Paper 2018/172

A First-Order SCA Resistant AES without Fresh Randomness

Felix Wegener and Amir Moradi

Abstract

Since the advent of Differential Power Analysis (DPA) in the late 1990s protecting embedded devices against Side-Channel Analysis (SCA) attacks has been a major research effort. Even though many different first-order secure masking schemes are available today, when applied to the AES S-box they all require fresh random bits in every evaluation. As the quality criteria for generating random numbers on an embedded device are not well understood, an integrated Random Number Generator (RNG) can be the weak spot of any protected implementation and may invalidate an otherwise secure implementation. We present a new construction based on Threshold Implementations and Changing of the Guards to realize a first-order secure AES with zero per-round randomness. Hence, our design does not need a built-in RNG, thereby enhancing security and reducing the overhead.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. COSADE 2018
Keywords
side-channel analysisthreshold implementationrandomnessAES
Contact author(s)
felix wegener @ rub de
History
2018-02-14: received
Short URL
https://ia.cr/2018/172
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/172,
      author = {Felix Wegener and Amir Moradi},
      title = {A First-Order SCA Resistant AES without Fresh Randomness},
      howpublished = {Cryptology ePrint Archive, Paper 2018/172},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/172}},
      url = {https://eprint.iacr.org/2018/172}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.