Paper 2013/697

A More Efficient AES Threshold Implementation

Begul Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen

Abstract

Threshold Implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. At \textsc{Eurocrypt} 2011 Moradi et al. published the to date most compact Threshold Implementation of AES-128 encryption. Their work shows that the number of required random bits may be an additional evaluation criterion, next to area and speed. We present a new Threshold Implementation of AES-128 encryption that is 18\% smaller, 7.5\% faster and that requires 8\% less random bits than the implementation from \textsc{Eurocrypt} 2011. In addition, we provide results of a practical security evaluation based on real power traces in adversary-friendly conditions. They confirm the first-order attack resistance of our implementation and show good resistance against higher-order attacks.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Threshold ImplementationFirst-order DPAGlitchesSharingAESS-box
Contact author(s)
begul bilgin @ esat kuleuven be
History
2014-02-06: revised
2013-10-28: received
See all versions
Short URL
https://ia.cr/2013/697
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/697,
      author = {Begul Bilgin and Benedikt Gierlichs and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen},
      title = {A More Efficient AES Threshold Implementation},
      howpublished = {Cryptology ePrint Archive, Paper 2013/697},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/697}},
      url = {https://eprint.iacr.org/2013/697}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.