Yet Another Size Record for AES: A First-Order SCA Secure AES S-box Based on GF($2^8$) Multiplication

Felix Wegener; Amir Moradi

Paper 2018/1074

Yet Another Size Record for AES: A First-Order SCA Secure AES S-box Based on GF($2^8$) Multiplication

Felix Wegener and Amir Moradi

Abstract

It is well known that Canright’s tower field construction leads to a very small, unprotected AES S-box circuit by recursively embedding Galois Field operations into smaller fields. The current size record for the AES S-box by Boyar, Matthews and Peralta improves the original design with optimal subcomponents, while maintaining the overall tower-field structure. Similarly, all small state-of-the-art first-order SCA-secure AES S-box constructions are based on a tower field structure. We demonstrate that a smaller first-order secure AES S-box is achievable by representing the field inversion as a multiplication chain of length 4. Based on this representation, we showcase a very compact S-box circuit with only one GF($2^8$)-multiplier instance. Thereby, we introduce a new high-level representation of the AES S-box and set a new record for the smallest first-order secure implementation

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Published elsewhere. Minor revision. CARDIS 2018
Keywords: side-channel analysis Threshold Implementation AES Domain-oriented Masking
Contact author(s): felix wegener @ rub de
History: 2018-11-09: received
Short URL: https://ia.cr/2018/1074
License: CC BY

BibTeX

@misc{cryptoeprint:2018/1074,
      author = {Felix Wegener and Amir Moradi},
      title = {Yet Another Size Record for {AES}: A First-Order {SCA} Secure {AES} S-box Based on {GF}($2^8$) Multiplication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/1074},
      year = {2018},
      url = {https://eprint.iacr.org/2018/1074}
}