Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order

Hannes Groß, Stefan Mangard, Thomas Korak

Research output: Contribution to conferenceAbstractResearchpeer-review

Abstract

Passive physical attacks, like power analysis, pose a serious threat to the security of embedded systems and corresponding countermeasures need to be implemented. In this talk, we demonstrate how the costs for protecting digital circuits against passive physical attacks can be lowered significantly. We introduce a novel masking approach called domain-oriented masking (DOM). Our approach provides the same level of security as threshold implementations (TI), while it requires less chip area and less randomness. DOM can also be scaled easily to arbitrary protection orders for any circuit. To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6 kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order. Beside our theoretical security analysis, we also evaluate the security of the AES implementation with a t-test based side-channel leakage assessments up to the second protection order.

To demonstrate the flexibility of our scheme, we apply DOM to a hardware design of the Advanced Encryption Standard (AES). The presented AES implementation is built in a way that it can be synthesized for any protection order. Although our AES design is scalable, it is smaller, faster, and less randomness demanding than other side-channel protected AES implementations. Our first-order secure AES design, for example, requires only 18 bits of randomness per S-box operation and 6~kGE of chip area. We demonstrate the flexibility of our AES implementation by synthesizing it up to the 15th protection order. Beside our theoretical security analysis, we also evaluate the security of the AES implementation with a t-test based side-channel leakage assessments up to the second protection order.
Original languageEnglish
Pages3
Number of pages3
DOIs
Publication statusPublished - 24 Oct 2016
EventACM Workshop on Theory of Implementation Security - Vienna, Austria
Duration: 24 Oct 2016 → …
https://www.cosic.esat.kuleuven.be/events/acm-ccs2016/

Workshop

WorkshopACM Workshop on Theory of Implementation Security
Abbreviated titleTIS '16
CountryAustria
CityVienna
Period24/10/16 → …
Internet address

Keywords

  • masking
  • domain-oriented masking
  • private circuits
  • threshold implementations
  • ISW
  • side-channel analysis
  • DPA
  • hardware security
  • AES

Fingerprint Dive into the research topics of 'Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order'. Together they form a unique fingerprint.

  • Projects

    EU - SOPHIA - Securing Software against Physical Attacks

    Mangard, S.

    1/09/1631/08/21

    Project: Research project

    HECTOR - Hardware enable crypto and randomness

    Korak, T., Mangard, S. & Mendel, F.

    1/03/1531/07/18

    Project: Research project

    Cite this

    Groß, H., Mangard, S., & Korak, T. (2016). Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. 3. Abstract from ACM Workshop on Theory of Implementation Security, Vienna, Austria. https://doi.org/10.1145/2996366.2996426