To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although the design is scalable, it leads to the smallest (7.1 kGE), fastest, and least randomness demanding (18 bits) first-order secure AES implementation. The gap between DOM and TI increases with the protection order. Our second-order secure AES S-box implementation, for example, has a hardware footprint that is half the size of the smallest existing second-order TI of the S-box. This paper includes synthesis results of our AES implementation up to the 15th protection order.
Category / Keywords: masking, domain-oriented masking, threshold implementations, private circuits, side-channel analysis, DPA, hardware security, AES Date: received 20 May 2016, last revised 15 Nov 2016 Contact author: hannes gross at iaik tugraz at Available format(s): PDF | BibTeX Citation Version: 20161115:152528 (All versions of this report) Short URL: ia.cr/2016/486