Efficient Masking Methods Appropriate for the Block Ciphers ARIA and AES

Kim, Hee Seok; Kim, Tae Hyun; Han, Dong; Hong, Seokhie

doi:10.4218/etrij.10.0109.0181

Cited by 15 publications

(13 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the first two NMA operations in each round, the CarryCorrection function performs the following algorithm by using λ and the carry tables, C 1 and C 2 , generated before en/decryption. A similar idea was published in [15]. However, our idea reduces RAM usage rather than ROM usage because we exploit the relation between two S-boxes rather than the relation between an S-box and its inverse; RAM is typically much more expensive than ROM.…”

Section: Carry Correction Function: Carrycorrectionmentioning

confidence: 99%

“…We first show the equation between S 1 and S 2 as follows, where B is an 8×8 matrix such that B(x)=x 2 : ( ) (( ) ) ( ( ( ) )) ( ( ( ) )) ( ) ( ) ( ) ( ) . A similar idea was published in [15]. However, our idea reduces RAM usage rather than ROM usage because we exploit the relation between two S-boxes rather than the relation between an S-box and its inverse; RAM is typically much more expensive than ROM.…”

Section: New Equation Of Masked S-box To Reduce Ram Sizementioning

confidence: 99%

See 1 more Smart Citation

Efficient Masked Implementation for SEED Based on Combined Masking

Kim¹,

Cho²,

Choi

et al. 2011

ETRI J

Self Cite

View full text Add to dashboard Cite

This paper proposes an efficient masking method for the block cipher SEED that is standardized in Korea. The nonlinear parts of SEED consist of two S-boxes and modular additions. However, the masked version of these nonlinear parts requires excessive RAM usage and a large number of operations. Protecting SEED by the general masking method requires 512 bytes of RAM corresponding to masked S-boxes and a large number of operations corresponding to the masked addition. This paper proposes a new-style masked S-box which can reduce the amount of operations of the masking addition process as well as the RAM usage. The proposed masked SEED, equipped with the new-style masked S-box, reduces the RAM requirements to 288 bytes, and it also reduces the processing time by 38% compared with the masked SEED using the general masked S-box. The proposed method also applies to other block ciphers with the same nonlinear operations.

show abstract

Section: Carry Correction Function: Carrycorrectionmentioning

confidence: 99%

Section: New Equation Of Masked S-box To Reduce Ram Sizementioning

confidence: 99%

Efficient Masked Implementation for SEED Based on Combined Masking

Kim¹,

Cho²,

Choi

et al. 2011

ETRI J

Self Cite

View full text Add to dashboard Cite

show abstract

“…Although it is possible to compute this m a value without the exposure of intermediate values, this method requires both memory (to keep track of all mask values) and a large number of operations. To fulfill this function, a first-order masked AES generally generates an MS table by computing MS(x  m) = S(x)  m with new random numbers m and m before an encryption or decryption, as shown in Algorithm 1 [5], [7]. 4 and k Nr  masked by (m||m||m||m) 4 where (a 3 ||a 2 ||a 1 ||a 0 ) 4 is (2 96 + 2 64 + 2 32 + 1) (a 3 2 24 + a 2 2 16 + a 1 2 8 + a 0 ) (a survey is given in […”

Section: First-order Masked Aesmentioning

confidence: 99%

New Type of Collision Attack on First-Order Masked AESs

Kim¹,

Hong²

2016

ETRI J

Self Cite

View full text Add to dashboard Cite

show abstract

“…During the past few years, much of the research on DPA attacks has focused on finding secure countermeasures. Among these countermeasures, a masking method based on algorithmic techniques is known to be inexpensive and secure against a first-order DPA (FODPA) [3,5,9,11,15,16].…”

Section: Introductionmentioning

confidence: 99%

A Fast and Provably Secure Higher-Order Masking of AES S-Box

Kim

Hong

Lim

2011

Cryptographic Hardware and Embedded Systems – CHES 2011

Self Cite

View full text Add to dashboard Cite

Abstract. This paper proposes an efficient and secure higher-order masking algorithm for AES S-box that consumes the most computation time of the higher-order masked AES. During the past few years, much of the research has focused on finding higher-order masking schemes for this AES S-box, but these are still slow for embedded processors use. Our proposed higher-order masking of AES S-box is constructed based on the inversion operation over the composite field. We replace the subfield operations over the composite field into the table lookup operation, but these precomputation tables do not require much ROM space because these are the operations over GF (2 4 ). In the implementation results, we show that the higher-order masking scheme using our masked S-box is about 2.54 (second-order masking) and 3.03 (third-order masking) times faster than the fastest method among the existing higher-order masking schemes of AES.

show abstract

Efficient Masking Methods Appropriate for the Block Ciphers ARIA and AES

Cited by 15 publications

References 27 publications

Efficient Masked Implementation for SEED Based on Combined Masking

Efficient Masked Implementation for SEED Based on Combined Masking

New Type of Collision Attack on First-Order Masked AESs

A Fast and Provably Secure Higher-Order Masking of AES S-Box

Contact Info

Product

Resources

About