International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Redundancy AES Masking Basis for Attack Mitigation (RAMBAM)

Authors:
Yaacov Belenky , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Vadim Bugaenko , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Leonid Azriel , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Hennadii Chernyshchyk , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Ira Dushar , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Oleg Karavaev , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Oleh Maksimenko , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Yulia Ruda , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Valery Teper , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Yury Kreimer , FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
Download:
DOI: 10.46586/tches.v2022.i2.69-91
URL: https://tches.iacr.org/index.php/TCHES/article/view/9481
Search ePrint
Search Google
Presentation: Slides
Abstract: In this work, we present RAMBAM, a novel concept of designing countermeasures against side-channel attacks and the Statistical Ineffective Fault Attack (specifically SIFA-1) on AES that employs redundant representations of finite field elements. From this concept, we derive a family of protected hardware implementations of AES. A fundamental property of RAMBAM is a security parameter d that along with other attributes of the scheme allows for making trade-offs between gate count, maximal frequency, performance, level of robustness to the first and higher-order side-channel attacks, and protection against SIFA-1. We present an analytical model that explains how the scheme reduces the leakage and how the design choices affect it. Furthermore, we demonstrate experimentally how different design choices achieve the required goals. In particular, the compact version exhibits a gate count as low as 12.075 kGE, while maintaining adequate protection. The performance-oriented version provides latency as low as one round per cycle, thus combining protection against SCA and SIFA-1 with high performance which is one of the original design goals of AES. Finally, we assess the leakage of the scheme for the first and the second (bivariate) orders using TVLA methodology on an FPGA implementation and observe resilience to at least 348M traces with 16 Sboxes.
BibTeX
@article{tches-2022-31998,
  title={Redundancy AES Masking Basis for Attack Mitigation (RAMBAM)},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2022, Issue 2},
  pages={69-91},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9481},
  doi={10.46586/tches.v2022.i2.69-91},
  author={Yaacov Belenky and Vadim Bugaenko and Leonid Azriel and Hennadii Chernyshchyk and Ira Dushar and Oleg Karavaev and Oleh Maksimenko and Yulia Ruda and Valery Teper and Yury Kreimer},
  year=2022
}