Skip to main content

Table 4 Speedup in popular first-order masking schemes on an Intel Core i7-4790 CPU running at 3.60GHz

From: A secure and highly efficient first-order masking scheme for AES linear operations

Scheme Linear Operatons First-Order Security GF256MUL21 Time [us] Speedup2
Unprotected AES Original Implementation No Computation 3.178
    LUT 2.160  
  Improved Implementation No Computation 2.596  
    LUT 2.067  
SP Original Implementation No Computation 3.606
    LUT 2.525  
  Improved Implementation No Computation 2.917  
    LUT 2.454  
  Our Proposal Yes Computation 3.12  
    LUT 2.460  
ASCAD Original Implementation Yes Computation 6.377
    LUT 4.307  
  Improved Implementation Yes Computation 5.143  
    LUT 4.169  
  Our Proposal Yes Computation 4.168 23.39%
    LUT 3.539 17.80%
RSMv1 Original Implementation No Computation 6.315
    LUT 4.389  
  Improved Implementation No Computation 5.407  
    LUT 4.161  
  Our Proposal Yes Computation 4.254  
    LUT 3.613  
RSMv2 Original Implementation Yes Computation 6.651
    LUT 4.610  
  Improved Implementation Yes Computation 5.496  
    LUT 4.388  
  Our Proposal Yes Computation 4.483 22.6%
    LUT 3.796 15.6%
  More Efficient Proposal Yes Computation 4.381 25.45%
    LUT 3.668 19.63%
  1. The function GF256MUL2 can be implemented by different methods, which affects the speedup of our proposal. ’Computation’ in this line means that GF256MUL2 is implemented by shift and XOR operations, ’LUT’ means it is implemented by look-up table.
  2. While getting the speedup for each masking scheme, we compare our proposal with first-order secure and the most efficient implementation