 \\ y_6^8&= x_2 + x_4 + x_6 \\ y_7^8&= x_3 + x_4 + x_5 + x_6 \\ \end{aligned}$$

ANF of function \(\mathsf {Aff} \circ x^2\) in \(\mathrm {GF}(2^8)\):

$$\begin{aligned} y_0^{2aff}&= 1 + x_0 + x_2 + x_3 + x_6 \\ y_1^{2aff}&= 1 + x_0 + x_3 \\ y_2^{2aff}&= x_0 + x_1 + x_3 + x_6 \\ y_3^{2aff}&= x_0 + x_1 + x_4 + x_7 \\ y_4^{2aff}&= x_0 + x_1 + x_2 + x_6 + x_7 \\ y_5^{2aff}&= 1 + x_1 + x_2 + x_4 + x_5 + x_6 + x_7 \\ y_6^{2aff}&= 1 + x_1 + x_2 + x_3 \\ y_7^{2aff}&= x_2 + x_3 + x_5 + x_6 + x_7 \end{aligned}$$

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wegener, F., Moradi, A. (2019). Yet Another Size Record for AES: A First-Order SCA Secure AES S-Box Based on \(\mathrm {GF}(2^8)\) Multiplication. In: Bilgin, B., Fischer, JB. (eds) Smart Card Research and Advanced Applications. CARDIS 2018. Lecture Notes in Computer Science(), vol 11389. Springer, Cham. https://doi.org/10.1007/978-3-030-15462-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-15462-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-15461-5

  • Online ISBN: 978-3-030-15462-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation