Gate-level Side-Channel Protection Method Based on Hybrid-order Masking

ZHAO Yiqiang; LI Zhengyang; ZHANG Qizhi; YE Mao; XIA Xianzhao; LI Yao; HE Jiaji

doi:10.11999/JEIT250198

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2025 >

ZHAO Yiqiang, LI Zhengyang, ZHANG Qizhi, YE Mao, XIA Xianzhao, LI Yao, HE Jiaji. Gate-level Side-Channel Protection Method Based on Hybrid-order Masking[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250198

Citation:

ZHAO Yiqiang, LI Zhengyang, ZHANG Qizhi, YE Mao, XIA Xianzhao, LI Yao, HE Jiaji. Gate-level Side-Channel Protection Method Based on Hybrid-order Masking[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250198

Citation:

PDF( 2351 KB)

Gate-level Side-Channel Protection Method Based on Hybrid-order Masking

doi: 10.11999/JEIT250198 cstr: 32379.14.JEIT250198

ZHAO Yiqiang^{1, 2},
LI Zhengyang^{1, 2},
ZHANG Qizhi^{1, 2},
YE Mao^{1, 2},
XIA Xianzhao³,
LI Yao^{1, 2},
HE Jiaji^{1, 2
,
,}

1.
School of Microelectronics, Tianjin University, Tianjin 300072, China
2.
Tianjin Key Laboratory of Imaging and Perception Microelectronics Technology, Tianjin 300072, China
3.
CATARC Technology Co., Ltd., Shenzhen 518118, China

Funds: The National Key R&D Program Young Scientists Project (2023YFB4402800), Tianjin Science and Technology Plan Project (24YDTPJC00020)

Received Date: 2025-03-24
Rev Recd Date: 2025-07-07

Available Online: 2025-07-11

Abstract

Abstract

Objective Side-Channel Analysis (SCA) presents a significant threat to the hardware implementation of cryptographic algorithms. Among various sources of side-channel leakage, power consumption is particularly vulnerable due to its ease of extraction and interpretation, making power analysis one of the most prevalent SCA techniques. To address this threat, masking has been widely adopted as a countermeasure in hardware security. Masking introduces randomness to disrupt the correlation between sensitive intermediate data and observable side-channel information, thereby enhancing resistance to SCA. However, existing masking approaches face notable limitations. Algorithm-level masking requires comprehensive knowledge of algorithmic structure and does not reliably strengthen hardware-level security. Masking applied at the Register Transfer Level (RTL) is prone to structural alterations during hardware synthesis and is constrained by the need for logic optimization, limiting scalability. Gate-level masking offers certain advantages, yet such approaches depend on precise localization of leakage and often incur unpredictable overhead after deployment. Furthermore, many masking schemes remain susceptible to higher-order SCA techniques. To overcome these limitations, there is an urgent need for gate-level masking strategies that provide robust security, maintain acceptable overhead, and support scalable deployment in practical hardware systems. Methods To address advances in SCA techniques and the limitations of existing masking schemes, this paper proposes a hybrid-order masking method. The approach is specifically designed for gate-level netlist circuits to provide fine-grained and precise protection. By considering the structural characteristics of encryption algorithm circuits, the method integrates masking structures of different orders according to circuit requirements, introduces randomness to sensitive variables, and substantially improves resistance to side-channel attacks. In parallel, the approach accounts for potential hardware overhead to maintain practical feasibility. Theoretical security is verified through statistical evaluation combined with established SCA techniques. An automated deployment framework is developed to facilitate rapid and efficient application of the masking scheme. The framework incorporates functional modules for circuit topology analysis, leakage identification, and masking deployment, supporting a complete workflow from circuit analysis to masking implementation. The security performance of the masked design is further assessed through correlation-based evaluation methods and simulation. Results and Discussions The automated masking deployment tool is applied to implement gate-level masking for Advanced Encryption Standard (AES) circuits. The security of the masked design is evaluated through first-order and higher-order power analysis in simulation. The correlation coefficient and Minimum Traces to Disclosure (MTD) parameter serve as the primary evaluation metrics, both widely used in side-channel security assessment. The MTD reflects the number of power traces required to extract the encryption key from the circuit. In first-order power analysis, the unmasked design exhibits a maximum correlation value of 0.49 for the correct key (Fig. 6(a)), and the correlation curve for the correct key is clearly separated from those of incorrect keys. By contrast, the masked design reduces the correlation to approximately 0.02 (Fig. 6(b)), with no evidence of successful key extraction. Based on the MTD parameter, the unmasked design requires 116 traces for key disclosure, whereas the masked design requires more than 200,000 traces, reflecting an improvement exceeding 1724 times (Fig. 7). Higher-order power analysis yields consistent results. The unmasked design demonstrates an MTD of 120 traces, indicating clear vulnerability, whereas the masked design maintains a maximum correlation near 0.02 (Fig. 8) and an MTD greater than 200,000 traces (Fig. 9), corresponding to a 1667-fold improvement. In terms of hardware overhead, the masked design shows a 1.2% increase in area and a 41.1% reduction in maximum operating frequency relative to the unmasked circuit. Conclusions This study addresses the limitations of existing masking schemes by proposing a hybrid-order masking method that disrupts the conventional definition of protection order. The approach safeguards sensitive data during cryptographic algorithm operations and enhances resistance to SCA in gate-level hardware designs. An automated deployment tool is developed to efficiently integrate vulnerability identification and masking protection, supporting practical application by hardware designers. The proposed methodology is validated through correlation analysis across different orders. The results demonstrate that the method improves resistance to power analysis attacks by more than 1600 times and achieves significant security enhancement with minimal hardware overhead compared to existing masking techniques. This work advances the current knowledge of masking strategies and provides an effective approach for improving hardware-level security. Future research will focus on extending the method to broader application scenarios and enhancing performance through algorithmic improvements.
- Side-Channel Analysis (SCA),
- Masking protection,
- Encryption algorithms,
- Power leakage analysis

FullText(HTML)

References(26)

References

[1]	张厚来, 齐骥, 刘宇博, 等. 密码侧信道分析前沿案例综述[J]. 信息安全与通信保密, 2024(11): 32–48. doi: 10.3969/j.issn.1009-8054.2024.11.006. ZHANG Houlai, QI Ji, LIU Yubo, et al. A review of advanced cases of cryptographic side-channel analysis[J]. Information Security and Communications Privacy, 2024(11): 32–48. doi: 10.3969/j.issn.1009-8054.2024.11.006.
[2]	KOCHER P C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems[C]. 16th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 1996: 104–113. doi: 10.1007/3-540-68697-5_9.
[3]	BONEH D, DEMILLO R A, and LIPTON R J. On the importance of checking cryptographic protocols for faults[C]. International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, 1997: 37–51. doi: 10.1007/3-540-69053-0_4.
[4]	KOCHER P, JAFFE J, and JUN B. Differential power analysis[C]. 19th Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, USA, 1999: 388–397. doi: 10.1007/3-540-48405-1_25.
[5]	BRIER E, CLAVIER C, and OLIVIER F. Correlation power analysis with a leakage model[C]. 6th International Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, USA, 2004: 16–29. doi: 10.1007/978-3-540-28632-5_2.
[6]	BATINA L, GIERLICHS B, PROUFF E, et al. Mutual information analysis: A comprehensive study[J]. Journal of Cryptology, 2011, 24(2): 269–291. doi: 10.1007/s00145-010-9084-8.
[7]	CHOUDARY O and KUHN M G. Efficient template attacks[C]. 12th International Conference on Smart Card Research and Advanced Applications, Berlin, Germany, 2013: 253–270. doi: 10.1007/978-3-319-08302-5_17.
[8]	OSWALD E, MANGARD S, HERBST C, et al. Practical second-order DPA attacks for masked smart card implementations of block ciphers[C]. The Cryptographers’ Track at the RSA Conference, San Jose, USA, 2006: 192–207. doi: 10.1007/11605805_13.
[9]	王亚琦, 黄帆, 段晓林, 等. 对Kyber算法的二阶侧信道攻击: 针对掩码哈希函数(英文)[J]. 密码学报(中英文), 2024, 11(6): 1415–1436. doi: 10.13868/j.cnki.jcr.000745. WANG Yaqi, HUANG Fan, DUAN Xiaolin, et al. Second-order side-channel attacks on Kyber: Targeting the masked hash function[J]. Journal of Cryptologic Research, 2024, 11(6): 1415–1436. doi: 10.13868/j.cnki.jcr.000745.
[10]	CASSIERS G and STANDAERT F X. Trivially and efficiently composing masked gadgets with probe isolating non-interference[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 2542–2555. doi: 10.1109/TIFS.2020.2971153.
[11]	MÜLLER N and MORADI A. Robust but relaxed probing model[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024, 2024(4): 451–482. doi: 10.46586/tches.v2024.i4.451-482.
[12]	YAO Yuan, KATHURIA T, EGE B, et al. Architecture correlation analysis (ACA): Identifying the source of side-channel leakage at gate-level[C]. 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, USA, 2020: 188–196. doi: 10.1109/HOST45689.2020.9300271.
[13]	MA Haocheng, ZHANG Qizhi, GAO Ya, et al. PathFinder: Side channel protection through automatic leaky paths identification and obfuscation[C]. The 59th ACM/IEEE Design Automation Conference, San Francisco, USA, 2022: 79–84. doi: 10.1145/3489517.3530413.
[14]	DAS D, MAITY S, NASIR S B, et al. ASNI: Attenuated signature noise injection for low-overhead power side-channel attack immunity[J]. IEEE Transactions on Circuits and Systems I: Regular Papers, 2018, 65(10): 3300–3311. doi: 10.1109/TCSI.2018.2819499.
[15]	NASSAR M, SOUISSI Y, GUILLEY S, et al. RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs[C]. 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 2012: 1173–1178. doi: 10.1109/DATE.2012.6176671.
[16]	GROSS H, MANGARD S, and KORAK T. Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order[C]. The 2016 ACM Workshop on Theory of Implementation Security, Vienna, Austria, 2016: 3. doi: 10.1145/2996366.2996426.
[17]	ITOH K, TAKENAKA M, and TORII N. DPA countermeasure based on the “masking method”[C]. 4th International Conference on Information Security and Cryptology, Seoul, Korea, 2001: 440–456. doi: 10.1007/3-540-45861-1_33.
[18]	WU Lixuan, FAN Yanhong, PRENEEL B, et al. Automated generation of masked nonlinear components: From lookup tables to private circuits[C]. ACNS 2024 Satellite Workshops on Applied Cryptography and Network Security Workshops, Abu Dhabi, United Arab Emirates, 2024: 319–339. doi: 10.1007/978-3-031-61486-6_19.
[19]	DILIP KUMAR S V, BALASCH J, GIERLICHS B, et al. Low-cost first-order secure Boolean masking in glitchy hardware[J]. IEEE Transactions on Information Forensics and Security, 2025, 20: 2437–2449. doi: 10.1109/TIFS.2025.3541442.
[20]	TIRI K and VERBAUWHEDE I. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation[C]. Design, Automation and Test in Europe Conference and Exhibition, Paris, France, 2004: 246–251. doi: 10.1109/DATE.2004.1268856.
[21]	KOYANAGI Y and UKEZONO T. A cost-sensitive and simple masking design for side-channels[C]. TENCON 2023–2023 IEEE Region 10 Conference (TENCON), Chiang Mai, Thailand, 2023: 732–737. doi: 10.1109/TENCON58879.2023.10322358.
[22]	GROSS H, MANGARD S, and KORAK T. An efficient side-channel protected AES implementation with arbitrary protection order[C]. The Cryptographers’ Track at the RSA Conference on Topics in Cryptology, San Francisco, USA, 2017: 95–112. doi: 10.1007/978-3-319-52153-4_6.
[23]	李聪辉, 姚茂群. 基于掩码技术的抗功耗攻击电路方案设计[J]. 太赫兹科学与电子信息学报, 2024, 22(12): 1421–1425. doi: 10.11805/TKYDA2023070. LI Conghui and YAO Maoqun. Design of circuit against power analysis attacks based on masking technology[J]. Journal of Terahertz Science and Electronic Information Technology, 2024, 22(12): 1421–1425. doi: 10.11805/TKYDA2023070.
[24]	BEPARY M K, ZHANG Tao, ZHOU Jingbo, et al. Towards efficient gate-level electromagnetic side-channel leakage modeling and vulnerability assessment[J]. Journal of Hardware and Systems Security, 2025: 1–14. doi: 10.1007/s41635-025-00161-1.
[25]	MORADI A, POSCHMANN A, LING San, et al. Pushing the limits: A very compact and a threshold implementation of AES[C]. 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, 2011: 69–88. doi: 10.1007/978-3-642-20465-4_6.
[26]	RAMEZANPOUR K, AMPADU P, and DIEHL W. RS-Mask: Random space masking as an integrated countermeasure against power and fault analysis[C]. 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, USA, 2020: 176–187. doi: 10.1109/HOST45689.2020.9300266.