A More Efficient AES Threshold Implementation

Begül Bilgin, Benekikt Gierlichs, Svetla Nikova, Ventzislav Nikov, Vincent Rijmen

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    98 Citations (Scopus)
    1 Downloads (Pure)


    Threshold Implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. At Eurocrypt 2011 Moradi et al. published the to date most compact Threshold Implementation of AES-128 encryption. Their work shows that the number of required random bits may be an additional evaluation criterion, next to area and speed. We present a new Threshold Implementation of AES-128 encryption that is 18% smaller, 7.5% faster and that requires 8% less random bits than the implementation from Eurocrypt 2011. In addition, we provide results of a practical security evaluation based on real power traces in adversary-friendly conditions. They confirm the first-order attack resistance of our implementation and show good resistance against higher-order attacks.
    Original languageEnglish
    Title of host publicationProgress in Cryptology – AFRICACRYPT 2014
    Subtitle of host publication7th International Conference on Cryptology in Africa, Marrakesh, Morocco, May 28-30, 2014. Proceedings
    EditorsDavid Pointcheval, Damien Vergnaud
    Place of PublicationSwitzerland
    Number of pages18
    ISBN (Print)978-3-319-06733-9
    Publication statusPublished - May 2014
    Event7th International Conference on Cryptology in Africa 2014 - Marrakech, Morocco
    Duration: 28 May 201430 May 2014
    Conference number: 7

    Publication series

    NameLecture Notes in Computer Science
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    Conference7th International Conference on Cryptology in Africa 2014
    Abbreviated titleAfricaCrypt 2014


    • SCS-Cybersecurity
    • METIS-306030
    • IR-91873
    • EWI-25074


    Dive into the research topics of 'A More Efficient AES Threshold Implementation'. Together they form a unique fingerprint.

    Cite this