Since the advent of Differential Power Analysis (DPA) in the late 1990s protecting embedded devices against Side-Channel Analysis (SCA) attacks has been a major research effort. Even though many different first-order secure masking schemes are available today, when applied to the AES S-box they all require fresh random bits in every evaluation. As the quality criteria for generating random numbers on an embedded device are not well understood, an integrated Random Number Generator (RNG) can be the weak spot of any protected implementation and may invalidate an otherwise secure implementation. We present a new construction based on Threshold Implementations and Changing of the Guards to realize a first-order secure AES with zero per-round randomness. Hence, our design does not need a built-in RNG, thereby enhancing security and reducing the overhead.
CITATION STYLE
Wegener, F., & Moradi, A. (2018). A first-order SCA resistant AES without fresh randomness. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10815 LNCS, pp. 245–262). Springer Verlag. https://doi.org/10.1007/978-3-319-89641-0_14
Mendeley helps you to discover research relevant for your work.