{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T21:47:41Z","timestamp":1769118461113,"version":"3.49.0"},"reference-count":37,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2026,1,17]],"date-time":"2026-01-17T00:00:00Z","timestamp":1768608000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Resilient Trust project","award":["101112282"],"award-info":[{"award-number":["101112282"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Instruction Set Architecture (ISA) extensions, particularly scalar cryptography extensions (Zk), combine the performance advantages of hardware with the adaptability of software, enabling the direct and efficient execution of cryptographic functions within the processor pipeline. This integration eliminates the need to communicate with external cores, substantially reducing latency, power consumption, and hardware overhead, making it especially suitable for embedded systems with constrained resources. However, current scalar cryptography extension implementations remain vulnerable to physical threats, notably power side-channel attacks (PSCAs). These attacks allow adversaries to extract confidential information, such as secret keys, by analyzing the power consumption patterns of the hardware during operation. This paper presents an optimized and secure implementation of the RISC-V scalar Advanced Encryption Standard (AES) extension (Zkne\/Zknd) using Domain-Oriented Masking (DOM) to mitigate first-order PSCAs. Our approach features optimized assembly implementations for partial rounds and key scheduling alongside pipeline-aware microarchitecture optimizations. We evaluated the security and performance of the proposed design using the Xilinx Artix7 FPGA platform. The results indicate that our design is side-channel-resistant while adding a very low area overhead of 0.39% to the full 32-bit CV32E40S RISC-V processor. Moreover, the performance overhead is zero when the extension-related instructions are properly scheduled.<\/jats:p>","DOI":"10.3390\/cryptography10010006","type":"journal-article","created":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T14:58:54Z","timestamp":1768834734000},"page":"6","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Secure Implementation of RISC-V\u2019s Scalar Cryptography Extension Set"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-9851-2123","authenticated-orcid":false,"given":"Asmaa","family":"Kassimi","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology, 2628 CD Delft, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2333-4754","authenticated-orcid":false,"given":"Abdullah","family":"Aljuffri","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology, 2628 CD Delft, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-3845-7510","authenticated-orcid":false,"given":"Christian","family":"Larmann","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology, 2628 CD Delft, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8961-0387","authenticated-orcid":false,"given":"Said","family":"Hamdioui","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology, 2628 CD Delft, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9911-4846","authenticated-orcid":false,"given":"Mottaqiallah","family":"Taouil","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology, 2628 CD Delft, The Netherlands"}]}],"member":"1968","published-online":{"date-parts":[[2026,1,17]]},"reference":[{"key":"ref_1","unstructured":"IHS Markit (2025, June 01). The Internet of Things: A Movement, Not a Market. Available online: https:\/\/cdn.ihs.com\/www\/pdf\/IoT_ebook.pdf."},{"key":"ref_2","unstructured":"National Institute of Standards and Technology (2024). The NIST Cybersecurity Framework (CSF) 2.0, NIST Cybersecurity White Paper (CSWP) NIST CSWP 29."},{"key":"ref_3","unstructured":"National Institute of Standards and Technology (2020). Recommendation for Key Management\u2014Part 1: General, Technical Report NIST SP 800-57 Part 1 Revision 5, NIST."},{"key":"ref_4","first-page":"388","article-title":"Differential Power Analysis","volume":"Volume 1666","author":"Wiener","year":"1999","journal-title":"Proceedings of the Advances in Cryptology\u2014CRYPTO \u201999, 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, 15\u201319 August 1999"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1007\/978-3-540-28632-5_2","article-title":"Correlation Power Analysis with a Leakage Model","volume":"Volume 3156","author":"Joye","year":"2004","journal-title":"Proceedings of the Cryptographic Hardware and Embedded Systems\u2014CHES 2004: 6th International Workshop, Cambridge, MA, USA, 11\u201313 August 2004"},{"key":"ref_6","first-page":"13","article-title":"Template Attacks","volume":"Volume 2523","author":"Kaliski","year":"2002","journal-title":"Proceedings of the Cryptographic Hardware and Embedded Systems\u2014CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, 13\u201315 August 2002"},{"key":"ref_7","unstructured":"F, M.A.K., Ganesan, V., Bodduna, R., and Rebeiro, C. (2020, January 7\u201311). PARAM: A Microprocessor Hardened for Power Side-Channel Attack Resistance. Proceedings of the 2020 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2020, San Jose, CA, USA."},{"key":"ref_8","unstructured":"Shaout, A., Ahmad, O., and Al-Dulaimi, Y. (2024). AES-RV: A Low-Latency and Energy-Efficient AES Accelerator with Instruction Extension for RISC-V SoC. arXiv."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Cui, S., and Balasch, J. (2023, January 17\u201319). Efficient Software Masking of AES through Instruction Set Extensions. Proceedings of the Design, Automation & Test in Europe Conference & Exhibition, DATE 2023, Antwerp, Belgium.","DOI":"10.23919\/DATE56975.2023.10137150"},{"key":"ref_10","unstructured":"RISC-V Cryptography Extension Task Group (2023). RISC-V Cryptography Extensions Volume I: Scalar & Entropy Source Instructions, RISC-V. Version 0.9.3-DRAFT."},{"key":"ref_11","unstructured":"Bilgin, B., Nikova, S., and Rijmen, V. (2016). Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016, Vienna, Austria, 24 October 2016, ACM."},{"key":"ref_12","unstructured":"National Institute of Standards and Technology (2019). Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication, FIPS 140-3."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Lu, M., Fan, A., Xu, J., and Shan, W. (2018, January 1\u20133). A Compact, Lightweight and Low-Cost 8-Bit Datapath AES Circuit for IoT Applications in 28nm CMOS. Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\/12th IEEE International Conference On Big Data Science And Engineering, TrustCom\/BigDataSE 2018, New York, NY, USA.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00204"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1807","DOI":"10.1109\/TVLSI.2020.2999593","article-title":"Efficient Register Renaming Architectures for 8-bit AES Datapath at 0.55 pJ\/bit in 16-nm FinFET","volume":"28","author":"Dhanuskodi","year":"2020","journal-title":"IEEE Trans. Very Large Scale Integr. Syst."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Wamser, M.S., and Sigl, G. (2017, January 23\u201325). Pushing the limits further: Sub-atomic AES. Proceedings of the 2017 IFIP\/IEEE International Conference on Very Large Scale Integration, VLSI-SoC 2017, Abu Dhabi, United Arab Emirates.","DOI":"10.1109\/VLSI-SoC.2017.8203470"},{"key":"ref_16","first-page":"173","article-title":"Atomic-AES: A Compact Implementation of the AES Encryption\/Decryption Core","volume":"Volume 10095","author":"Dunkelman","year":"2016","journal-title":"Proceedings of the Progress in Cryptology\u2014INDOCRYPT 2016\u201417th International Conference on Cryptology in India, Kolkata, India, 11\u201314 December 2016"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1007\/978-3-642-20465-4_6","article-title":"Pushing the Limits: A Very Compact and a Threshold Implementation of AES","volume":"Volume 6632","author":"Moradi","year":"2011","journal-title":"Proceedings of the Advances in Cryptology\u2014EUROCRYPT 2011"},{"key":"ref_18","unstructured":"Yu, J., and Aagaard, M. (2019, January 4\u20136). Benchmarking and Optimizing AES for Lightweight Cryptography on ASICs. Proceedings of the Lightweight Cryptography Workshop, Gaithersburg, MD, USA."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Dao, M.H., Hoang, V.P., Dao, V.L., and Tran, X.T. (2018, January 18\u201320). An Energy Efficient AES Encryption Core for Hardware Security Implementation in IoT Systems. Proceedings of the 2018 International Conference on ATC, Ho Chi Minh City, Vietnam.","DOI":"10.1109\/ATC.2018.8587500"},{"key":"ref_20","unstructured":"Tran, K. (2025). Integration of the AES Cryptography Extension into a RISC-V Architecture. [Master\u2019s Thesis, Oklahoma State University]."},{"key":"ref_21","first-page":"109","article-title":"The design of scalar AES Instruction Set Extensions for RISC-V","volume":"2021","author":"Marshall","year":"2021","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"957","DOI":"10.1109\/TVLSI.2004.832943","article-title":"High-speed VLSI architectures for the AES algorithm","volume":"12","author":"Zhang","year":"2004","journal-title":"IEEE Trans. Very Large Scale Integr. Syst."},{"key":"ref_23","unstructured":"Waterman, A., and Asanovi\u0107, K. (2019). The RISC-V Instruction Set Manual, RISC-V International."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Hojati, Z., Jahanpeima, Z., Rajabalipanah, M., Ta\u2019ati, H., Rabiei, A., and Navabi, Z. (2024, January 13\u201317). Sharing AES Engine for RISC-V Custom Instructions Performing Encryption and Decryption. Proceedings of the IEEE East-West Design & Test Symposium, EWDTS 2024, Yerevan, Armenia.","DOI":"10.1109\/EWDTS63723.2024.10873766"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Boyar, J., and Peralta, R. (2012). A small depth-16 circuit for the AES S-box. Proceedings of the SEC 2012, Springer.","DOI":"10.1007\/978-3-642-30436-1_24"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Daemen, J., and Rijmen, V. (2002). The Design of Rijndael: AES\u2014The Advanced Encryption Standard, Springer.","DOI":"10.1007\/978-3-662-04722-4_1"},{"key":"ref_27","first-page":"1","article-title":"Vertical Attack Correlation: Exploiting Data Compression in Side-Channel Analysis","volume":"Volume 2021","author":"Clermont","year":"2021","journal-title":"Proceedings of the IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"ref_28","unstructured":"NewAE Technology Inc (2023, April 15). CW305 Artix FPGA Target Board. Available online: https:\/\/rtfm.newae.com\/Targets\/CW305%20Artix%20FPGA\/."},{"key":"ref_29","unstructured":"Cadence Design Systems, Inc (2021, May 08). Cadence Genus Synthesis Solution. Available online: https:\/\/www.cadence.com\/en_US\/home\/tools\/digital-design-and-signoff\/synthesis\/genus-synthesis-solution.html."},{"key":"ref_30","unstructured":"Becker, G., and Cooper, J. (2023, November 09). Test Vector Leakage Assessment (TVLA) Methodology in Practice. Available online: https:\/\/www.semanticscholar.org\/paper\/Test-Vector-Leakage-Assessment-(-TVLA-)-methodology-Becker-Cooper\/60b993cb11fff28c9ea657b0e2882867b8f810e1."},{"key":"ref_31","first-page":"222","article-title":"Hardware Countermeasures against DPA\u2014A Statistical Analysis of Their Effectiveness","volume":"Volume 2964","author":"Okamoto","year":"2004","journal-title":"Proceedings of the Topics in Cryptology\u2014CT-RSA 2004, San Francisco, CA, USA, 23\u201327 February 2004"},{"key":"ref_32","unstructured":"Mangard, S., Oswald, E., and Popp, T. (2007). Power Analysis Attacks\u2014Revealing the Secrets of Smart Cards, Springer."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Schneider, T., and Moradi, A. (2015, January 13\u201316). Leakage Assessment Methodology. Proceedings of the Cryptographic Hardware and Embedded Systems (CHES), Saint-Malo, France.","DOI":"10.1007\/978-3-662-48324-4_25"},{"key":"ref_34","first-page":"187","article-title":"Simplified Adaptive Multiplicative Masking for AES","volume":"Volume 2523","author":"Kaliski","year":"2002","journal-title":"Proceedings of the Cryptographic Hardware and Embedded Systems\u2014CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, 13\u201315 August 2002"},{"key":"ref_35","first-page":"125","article-title":"Correlation-Enhanced Power Analysis Collision Attack","volume":"Volume 6225","author":"Mangard","year":"2010","journal-title":"Proceedings of the Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, 17\u201320 August 2010"},{"key":"ref_36","first-page":"636","article-title":"Study of Second-Order Side-Channel Attacks on AES Masked Implementations","volume":"4","author":"Prouff","year":"2009","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_37","first-page":"578","article-title":"Deep Learning based Side Channel Attacks in Practice","volume":"2019","author":"Maghrebi","year":"2019","journal-title":"IACR Cryptol. ePrint Arch."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/10\/1\/6\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T05:30:43Z","timestamp":1769059843000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/10\/1\/6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,17]]},"references-count":37,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["cryptography10010006"],"URL":"https:\/\/doi.org\/10.3390\/cryptography10010006","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,17]]}}}