Dilip Kumar S. V.
COSIC, ESAT, KU Leuven, Leuven, Belgium

Siemen Dhooghe
COSIC, ESAT, KU Leuven, Leuven, Belgium

Josep Balasch
e-Media Research Lab, STADIUS, KU Leuven, Leuven, Belgium

Benedikt Gierlichs
COSIC, ESAT, KU Leuven, Leuven, Belgium

Ingrid Verbauwhede
COSIC, ESAT, KU Leuven, Leuven, Belgium

Keywords: Hardware, Masking, Probing Security, Side-Channel Analysis

Abstract

We present a novel approach to small area and low-latency first-order masking in hardware. The core idea is to separate the processing of shares in time in order to achieve non-completeness. Resulting circuits are proven first-order glitchextended PINI secure. This means the method can be straightforwardly applied to mask arbitrary functions without constraints which the designer must take care of. Furthermore we show that an implementation can benefit from optimization through EDA tools without sacrificing security. We provide concrete results of several case studies. Our low-latency implementation of a complete PRINCE core shows a 32% area improvement (44% with optimization) over the state-of-the-art. Our PRINCE S-Box passes formal verification with a tool and the complete core on FPGA shows no first-order leakage in TVLA with 100 million traces. Our low-latency implementation of the AES S-Box costs roughly one third (one quarter with optimization) of the area of state-of-the-art implementations. It shows no first-order leakage in TVLA with 250 million traces.