Power analysis poses a significant threat to the security of cryptographic
algorithms, as it can be leveraged to recover secret keys. While various
software-based countermeasures exist to mitigate this non-invasive attack, they
often involve a trade-off between time and space constraints. Techniques such
as masking and shuffling, while effective, can noticeably impact execution
speed and rely heavily on run-time random number generators. On the contrary,
internally encoded implementations of block ciphers offer an alternative
approach that does not rely on run-time random sources, but it comes with the
drawback of requiring substantial memory space to accommodate lookup tables.
Internal encoding, commonly employed in white-box cryptography, suffers from a
security limitation as it does not effectively protect the secret key against
statistical analysis. To overcome this weakness, this paper introduces a secure
internal encoding method for an AES implementation. By addressing the root
cause of vulnerabilities found in previous encoding methods, we propose a
balanced encoding technique that aims to minimize the problematic correlation
with key-dependent intermediate values. We analyze the potential weaknesses
associated with the balanced encoding and present a method that utilizes
complementary sets of lookup tables. In this approach, the size of the lookup
tables is approximately 512KB, and the number of table lookups is 1,024. This
is comparable to the table size of non-protected white-box AES-128
implementations, while requiring only half the number of lookups. By adopting
this method, our aim is to introduce a non-masking technique that mitigates the
vulnerability to statistical analysis present in current internally-encoded AES
implementations.Comment: 36 pages, 17 figures, submitte