Paper 2020/890

Re-Consolidating First-Order Masking Schemes - Nullifying Fresh Randomness

Aein Rezaei Shahmirzadi and Amir Moradi


Application of masking, known as the most robust and reliable countermeasure to side-channel analysis attacks, on various cryptographic algorithms has dedicated a lion’s share of research to itself. The difficulty originates from the fact that the overhead of application of such an algorithmic-level countermeasure might not be affordable. This includes the area- and latency overheads as well as the amount of fresh randomness required to fulfill the security properties of the resulting design. There are already techniques applicable in hardware platforms which consider glitches into account. Among them, classical threshold implementations force the designers to use at least three shares in the underlying masking. The other schemes, which can deal with two shares, often necessitates the use of fresh randomness. Here, in this work, we present a technique allowing us to use two shares to realize the first-order glitch-extended probing secure masked realization of several functions including the Sbox of Midori, PRESENT, PRINCE, and AES ciphers without any fresh randomness.

Available format(s)
Publication info
A minor revision of an IACR publication in TCHES 2021
Side-Channel AnalysisMaskingThreshold ImplementationAES
Contact author(s)
amir moradi @ rub de
aein rezaeishahmirzadi @ rub de
2021-02-26: last of 5 revisions
2020-07-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aein Rezaei Shahmirzadi and Amir Moradi},
      title = {Re-Consolidating First-Order Masking Schemes - Nullifying Fresh Randomness},
      howpublished = {Cryptology ePrint Archive, Paper 2020/890},
      year = {2020},
      doi = {10.46586/tches.v2021.i1.305-342},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.