Leakage-based differential power analysis (LDPA) on sub-90nm CMOS cryptosystems

Since the vulnerability of cryptosystems to differential power analysis (DPA) was reported in 1999, various power analysis attacks and corresponding countermeasures have been studied. With the scaling down of supply voltage and CMOS technology below 90 nm, leakage power plays an increasing role in the overall power dissipation. Future cryptosystems need to address this trend, though it has not been of concern yet in low- cost cryptosystems such as smartcards and RFED tags which currently use older technologies and low performance transistors. In this paper, we explore the impact of leakage power on conventional DPA and the feasibility of a novel leakage-based DPA (LDPA). We first use SPICE simulations to explore the leakage dependence on input patterns of logic gates implemented in 90 nm, 65 nm, and 45 nm CMOS technologies. Then we simulate a successful LDPA on a subset of a DES cryptosystem with only 120 rounds, in contrast to the 200 rounds reported for a conventional DPA in 180 nm technology. Furthermore, we demonstrate how even a DES implementation using a DPA-resistant logic style can be broken with LDPA in 2000 rounds, compared with the conventional DPA using more than 5000 rounds.

[1]  Geoff V. Merrett,et al.  Leakage Power Analysis and Comparison of Deep Submicron Logic Gates , 2004, PATMOS.

[2]  Yusuf Leblebici,et al.  Low-power current mode logic for improved DPA-resistance in embedded systems , 2005, 2005 IEEE International Symposium on Circuits and Systems.

[3]  Roman Novak,et al.  Side-Channel Attack on Substitution Blocks , 2003, ACNS.

[4]  Stefan Mangard,et al.  Implementation aspects of the DPA-resistant logic style MDPL , 2006, 2006 IEEE International Symposium on Circuits and Systems.

[5]  Ingrid Verbauwhede,et al.  Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology , 2003, CHES.

[6]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[7]  Stefan Mangard,et al.  Power and EM Attacks on Passive 13.56 MHz RFID Devices , 2007, CHES.

[8]  Sandip Kundu,et al.  A Study on Impact of Leakage Current on Dynamic Power , 2007, 2007 IEEE International Symposium on Circuits and Systems.

[9]  Narayanan Vijaykrishnan,et al.  Power attack resistant cryptosystem design: a dynamic voltage and frequency switching approach , 2005, Design, Automation and Test in Europe.

[10]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[11]  Alasdair McAndrew Data Encryption Standard (DES) for Sage , 2009 .

[12]  Wei Zhang,et al.  Masking the energy behavior of DES encryption [smart cards] , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[13]  S. Nassif,et al.  Full chip leakage-estimation considering power supply and temperature variations , 2003, Proceedings of the 2003 International Symposium on Low Power Electronics and Design, 2003. ISLPED '03..

[14]  Alessandro Trifiletti,et al.  Analysis of data dependence of leakage current in CMOS cryptographic hardware , 2007, GLSVLSI '07.

[15]  Narayanan Vijaykrishnan,et al.  Masking the Energy Behavior of DES Encryption , 2003, DATE.

[16]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[17]  Bart Preneel,et al.  Power-Analysis Attacks on an FPGA - First Experimental Results , 2003, CHES.