ABSTRACT
Most of the existing masking schemes for S-boxes were based on Look-Up-Table (LUT) (Coron 2014) or composite field (Satoh 2001). However, in recently years, a new type higher-order masking scheme for the S-Boxes was proposed. The main idea of this scheme is to transform the S-box operation into power function x → x254 over the Galois Field GF(2n), then masked the power function using The ISW scheme (Ishai 2003). These schemes are based on different addition-chains, which composed of the field squaring operations and the field multiplications, such as the masking schemes in Rivain (2010); Carlet (2012) and Roy (2013). However, the computing complexity exponentially increases with regard to the order d because each share is required to separately operate, which significantly increase the masking complexity.
