eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2016/486

Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order

Hannes Gross, Stefan Mangard, and Thomas Korak


Passive physical attacks, like power analysis, pose a serious threat to the security of embedded systems and corresponding countermeasures need to be implemented. In this work, we demonstrate how the costs for protecting digital circuits against passive physical attacks can be lowered significantly. We introduce a novel masking approach called domain-oriented masking (DOM). Our approach provides the same level of security as threshold implementations (TI), while it requires less chip area and less randomness. DOM can also be scaled easily to arbitrary protection orders for any circuit. To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although the design is scalable, it leads to the smallest (7.1 kGE), fastest, and least randomness demanding (18 bits) first-order secure AES implementation. The gap between DOM and TI increases with the protection order. Our second-order secure AES S-box implementation, for example, has a hardware footprint that is half the size of the smallest existing second-order TI of the S-box. This paper includes synthesis results of our AES implementation up to the 15th protection order.

Available format(s)
Publication info
Preprint. MINOR revision.
maskingdomain-oriented maskingthreshold implementationsprivate circuitsside-channel analysisDPAhardware securityAES
Contact author(s)
hannes gross @ iaik tugraz at
2016-11-15: revised
2016-05-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Hannes Gross and Stefan Mangard and Thomas Korak},
      title = {Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order},
      howpublished = {Cryptology ePrint Archive, Paper 2016/486},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/486}},
      url = {https://eprint.iacr.org/2016/486}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.