Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics

Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.

[1]  Sylvain Guilley,et al.  The "Backend Duplication" Method , 2005, CHES.

[2]  Patrick Schaumont,et al.  Masking and Dual-Rail Logic Don't Add Up , 2007, CHES.

[3]  Vincent Rijmen Efficient Implementation of the Rijndael S-box , 2000 .

[4]  Sylvain Guilley,et al.  CMOS structures suitable for secured hardware , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[5]  Jean-Jacques Quisquater,et al.  Information Theoretic Evaluation of Side-Channel Resistant Logic Styles , 2007, CHES.

[6]  Francesco Regazzoni,et al.  Area and Power Efficient Synthesis of DPA-Resistant Cryptographic S-Boxes , 2007, 20th International Conference on VLSI Design held jointly with 6th International Conference on Embedded Systems (VLSID'07).

[7]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[8]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[9]  Eric Peeters,et al.  Template Attacks in Principal Subspaces , 2006, CHES.

[10]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[11]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[12]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[13]  Claude Carlet,et al.  On Highly Nonlinear S-Boxes and Their Inability to Thwart DPA Attacks , 2005, INDOCRYPT.

[14]  Sylvain Guilley,et al.  Improving Side-channel Attacks by Exploiting Substitution Boxes Properties , 2007 .

[15]  Sylvain Guilley,et al.  Security Evaluation of a Balanced Quasi-Delay Insensitive Library (SecLib) , 2008 .

[16]  Ingrid Verbauwhede,et al.  Place and Route for Secure Standard Cell Design , 2004, CARDIS.

[17]  George S. Taylor,et al.  Balanced self-checking asynchronous logic for smart card applications , 2003, Microprocess. Microsystems.

[18]  Johann Großschädl,et al.  Area, Delay, and Power Characteristics of Standard-Cell Implementations of the AES S-Box , 2006, SAMOS.

[19]  Mohamed I. Elmasry,et al.  Modeling and comparing CMOS implementations of the C-element , 1998, IEEE Trans. Very Large Scale Integr. Syst..

[20]  Sylvain Guilley,et al.  Place-and-route impact on the security of DPL designs in FPGAs , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[21]  Sylvain Guilley,et al.  Overview of Dual rail with Precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors , 2009, 2009 3rd International Conference on Signals, Circuits and Systems (SCS).

[22]  Huiyun Li,et al.  A security evaluation methodology for smart cards against electromagnetic analysis , 2005, Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology.

[23]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[24]  Guido Bertoni,et al.  Power-efficient ASIC synthesis of cryptographic sboxes , 2004, GLSVLSI '04.

[25]  A. Satoh,et al.  Side-Channel Attack Standard Evaluation Board SASEBO-W for Smartcard Testing , 2011 .

[26]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[27]  Guido Bertoni,et al.  Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks , 2008, IEEE Transactions on Computers.

[28]  Emmanuel Prouff,et al.  DPA Attacks and S-Boxes , 2005, FSE.

[29]  Vijay Kumar,et al.  Efficient Rijndael Encryption Implementation with Composite Field Arithmetic , 2001, CHES.

[30]  Giorgio Di Natale,et al.  An Integrated Validation Environment for Differential Power Analysis , 2008, 4th IEEE International Symposium on Electronic Design, Test and Applications (delta 2008).

[31]  Stéphane Badel,et al.  A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions , 2009, CHES.

[32]  Sylvain Guilley,et al.  Secured CAD Back-End Flow for Power-Analysis-Resistant Cryptoprocessors , 2007, IEEE Design & Test of Computers.

[33]  William P. Marnane,et al.  Correlation Power Analysis of Large Word Sizes , 2007 .

[34]  Eric Peeters Towards security limits of embedded hardware devices : from practice to theory/ , 2006 .

[35]  Sylvain Guilley,et al.  Differential Power Analysis Model and Some Results , 2004, CARDIS.

[36]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.