A secure and highly efficient first-order masking scheme for AES linear operations
Open Access
- 2 June 2021
- journal article
- research article
- Published by Springer Science and Business Media LLC in Cybersecurity
- Vol. 4 (1), 1-15
- https://doi.org/10.1186/s42400-021-00082-w
Abstract
Due to its provable security and remarkable device-independence, masking has been widely accepted as a noteworthy algorithmic-level countermeasure against side-channel attacks. However, relatively high cost of masking severely limits its applicability. Considering the high tackling complexity of non-linear operations, most masked AES implementations focus on the security and cost reduction of masked S-boxes. In this paper, we focus on linear operations, which seems to be underestimated, on the contrary. Specifically, we discover some security flaws and redundant processes in popular first-order masked AES linear operations, and pinpoint the underlying root causes. Then we propose a provably secure and highly efficient masking scheme for AES linear operations. In order to show its practical implications, we replace the linear operations of state-of-the-art first-order AES masking schemes with our proposal, while keeping their original non-linear operations unchanged. We implement four newly combined masking schemes on an Intel Core i7-4790 CPU, and the results show they are roughly 20% faster than those original ones. Then we select one masked implementation named RSMv2 due to its popularity, and investigate its security and efficiency on an AVR ATMega163 processor and four different FPGA devices. The results show that no exploitable first-order side-channel leakages are detected. Moreover, compared with original masked AES implementations, our combined approach is nearly 25% faster on the AVR processor, and at least 70% more efficient on four FPGA devices.Keywords
Funding Information
- National Natural Science Foundation of China (No.61632020)
- National Natural Science Foundation of China (No.U1936209)
- National Natural Science Foundation of China (No.62002353)
- Beijing Natural Science Foundation (No.4192067)
This publication has 20 references indexed in Scilit:
- Higher Order Masking of Look-Up TablesLecture Notes in Computer Science, 2014
- Provably Secure Higher-Order Masking of AESLecture Notes in Computer Science, 2010
- On the Exact Success Rate of Side Channel Analysis in the Gaussian ModelLecture Notes in Computer Science, 2009
- Higher-Order Masking and Shuffling for Software Implementations of Block CiphersLecture Notes in Computer Science, 2009
- Side Channel Cryptanalysis of a Higher Order Masking SchemeLecture Notes in Computer Science, 2007
- Higher Order Masking of the AESLecture Notes in Computer Science, 2006
- Private Circuits: Securing Hardware against Probing AttacksLecture Notes in Computer Science, 2003
- ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smart CardsLecture Notes in Computer Science, 2001
- Differential Power AnalysisLecture Notes in Computer Science, 1999
- Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other SystemsLecture Notes in Computer Science, 1996