Masking and Dual-Rail Logic Don't Add Up
Patrick Schaumont,Kris Tiri +1 more
- pp 95-106
TLDR
It is shown that the routing imbalances can be used to detect the value of the mask bit, and that this conclusion also holds for masked pre-charged logic styles and for all practical implementations of masked dual-rail logic styles.Abstract:
Masked logic styles use a random mask bit to de-correlate the power consumption of the circuit from the state of the algorithm. The effect of the random mask bit is that the circuit switches between two complementary states with a different power profile. Earlier work has shown that the mask-bit value can be estimated from the power consumption profile, and that masked logic remains susceptible to classic power attacks after only a simple filtering operation. In this contribution we will show that this conclusion also holds for masked pre-charged logic styles and for all practical implementations of masked dual-rail logic styles. Up to now, it was believed that masking and dual-rail can be combined to provide a routing-insensitive logic style. We will show that this assumption is not correct. We demonstrate that the routing imbalances can be used to detect the value of the mask bit. Simulations as well as analysis of design data from an AES chip support this conclusion.read more
Citations
More filters
Posted Content
Lightweight Cryptography - Cryptographic Engineering for a Pervasive World.
TL;DR: In this article, the authors proposed a block ciphers based hash function called PRESENT, which is the smallest published hash function with a digest size greater than or equal to 160 bits.
Book ChapterDOI
Lightweight cryptography and DPA countermeasures: a survey
Amir Moradi,Axel Poschmann +1 more
TL;DR: It is concluded that adiabatic logic countermeasures, such as 2N-2N2P and SAL, seem to be promising candidates, because they increase the resistance against DPA attacks while at the same time lowering the power consumption of the pervasive device.
Journal ArticleDOI
Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics
Sylvain Guilley,Laurent Sauvage,Florent Flament,Vinh-Nga Vong,Philippe Hoogvorst,Renaud Pacalet +5 more
TL;DR: It is proved that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL, and the fine-grained timing behavior is the main reason for security weaknesses.
Book ChapterDOI
Gate-Level Masking under a Path-Based Leakage Metric
TL;DR: This paper presents a new technique for gate-level masking that is free of glitches and early propagation, yet requires only cell-level "don't touch" constraints, and can be implemented in a typical FPGA or standard cell ASIC design flow.
Book ChapterDOI
A Design Methodology for a DPA-Resistant Cryptographic LSI with RSL Techniques
TL;DR: From the results of attack experiments, it is confirmed that the RSL-AES circuit has very high DPA and CPA resistance thanks to the contributions of both the masking function and the glitch suppressing function, the first result demonstrating reduction of the side-channel leakage by glitch suppression quantitatively on real ASIC.
References
More filters
Book
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
TL;DR: In this paper, the authors present a comprehensive treatment of power analysis attacks and countermeasures, based on the principle that the only way to defend against such attacks is to understand them.
Book
Power Analysis Attacks: Revealing the Secrets of Smart Cards
TL;DR: This volume explains how power analysis attacks work and provides an extensive discussion of countermeasures like shuffling, masking, and DPA-resistant logic styles to decide how to protect smart cards.
Proceedings ArticleDOI
A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation
Kris Tiri,Ingrid Verbauwhede +1 more
TL;DR: A novel design methodology to implement a secure DPA resistant crypto processor that combines standard building blocks to make 'new' compound standard cells, which have a close to constant power consumption.
Book ChapterDOI
Masked dual-rail pre-charge logic: DPA-resistance without routing constraints
Thomas Popp,Stefan Mangard +1 more
TL;DR: A novel side-channel analysis resistant logic style called MDPL is described that is a masked and dual-rail pre-charge logic style and can be implemented using common CMOS standard cell libraries, making it perfectly suitable for semi-custom designs.
Journal Article
Masked dual-rail pre-charge logic : DPA-resistance without routing constraints
Thomas Popp,Stefan Mangard +1 more
TL;DR: In this paper, a side-channel analysis resistant logic style called MDPL is proposed to avoid implementation constraints that are costly to satisfy, such as the capacitive load of complementary wires in an integrated circuit.