A Very Compact “Perfectly Masked” S-Box for AES

Canright, David; Batina, Lejla

doi:10.1007/978-3-540-68914-0_27

Cited by 138 publications

(97 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Therefore, it perfectly suits to our exemplary architecture since the targeted S-box instance is shared for all SubBytes transformations. The target masked S-box [7] uses two different mask bytes per input byte, i.e., a random byte to mask an input byte and another random byte as the mask of S-box output. Therefore, we provided two random values for each input byte, and gave the above mentioned architecture the masked inputs and the corresponding masks.…”

Section: Discussionmentioning

confidence: 99%

“…Instead of focusing on glitch resistance in this article we try to avoid any glitches at the FPGA LUTs at all. From the more traditional currently known masking schemes the one of Canright-Batina [7] uses an additive masking and implements the S-box in a tower-field approach using carefully chosen normal bases to minimize the circuit size. It is based on the area-optimized S-box by Canright [6], and it is still supposed to be the most compact design available.…”

Section: A Masked Aes S-boxmentioning

confidence: 99%

“…Masking of sensitive values is one of the most considered solutions, and several schemes have already been published. These options include multiplicative [2], [10], additive [3], [7], [20], or relatively recent affine [9] masking schemes.…”

Section: Introductionmentioning

confidence: 99%

“…The target of our implementation is the Virtex-5 LX-50 FPGA of the readily available side-channel evaluation platform SASEBO-GII [1]. For this we take the very compact masked S-box by Canright-Batina [7] and manually map the combinational functions to the resources of our target platform. By efficiently using special enable signals in each FPGA Look-Up- Table (LUT), we can suppress any glitches at the LUT outputs by enabling them only sequentially.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Glitch-free implementation of masking in modern FPGAs

Moradi

Mischke

2012

2012 IEEE International Symposium on Hardware-Oriented Security and Trust

View full text Add to dashboard Cite

Abstract-Due to the propagation of the glitches in combinational circuits side-channel leakage of the masked S-boxes realized in hardware is a known issue. Our contribution in this paper is to adopt a masked AES S-box circuit according to the FPGA resources in order to avoid the glitches. Our design is suitable for the 5, 6, and 7 FPGA series of Xilinx although our practical investigations are performed using a Virtex-5 chip. In short, compared to the original design synthesized by automatic tools while requiring the same area (slice count) our design reduces power consumption, critical path delay, and more importantly the side-channel leakage. In our practical investigations we could not recover any first-order leakage of our design using up to 50 million traces. However, since the targeted S-box realizes a first-order boolean masking, the second-order leakage could be revealed using around 25 million measurements.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: A Masked Aes S-boxmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Glitch-free implementation of masking in modern FPGAs

Moradi

Mischke

2012

2012 IEEE International Symposium on Hardware-Oriented Security and Trust

View full text Add to dashboard Cite

show abstract

“…An alternative solution has been proposed by Oswald et al [16] and improved on by Canright et al [5]. It consists in computing the inversion in GF(2 8 ) using a multiplicative mask.…”

Section: Blinded Inversion Calculationmentioning

confidence: 99%

Improved Collision-Correlation Power Analysis on First Order Protected AES

Clavier

Feix

Gagnerot

et al. 2011

Cryptographic Hardware and Embedded Systems – CHES 2011

View full text Add to dashboard Cite

Abstract. The recent results presented by Moradi et al. on AES at CHES 2010 and Witteman et al. on square-and-multiply always RSA exponentiation at CT-RSA 2011 have shown that collision-correlation power analysis is able to recover the secret keys on embedded implementations. However, we noticed that the attack published last year by Moradi et al. is not efficient on correctly first-order protected implementations. We propose in this paper improvements on collision-correlation attacks which require less power traces than classical second-order power analysis techniques. We present here two new methods and show in practice their real efficiency on two first-order protected AES implementations. We also mention that other symmetric embedded algorithms can be targeted by our new techniques.

show abstract

Crucial pitfall of DPA Contest V4.2 implementation

Martinásek

Iglesias

Malina

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

Differential power analysis (DPA) is a powerful side‐channel key recovery attack that efficiently breaks cryptographic algorithm implementations. In order to prevent these types of attacks, hardware designers and software programmers make use of masking and hiding techniques. DPA contest is an international framework that allows researchers to compare their power analysis attacks under the same conditions. The latest version of DPA contest, denoted as V4.2, provides an improved implementation of the rotating S‐box masking scheme where low‐entropy boolean masking is combined with the shuffling technique to protect Advanced Encryption Standard implementation on a smart card. The improvements were designed based on the awareness of implementation lacks analyzed from attacks carried out during the previous DPA contest V4. Therefore, this new approach is devised to resist most of the proposed attacks to the original rotating S‐box masking implementation. In this paper, we investigate the security of this new implementation in practice. Our analysis, focused on exploiting the first‐order leakage, discovered important lacks. The main vulnerability observed is that an adversary can mount a standard DPA attack aimed at the S‐box output in order to recover the whole secret key even when a shuffling technique is used. We tested this observation on a public dataset and implemented a successful attack that revealed the secret key using only 35 power traces. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

A Very Compact “Perfectly Masked” S-Box for AES

Cited by 138 publications

References 22 publications

Glitch-free implementation of masking in modern FPGAs

Glitch-free implementation of masking in modern FPGAs

Improved Collision-Correlation Power Analysis on First Order Protected AES

Crucial pitfall of DPA Contest V4.2 implementation

Contact Info

Product

Resources

About