Masking a Compact AES S-box

Abstract

When the Advanced Encryption Standard (AES) is implemented in hardware or software, it may be vulnerable to side-channel attacks such as differential power analysis. One countermeasure against such attacks is adding a random mask to the data; this randomizes the statistics of the calculation at the cost of computing mask corrections. The single nonlinear step in each round of the AES algorithm is called the S-box, which involves the greatest computational cost in a round (to find the inverse in the Galois field), as well as the greatest cost for mask corrections. Oswald et al.[9] showed how the tower field representation allows maintaining an additive mask throughout the Galois inverse calculation. This work combines that masking approach with the compact S-box of Canright, to give a masked Sbox that requires minimal circuitry, and hence the chip area.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 07, 2007
Accession Number
ADA471345

Entities

People

  • David Canright

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • C4I
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Additives (Chemicals)
  • Algorithms
  • Applied Mathematics
  • Computations
  • Countermeasures
  • Cryptography
  • Data Science
  • Energy Consumption
  • Information Science
  • Mathematics
  • Nand Gates
  • Polynomials
  • Standards
  • Statistical Analysis
  • Statistical Data
  • Statistical Distributions
  • Statistics

Fields of Study

  • Computer science
  • Mathematics

Readers

  • Computer Programming and Software Development.
  • Nanofabrication and Microfabrication.