New First-Order Secure AES Performance Records


  • Aein Rezaei Shahmirzadi Ruhr University Bochum, Horst Görtz Institute for IT Security, Germany
  • Dušan Božilov NXP Semiconductors, Leuven, Belgium; imec-COSIC, KU Leuven, Leuven, Belgium
  • Amir Moradi Ruhr University Bochum, Horst Görtz Institute for IT Security, Germany



Side-Channel Analysis, Masking, FPGA, Threshold Implementation, AES


Being based on a sound theoretical basis, masking schemes are commonly applied to protect cryptographic implementations against Side-Channel Analysis (SCA) attacks. Constructing SCA-protected AES, as the most widely deployed block cipher, has been naturally the focus of several research projects, with a direct application in industry. The majority of SCA-secure AES implementations introduced to the community opted for low area and latency overheads considering Application-Specific Integrated Circuit (ASIC) platforms. Albeit a few, those which particularly targeted Field Programmable Gate Arrays (FPGAs) as the implementation platform yield either a low throughput or a not-highly secure design.
In this work, we fill this gap by introducing first-order glitch-extended probing secure masked AES implementations highly optimized for FPGAs, which support both encryption and decryption. Compared to the state of the art, our designs efficiently map the critical non-linear parts of the masked S-box into the built-in Block RAMs (BRAMs).
The most performant variant of our constructions accomplishes five first-order secure AES encryptions/decryptions simultaneously in 50 clock cycles. Compared to the equivalent state-of-the-art designs, this leads to at least 70% reduction in utilization of FPGA resources (slices) at the cost of occupying BRAMs. Last but not least, we provide a wide range of such secure and efficient implementations supporting a large set of applications, ranging from low-area to high-throughput.




How to Cite

Shahmirzadi, A. R., Božilov, D., & Moradi, A. (2021). New First-Order Secure AES Performance Records. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021(2), 304–327.