Cryptology ePrint Archive: Report 2013/697

A More Efficient AES Threshold Implementation

Begul Bilgin and Benedikt Gierlichs and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen

Abstract: Threshold Implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. At \textsc{Eurocrypt} 2011 Moradi et al. published the to date most compact Threshold Implementation of AES-128 encryption. Their work shows that the number of required random bits may be an additional evaluation criterion, next to area and speed. We present a new Threshold Implementation of AES-128 encryption that is 18\% smaller, 7.5\% faster and that requires 8\% less random bits than the implementation from \textsc{Eurocrypt} 2011. In addition, we provide results of a practical security evaluation based on real power traces in adversary-friendly conditions. They confirm the first-order attack resistance of our implementation and show good resistance against higher-order attacks.

Category / Keywords: implementation / Threshold Implementation, First-order DPA, Glitches, Sharing, AES, S-box

Date: received 25 Oct 2013, last revised 6 Feb 2014

Contact author: begul bilgin at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20140206:142225 (All versions of this report)

Short URL: ia.cr/2013/697

Discussion forum: Show discussion | Start new discussion