A grain in the silicon: SCA-protected AES in less than 30 slices

AES is the predominant block cipher used worldwide in many cryptographic applications. Despite of the wealth of already available implementations, we here introduce an ultra-lightweight AES-128 implementation specifically tailored for reconfigurable hardware. Our basic proposal presents a full AES-128 providing 9.12 Mbit/s throughput and occupying just 21 slices of a Spartan-6 and no additional memories. We also show that this architecture almost, inherently supports shuffling as side-channel countermeasure and provide results of a practical evaluation. Our protected design fits into 24 slices providing 7.82 Mbit/s throughput. Finally, we present a complete AES core that combines previous results with random number generation which fits 28 slices at 4.35 Mbit/s throughput.

[1]  Jean-Jacques Quisquater,et al.  Implementation of the AES-128 on Virtex-5 FPGAs , 2008, AFRICACRYPT.

[2]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[3]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[4]  Tim Güneysu,et al.  DSPs, BRAMs and a Pinch of Logic: New Recipes for AES on FPGAs , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.

[5]  Markus G. Kuhn,et al.  A Protocol for Secure Remote Updates of FPGA Configurations , 2009, ARC.

[6]  Jean-Didier Legat,et al.  Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs , 2003, CHES.

[7]  Kris Gaj,et al.  Very Compact FPGA Implementation of the AES Algorithm , 2003, CHES.

[8]  Tim Good,et al.  AES on FPGA from the Fastest to the Smallest , 2005, CHES.

[9]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[10]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[11]  Ingrid Verbauwhede,et al.  A Dynamic and Differential CMOS Logic Style to Resist Power and Timing Attacks on Security IC's , 2004, IACR Cryptol. ePrint Arch..

[12]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[13]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[14]  Jean-Didier Legat,et al.  Compact and efficient encryption/decryption module for FPGA implementation of the AES Rijndael very well suited for small embedded applications , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[15]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[16]  Hendra Guntur,et al.  Side-channel AttacK User Reference Architecture board SAKURA-G , 2014, 2014 IEEE 3rd Global Conference on Consumer Electronics (GCCE).

[17]  Mohammed Benaissa,et al.  Low area memory-free FPGA implementation of the AES algorithm , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[18]  Ingrid Verbauwhede,et al.  A 21.54 Gbits/s fully pipelined AES processor on FPGA , 2004, 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines.

[19]  François-Xavier Standaert,et al.  Shuffling against Side-Channel Attacks: A Comprehensive Study with Cautionary Note , 2012, ASIACRYPT.

[20]  Stamatis Vassiliadis,et al.  Reconfigurable memory based AES co-processor , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[21]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[22]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[23]  Matti Tommiska,et al.  A fully pipelined memoryless 17.8 Gbps AES-128 encryptor , 2003, FPGA '03.