Paper 2018/1117

A Note on Transitional Leakage When Masking AES with Only Two Bits of Randomness

Felix Wegener and Amir Moradi

Abstract

Recently, Gross et al. demonstrated a first-order probing-secure implementation of AES using only two bits of randomness for both the initial sharing and the entire computation of AES. In this note, we recall that first-order probing security may not be sufficient for practical first-order security when randomness is re-cycled. We demonstrate that without taking the transitional leakage into account, the expected security level in a serialized design based on their concept might not be achieved in practice.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
side-channelprobing modeltransitional leakageserialization
Contact author(s)
felix wegener @ rub de
History
2018-11-20: received
Short URL
https://ia.cr/2018/1117
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1117,
      author = {Felix Wegener and Amir Moradi},
      title = {A Note on Transitional Leakage When Masking AES with Only Two Bits of Randomness},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1117},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1117}},
      url = {https://eprint.iacr.org/2018/1117}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.