Cryptographic cipher with finite subfield lookup tables for use in masked operations

What is claimed is: 1 . A method operational in a cryptographic device, comprising: combining, as part of a cryptographic operation, input data with a round key to obtain combined data; routing at least a portion of the combined data through a substitution stage employing at least one of a static lookup table that is its own inverse in a subfield of a finite field to obtain substituted data, a dynamic lookup table in the subfield of the finite field where all substitution operations are implemented using permutations to obtain the substituted data, or an alternative static lookup table in the subfield of the finite field that statically stores all permutations needed to obtain the substituted data; and routing the substituted data through one or more additional cryptographic stages to generate an output data. 2 . The method of claim 1 , wherein the cryptographic operation is an encryption operation, the input data is plaintext, and the output data is ciphertext. 3 . The method of claim 1 , wherein the cryptographic operation is a decryption operation, the input data is ciphertext, and the output data is plaintext. 4 . The method of claim 1 , wherein the combined data includes one or more of a portion of plaintext, a portion of masked plaintext, a value that is a function of plaintext, a value that is a function of masked plaintext, a portion of ciphertext, a portion of masked ciphertext, a value that is a function of ciphertext and a value that is a function of masked ciphertext. 5 . The method of claim 1 , wherein combining the input data with a round key includes routing the input data through an AddRoundKey stage of an AES cipher wherein each byte of an initial state of the input data is combined with a block of a round key. 6 . The method of claim 5 , wherein the cryptographic operation is an encryption operation and the substitution stage is a masked SubBytes stage operative to perform a non-linear substitution of bytes using the static lookup table that is its own inverse for encryption. 7 . The method of claim 5 , wherein the cryptographic operation is a decryption operation and the substitution stage is a masked InvSubBytes stage operative to perform a non-linear substitution of bytes using the static lookup table for decryption. 8 . The method of claim 1 wherein the finite field is a Galois Field (GF) and the subfield is GF(2 2 ). 9 . The method of claim 8 , wherein the substitution stage is operative to perform masked multiplicative inverse operations in GF(2 2 ). 10 . The method of claim 9 , wherein the masked multiplicative inverse operations in GF(2 2 ) exploit tower fields (GF(2 2 ) 2 ) 2 decomposed from GF(2 8 ). 11 . The method of claim 8 , wherein the static lookup table that is its own inverse is one or more of [·]={00, 01, 10, 11} in GF(2 2 ) and its permutations. 12 . The method of claim 8 , further including exploiting a dynamic lookup table of the substitution stage along with the static table that is its own inverse where the dynamic lookup table receives an input mask and an output mask and generates a masked table that corresponds to the static table that is its own inverse masked by the output mask with an index corrected by the input mask. 13 . The method of claim 12 , wherein the dynamic lookup table of the substitution stage is employed to determine low and high parts of a masked inverse in GF(2 4 ). 14 . A cryptographic device, comprising: a processing circuit configured to combine, as part of a cryptographic operation, input data with a round key to obtain combined data; route at least a portion of the combined data through a substitution stage employing at least one of a static lookup table that is its own inverse in a subfield of a finite field to obtain substituted data, a dynamic lookup table in the subfield of the finite field where all substitution operations are implemented using permutations to obtain the substituted data, or an alternative static lookup table in the subfield of the finite field that statically stores all permutations needed to obtain the substituted data; and route the substituted data through one or more additional cryptographic stages to generate an output data; and a storage device configured to store the output data. 15 . The device of claim 14 , wherein the cryptographic operation is an encryption operation, the input data is plaintext, and the output data is ciphertext. 16 . The device of claim 14 , wherein the cryptographic operation is a decryption operation, the input data is ciphertext, and the output data is plaintext. 17 . The device of claim 14 , wherein the combined data includes one or more of a portion of plaintext, a portion of masked plaintext, a value that is a function of plaintext, a value that is a function of masked plaintext, a portion of ciphertext, a portion of masked ciphertext, a value that is a function of ciphertext and a value that is a function of masked ciphertext. 18 . The device of claim 14 wherein the finite field is a Galois Field (GF) and the subfield is GF(2 2 ). 19 . The device of claim 18 , wherein the substitution stage is operative to perform masked multiplicative inverse operations in GF(2 2 ). 20 . A cryptographic device, comprising: means for combining, as part of a cryptographic operation, input data with a round key to obtain combined data; means for routing at least a portion of the combined data through a substitution stage employing at least one of a static lookup table that is its own inverse in a subfield of a finite field to obtain substituted data, a dynamic lookup table in the subfield of the finite field where all substitution operations are implemented using permutations to obtain the substituted data, or an alternative static lookup table in the subfield of the finite field that statically stores all permutations needed to obtain the substituted data; and means for routing the substituted data through one or more additional cryptographic stages to generate an output data. 21 . The device of claim 20 , wherein the cryptographic operation is an encryption operation, the input data is plaintext, and the output data is ciphertext. 22 . The device of claim 20 , wherein the cryptographic operation is a decryption operation, the input data is ciphertext, and the output data is plaintext. 23 . The device of claim 20 , wherein the combined data includes one or more of a portion of plaintext, a portion of masked plaintext, a value that is a function of plaintext, a value that is a function of masked plaintext, a portion of ciphertext, a portion of masked ciphertext, a value that is a function of ciphertext and a value that is a function of masked ciphertext. 24 . The device of claim 20 wherein the finite field is a Galois Field (GF) and the subfield is GF(2 2 ). 25 . The device of claim 24 , wherein the substitution stage is operative to perform masked multiplicative inverse operations in GF(2 2 ). 26 . A machine-readable storage medium for use with cryptography, the machine-readable storage medium having one or more instructions which when executed by at least one processing circuit causes the at least one processing circuit to: combine, as part of a cryptographic operation, input data with a round key to obtain combined data; route at least a portion of the combined data through a substitution stage employing at least o