The present invention, in some embodiments thereof, relates to logic element design, and, more particularly, but not exclusively, to logic element design to combat side channel attacks.
Electronic circuits leak information related to their internal signals through their power consumption. Power analysis (PA) attack procedures abuse this information to gain access to secret information.
PA attack procedures take place in several steps. The first involves the preprocessing of the current traces, segmentation, and then synchronization of the segments. Since current traces are noisy, PA attacks rely on statistics and their success depends on the attacker's ability to preprocess the data. In conventional synchronous circuits, synchronization is inherently possible. For the analysis, d points in time are examined per computation (d is referred to as the order of the analysis). As the number of these Points-Of-Interest (POI) increase (if shares in threshold-implementation or masks in masking countermeasures are manipulated at different times), the PA becomes (computationally) harder to execute. These POIs can be located within a single clock cycle or across several cycles depending on the circuit/algorithm implementation. The complexity of finding fixed POIs for masking implementations increases with d.
Countermeasures against side-channel attacks (SCA) are usually implemented in the algorithmic or Boolean levels (e.g. masking, Threshold-Implementation, TI). There are currently two main approaches to coping with information leakage: hiding and masking. Masking refers to manipulations of the (internal) values, whereas hiding typically aims to consume an equivalent amount of energy or random energy per cycle. The latter can be achieved by amplitude or temporal manipulations of the power signal. Common techniques include dual-rail based designs, current-mode-logic based designs, power regulation techniques and random changes in the current amplitude or computation time. Valuable information also leaks from the leakage currents of gates and transistors in the Steady state. Although these currents are substantially smaller they constitute a real concern.
Unfortunately, over time, many of the so called secured schemes were broken due to design faults, incorrect modeling of the leakage (e.g. internal functions in masking or TI or glitches) or improved attack methodologies (e.g. High-Order, HO, multivariate or profiling based attacks).
Additional background art includes:
[1] S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, 2008.
[2] T. S. Messerges, “Using Second-Order Power Analysis to Attack DPA Resistant Software,” in Cryptographic Hardware and Embedded Systems—CHES 2000, . K. Koç and C. Paar, Eds. Springer Berlin Heidelberg, 2000, pp. 238-251.
[3] B. Gierlichs, K. Lemke-Rust, and C. Paar, “Templates vs. stochastic methods,” in International Workshop on Cryptographic Hardware and Embedded Systems, 2006, pp. 15-29.
[4] D. Sokolov, J. Murphy, A. Bystrov, and A. Yakovlev, “Design and analysis of dual-rail circuits for security applications,” IEEE Transactions on Computers, vol. 54, no. 4, pp. 449-460, April 2005.
[5] A. Cevrero, F. Regazzoni, M. Schwander, S. Badel, P. Ienne, and Y. Leblebici, “Power-gated mos current mode logic (pg-mcml): A power aware dpa-resistant standard cell library,” in Design Automation Conference (DAC), 2011 48th ACM/EDAC/IEEE, 2011, pp. 1014-1019.[7] M. Bucci, M. Guglielmo, R. Luzzi, and A. Trifiletti, “A Power Consumption Randomization Countermeasure for DPA-Resistant Cryptographic Processors,” in Integrated Circuit and System Design. Power and Timing Modeling, Optimization and Simulation, E. Macii, V. Paliouras, and O. Koufopavlou, Eds. Springer Berlin Heidelberg, 2004, pp. 481-490.[8] M. Bucci, R. Luzzi, M. Guglielmo, and A. Trifiletti, “A countermeasure against differential power analysis based on random delay insertion,” in IEEE International Symposium on Circuits and Systems, 2005. ISCAS 2005, 2005, pp. 3547-3550 Vol. 4.[9] L. Loder, A. de Souza, M. Fay and R. Soares, “Towards a framework to perform DPA attack on GALS pipeline architectures,” in Proceedings of the 27th Symposium on Integrated Circuits and Systems Design, 2014, p. 33.[10] S. Yang, W. Wolf, N. Vijaykrishnan, D. N. Serpanos, and Y. Xie, “Power Attack Resistant Cryptosystem Design: A Dynamic Voltage and Frequency Switching Approach,” in Proceedings of the Conference on Design, Automation and Test in Europe—Volume 3, Washington, D.C., USA, 2005, pp. 64-69.[11] M. Alioto, L. Giancane, G. Scotti, and A. Trifiletti, “Leakage Power Analysis attacks: Well-defined procedure and first experimental results,” in 2009 International Conference on Microelectronics (ICM), 2009, pp. 46-49.[12] M. Alioto, L. Giancane, G. Scotti, and A. Trifiletti, “Leakage Power Analysis attacks: Well-defined procedure and first experimental results,” in 2009 International Conference on Microelectronics (ICM), 2009, pp. 46-49.[13] M. Alioto, L. Giancane, G. Scotti, and A. Trifiletti, “Leakage power analysis attacks: A novel class of attacks to nanometer cryptographic circuits,” IEEE Trans. Circuits Syst. Regul. Pap., vol. 57, no. 2, pp. 355-367, 2010.[14] M. Alioto, S. Bongiovanni, M. Djukanovic, G. Scotti, and A. Trifiletti, “Effectiveness of Leakage Power Analysis Attacks on DPA-Resistant Logic Styles Under Process Variations,” IEEE Trans. Circuits Syst. Regul. Pap., vol. 61, no. 2, pp. 429-442, February 2014.[15] M. Alioto, S. Bongiovanni, G. Scotti, and A. Trifiletti, “Leakage Power Analysis attacks against a bit slice implementation of the Serpent block cipher,” in Mixed Design of Integrated Circuits Systems (MIXDES), 2014 Proceedings of the 21st International Conference, 2014, pp. 241-246.[16] S. M. Del Pozo, F.-X. Standaert, D. Kamel, and A. Moradi, “Side-channel attacks from static power: When should we care?,” in Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, 2015, pp. 145-150.[17] M. Alioto, M. Poli, and S. Rocchi, “A General Power Model of Differential Power Analysis Attacks to Static Logic Circuits,” IEEE Trans. Very Large Scale Integr. VLSI Syst., vol. 18, no. 5, pp. 711-724, May 2010.[18] A. Moradi, A. Poschmann, S. Ling, C. Paar, and H. Wang, “Pushing the limits: a very compact and a threshold implementation of AES,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2011, pp. 69-88.[19] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “A more efficient AES threshold implementation,” in International Conference on Cryptology in Africa, 2014, pp. 267-284.[20] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “Higher-order threshold implementations,” in International Conference on the Theory and Application of Cryptology and Information Security, 2014, pp. 326-343.