Cryptology ePrint Archive: Report 2021/037

New First-Order Secure AES Performance Records

Aein Rezaei Shahmirzadi and Dušan Božilov and Amir Moradi

Abstract: Being based on a sound theoretical basis, masking schemes are commonly applied to protect cryptographic implementations against Side-Channel Analysis (SCA) attacks. Constructing SCA-protected AES, as the most widely deployed block cipher, has been naturally the focus of several research projects, with a direct application in industry. The majority of SCA-secure AES implementations introduced to the community opted for low area and latency overheads considering Application-Specific Integrated Circuit (ASIC) platforms. Albeit a few, those which particularly targeted Field Programmable Gate Arrays (FPGAs) as the implementation platform yield either a low throughput or a not-highly secure design. In this work, we fill this gap by introducing first-order glitch-extended probing secure masked AES implementations highly optimized for FPGAs, which support both encryption and decryption. Compared to the state of the art, our designs efficiently map the critical non-linear parts of the masked S-box into the built-in Block RAMs (BRAMs). The most performant variant of our constructions accomplishes five first-order secure AES encryptions/decryptions simultaneously in 50 clock cycles. Compared to the equivalent state-of-the-art designs, this leads to at least 70% reduction in utilization of FPGA resources (slices) at the cost of occupying BRAMs. Last but not least, we provide a wide range of such secure and efficient implementations supporting a large set of applications, ranging from low-area to high-throughput.

Category / Keywords: implementation / Side-Channel Analysis, Masking, FPGA, Threshold Implementation, AES

Original Publication (with minor differences): IACR-CHES-2021
DOI:
10.46586/tches.v2021.i2.304-327

Date: received 10 Jan 2021, last revised 26 Feb 2021

Contact author: amir moradi at rub de, aein rezaeishahmirzadi at rub de

Available format(s): PDF | BibTeX Citation

Note: Compared to the original publication, ASIC performance results are added.

Version: 20210226:142350 (All versions of this report)

Short URL: ia.cr/2021/037


[ Cryptology ePrint archive ]