Redundancy AES Masking Basis for Attack Mitigation (RAMBAM)

Authors

  • Yaacov Belenky FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Vadim Bugaenko FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Leonid Azriel FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Hennadii Chernyshchyk FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Ira Dushar FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Oleg Karavaev FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Oleh Maksimenko FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Yulia Ruda FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Valery Teper FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA
  • Yury Kreimer FortifyIQ, Inc., 300 Washington Street, Suite 850, Newton, MA 02458 USA

DOI:

https://doi.org/10.46586/tches.v2022.i2.69-91

Keywords:

Side-channel, DPA, SCA, FIA, AES, Algebraic, Masking, Sbox, Fault injection, SIFA

Abstract

In this work, we present RAMBAM, a novel concept of designing countermeasures against side-channel attacks and the Statistical Ineffective Fault Attack (specifically SIFA-1) on AES that employs redundant representations of finite field elements. From this concept, we derive a family of protected hardware implementations of AES. A fundamental property of RAMBAM is a security parameter d that along with other attributes of the scheme allows for making trade-offs between gate count, maximal frequency, performance, level of robustness to the first and higher-order side-channel attacks, and protection against SIFA-1. We present an analytical model that explains how the scheme reduces the leakage and how the design choices affect it. Furthermore, we demonstrate experimentally how different design choices achieve the required goals. In particular, the compact version exhibits a gate count as low as 12.075 kGE, while maintaining adequate protection. The performance-oriented version provides latency as low as one round per cycle, thus combining protection against SCA and SIFA-1 with high performance which is one of the original design goals of AES. Finally, we assess the leakage of the scheme for the first and the second (bivariate) orders using TVLA methodology on an FPGA implementation and observe resilience to at least 348M traces with 16 Sboxes.

Downloads

Published

2022-02-15

How to Cite

Belenky, Y., Bugaenko, V., Azriel, L., Chernyshchyk, H., Dushar, I., Karavaev, O., Maksimenko, O., Ruda, Y., Teper, V., & Kreimer, Y. (2022). Redundancy AES Masking Basis for Attack Mitigation (RAMBAM). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022(2), 69–91. https://doi.org/10.46586/tches.v2022.i2.69-91

Issue

Section

Articles