An improved masking scheme for S-BOX software implementations

Abstract

A typical approach, to protect a given symmetric key cryptographic algorithm against differential power analysis(DPA), is a masking method which is to randomize all intermediate values of the cryptographic algorithm and the main time-consuming part of the masking method is to generate masked S-Boxes. The masked S-Boxes are implemented by generating the look-up tables for most of DPA countermeasures in the software manner. In this paper, we present an improved masking scheme that makes the efficient masked S-Boxes by revisiting the ways to use the low composite fields arithmetic. Our improved masking scheme is basically slower than the standard AES implementation, but much faster than existing method which makes a whole S-Box random with 16 masks. In addition, our scheme is 20% faster using less memory, compared to Oswald’s work using the similar method with the proposed approach. In other case of our scheme, we reduce almost half of memory with 9% slow rate. We concentrate on the trade-off between memory sizes and operation speed.