Paper 2013/697

A More Efficient AES Threshold Implementation

Begul Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen


Threshold Implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. At \textsc{Eurocrypt} 2011 Moradi et al. published the to date most compact Threshold Implementation of AES-128 encryption. Their work shows that the number of required random bits may be an additional evaluation criterion, next to area and speed. We present a new Threshold Implementation of AES-128 encryption that is 18\% smaller, 7.5\% faster and that requires 8\% less random bits than the implementation from \textsc{Eurocrypt} 2011. In addition, we provide results of a practical security evaluation based on real power traces in adversary-friendly conditions. They confirm the first-order attack resistance of our implementation and show good resistance against higher-order attacks.

Available format(s)
Publication info
Preprint. MINOR revision.
Threshold ImplementationFirst-order DPAGlitchesSharingAESS-box
Contact author(s)
begul bilgin @ esat kuleuven be
2014-02-06: revised
2013-10-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Begul Bilgin and Benedikt Gierlichs and Svetla Nikova and Ventzislav Nikov and Vincent Rijmen},
      title = {A More Efficient AES Threshold Implementation},
      howpublished = {Cryptology ePrint Archive, Paper 2013/697},
      year = {2013},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.