Side-Channel Resistant AES Architecture Utilizing Randomized Composite Field Representations B. Jungk ∗† , M. St¨ ottinger ‡ , J. Gampe ∗ , S. Reith ∗ and Sorin A. Huss ‡ , ∗ Design Informatik Medien, Hochschule Rhein-Main, Unter den Eichen 5, 65195 Wiesbaden, Germany {bernhard.jungk,steffen.reith}@hs-rm.de, mail@jangampe.de † easycore GmbH, Daimlerstraße 11, 91058 Erlangen, Germany bernhard.jungk@easycore.com ‡ Integrated Circuits and Systems Lab, Technische Universit¨ at Darmstadt, Hochschulstraße 10, 64289 Darmstadt, Germany {stoettinger,huss}@iss.tu-darmstadt.de Abstract—In the recent decade methods and applications of side-channel analysis gain more and more attention for industry applications as well as in academia. The research on counter- measures against power analysis attacks on embedded devices with security-sensitive applications turned out to be a challenging area. Very often the proposed countermeasures consume to much resources in order to increase the barrier to hinder a successful attack. The presented scheme uses randomized isomorphisms of the algebraic construction of the S-box and thus increases the resistance at a very low cost in terms of hardware resources. The resource utilization of the proposed masking scheme is smaller than a standard Boolean masking scheme for FPGAs. Our conducted experiments on the FPGA evaluation platform SASEBO GII demonstrates that we improved the resistance against the common DPA attack about 100 times compared to the non-hardened AES-128 version. I. I NTRODUCTION One of the most promising types of attacks on modern crypto- graphic infrastructures are side-channel analysis attacks (SCA), where the attacker gathers private information by observing the physical information leakage from the computation. In the present paper the focus is data-dependent power consumption. One of the most common countermeasures against power analysis-based SCA is random masking. A random mask value is inserted into the computation and thus randomizes the power consumption. It is later removed to retrieve the correct plain- or ciphertext. Unfortunately, this approach is expensive in terms of chip area and thus also in terms of production costs, because the data path has usually to be doubled. Therefore, the present paper introduces a new countermeasure for the Advanced Encryption Standard (AES), which aims at a more lightweight hardware implementation. It is based on the very detailed analysis of low-area AES S-box implementations using composite fields by Canright (cf. [1]). The basic concept of the proposed countermeasure is to use a small number of different isomorphisms, which are all constructed using the composite field approach with GF (2) ⊆ GF (2 2 ) ⊆ GF (4 2 ) ⊆ GF (16 2 ). While computing the AES algorithm, the implementation switches randomly between the different representations of the finite field arithmetic, which were chosen from the isomorphisms investigated in [1]. A differential power analysis attack (DPA) becomes more difficult, because the content of intermediate state registers is randomized. This approach needs more chip area compared to an unprotected design, but the proposed protected version is still smaller than a typical masked implementation (e.g. [2]). Similar countermeasures were previously explored in [3] and [4], but they differ significantly from our new approach. The first countermeasure uses 240 different representations (cf. [3]), but it is rather inefficient for hardware implementations. The second countermeasure has more similarity to our proposal, but does not consider the very compact composite field construction of [1]. Their proposed method uses a different tower-field based approach and uses a so called natural basis. The authors of [4] point out that an implementation based on this type of sub-field arithmetic is very suitable for hardware implementations, but the paper presents software evaluation results exclusively. The remainder of this paper is organized as follows. In Sec. II we describe prerequisite knowledge about the theory of finite fields and side channel analysis. The following Sec. III contains two subsections detailing theoretical aspects of the countermeasure and its prototypical implementation. In Sec. IV we analyze the results of a practical evaluation of our countermeasure. Finally, Sec. V presents our conclusion. II. PRELIMINARIES A. Composite Fields The AES algorithm is specified over the finite field GF (2 8 ) using the irreducible polynomial f(ω)= ω 8 + ω 4 + ω 3 + ω +1 and thus GF (2 8 )= GF (2)[ω]/〈f〉. The original representation may be changed to many many different but isomorphic ways, because all finite fields of the same order are isomorphic. Thus, an equivalent finite field can be constructed using smaller field extension (cf. [1], [5]). In the present paper, we follow the approach investigated in [1] using the following extensions 978-1-4673-2845-6/12/$31.00 c  2012 IEEE