The present invention, in some embodiments thereof, relates to mitigating side channel attacks on logic circuits, and, more particularly, but not exclusively, to a logic circuit design to mitigate power analysis attacks.
Electronic devices such as smart cards and radio frequency identification (RFID) tags contain private or secret information. This information is usually protected by cryptographic algorithms that run on a dedicated crypto core. Cryptographic algorithms protect the information from eavesdropper adversaries but leave it assailable to side channel attacks. Side channel attacks are based on the observation that the hardware leaks information. One of the most powerful side channel attacks is a power analysis (PA) attack. Power analysis attacks may be carried out with fairly low-cost equipment and their computational complexity is relatively low.
A power analysis attack is based on statistical tests on two sets of variables: the measured power supply current, and the hypothesized power supply current. The hypothesized power supply current is calculated for each possible secret key. The key with the highest probability is assumed to be the correct one. To do so, the attacker must model the dissipated current as a function of the circuit's functionality and its inputs. Typically, it is assumed that the current is proportional to the Hamming weight of the output (or to the Hamming distance between two successive logical outputs).
In practice, the output bits are not computed simultaneously or instantaneously. The computation of each output bit depends on several factors including the input slopes, transistor/gate sizing along the data-propagation path, routing capacitance and resistance, thermal noise and voltage fluctuations. As a result, the propagation delay is data-dependent. In turn, there is Intra-Cycle information leakage.
Countermeasures against security threats may be embedded in cryptographic cores at all abstraction levels (i.e., circuit/gate, combinatorial block, architecture and algorithm). Countermeasures at the circuit level are divided into two types: countermeasures that aim to randomize the consumed power and countermeasures that aim to flatten the energy consumption per cycle. Countermeasures that randomize the power profile include gate level masking, Random pre-charge Logic RPL, Random delay Insertion RDI and gate level randomization—Random Multi Topology Logic RMTL. Countermeasures at the circuit level, such as Dual-rail logic based: Sense Amplifier Based Logic, SABL, Charge Recycling SABL, CRSABL, Dual Spacer Dual Rail, DSDR, Delay Based Dual Rail, DDPL, Three Phase Dual Rail, TDPL, Wave Dynamic and Differential, WDDL, Divided WDDL, DWDDL and Dynamic Current Mode Logic, DyCML, are embedded in the combinatorial part of the system. These countermeasures aim to consume constant energy per cycle and have been shown to be sensitive to process mismatch, hazards, coupling capacitances, process variations, noise, delay imbalance, etc. These non-idealities make almost all previously proposed countermeasures vulnerable to revealing secret data.
Additional background art includes:
[1] S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, 2008.
[2] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card security under the threat of power analysis attacks,” IEEE Trans. Comput., vol. 51, no. 5, pp. 541-552, May 2002.
[3] D. Naccache and D. M'Raihi, “Cryptographic smart cards,” IEEE Micro, vol. 16, no. 3, pp. 14, 16-24, June 1996.
[4] L. Batina, J. Guajardo, T. Kerins, N. Mentens, P. Tuyls, and I. Verbauwhede, “Public-Key Cryptography for RFID-Tags,” in Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, 2007. PerCom Workshops '07, 2007, pp. 217-222.
[5] P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, “Introduction to differential power analysis,” J. Cryptogr. Eng., vol. 1, no. 1, pp. 5-27, April 2011.
[6] E. Brier, C. Clavier, and F. Olivier, “Correlation Power Analysis with a Leakage Model,” in Cryptographic Hardware and Embedded Systems—CHES 2004, M. Joye and J.-J. Quisquater, Eds. Springer Berlin Heidelberg, 2004, pp. 16-29.
[7] P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” in Advances in Cryptology—CRYPTO '99, M. Wiener, Ed. Springer Berlin Heidelberg, 1999, pp. 388-397.
[8] S. Mangard, T. Popp, and B. M. Gammel, “Side-Channel Leakage of Masked CMOS Gates,” in Topics in Cryptology—CT-RSA 2005, A. Menezes, Ed. Springer Berlin Heidelberg, 2005, pp. 351-365.
[9] D. P. Triantis, A. N. Birbas, and D. Kondis, “Thermal noise modeling for short-channel MOSFETs,” IEEE Trans. Electron Devices, vol. 43, no. 11, pp. 1950-1955, November 1996.
[10] S. K. Saha, “Modeling Process Variability in Scaled CMOS Technology,” IEEE Design &amp; Test of Computers, vol. 27, no. 2, pp. 8-16, 2010.
[11] T. Popp, M. Kirschbaum, T. Zefferer, and S. Mangard, “Evaluation of the Masked Logic Style MDPL on a Prototype Chip,” in Cryptographic Hardware and Embedded Systems—CHES 2007, P. Paillier and I. Verbauwhede, Eds. Springer Berlin Heidelberg, 2007, pp. 81-94.
[12] E. De Mulder, B. Gierlichs, B. Preneel, and I. Verbauwhede, “Practical DPA attacks on MDPL,” in First IEEE International Workshop on Information Forensics and Security, 2009. WIFS 2009, 2009, pp. 191-195.
[13] A. Moradi, M. Salmasizadeh, and M. T. M. Shalmani, “Power Analysis Attacks on MDPL and DRSL Implementations,” in Information Security and Cryptology—ICISC 2007, K.-H. Nam and G. Rhee, Eds. Springer Berlin Heidelberg, 2007, pp. 259-272.
[14] T. Popp and S. Mangard, “Implementation aspects of the DPA-resistant logic style MDPL,” in 2006 IEEE International Symposium on Circuits and Systems, 2006. ISCAS 2006. Proceedings, 2006, p. 4 pp.-2916.
[15] M. Bucci, M. Guglielmo, R. Luzzi, and A. Trifiletti, “A Power Consumption Randomization Countermeasure for DPA-Resistant Cryptographic Processors,” in Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation, E. Macii, V. Paliouras, and O. Koufopavlou, Eds. Springer Berlin Heidelberg, 2004, pp. 481-490.
[16] M. Bucci, R. Luzzi, M. Guglielmo, and A. Trifiletti, “A countermeasure against differential power analysis based on random delay insertion,” in IEEE International Symposium on Circuits and Systems, 2005. ISCAS 2005, 2005, pp. 3547-3550 Vol. 4.
[17] M. Avital, H. Dagan, O. Keren, and A. Fish, “Randomized Multitopology Logic Against Differential Power Analysis,” IEEE Trans. Very Large Scale Integr. VLSI Syst., vol. Early Access Online, 2014.
[18] K. Tiri and I. Verbauwhede, “A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation,” in Proceedings of the Conference on Design, Automation and Test in Europe—Volume 1, Washington, D.C., USA, 2004, p. 10246-.
[19] K. Tiri and I. Verbauwhede, “Charge recycling sense amplifier based logic: securing low power security ICs against DPA [differential power analysis],” in Solid-State Circuits Conference, 2004. ESSCIRC 2004. Proceeding of the 30th European, 2004, pp. 179-182.
[20] D. Sokolov, J. Murphy, A. Bystrov, and A. Yakovlev, “Design and analysis of dual-rail circuits for security applications,” IEEE Trans. Comput., vol. 54, no. 4, pp. 449-460, April 2005.
[21] D. Sokolov, J. Murphy, A. Bystrov, and A. Yakovlev, “Improving the Security of Dual-Rail Circuits,” in Cryptographic Hardware and Embedded Systems—CHES 2004, M. Joye and J.-J. Quisquater, Eds. Springer Berlin Heidelberg, 2004, pp. 282-297.
[22] M. Bucci, L. Giancane, R. Luzzi, G. Scotti, and A. Trifiletti, “Delay-Based Dual-Rail Precharge Logic,” IEEE Trans. Very Large Scale Integr. VLSI Syst., vol. 19, no. 7, pp. 1147-1153, July 2011.
[23] M. Bucci, L. Giancane, R. Luzzi, and A. Trifiletti, “Three-Phase Dual-Rail Pre-charge Logic,” in Cryptographic Hardware and Embedded Systems—CHES 2006, L. Goubin and M. Matsui, Eds. Springer Berlin Heidelberg, 2006, pp. 232-241.
[24] M. Bucci, L. Giancane, R. Luzzi, and A. Trifiletti, “A Flip-flop for the DPA Resistant Three-phase Dual-rail Pre-charge Logic Family,” IEEE Trans Very Large Scale Integr Syst, vol. 20, no. 11, pp. 2128-2132, November 2012.
[25] D. D. Hwang, K. Tiri, A. Hodjat, B.-C. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, “AES-Based Security Coprocessor IC in 0.18—CMOS With Resistance to Differential Power Analysis Side-Channel Attacks,” IEEE J. Solid-State Circuits, vol. 41, no. 4, pp. 781-792, April 2006.
[26] F. Mace, I. Hassoune, and others, “A Dynamic Current Mode Logic to Counteract Power Analysis Attacks,” in In The Proceedings of DCIS 2004, 2004.
[27] S. Mangard, N. Pramstaller, and E. Oswald, “Successfully Attacking Masked AES Hardware Implementations,” in Cryptographic Hardware and Embedded Systems—CHES 2005, J. R. Rao and B. Sunar, Eds. Springer Berlin Heidelberg, 2005, pp. 157-171.
[28] D. K. Sharma, B. K. Kaushik, and R. K. Sharma, “Signal integrity and propagation delay analysis using FDTD technique for VLSI interconnects,” J. Comput. Electron., vol. 13, no. 1, pp. 300-306, March 2014.
[29] P. Heydari and M. Pedram, “Capacitive coupling noise in high-speed VLSI circuits,” IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., vol. 24, no. 3, pp. 478-488, March 2005.
[30] H. Xu, V. F. Pavlidis, X. Tang, W. Burleson, and G. De Micheli, “Timing Uncertainty in 3-D Clock Trees Due to Process Variations and Power Supply Noise,” IEEE Trans. Very Large Scale Integr. VLSI Syst., vol. 21, no. 12, pp. 2226-2239, December 2013.
[31] H. H. Chen and D. D. Ling, “Power Supply Noise Analysis Methodology for Deep-submicron VLSI Chip Design,” in Proceedings of the 34th Annual Design Automation Conference, New York, N.Y., USA, 1997, pp. 638-643.
[32] C. Clavier, J.-S. Coron, and N. Dabbous, “Differential Power Analysis in the Presence of Hardware Countermeasures,” in Cryptographic Hardware and Embedded Systems—CHES 2000, . K. Ko and C. Paar, Eds. Springer Berlin Heidelberg, 2000, pp. 252-263.
[33] S. Mangard, “Hardware Countermeasures against DPA—A Statistical Analysis of Their Effectiveness,” in Topics in Cryptology—CT-RSA 2004, T. Okamoto, Ed. Springer Berlin Heidelberg, 2004, pp. 222-235.
[34] J. Daemen and V. Rijmen, The Design of Rijndael: AES—The Advanced Encryption Standard. Springer Science & Business Media, 2002.
[35] E. Biham and A. Shamir, “Differential Cryptanalysis of DES Variants,” in Differential Cryptanalysis of the Data Encryption Standard, Springer New York, 1993, pp. 33-77.
[36] F. Chabaud and S. Vaudenay, “Links between differential and linear cryptanalysis,” in Advances in Cryptology—EUROCRYPT '94, A. D. Santis, Ed. Springer Berlin Heidelberg, 1995, pp. 356-365.
[37] F. E. Croxton and D. J. Cowden, Applied general statistics, vol. xviii. New York, N.Y., US: Prentice-Hall, Inc, 1939.
[38] M. Alioto, M. Poli, and S. Rocchi, “A General Power Model of Differential Power Analysis Attacks to Static Logic Circuits,” IEEE Trans. Very Large Scale Integr. VLSI Syst., vol. 18, no. 5, pp. 711-724, May 2010.
[39] Y. Cao and L. T. Clark, “Mapping Statistical Process Variations Toward Circuit Performance Variability: An Analytical Modeling Approach,” IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., vol. 26, no. 10, pp. 1866-1873, October 2007.
[40] Q. Gao, Y. Shen, Y. Cai, and H. Yao, “Analog Circuit Shielding Routing Algorithm Based on Net Classification,” in Proceedings of the 16th ACM/IEEE International Symposium on Low Power Electronics and Design, New York, N.Y., USA, 2010, pp. 123-128.
[41] D. A. Huffman, “The Design and Use of Hazard-Free Switching Networks,” J ACM, vol. 4, no. 1, pp. 47-62, January 1957.
[42] R. Arunachalam, R. D. Blanton, and L. T. Pileggi, “False Coupling Interactions in Static Timing Analysis,” in Proceedings of the 38th Annual Design Automation Conference, New York, N.Y., USA, 2001, pp. 726-731.
[43] J. M. Rabaey, “Digital Integrated Circuits: A Design Perspective”.
[44] K. Baddam and M. Zwolinski, “Divided Backend Duplication Methodology for Balanced Dual Rail Routing,” in Cryptographic Hardware and Embedded Systems—CHES 2008, E. Oswald and P. Rohatgi, Eds. Springer Berlin Heidelberg, 2008, pp. 396-410.
[45] D. Suzuki and M. Saeki, “Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style,” in Cryptographic Hardware and Embedded Systems—CHES 2006, L. Goubin and M. Matsui, Eds. Springer Berlin Heidelberg, 2006, pp. 255-269.
[46] “The International Technology Roadmap for Semiconductors,” ITRS website. Available: http://public(dot)itrs(dot)net
[47] F.-X. Standaert, T. G. Malkin, and M. Yung, “A unified framework for the analysis of side-channel key recovery attacks,” in Advances in Cryptology—EUROCRYPT 2009, Springer, 2009, pp. 443-461.
[48] S. Mangard, E. Oswald, and F.-X. Standaert, “One for all—all for one: unifying standard differential power analysis attacks,” IET Information Security, vol. 5, no. 2, p. 100, 2011.
[49] A. Moradi, T. Eisenbarth, A. Poschmann, C. Rolfes, C. Paar, M. T. M. Shalmani, and M. Salmasizadeh, “Information Leakage of Flip-Flops in DPA-Resistant Logic Styles,” IACR Cryptology ePrint Archive, vol. 2008, p. 188, 2008.
[50] B. Vaquie, S. Tiran, and P. Maurine, “Secure D flip-flop against side channel attacks,” IET Circuits, Devices Systems, vol. 6, no. 5, pp. 347-354, September 2012.
[51] T. Evans, “Embedding incomplete latin squares”, Amer. Math. Monthly, 67 (1960), pp. 959-961.
[52] J. Balasch, B. Gierlichs, V. Grosso, O. Reparaz, and F.-X. Standaert, “On the Cost of Lazy Engineering for Masked Software Implementations,” in Smart Card Research and Advanced Applications, M. Joye and A. Moradi, Eds. Springer International Publishing, 2014, pp. 64-81.
[53] J. Waddle and D. Wagner, “Towards Efficient Second-Order Power Analysis,” in Cryptographic Hardware and Embedded Systems—CHES 2004, M. Joye and J.-J. Quisquater, Eds. Springer Berlin Heidelberg, 2004, pp. 1-15.
[54] K. Schramm and C. Paar, “Higher Order Masking of the AES,” in Topics in Cryptology—CT-RSA 2006, D. Pointcheval, Ed. Springer Berlin Heidelberg, 2006, pp. 208-225.
[55] B. Gierlichs, L. Batina, B. Preneel, and I. Verbauwhede, “Revisiting Higher-Order DPA Attacks:” in Topics in Cryptology—CT-RSA 2010, J. Pieprzyk, Ed. Springer, 2010, pp. 221-234.
[56] E. Peeters, F.-X. Standaert, N. Donckers, and J.-J. Quisquater, “Improved Higher-Order Side-Channel Attacks with FPGA Experiments,” in Cryptographic Hardware and Embedded Systems—CHES 2005, J. R. Rao and B. Sunar, Eds. Springer, 2005.
[57] M. Joye, P. Paillier, and B. Schoenmakers, “On Second-Order Differential Power Analysis,” in Cryptographic Hardware and Embedded Systems—CHES 2005, J. R. Rao and B. Sunar, Eds. Springer Berlin Heidelberg, 2005, pp. 293-308.
[58] N. M. Kamoun, L. Bossuet, and A. Ghazel, “Experimental implementation of 2ODPA attacks on AES design with flash-based FPGA technology,” in 2010 International Conference on Microelectronics (ICM), 2010, pp. 407-410.
[59] T. S. Messerges, “Using Second-Order Power Analysis to Attack DPA Resistant Software,” in Cryptographic Hardware and Embedded Systems—CHES 2000, ç. K. Koç and C. Paar, Eds. Springer Berlin Heidelberg, 2000, pp. 238-251.
[60] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “Higher-Order Threshold Implementations,” in Advances in Cryptology—ASIACRYPT 2014, P. Sarkar and T. Iwata, Eds. Springer Berlin Heidelberg, 2014, pp. 326-343.
[61] E. Oswald, S. Mangard, C. Herbst, and S. Tillich, “Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers,” in Topics in Cryptology—CT-RSA 2006, D. Pointcheval, Ed. Springer Berlin Heidelberg, 2006, pp. 192-207.