Compact and Secure Design of Masked AES S-Box
Composite field arithmetic is known as an alternative method for lookup tables in implementation of S-box block of AES algorithm. The idea is to breakdown the computations to lower order fields and compute the inverse there. Recently this idea have been used both for reducing the area in implementation of S-boxes and masking implementations of AES algorithm. The most compact design using this technique is presented by Canright using only 92 gates for an S-box block. In another approach, IAIK laboratory has presented a masked implementation of AES algorithm with higher security comparing common masking methods using Composite field arithmetic. Our work in this paper is to use basic ideas of the two approaches above to get a compact masked S-box. We shall use the idea of masking inversion of IAIK’s masked S-box but we will rewrite the equations using normal basis. We arrange the terms in these equations in a way that the optimized functions in Canright’s compact S-box can be used for our design. An implementation of IAIK’s masked S-box is also presented using Canright’s polynomial functions to have a fair comparison between our design and IAIK’s design. Moreover, we show that this design which uses two special normal basis for GF(16) and GF(4) is the smallest. We shall also prove the security of this design using some lemmas.
KeywordsComposite field arithmetic AES Masking Side-Channel Attack
Unable to display preview. Download preview PDF.
- 2.Canright, D.: A Very Compact Rijndael S-box.Technical Report NPS-MA-04- 001, Naval Postgraduate School (September 2004), http://web.nps.navy.mil/~dcanrig/pub/NPS-MA-05-001.pdf
- 4.Conway, J.H.: On Numbers and Games. 2nd edn., AK Peters (2001)Google Scholar
- 5.Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
- 10.National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), available online at: http://www.itl.nist.gov/fipspubs/
- 12.Pramstaller, N., Oswald, E., Mangard, S., Gürkaynak, F.K., Haene, S.: A Masked AES ASIC Implementation. In: Austrochip 2004, Villach, Austria, October 8th, 2004, pp. 77–82 (2004)Google Scholar
- 13.Rudra, A., Dubey, P., Julta, C., Kumar, V., Rao, J., Rohatgi, P.: Efficient Rijndael implementation with composite field arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 175–188. Springer, Heidelberg (2001)Google Scholar
- 16.Zhou, Y.B., Feng, D.G.: Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing. Cryptology ePrint Archive, Report 2005/388 (2005), http://eprint.iacr.org/