scispace - formally typeset
Search or ask a question
Book ChapterDOI

FPGA-Masked S-Box Implementation for AES Engine

01 Jan 2018-pp 223-233
TL;DR: A high-throughput masked AES engine which helps to avoid differential power analysis attacks on data without compromising the performance and also optimizes the area for AES is proposed.
Abstract: Objective: The paper proposes a high-throughput masked AES engine which helps to avoid differential power analysis attacks on data without compromising the performance. It also optimizes the area for AES. Methods: The AES implemented includes mapping operations from GF(28) to GF(24). The masking is implemented using Boolean masking which provides masking at the algorithmic level and assures secret sharing property. Boolean masking uses XOR operations on plain text or intermediate values which masks these original data. The work includes implementation of AES and masked AES using Verilog in FPGA. Findings: The Boolean masking using XOR operations masks the original values making output independent of the input which in turn avoids correlation between power and input values. This enables weakening of DPA attack. Use of XOR operations does not bring any noticeable variation in performance, area and timing requirements. Applications: The masking technique randomizes the output of the AES for every execution using different mask values. This randomization improves reduction of relation between power consumption of output and input data. Thus, the leakage of data using differential power analysis reduces. Hence, the encryption process becomes DPA attack resistant.
Citations
More filters
Journal ArticleDOI
TL;DR: In this article, the effect of variability on the performance of the nonlinear cryptographic block substitution box (SBOX) is explored at CMOS 45nm technology at 1-V supply voltage.
Abstract: The consistent scaling of metal-oxide-semiconductor field-effect transistor devices lead to parameter variations which become a significant design challenge for the researchers and designers. This variation deviates the design parameter from specific values and degrades the performance. Process, voltage, and temperature (PVT) variations are uncontrollable natural occurring phenomena during fabrication steps that result in slow and fast MOS transistors. In this paper effect of variability on the performance of the nonlinear cryptographic block substitution box (SBOX) is explored at CMOS 45 nm technology at 1 V supply voltage. Performance parameter optimizes by including underlying cells with different CMOS logic structures like pass transistor logic (PTL) and transmission gate (TG). Power consumption pattern increases with FF corner and decreases towards the SS corner while delay varies differently for SF and FS corner. SBOX underlying cell XOR & AND gate implemented with PTL logic reduces the transistor count and lowers power consumption but at the same time PTL logic enhances delay. For the SBOX with TG logic decreases delay by maintaining power and area under specific limit. Delay and power vary more rapidly for PTL, and TG logic compares to static CMOS logic. The simulation result justifies that voltage and temperature variation is more pronounced at SF and FS corners compared to others. Maximum variation occurs for the delay, at SF corner with − 10% supply variation 307.52% and power at FS corner with + 10% supply variation 99.81%. The process variability of SBOX is majorly oriented towards the cryptographic applications and to access the SBOX vulnerabilities and countermeasures challenges.

3 citations

Journal ArticleDOI
TL;DR: The AES algorithm with dynamic S-box makes the system dynamic, more nonlinear, and with an unbreakable architecture, and it is identified that to implement nonlinear transformation in AES, an S- box component has been used.
Abstract: In recent research, very large-scale integration (VLSI) design and its implementation plays a major role. It has been considered as compact and contains additional techniques. However, it undergoes...

3 citations


Cites methods from "FPGA-Masked S-Box Implementation fo..."

  • ...After the introduction of these kind of designs (Jayakumar, 2018), AES on FPGA design resulted in better performance with reduced power, area, and delay....

    [...]

Proceedings ArticleDOI
24 May 2022
TL;DR: In this paper , the authors present the difference between physical and remote power profiling methods and attacks, and present the countermeasures based on masking and hiding techniques to prevent power-based side-channel attacks.
Abstract: In recent years, there are many attacks revealed that can extract secret information from systems. These attacks are so powerful and serious threat to the security of systems. The side-channel attacks which use the power leakage of the cryptographic circuit during performing any operation to obtain a secret key are called power-based side-channel attacks. In this paper, we present a novel definition to explain these attacks, we present the difference between physical and remote power profiling methods and attacks. For our survey, we collect the more related and main information contained about power profiling-based attacks for purpose of a better literature survey. For the prevention of these attacks, we present the countermeasures based on masking and hiding techniques. We also present a brief discussion on attacks and their countermeasures.

1 citations

References
More filters
Book ChapterDOI
09 Dec 2001
TL;DR: Compact and high-speed hardware architectures and logic optimization methods for the AES algorithm Rijndael are described, including a new composite field and the S-Box structure is also optimized.
Abstract: Compact and high-speed hardware architectures and logic optimization methods for the AES algorithm Rijndael are described. Encryption and decryption data paths are combined and all arithmetic components are reused. By introducing a new composite field, the S-Box structure is also optimized. An extremely small size of 5.4 Kgates is obtained for a 128-bit key Rijndael circuit using a 0.11-µm CMOS standard cell library. It requires only 0.052 mm2 of area to support both encryption and decryption with 311 Mbps throughput. By making effective use of the SPN parallel feature, the throughput can be boosted up to 2.6 Gbps for a high-speed implementation whose size is 21.3 Kgates.

722 citations

Book ChapterDOI
12 Aug 1999
TL;DR: It is shown that it is possible to build an implementation that is provably DPA-resistant, in a "local" and restricted way (i.e. when - given a chip with a fixed key - the attacker only tries to detect predictable local deviations in the differentials of mean curves).
Abstract: Paul Kocher recently developped attacks based on the electric consumption of chips that perform cryptographic computations. Among those attacks, the "Differential Power Analysis" (DPA) is probably one of the most impressive and most difficult to avoid.In this paper, we present several ideas to resist this type of attack, and in particular we develop one of them which leads, interestingly, to rather precise mathematical analysis. Thus we show that it is possible to build an implementation that is provably DPA-resistant, in a "local" and restricted way (i.e. when - given a chip with a fixed key - the attacker only tries to detect predictable local deviations in the differentials of mean curves). We also briefly discuss some more general attacks, that are sometimes efficient whereas the "original" DPA fails. Many measures of consumption have been done on real chips to test the ideas presented in this paper, and some of the obtained curves are printed here.

631 citations

Book ChapterDOI
Thomas S. Messerges1
10 Apr 2000
TL;DR: Techniques to protect software implementations of the AES candidate algorithms from power analysis attacks are investigated and new countermeasures that employ random masks are developed and the performance characteristics of these countermeasures are analyzed.
Abstract: Techniques to protect software implementations of the AES candidate algorithms from power analysis attacks are investigated. New countermeasures that employ random masks are developed and the performance characteristics of these countermeasures are analyzed. Implementations in a 32-bit, ARM-based smartcard are considered.

369 citations

Book ChapterDOI
Atri Rudra, Pradeep Dubey, C. S. Jutla1, Vijay Kumar, Josyula R. Rao1, Pankaj Rohatgi1 
14 May 2001
TL;DR: This work explores the use of subfield arithmetic for efficient implementations of Galois Field arithmetic especially in the context of the Rijndael block cipher and describes how to select a representation which minimizes the computation cost of the relevant arithmetic.
Abstract: We explore the use of subfield arithmetic for efficient implementations of Galois Field arithmetic especially in the context of the Rijndael block cipher. Our technique involves mapping field elements to a composite field representation. We describe how to select a representation which minimizes the computation cost of the relevant arithmetic, taking into account the cost of the mapping as well. Our method results in a very compact and fast gate circuit for Rijndael encryption. In conjunction with bit-slicing techniques applied to newly proposed parallelizable modes of operation, our circuit leads to a high-performance software implementation for Rijndael encryption which offers significant speedup compared to previously reported implementations.

290 citations

Journal ArticleDOI
TL;DR: This paper addresses various approaches for efficient hardware implementation of the Advanced Encryption Standard algorithm with various methods to reduce the critical path and area of each round unit.
Abstract: This paper addresses various approaches for efficient hardware implementation of the Advanced Encryption Standard algorithm. The optimization methods can be divided into two classes: architectural optimization and algorithmic optimization. Architectural optimization exploits the strength of pipelining, loop unrolling and sub-pipelining. Speed is increased by processing multiple rounds simultaneously at the cost of increased area. Architectural optimization is not an effective solution infeed-back mode. Loop unrolling is the only architecture that can achieve a slight speedup with significantly increased area. In non-feedback mode, subpipelining can achieve maximum speedup and the best speed/area ratio. Algorithmic optimization exploits algorithmic strength inside each round unit. Various methods to reduce the critical path and area of each round unit are presented. Resource sharing issues between encryptor and decryptor are also discussed. They become important issues when both encryptor and decryptor need to be implemented in a small area.

161 citations