Cryptology ePrint Archive: Report 2018/1074

Yet Another Size Record for AES: A First-Order SCA Secure AES S-box Based on GF($2^8$) Multiplication

Felix Wegener and Amir Moradi

Abstract: It is well known that Canrightís tower field construction leads to a very small, unprotected AES S-box circuit by recursively embedding Galois Field operations into smaller fields. The current size record for the AES S-box by Boyar, Matthews and Peralta improves the original design with optimal subcomponents, while maintaining the overall tower-field structure. Similarly, all small state-of-the-art first-order SCA-secure AES S-box constructions are based on a tower field structure. We demonstrate that a smaller first-order secure AES S-box is achievable by representing the field inversion as a multiplication chain of length 4. Based on this representation, we showcase a very compact S-box circuit with only one GF($2^8$)-multiplier instance. Thereby, we introduce a new high-level representation of the AES S-box and set a new record for the smallest first-order secure implementation

Category / Keywords: implementation / side-channel analysis, Threshold Implementation, AES, Domain-oriented Masking

Original Publication (with minor differences): CARDIS 2018

Date: received 5 Nov 2018

Contact author: felix wegener at rub de

Available format(s): PDF | BibTeX Citation

Version: 20181109:163437 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]