Skip to main content

Table 4 Speedup in popular first-order masking schemes on an Intel Core i7-4790 CPU running at 3.60GHz

From: A secure and highly efficient first-order masking scheme for AES linear operations

Scheme

Linear Operatons

First-Order Security

GF256MUL21

Time [us]

Speedup2

Unprotected AES

Original Implementation

No

Computation

3.178

–

   

LUT

2.160

 
 

Improved Implementation

No

Computation

2.596

 
   

LUT

2.067

 

SP

Original Implementation

No

Computation

3.606

–

   

LUT

2.525

 
 

Improved Implementation

No

Computation

2.917

 
   

LUT

2.454

 
 

Our Proposal

Yes

Computation

3.12

 
   

LUT

2.460

 

ASCAD

Original Implementation

Yes

Computation

6.377

–

   

LUT

4.307

 
 

Improved Implementation

Yes

Computation

5.143

 
   

LUT

4.169

 
 

Our Proposal

Yes

Computation

4.168

23.39%

   

LUT

3.539

17.80%

RSMv1

Original Implementation

No

Computation

6.315

–

   

LUT

4.389

 
 

Improved Implementation

No

Computation

5.407

 
   

LUT

4.161

 
 

Our Proposal

Yes

Computation

4.254

 
   

LUT

3.613

 

RSMv2

Original Implementation

Yes

Computation

6.651

–

   

LUT

4.610

 
 

Improved Implementation

Yes

Computation

5.496

 
   

LUT

4.388

 
 

Our Proposal

Yes

Computation

4.483

22.6%

   

LUT

3.796

15.6%

 

More Efficient Proposal

Yes

Computation

4.381

25.45%

   

LUT

3.668

19.63%

  1. The function GF256MUL2 can be implemented by different methods, which affects the speedup of our proposal. ’Computation’ in this line means that GF256MUL2 is implemented by shift and XOR operations, ’LUT’ means it is implemented by look-up table.
  2. While getting the speedup for each masking scheme, we compare our proposal with first-order secure and the most efficient implementation