Place-and-route impact on the security of DPL designs in FPGAs

Straightforward implementations of cryptographic algorithms are known to be vulnerable to attacks aimed not at the mathematical structure of the cipher but rather at the weak points of the electronic devices which implement it. These attacks, known as side-channel attacks, have proved to be very powerful in retrieving secret keys from any kind of unprotected electronic device. Amongst the various protection strategies, side-channel hiding is very popular and well studied. The principle of information hiding is to make any leak constant, thus uncorrelated to the device internal secrets. The so-called ldquodual-rail with precharge logicrdquo (DPL) style is indicated to achieve that goal. For DPL protection to be effective, it further requires a carefully balanced layout so as to obtain equal propagation delays and power consumption on both rails. In this article, we study to which extent the differential place-and-route constraints must be strict in FPGA technology. We describe placement techniques suitable for Xilinx and Altera FPGAs, and quantify the gain of balance they confer. On the one hand, we observed that Xilinx fitting tool achieves naturally good balancing results. On the other hand, the symmetry can be greatly improved with Altera devices, using a manual placement, leading to unprecedented dual netlists balancing.

[1]  Daisuke Suzuki,et al.  Random Switching Logic: A Countermeasure against DPA based on Transition Probability , 2004, IACR Cryptol. ePrint Arch..

[2]  Patrick Schaumont,et al.  Secure FPGA circuits using controlled placement and routing , 2007, 2007 5th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[3]  Sylvain Guilley,et al.  The "Backend Duplication" Method , 2005, CHES.

[4]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5]  Patrick Schaumont,et al.  Masking and Dual-Rail Logic Don't Add Up , 2007, CHES.

[6]  Sylvain Guilley,et al.  Evaluation of Power-Constant Dual-Rail Logic as a Protection of Cryptographic Applications in FPGAs , 2008, 2008 Second International Conference on Secure System Integration and Reliability Improvement.

[7]  Ingrid Verbauwhede,et al.  Place and Route for Secure Standard Cell Design , 2004, CARDIS.

[8]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[9]  Philippe Maurine,et al.  Analysis and Improvement of Dual Rail Logic as a Countermeasure Against DPA , 2007, PATMOS.

[10]  Sylvain Guilley,et al.  CMOS structures suitable for secured hardware , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[11]  Patrick Schaumont,et al.  Changing the Odds Against Masked Logic , 2006, Selected Areas in Cryptography.

[12]  Ralph Howard,et al.  Data encryption standard , 1987 .

[13]  Máire O'Neill,et al.  Differential Power Analysis of CAST-128 , 2010, 2010 IEEE Computer Society Annual Symposium on VLSI.

[14]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[15]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[16]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[17]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[18]  Eric Peeters,et al.  Improved Higher-Order Side-Channel Attacks with FPGA Experiments , 2005, CHES.

[19]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[20]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[21]  Patrick Schaumont,et al.  Slicing up a perfect hardware masking scheme , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[22]  Bart Preneel,et al.  Power Analysis of an FPGA: Implementation of Rijndael: Is Pipelining a DPA Countermeasure? , 2004, CHES.

[23]  Jean-Jacques Quisquater,et al.  FPGA Implementations of the DES and Triple-DES Masked Against Power Analysis Attacks , 2006, 2006 International Conference on Field Programmable Logic and Applications.

[24]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[25]  Ingrid Verbauwhede,et al.  Secure Logic Synthesis , 2004, FPL.