Masked Dual-Rail Precharge Logic Encounters State-of-the-Art Power Analysis Methods

Latest evaluation of the state-of-the-art iMDPL logic style has shown small information leakage compared to its predecessor version MDPL. Concurrently, new advanced power analysis attacks specifically targeting iMDPL have been proposed. Up to now, these attacks are purely theoretic and have not been applied to an implementation. We present a comprehensive analysis of iMDPL, backed by real measurements collected from a 180 nm iMDPL prototype chip. We thoroughly study the extent of remaining information leakage of iMDPL by applying all relevant attacks. Our investigation shows the vulnerability of the target device, a standalone AES core, to several of the advanced attack methods. In comparison to conventional power analysis attacks, the advanced attacks need less power measurements to obtain meaningful results. With the help of logic level simulations routing imbalances between complementary mask trees are identified as a major source of leakage.

[1]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[2]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[3]  I. Verbauwhede,et al.  A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards , 2002, Proceedings of the 28th European Solid-State Circuits Conference.

[4]  Alessandro Trifiletti,et al.  Three-Phase Dual-Rail Pre-charge Logic , 2006, CHES.

[5]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[6]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[7]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[8]  Thomas Popp,et al.  Evaluation of Power Estimation Methods Based on Logic Simulations , 2007 .

[9]  Mark G. Karpovsky,et al.  Power attacks on secure hardware based on early propagation of data , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[10]  Serge Vaudenay,et al.  About Machine-Readable Travel Documents , 2007 .

[11]  Kyung-Hee Lee,et al.  Small Size, Low Power, Side Channel-Immune AES Coprocessor: Design and Synthesis Results , 2004, AES Conference.

[12]  R. Menicocci,et al.  Universal masking on logic gate level , 2004 .

[13]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[14]  Thomas Zefferer,et al.  Evaluation of the Masked Logic Style MDPL on a Prototype Chip , 2007, CHES.

[15]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[16]  Patrick Schaumont,et al.  Masking and Dual-Rail Logic Don't Add Up , 2007, CHES.

[17]  Zhimin Chen,et al.  Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage , 2006, CHES.

[18]  Stefan Mangard,et al.  Side-Channel Leakage of Masked CMOS Gates , 2005, CT-RSA.

[19]  François-Xavier Standaert,et al.  Mutual Information Analysis: How, When and Why? , 2009, CHES.

[20]  B. Vollmar,et al.  „Small-for-size“ , 2011, Der Chirurg.

[21]  Christof Paar,et al.  Power Analysis of Single-Rail Storage Elements as Used in MDPL , 2009, ICISC.

[22]  Patrick Schaumont,et al.  Changing the Odds Against Masked Logic , 2006, Selected Areas in Cryptography.

[23]  Sandra Dominikus,et al.  A Highly Regular and Scalable AES Hardware Architecture , 2003, IEEE Trans. Computers.

[24]  Daisuke Suzuki,et al.  Random Switching Logic: A New Countermeasure against DPA and Second-Order DPA at the Logic Level , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[25]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[26]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[27]  Mario Kirschbaum,et al.  Evaluation of a DPA-Resistant Prototype Chip , 2009, 2009 Annual Computer Security Applications Conference.

[28]  Christof Paar,et al.  On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[29]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[30]  Amir Moradi,et al.  Power Analysis Attacks on MDPL and DRSL Implementations , 2007, ICISC.