Analyzing the DPA Leakage of the Masked S-box via Digital Simulation and Reducing the Leakage by Inserting Delay Cells

Differential power analysis (DPA) attack is an important threat that researchers spend great effort to make crypto algorithms resistant against DPA attacks. A masked AES hardware has been implemented under the project of National ID Card Design, and a prototype of the chip has been manufactured in HHNEC's 0.25 um eFlash process. Whole round analysis (WRA) of the hardware has shown that masked S-boxes of AES have zero-value (ZV) input DPA leakage. In order to determine whether the hardware has DPA leakage before manufacturing, an accurate power model in digital simulation with back-annotated netlist has been generated. In this paper, we show that DPA leakage can be reduced by inserting delay cells just before nets where the leakage is significantly high. Moreover, improvements achieved by inserting delay cells have been demonstrated with the help of generated power model by using the back-annotated netlist of the whole AES hardware, and this method gives more realistic results to determine the effectiveness of the improvements rather than in which only back-annotated netlist of the S-boxes has been used.

[1]  Stefan Mangard,et al.  A Masked AES ASIC Implementation ∗ , 2004 .

[2]  Yusuf Leblebici,et al.  Low-power current mode logic for improved DPA-resistance in embedded systems , 2005, 2005 IEEE International Symposium on Circuits and Systems.

[3]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[4]  Louis Goubin,et al.  Two Power Analysis Attacks against One-Mask Methods , 2004, FSE.

[5]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[6]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[7]  Stefan Mangard,et al.  Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations , 2006, CHES.

[8]  Ingrid Verbauwhede,et al.  Simulation models for side-channel information leaks , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[9]  C. D. Walter,et al.  MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis , 2002, CT-RSA.

[10]  Adi Shamir,et al.  Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies , 2000, CHES.

[11]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[12]  Wieland Fischer,et al.  Masking at Gate Level in the Presence of Glitches , 2005, CHES.

[13]  Zhimin Chen,et al.  Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage , 2006, CHES.

[14]  A. Alvandpour,et al.  A comparative analysis of logic styles for secure IC's against DPA attacks , 2005, 2005 NORCHIP.

[15]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[16]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[17]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[18]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[19]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[20]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[21]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[22]  Jovan Dj. Golic,et al.  Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[23]  Frédéric Valette,et al.  The Davies-Murphy Power Attack , 2004, ASIACRYPT.

[24]  Jean-Sébastien Coron,et al.  Statistics and secret leakage , 2000, TECS.

[25]  Bart Preneel,et al.  Blind Differential Cryptanalysis for Enhanced Power Attacks , 2006, Selected Areas in Cryptography.

[26]  Louis Goubin,et al.  A Generic Protection against High-Order Differential Power Analysis , 2003, FSE.