A More Efficient AES Threshold Implementation
Threshold implementations provide provable security against first-order power analysis attacks for hardware and software implementations. Like masking, the approach relies on secret sharing but it differs in the implementation of logic functions. At Eurocrypt 2011 published the to date most compact threshold implementation of AES-128 encryption. Their paper shows that the number of required random bits may be an additional evaluation criterion, next to area and speed. The authors present a new threshold implementation of AES-128 encryption that is 18% smaller, 7.5% faster and that requires 8% less random bits than the implementation from Eurocrypt 2011.