An Optimized Design for Compact Masked AES S-Box Based on Composite Field and Common Subexpression Elimination Algorithm.

As the only nonlinear operation, masked S-box is the core to resist differential power attack (DPA) for advanced encryption standard (AES) cipher chips. In order to suit for the resource-constrained applications, a compact masked S-box based on composite field is proposed in this paper. Firstly, the architecture of masked S-box is designed with composite field masking method. Secondly, four masked S-boxes based on GF ((24)2), which are based on four basis methods with the optimal coefficient and the corresponding optimal root, are implemented and optimized by the delay-aware common subexpression elimination (DACSE) algorithm. Finally, experimental results show that, while maintaining the DPA-resistance performance, our best masked S-box achieves better area performance with the fastest speed compared with the existing works. Therefore, our masked S-box is suitable for resource-constrained applications with fast speed requirements. [ABSTRACT FROM AUTHOR]