Research Article
Another Algebraic Decomposition Method for Masked Implementation
@INPROCEEDINGS{10.1007/978-3-030-80851-8_8, author={Shoichi Hirose}, title={Another Algebraic Decomposition Method for Masked Implementation}, proceedings={Applied Cryptography in Computer and Communications. First EAI International Conference, AC3 2021, Virtual Event, May 15-16, 2021, Proceedings}, proceedings_a={AC3}, year={2021}, month={7}, keywords={Algebraic decomposition Boolean function Masking S-box}, doi={10.1007/978-3-030-80851-8_8} }- Shoichi Hirose
Year: 2021
Another Algebraic Decomposition Method for Masked Implementation
AC3
Springer
DOI: 10.1007/978-3-030-80851-8_8
Abstract
Side channel attacks are serious concern for implementation of cryptosystems. Masking is an effective countermeasure against them and masked implementation of block ciphers has been attracting active research. It is an obstacle to efficient masked implementation that the complexity of an evaluation of multiplication is quadratic in the order of masking. A direct approach to this problem is to explore methods to reduce the number of multiplications required to represent an S-box. An alternative approach proposed by Carlet et al. in 2015 is to represent an S-box as composition of polynomials with low algebraic degrees. We follow the latter approach and propose to use a special type of polynomials with a low algebraic degree as components, which we call generalized multiplication (GM) polynomials. The masking scheme for multiplication can be applied to a GM polynomial, which is more efficient than the masking scheme for a polynomial with a low algebraic degree. Our experimental results show that, for 4-/6-/8-bit permutations, the proposed decomposition method is more efficient than the method by Carlet et al. in most cases in terms of the number of evaluations of low-algebraic-degree polynomials required by masking.
