Side-Channel Resistant Crypto for Less than 2,300 GE

A provably secure countermeasure against first order side-channel attacks was proposed by Nikova et al. (P. Ning, S. Qing, N. Li (eds.) International conference in information and communications security. Lecture notes in computer science, vol. 4307, pp. 529–545, Springer, Berlin, 2006). We have implemented the lightweight block cipher PRESENT using the proposed countermeasure. For this purpose we had to decompose the S-box used in PRESENT and split it into three shares that fulfill the properties of the scheme presented by Nikova et al. (P. Lee, J. Cheon (eds.) International conference in information security and cryptology. Lecture notes in computer science, vol. 5461, pp. 218–234, Springer, Berlin, 2008). Our experimental results on real-world power traces show that this countermeasure provides additional security. Post-synthesis figures for an ASIC implementation require only 2,300 GE, which makes this implementation suitable for low-cost passive RFID-tags.

[1]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[2]  Amir Moradi,et al.  A secure and low-energy logic style using charge recovery approach , 2008, Proceeding of the 13th international symposium on Low power electronics and design (ISLPED '08).

[3]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[4]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[5]  Daisuke Suzuki,et al.  DPA Leakage Models for CMOS Logic Circuits , 2005, CHES.

[6]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[7]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[8]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[9]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[10]  Amir Moradi,et al.  Lightweight Cryptography and DPA Countermeasures: A Survey , 2010, Financial Cryptography Workshops.

[11]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[12]  Mark Weiser,et al.  The computer for the 21st Century , 1991, IEEE Pervasive Computing.

[13]  David King ER , 2008, BMJ : British Medical Journal.

[14]  T. Good,et al.  Hardware results for selected stream cipher candidates , 2007 .

[15]  P. Fiser,et al.  Two-Level Boolean Minimizer BOOM-II , 2004 .

[16]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[17]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[18]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[19]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[20]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[21]  David A. Wagner,et al.  Towards Efficient Second-Order Power Analysis , 2004, CHES.

[22]  Vincent Rijmen,et al.  Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches , 2009, ICISC.

[23]  Stéphane Badel,et al.  A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions , 2009, CHES.

[24]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[25]  Christof Paar,et al.  New Lightweight DES Variants , 2007, FSE.

[26]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[27]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[28]  Jan Hlavicka,et al.  BOOM-a heuristic Boolean minimizer , 2001, IEEE/ACM International Conference on Computer Aided Design. ICCAD 2001. IEEE/ACM Digest of Technical Papers (Cat. No.01CH37281).

[29]  Jennie Malboeuf Algorithm , 1994, Neurology.

[30]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[31]  Panu Hämäläinen,et al.  Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core , 2006, 9th EUROMICRO Conference on Digital System Design (DSD'06).

[32]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[33]  Chae Hoon Lim,et al.  mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[34]  Narayanan Vijaykrishnan,et al.  Power attack resistant cryptosystem design: a dynamic voltage and frequency switching approach , 2005, Design, Automation and Test in Europe.

[35]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[36]  Jean-Jacques Quisquater,et al.  ASIC Implementations of the Block Cipher SEA for Constrained Applications , 2007 .

[37]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[38]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[39]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[40]  A. Furmanyuk,et al.  Masked Encryption Algorithm mCrypton for Resource-Constrained Devices , 2007, 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[41]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[42]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[43]  Christof Paar,et al.  Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[44]  I. Xilinx,et al.  Virtex-II Pro and Virtex-II Pro X Platform FPGAs: Complete data sheet , 2004 .