Countering early evaluation: an approach towards robust dual-rail precharge logic

Wave Dynamic Differential Logic (WDDL) is a hiding countermeasure to thrawt side channel attacks (SCA). It suffers from a vulnerability called Early Evaluation, i.e. calculating output before all inputs are valid. This causes delay biases in WDDL even when synthesized with positive gates. s a consequence, the design can be attacked, although with extra effort, through side channel. However, WDDL is an appealing logic since it has already been reported to natively resist against multiple asymmetric faults. In this article, we suggest a Dual Rail Precharge Logic (DPL), similar to WDDL, free from early evaluation by design. We demonstrate practically that the early evaluation accounts for major part of the leakage. We also provide basic guidelines for designing such a DPL. This DPL can resist against side channel attacks and fault attacks at the same time. In line with the current security evaluation methodology, we use differential power analysis and mutual information to compare the modified WDDL with the traditional WDDL. To compare robustness w.r.t security, we conduct a proof-of-concept experiment that compares the two logics with identical implementations (P&R) apart from the logic style. The sensitive side channel leakage is reduced by half in the DPL without the early evaluation flaw.

[1]  Daisuke Suzuki,et al.  An Analysis of Leakage Factors for Dual-Rail Pre-Charge Logic Style , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[2]  Sylvain Guilley,et al.  Successful attack on an FPGA-based WDDL DES cryptoprocessor without place and route constraints , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[3]  Sylvain Guilley,et al.  Combined SCA and DFA Countermeasures Integrable in a FPGA Design Flow , 2009, 2009 International Conference on Reconfigurable Computing and FPGAs.

[4]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[5]  Sylvain Guilley,et al.  Place-and-route impact on the security of DPL designs in FPGAs , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[6]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[7]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[8]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[9]  Guido Bertoni,et al.  Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks , 2008, IEEE Transactions on Computers.

[10]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[11]  Ingrid Verbauwhede,et al.  Place and Route for Secure Standard Cell Design , 2004, CARDIS.

[12]  Sylvain Guilley,et al.  The "Backend Duplication" Method , 2005, CHES.

[13]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[14]  Sylvain Guilley,et al.  WDDL is Protected against Setup Time Violation Attacks , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[15]  Ingrid Verbauwhede,et al.  Practical DPA attacks on MDPL , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).

[16]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[17]  François-Xavier Standaert,et al.  Mutual Information Analysis: How, When and Why? , 2009, CHES.

[18]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[19]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[20]  Mark G. Karpovsky,et al.  Power attacks on secure hardware based on early propagation of data , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[21]  Daisuke Suzuki,et al.  Security Evaluations of MRSL and DRSL Considering Signal Delays , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[22]  Amir Moradi,et al.  Power Analysis Attacks on MDPL and DRSL Implementations , 2007, ICISC.

[23]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[24]  Sylvain Guilley,et al.  Security Evaluation of a Balanced Quasi-Delay Insensitive Library (SecLib) , 2008 .

[25]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[26]  Patrick Schaumont,et al.  Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment , 2005, CHES.

[27]  Sylvain Guilley,et al.  Evaluation of Power-Constant Dual-Rail Logic as a Protection of Cryptographic Applications in FPGAs , 2008, 2008 Second International Conference on Secure System Integration and Reliability Improvement.