Cryptology ePrint Archive: Report 2018/172

A First-Order SCA Resistant AES without Fresh Randomness

Felix Wegener and Amir Moradi

Abstract: Since the advent of Differential Power Analysis (DPA) in the late 1990s protecting embedded devices against Side-Channel Analysis (SCA) attacks has been a major research effort. Even though many different first-order secure masking schemes are available today, when applied to the AES S-box they all require fresh random bits in every evaluation. As the quality criteria for generating random numbers on an embedded device are not well understood, an integrated Random Number Generator (RNG) can be the weak spot of any protected implementation and may invalidate an otherwise secure implementation. We present a new construction based on Threshold Implementations and Changing of the Guards to realize a first-order secure AES with zero per-round randomness. Hence, our design does not need a built-in RNG, thereby enhancing security and reducing the overhead.

Category / Keywords: implementation / side-channel analysis, threshold implementation, randomness, AES

Original Publication (in the same form): COSADE 2018

Date: received 9 Feb 2018

Contact author: felix wegener at rub de

Available format(s): PDF | BibTeX Citation

Version: 20180214:124532 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]