TY - JOUR
AU - Rijmen, Vincent
AB -  Masking AES With d+1 Shares in Hardware Thomas De Cnudde KU Leuven, ESAT-COSIC iMinds, Belgium Oscar Reparaz KU Leuven, ESAT-COSIC iMinds, Belgium Begül Bilgin KU Leuven, ESAT-COSIC iMinds, Belgium thomas.decnudde@ kuleuven.be Svetla Nikova KU Leuven, ESAT-COSIC iMinds, Belgium oscar.reparaz@ kuleuven.be Ventzislav Nikov NXP Semiconductors, Belgium begul.bilgin@kuleuven.be Vincent Rijmen KU Leuven, ESAT-COSIC iMinds, Belgium svetla.nikova@kuleuven.be venci.nikov@gmail.com ABSTRACT Masking requires splitting sensitive variables into at least d + 1 shares to provide security against DPA attacks at order d. To this date, this minimal number has only been deployed in software implementations of cryptographic algorithms and in the linear parts of their hardware counterparts. So far there is no hardware construction that achieves this lower bound if the function is nonlinear and the underlying logic gates can glitch. In this paper, we give practical implementations of the AES using d + 1 shares aiming at first- and second-order security even in the presence of glitches. To achieve this, we follow the conditions presented by Reparaz et al. at CRYPTO 2015 to allow hardware masking schemes, like Threshold Implementations, to provide theoretical higher-order security with d + 1 shares. The decrease in number of shares has a direct impact in the 
TI - Masking AES With d+1 Shares in Hardware
DA - 2016-10-24
UR - https://www.deepdyve.com/lp/association-for-computing-machinery/masking-aes-with-d-1-shares-in-hardware-JQ08wlm6l9
DP - DeepDyve
ER -