[Resource Topic] 2016/486: Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order

Welcome to the resource topic for 2016/486

Title:
Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order

Authors: Hannes Gross, Stefan Mangard, Thomas Korak

Abstract:

Passive physical attacks, like power analysis, pose a serious threat to the security of embedded systems and corresponding countermeasures need to be implemented. In this work, we demonstrate how the costs for protecting digital circuits against passive physical attacks can be lowered significantly. We introduce a novel masking approach called domain-oriented masking (DOM). Our approach provides the same level of security as threshold implementations (TI), while it requires less chip area and less randomness. DOM can also be scaled easily to arbitrary protection orders for any circuit. To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although the design is scalable, it leads to the smallest (7.1 kGE), fastest, and least randomness demanding (18 bits) first-order secure AES implementation. The gap between DOM and TI increases with the protection order. Our second-order secure AES S-box implementation, for example, has a hardware footprint that is half the size of the smallest existing second-order TI of the S-box. This paper includes synthesis results of our AES implementation up to the 15th protection order.

ePrint: https://eprint.iacr.org/2016/486

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .