Low-Latency Masking with Arbitrary Protection Order Based on Click Elements

Abstract

Masking is the main countermeasure against side-channel attacks due to its sound formal proof of security and the scalability of its protection parameters. However, effective masking increases the implementation complexity by requiring additional silicon area, random number generators and higher latency. Thus, reducing the masking implementation costs while conserving its robustness under side-channel attacks is a relevant branch of research in hardware security applications. Relying on the two-phase bundled-data protocol, this work presents a low-latency masking implementation with arbitrary protection order. In particular, we base our approach on the click elements to control the handshake logic, allowing us to implement asynchronous circuits using conventional synthesis tools. In this manner, we are able to obtain an effective single-cycle and protected implementation of the AES S-box requiring smaller silicon area and potentially lower power consumption compared to the state-of-the-art. Additionally, we detail the asynchronous design methodology that can be applied in different scenarios to improve the latency of secure hardware designs. Finally, we assess leakages to evaluate the robustness of our approach against side-channel attacks.