Re-Consolidating First-Order Masking Schemes

Nullifying Fresh Randomness


  • Aein Rezaei Shahmirzadi Ruhr University Bochum, Horst Görtz Institute for IT Security, Germany
  • Amir Moradi Ruhr University Bochum, Horst Görtz Institute for IT Security, Germany



Side-Channel Analysis, Masking, Threshold Implementation, AES


Application of masking, known as the most robust and reliable countermeasure to side-channel analysis attacks, on various cryptographic algorithms has dedicated a lion’s share of research to itself. The difficulty originates from the fact that the overhead of application of such an algorithmic-level countermeasure might not be affordable. This includes the area- and latency overheads and the amount of fresh randomness required to fulfill the resulting design’s security properties. There are already techniques applicable in hardware platforms that consider glitches into account. Among them, classical threshold implementations force the designers to use at least three shares in the underlying masking. The other schemes, which can deal with two shares, often necessitates the use of fresh randomness.
Here, in this work, we present a technique allowing us to use two shares to realize the first-order glitch-extended probing secure masked realization of several functions, including the S-box of Midori, PRESENT, PRINCE, and AES ciphers without any fresh randomness.




How to Cite

Rezaei Shahmirzadi, A., & Moradi, A. (2020). Re-Consolidating First-Order Masking Schemes: Nullifying Fresh Randomness. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(1), 305–342.