On the Practical Dependency of Fresh Randomness in AES S-box with Second-Order TI.

Physical attacks on cryptographic hardware have become a significant threat in recent years. For example, side-channel attacks exploit information leakage, such as power consumption or processing time during encryption, to recover the secret key. Threshold implementation (TI) is a widely-used countermeasure against such attacks. In the conventional implementation of TI, the significant process for ensuring an important property called uniformity is refreshing, which re-masks intermediate values using many random bits. In this study, we demonstrate that side-channel information leaks when fresh randomness is not sufficient even if a cryptographically secure Pseudo Random Number Generator (PRNG) is appropriately implemented. More precisely, our experimental results show such leakage when the seed value given to the PRNG remains fixed for every encryption, or when the update of fresh random bits is stopped in the encryption.