DRECON: DPA Resistant Encryption by Construction

Side-channel attacks are considered as one of the biggest threats against modern crypto-systems. This motivates the design of ciphers which are naturally resistant against side-channel attacks. The present paper proposes a scheme called DRECON to construct a block cipher with innate protection against differential power attacks (DPA). The scheme is motivated by tweakable block ciphers and is shown to be secure against first-order DPA using information theoretic metrics. DRECON is shown to be less expensive than masking and re-keying countermeasures from the implementation perspective and can be efficiently realized in both hardware and software platforms. On FPGAs especially, DRECON can optimally utilize the abundant block RAMs available and therefore have minimal overheads. We estimate the cost overhead of DRECON in micro-controllers and FPGAs, two common targets for cryptographic applications. Finally we demonstrate practical side-channel resistance of a DRECON implementation on a Xilinx Virtex-5 FPGA (SASEBO GII board).

[1]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[2]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[3]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[4]  Tanja Lange,et al.  Progress in Cryptology - AFRICACRYPT 2010, Third International Conference on Cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010. Proceedings , 2010, AFRICACRYPT.

[5]  François-Xavier Standaert,et al.  Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices , 2010, AFRICACRYPT.

[6]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[7]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[8]  Roger L. Freeman Wiley Series in Telecommunications and Signal Processing , 2005 .

[9]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[10]  Mihir Bellare,et al.  Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques , 2000, ASIACRYPT.

[11]  Claude Carlet,et al.  PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[12]  Sylvain Guilley,et al.  Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics , 2010, IEEE Transactions on Computers.

[13]  Yi Wang,et al.  FPGA Implementations of the AES Masked Against Power Analysis Attacks , 2011 .

[14]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[15]  Christophe Clavier,et al.  Improved Collision-Correlation Power Analysis on First Order Protected AES , 2011, CHES.

[16]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[17]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[18]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[19]  William P. Marnane,et al.  All-or-Nothing Transforms as a countermeasure to differential side-channel analysis , 2013, International Journal of Information Security.

[20]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[21]  Patrick Schaumont,et al.  Cryptographic Hardware and Embedded Systems – CHES 2012 , 2012, Lecture Notes in Computer Science.

[22]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[23]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[24]  David A. Wagner,et al.  Towards Efficient Second-Order Power Analysis , 2004, CHES.

[25]  Kenneth G. Paterson Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings , 2011, EUROCRYPT.

[26]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[27]  Jens-Peter Kaps,et al.  Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs , 2010, 2010 International Conference on Reconfigurable Computing and FPGAs.

[28]  Bart Mennink,et al.  On Side-Channel Resistant Block Cipher Usage , 2010, ISC.

[29]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[30]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[31]  Emmanuel Prouff,et al.  Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers , 2009, CHES.

[32]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[33]  Kenneth G. Paterson,et al.  Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation , 2012, IACR Cryptol. ePrint Arch..

[34]  Amir Moradi,et al.  Statistical Tools Flavor Side-Channel Collision Attacks , 2012, EUROCRYPT.

[35]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[36]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[37]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[38]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[39]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[40]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[41]  Thomas S. Messerges,et al.  Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[42]  Amir Moradi,et al.  How Far Should Theory Be from Practice? - Evaluation of a Countermeasure , 2012, CHES.

[43]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[44]  Frederik Vercauteren,et al.  Practical Realisation and Elimination of an ECC-Related Software Bug Attack , 2012, CT-RSA.

[45]  Christophe Clavier,et al.  Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings , 2009, CHES.

[46]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[47]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[48]  Sylvain Guilley,et al.  A First-Order Leak-Free Masking Countermeasure , 2012, CT-RSA.

[49]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[50]  Elisabeth Oswald,et al.  Profiling DPA: Efficacy and Efficiency Trade-Offs , 2013, CHES.