Power analysis poses a significant threat to the security of cryptographic algorithms, as it can be leveraged to recover secret keys. While various software-based countermeasures exist to mitigate this non-invasive attack, they often involve a trade-off between time and space constraints. Techniques such as masking and shuffling, while effective, can noticeably impact execution speed and rely heavily on run-time random number generators. On the contrary, internally encoded implementations of block ciphers offer an alternative approach that does not rely on run-time random sources, but it comes with the drawback of requiring substantial memory space to accommodate lookup tables. Internal encoding, commonly employed in white-box cryptography, suffers from a security limitation as it does not effectively protect the secret key against statistical analysis. To overcome this weakness, this paper introduces a secure internal encoding method for an AES implementation. By addressing the root cause of vulnerabilities found in previous encoding methods, we propose a balanced encoding technique that aims to minimize the problematic correlation with key-dependent intermediate values. We analyze the potential weaknesses associated with the balanced encoding and present a method that utilizes complementary sets of lookup tables. In this approach, the size of the lookup tables is approximately 512KB, and the number of table lookups is 1,024. This is comparable to the table size of non-protected white-box AES-128 implementations, while requiring only half the number of lookups. By adopting this method, our aim is to introduce a non-masking technique that mitigates the vulnerability to statistical analysis present in current internally-encoded AES implementations.

翻译：功率分析对密码算法的安全性构成严重威胁，因为此类技术可被用于恢复密钥。尽管存在多种基于软件的防御措施来缓解这种非侵入式攻击，但它们往往需要在时间与空间约束之间进行权衡。掩码和洗牌等技术虽然有效，却会显著影响执行速度，且高度依赖运行时随机数生成器。相反，分组密码的内部编码实现提供了一种不依赖运行时随机源的替代方案，但代价是需要大量内存空间来容纳查找表。内部编码常用于白盒密码学，但它存在安全缺陷，无法有效保护密钥免受统计分析攻击。为克服这一弱点，本文针对AES实现提出了一种安全的内部编码方法。通过探究以往编码方法中漏洞产生的根本原因，我们提出了一种均衡编码技术，旨在最小化与密钥相关中间值之间具有问题的相关性。我们分析了均衡编码可能存在的弱点，并提出了一种采用互补查找表集合的方法。在该方法中，查找表大小约为512KB，表查找次数为1024次。这与未受保护的白盒AES-128实现的表大小相当，而查找次数仅为后者的一半。通过采用此方法，我们旨在引入一种非掩码技术，以缓解当前内部编码AES实现中存在的统计分析漏洞。