AES side-channel countermeasure using random tower field constructions

Masking schemes to secure AES implementations against side-channel attacks is a topic of ongoing research. The most sensitive part of the AES is the non-linear SubBytes operation, in particular, the inversion in GF (2 8 ), the Galois field of 2 8 elements. In hardware implementations, it is well known that the use of the tower of extensions GF(2)⊂ GF(2^2)⊂ GF(2^4)⊂ GF(2^8) leads to a more efficient inversion. We propose to use a random isomorphism instead of a fixed one. Then, we study the effect of this randomization in terms of security and efficiency. Considering the field extension GF (2 8 )/ GF (2 4 ), the inverse operation leads to computation of its norm in GF (2 4 ). Hence, in order to thwart side-channel attack, we manage to spread the values of norms over GF (2 4 ). Combined with a technique of boolean masking in tower fields, our countermeasure strengthens resistance against first-order differential side-channel attacks.