Paper 2018/1074

Yet Another Size Record for AES: A First-Order SCA Secure AES S-box Based on GF($2^8$) Multiplication

Felix Wegener and Amir Moradi

Abstract

It is well known that Canright’s tower field construction leads to a very small, unprotected AES S-box circuit by recursively embedding Galois Field operations into smaller fields. The current size record for the AES S-box by Boyar, Matthews and Peralta improves the original design with optimal subcomponents, while maintaining the overall tower-field structure. Similarly, all small state-of-the-art first-order SCA-secure AES S-box constructions are based on a tower field structure. We demonstrate that a smaller first-order secure AES S-box is achievable by representing the field inversion as a multiplication chain of length 4. Based on this representation, we showcase a very compact S-box circuit with only one GF($2^8$)-multiplier instance. Thereby, we introduce a new high-level representation of the AES S-box and set a new record for the smallest first-order secure implementation

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. CARDIS 2018
Keywords
side-channel analysisThreshold ImplementationAESDomain-oriented Masking
Contact author(s)
felix wegener @ rub de
History
2018-11-09: received
Short URL
https://ia.cr/2018/1074
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1074,
      author = {Felix Wegener and Amir Moradi},
      title = {Yet Another Size Record for AES: A First-Order SCA Secure AES S-box Based on GF($2^8$) Multiplication},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1074},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1074}},
      url = {https://eprint.iacr.org/2018/1074}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.