Paper 2022/1276

Second-Order Low-Randomness $d+1$ Hardware Sharing of the AES

Siemen Dhooghe, imec-COSIC, ESAT, KU Leuven
Aein Rezaei Shahmirzadi, Ruhr University Bochum, Horst Görtz Institute for IT Security
Amir Moradi, Ruhr University Bochum, Horst Görtz Institute for IT Security

In this paper, we introduce a second-order masking of the AES using the minimal number of shares and a total of 1268 bits of randomness including the sharing of the plaintext and key. The masking of the S-box is based on the tower field decomposition of the inversion over bytes where the changing of the guards technique is used in order to re-mask the middle branch of the decomposition. The sharing of the S-box is carefully crafted such that it achieves first-order probing security without the use of randomness and such that the sharing of its output is uniform. Multi-round security is achieved by re-masking the state where we use a theoretical analysis based on the propagation of probed information to reduce the demand for fresh randomness per round. The result is a second-order masked AES which competes with the state-of-the-art in terms of latency and area, but reduces the randomness complexity over eight times over the previous known works. In addition to the corresponding theoretical analysis and proofs for the security of our masked design, it has been implemented on FPGA and evaluated via lab analysis.

Available format(s)
Publication info
Published elsewhere. ACM Conference on Computer and Communications Security (CCS 2022)
AES Hardware Low Randomness Masking Side-Channel Analysis
Contact author(s)
siemen dhooghe @ esat kuleuven be
aein rezaeishahmirzadi @ rub de
amir moradi @ rub de
2022-09-26: approved
2022-09-26: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial


      author = {Siemen Dhooghe and Aein Rezaei Shahmirzadi and Amir Moradi},
      title = {Second-Order Low-Randomness $d+1$ Hardware Sharing of the AES},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1276},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.