Paper 2020/879

Second-Order Masked Lookup Table Compression Scheme

Annapurna Valiveti and Srinivas Vivek


Masking by lookup table randomisation is a well-known technique used to achieve side-channel attack resistance for software implementations, particularly, against DPA attacks. The randomised table technique for first- and second-order security requires about m * 2^n bits of RAM to store an (n, m)-bit masked S-box lookup table. Table compression helps in reducing the amount of memory required, and this is useful for highly resource-constrained IoT devices. Recently, Vadnala (CT-RSA 2017) proposed a randomised table compression scheme for first- and second-order security in the probing leakage model. This scheme reduces the RAM memory required by about a factor of 2^l, where l is a compression parameter. Vivek (Indocrypt 2017) demonstrated an attack against the second-order scheme of Vadnala. Hence achieving table compression at second and higher orders is an open problem. In this work, we propose a second-order secure randomised table compression scheme which works for any (n, m)-bit S-box. Our proposal is a variant of Vadnala's scheme that is not only secure but also significantly improves the time-memory trade-off. Specifically, we improve the online execution time by a factor of 2^(n-l). Our proposed scheme is proved 2-SNI secure in the probing leakage model. We have implemented our method for AES-128 on a 32-bit ARM Cortex processor. We are able to reduce the memory required to store a randomised S-box table for second-order AES-128 implementation to 59 bytes.

Note: A minor correction is noted on pp.8

Available format(s)
Publication info
A minor revision of an IACR publication in TCHES 2020
MaskingS-boxTable compressionProbing leakage modelSNI securitySide-channel attacksIoT securitySoftware implementation
Contact author(s)
annapurna @ iiitb org
srinivas vivek @ iiitb ac in
2022-04-22: last of 3 revisions
2020-07-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Annapurna Valiveti and Srinivas Vivek},
      title = {Second-Order Masked Lookup Table Compression Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2020/879},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.