NEW
STORM— Small Table Oriented Redundancy-based SCA Mitigation for AES
STORM effectively solves the long-standing challenge of combining high security against SCA with low gate count and high performance for AES implementations by offering a different tradeoff (memory utilization) that may be preferable to RAMBAM in many practical cases.
Unlike RAMBAM for which it is experimentally shown that the leakage rapidly decreases as redundancy grows, but lacks a security proof (though the intuition behind this is explained), STORM has proven security.
For applications with limited resources (e.g., IoT devices) STORM can be configured with a relatively small amount of SRAM, starting from 4 KB. For applications that require high performance (e.g., servers with intensive encrypted communications) the SRAM size is typically not a limiting factor, and the various advantages of STORM compared to other solutions are quite significant.
