Baochip-1x: What It Is, Why I'm Doing It Now, and How It Came About

Their AES implementation uses old-school 2-share boolean masking [1], which has been shown to be insecure since 2005 [2][3]. A modern implementation would use domain-oriented masking [4], like OpenTitan does. Pretty bad look for Crossbar.

[1] https://github.com/baochip/baochip-1x/blob/main/rtl/modules/... [2] https://link.springer.com/chapter/10.1007/978-3-540-30574-3_... [3] https://static.aminer.org/pdf/PDF/000/086/973/successfully_a... [4] https://eprint.iacr.org/2016/486