부산대학교 도서관

In this paper we formulate and re-evaluate a recently proposed randomization-based side-channel protection mechanism. The strength of the construction lies with its ability to comply with standard digital design flows and that it provides a security parameter which directly links side-channel security metrics. A detailed leakage model is provided and investigated for the first time, and it is linked to electronic parameters of the randomization mechanism. We develop guidelines and optimization for concrete ASIC constructions, and sheds light on this ultra low-cost leakage-randomization mechanism. The proposed circuit is natural to be utilized without or on top of the popular masking countermeasures. It is demonstrated to be considerably more efficient in terms of attack data-complexity as compared to low-order masking (i.e., number of shares $d=2$ ). In addition, seemingly it is a nice and necessary fit to increase the noise when a too low-noise environment is expected, which impedes masking’s theoretical security. Finally, it is discussed that the proposed mechanism is natural to be embedded with masked designs for higher security-levels ( $d> 2$ ) while lowering significantly their asymptotically quadratic area price-tag as $d$ increase. Robustness results are provided along with post place & route cost estimations for both AES encryption and a more recently proposed permutation such as ISAP. Our design efficiently provides unprecedented three orders-of-magnitude signal-to-noise reduction with a total area-overhead of 21% and 46% for AES and Ascon- $\rho $ , respectively. These factors are more cost-efficient than low-orders masked designs and such mechanisms are sometimes necessary when the inherent noise is not sufficient. However, the joint embedding of the proposed mechanism with masked designs potentially exponentially improve the security level they provide, all whilst enabling electronic-design friendly security mechanism.