Compact Yet Fast: An Efficient d-Order Masked Implementation of Ascon

Side-channel attacks (SCA) represent a major threat to the secure deployment of cryptographic algorithms on embedded systems, with power analysis being particularly effective in extracting sensitive information from hardware implementations. Masking techniques are among the most widely adopted countermeasures, yet fully masked designs often incur significant area and latency overhead. In this work, we present a generic side-channel protected design of Ascon, the NISTselected lightweight cryptography standard, that achieves high efficiency by dynamically reconfiguring the hardware countermeasures during message processing. Exploiting Ascon’s mode-level structure, where bulk operations can be executed without full protection, we adopt a selective masking strategy, securing only the most critical phases (initialization and finalization), while accelerating unprotected bulk processing. The experimental results obtained demonstrate that the implementation meets the required security standards and achieves superior throughput-to-area ratio across all protection orders. To this end, we design a modified masking gadget with dual functionality: it acts as a countermeasure during sensitive operations and anables parallel processing paths for enhanced throuhput during regular rounds. Our architecture supports any configurable security order and instantiates only the minimum hardware resources needed to maximize throughput per round. We also evaluate an enhanced Ascon architecture based on the Changing of the Guards technique, which eliminates the need for fresh randomness. Security validation is performed using fixed-vs-random t-tests on both first- and second-order masked implementations. Experimental results demonstrate that the proposed design achieves superior throughputto-area ratios compared to state-of-the-art masked implementations, making it wellsuited for deployment in resource-constrained environments where both performance and physical security are critical. Index Terms—Ascon, Hardware, Side-channel attack, Domain- Oriented-Masking, Mode-level implementation