Chapter

Advances in Cryptology – EUROCRYPT 2011

Volume 6632 of the series Lecture Notes in Computer Science pp 69-88

Pushing the Limits: A Very Compact and a Threshold Implementation of AES

  • Amir MoradiAffiliated withHorst Görtz Institute for IT Security, Ruhr University Bochum
  • , Axel PoschmannAffiliated withDivision of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University
  • , San LingAffiliated withDivision of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University
  • , Christof PaarAffiliated withHorst Görtz Institute for IT Security, Ruhr University Bochum
  • , Huaxiong WangAffiliated withDivision of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University

Abstract

Our contribution is twofold: first we describe a very compact hardware implementation of AES-128, which requires only 2400 GE. This is to the best of our knowledge the smallest implementation reported so far. Then we apply the threshold countermeasure by Nikova et al. to the AES S-box and yield an implementation of the AES improving the level of resistance against first-order side-channel attacks. Our experimental results on real-world power traces show that although our implementation provides additional security, it is still susceptible to some sophisticated attacks having enough number of measurements.

Keywords

side-channel attacks countermeasures secret sharing lightweight ASIC