Paper 2016/486

Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order

Hannes Gross, Stefan Mangard, and Thomas Korak

Abstract

Passive physical attacks, like power analysis, pose a serious threat to the security of embedded systems and corresponding countermeasures need to be implemented. In this work, we demonstrate how the costs for protecting digital circuits against passive physical attacks can be lowered significantly. We introduce a novel masking approach called domain-oriented masking (DOM). Our approach provides the same level of security as threshold implementations (TI), while it requires less chip area and less randomness. DOM can also be scaled easily to arbitrary protection orders for any circuit. To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although the design is scalable, it leads to the smallest (7.1 kGE), fastest, and least randomness demanding (18 bits) first-order secure AES implementation. The gap between DOM and TI increases with the protection order. Our second-order secure AES S-box implementation, for example, has a hardware footprint that is half the size of the smallest existing second-order TI of the S-box. This paper includes synthesis results of our AES implementation up to the 15th protection order.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
maskingdomain-oriented maskingthreshold implementationsprivate circuitsside-channel analysisDPAhardware securityAES
Contact author(s)
hannes gross @ iaik tugraz at
History
2016-11-15: revised
2016-05-20: received
See all versions
Short URL
https://ia.cr/2016/486
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/486,
      author = {Hannes Gross and Stefan Mangard and Thomas Korak},
      title = {Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order},
      howpublished = {Cryptology ePrint Archive, Paper 2016/486},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/486}},
      url = {https://eprint.iacr.org/2016/486}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.