An area-efficient shuffling scheme for AES implementation on FPGA

Power analysis attack is an efficient way to retrieve the sensitive information from the hardware implementation of modern cryptographic algorithms, such as Advance Encryption Standard (AES). First-order masking could defend against Differential Power Analysis (DPA) attack without extra hardware support. However, it is vulnerable to Higher-Order Differential Power Analysis (HODPA) attack. HODPA attack could be avoided using a higher order masking scheme, but it takes up huge hardware resources. In this paper, we propose a low cost shuffling scheme for FPGA based AES implementations, which is able to efficiently resist against HODPA attack. We reuse our previous masked S-box proposed in [20-21] to reduce hardware resources and defend against glitch attacks. Also, we reorder the executing sequence of the MixColumns and the AddRoundKey transformations in the first-second, the last and the second to last rounds. It is difficult for the attackers to find the “real” attacking points in our proposed design. The experimental results show that our proposed design is only 5.6% larger than the masking only scheme.