Cryptology ePrint Archive: Report 2018/1117

A Note on Transitional Leakage When Masking AES with Only Two Bits of Randomness

Felix Wegener and Amir Moradi

Abstract: Recently, Gross et al. demonstrated a first-order probing-secure implementation of AES using only two bits of randomness for both the initial sharing and the entire computation of AES. In this note, we recall that first-order probing security may not be sufficient for practical first-order security when randomness is re-cycled. We demonstrate that without taking the transitional leakage into account, the expected security level in a serialized design based on their concept might not be achieved in practice.

Category / Keywords: implementation / side-channel, probing model, transitional leakage, serialization

Date: received 16 Nov 2018

Contact author: felix wegener at rub de

Available format(s): PDF | BibTeX Citation

Version: 20181120:031949 (All versions of this report)

Short URL: ia.cr/2018/1117


[ Cryptology ePrint archive ]