CryptoDB
Spin Me Right Round Rotational Symmetry for FPGA-Specific AES: Extended Version
| Authors: | |
|---|---|
| Download: | |
| Abstract: | The effort in reducing the area of AES implementations has largely been focused on application-specific integrated circuits (ASICs) in which a tower field construction leads to a small design of the AES S-box. In contrast, a naive implementation of the AES S-box has been the status-quo on field-programmable gate arrays (FPGAs). A similar discrepancy holds for masking schemes—a well-known side-channel analysis countermeasure—which are commonly optimized to achieve minimal area in ASICs. In this paper, we demonstrate a representation of the AES S-box exploiting rotational symmetry which leads to a 50% reduction in the area footprint on FPGA devices. We present new AES implementations which improve on the state-of-the-art and explore various trade-offs between area and latency. For instance, at the cost of increasing 4.5 times the latency, one of our design variants requires 25% less look-up tables (LUTs) than the smallest known AES on Xilinx FPGAs by Sasdrich and Güneysu at ASAP 2016. We further explore the protection of such implementations against side-channel attacks. We introduce a generic methodology for masking any n -bit Boolean functions of degree t with protection order d . The methodology is exact for first-order and heuristic for higher orders. Its application to our new construction of the AES S-box allows us to improve previous results and introduce the smallest first-order masked AES implementation on Xilinx FPGAs, to date. |
BibTeX
@article{jofc-2020-30104,
title={Spin Me Right Round Rotational Symmetry for FPGA-Specific AES: Extended Version},
journal={Journal of Cryptology},
publisher={Springer},
doi={10.1007/s00145-019-09342-y},
author={Felix Wegener and Lauren De Meyer and Amir Moradi},
year=2020
}