DOMREP II

Protection against hardware attacks is a crucial prerequisite for cryptographic implementations running on devices that may be physically exposed to attackers. The main threat is either Side-Channel Analysis (SCA) or Fault Injection Analysis (FIA). Additionally, combined attacks that use both SCA and FIA simultaneously are becoming increasingly prevalent due to their potency. One of the most recent combined attacks is the so-called SCA-NFA. The SCA-NFA method is capable to overcome DOMREP, which is a recently proposed countermeasure offering individual protection against SCA and FIA. In this work, we present an extension of the previous DOMREP protection scheme that can withstand an adversary with SCA-NFA capabilities. To overcome the shortfalls of DOMREP, we extend the classical DOM-AND gate to provide security even in the presence of faults. Furthermore, we developed a protected error-correction gate that is also secure in the presence of faults. We provide proof based on the glitch-extended probing model to verify the security claims of our DOMREP extension. Furthermore, we demonstrate the effectiveness with measurements of a protected software implementation of a DOM-AND gate running on an STM32F071 microcontroller. According to these measurements, our DOM-AND gate implementation achieves the expected security level.