BCDL: A high speed balanced DPL for FPGA with global precharge and no early evaluation

In this paper, we present BCDL (Balanced Cell-based Dual-rail Logic), a new counter-measure against Side Channel Attacks (SCA) on cryptoprocessors implementing symmetrical algorithms on FPGA. BCDL is a DPL (Dual-rail Precharge Logic), which aims at overcoming most of the usual vulnerabilities of such counter-measures, by using specific synchronization schemes, while maintaining a reasonable complexity. We compare our architecture in terms of complexity, performances and easiness to design with other DPLs (WDDL, IWDDL, MDPL, iMDPL, STTL, DRSL, SecLib). It is shown that BCDL can be optimized to achieve higher performances than any other DPLs (more than 1/2 times the nominal data rate) with an affordable complexity. Finally, we implement a BCDL AES on an FPGA and compare its robustness against DPA by using the number of Measurements To Disclosure (MTD) required to find the key with regards to unprotected AES. It is observed that the SCA on a BCDL implementation failed for 150,000 power consumption traces which represents a gain greater than 20 w.r.t. the unprotected version. Moreover the fault attack study has pointed out the natural resistance of BCDL against simple faults attacks.

[1]  Zhimin Chen,et al.  Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage , 2006, CHES.

[2]  Sylvain Guilley,et al.  Evaluation of Power-Constant Dual-Rail Logic as a Protection of Cryptographic Applications in FPGAs , 2008, 2008 Second International Conference on Secure System Integration and Reliability Improvement.

[3]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[4]  William P. Marnane,et al.  Isolated WDDL: A Hiding Countermeasure for Differential Power Analysis on FPGAs , 2009, TRETS.

[5]  Sylvain Guilley,et al.  Successful attack on an FPGA-based WDDL DES cryptoprocessor without place and route constraints , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[6]  Sylvain Guilley,et al.  The "Backend Duplication" Method , 2005, CHES.

[7]  Lionel Torres,et al.  Evaluating the robustness of secure triple track logic through prototyping , 2008, SBCCI '08.

[8]  Mark Zwolinski,et al.  Divided Backend Duplication Methodology for Balanced Dual Rail Routing , 2008, CHES.

[9]  Patrick Schaumont,et al.  Secure FPGA circuits using controlled placement and routing , 2007, 2007 5th IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[10]  Stefan Mangard,et al.  Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints , 2005, CHES.

[11]  Mark G. Karpovsky,et al.  Power attacks on secure hardware based on early propagation of data , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[12]  Daisuke Suzuki,et al.  Random Switching Logic: A New Countermeasure against DPA and Second-Order DPA at the Logic Level , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[14]  Sylvain Guilley,et al.  Combined SCA and DFA Countermeasures Integrable in a FPGA Design Flow , 2009, 2009 International Conference on Reconfigurable Computing and FPGAs.

[15]  Sylvain Guilley,et al.  WDDL is Protected against Setup Time Violation Attacks , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[16]  Ingrid Verbauwhede,et al.  Place and Route for Secure Standard Cell Design , 2004, CARDIS.

[17]  Kyoji Shibutani,et al.  A Practical DPA Countermeasure with BDD Architecture , 2008, CARDIS.

[18]  Daisuke Suzuki,et al.  Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style , 2006, CHES.

[19]  Sylvain Guilley,et al.  Security Evaluation of a Balanced Quasi-Delay Insensitive Library (SecLib) , 2008 .

[20]  Ingrid Verbauwhede,et al.  Practical DPA attacks on MDPL , 2009, 2009 First IEEE International Workshop on Information Forensics and Security (WIFS).