Document Type : Research Article


1 Cyberspace Research Institue, Shahid Beheshti University, Tehran, Iran.

2 Faculty of Computer Science and Engineering, Shahid Beheshti University, Tehran, Iran.


Masking techniques are used to protect the hardware implementation of cryptographic algorithms against side-channel attacks. Reconfigurable hardware, such as FPGA, is an ideal target for the secure implementation of cryptographic algorithms. Due to the restricted resources available to the reconfigurable hardware, efficient secure implementation is crucial in an FPGA. In this paper, a two-share threshold technique for the implementation of AES is proposed. In continuation of the work presented by Shahmirzadi et al. at CHES 2021, we employ built-in Block RAMs (BRAMs) to store component functions. Storing several component functions in a single BRAM may jeopardize the security of the implementation. In this paper, we describe a sophisticated method for storing two separate component functions on a single BRAM to reduce area complexity while retaining security. Out design is well suited for FPGAs, which support both encryption and decryption. Our synthesis results demonstrate that the number of BRAMs used is reduced by 50% without affecting the time or area complexities.


[1] Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In Annual international cryptology conference, pages 388–397. Springer, 1999.
[2] Elena Trichina. Combinational logic design for aes subbyte transformation on masked data. IACR Cryptol. EPrint Arch., 2003:236, 2003.
[3] Yuval Ishai, Amit Sahai, and David Wagner. Private circuits: Securing hardware against probing attacks. In Annual International Cryptology Conference, pages 463–481. Springer, 2003.
[4] Stefan Mangard, Thomas Popp, and Berndt M Gammel. Side-channel leakage of masked cmos gates. In Cryptographers’ Track at the RSA Conference, pages 351–365. Springer, 2005.
[5] Svetla Nikova, Christian Rechberger, and Vincent Rijmen. Threshold implementations against side-channel attacks and glitches. In International conference on information and communications security, pages 529–545. Springer, 2006.
[6] Amir Moradi, Axel Poschmann, San Ling, Christof Paar, and Huaxiong Wang. Pushing the limits: A very compact and a threshold implementation of aes. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 69–88. Springer, 2011.
[7] Hannes Groß, Stefan Mangard, and Thomas Korak. Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. In TIS@ CCS, page 3, 2016.
[8] Takeshi Sugawara. 3-share threshold implementation of aes s-box without fresh randomness. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 123–145, 2019.
[9] Beg¨ul Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. A more efficient aes threshold implementation. In International Conference on Cryptology in Africa, pages 267–284. Springer, 2014.
[10] Beg¨ul Bilgin, Benedikt Gierlichs, Svetla Nikova, Ventzislav Nikov, and Vincent Rijmen. Tradeoffs for threshold implementations illustrated on aes. IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems,
34(7):1188–1200, 2015.
[11] Aein Rezaei Shahmirzadi, Duˇsan Boˇzilov, and Amir Moradi. New first-order secure aes performance records. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 304–327, 2021.
[12] Sebastian Faust, Vincent Grosso, SMD Pozo, Clara Paglialonga, and F-X Standaert. Composable masking schemes in the presence of physical defaults & the robust probing model. 2018.
[13] Oscar Reparaz, Beg¨ul Bilgin, Svetla Nikova, Benedikt Gierlichs, and Ingrid Verbauwhede. Consolidating masking schemes. In Annual Cryptology Conference, pages 764–783. Springer, 2015.
[14] Felix Wegener and Amir Moradi. A first-order sca resistant aes without fresh randomness. In International Workshop on Constructive SideChannel Analysis and Secure Design, pages 245– 262. Springer, 2018.
[15] Tim G¨uneysu and Amir Moradi. Generic sidechannel countermeasures for reconfigurable devices. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 33–48. Springer, 2011.
[16] Aein Rezaei Shahmirzadi and Amir Moradi. Reconsolidating first-order masking schemes. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 305–342, 2021.