Issue No. 11 - November (2008 vol. 57)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2008.109
Sylvain Guilley , GET/ENST, PARIS
Laurent Sauvage , GET/ENST, PARIS
Philippe Hoogvorst , GET/ENST, PARIS
Renaud Pacalet , GET/ENST, Sophia Antipolis
Guido Marco Bertoni , STMicroelectronics, AGRATE B.za
Sumanta Chaudhuri , Institut TELECOM, TELECOM ParisTech CNRS LTCI
Power-constant logic styles are promising solutions to counter-act side-channel attacks on sensitive cryptographic devices. Recently, one vulnerability has been identified in a standard-cell based power-constant logic called WDDL. Another logic, nicknamed SecLib, is considered and does not present the flaw of WDDL. In this paper, we evaluate the security level of WDDL and SecLib. The methodology consists in embedding in a dedicated circuit one unprotected DES co-processor along with two others, implemented in WDDL and in SecLib. One essential part of this article is to describe the conception of the cryptographic ASIC, devised to foster side-channel cryptanalyses, in a view to model the strongest possible attacker. The same analyses are carried out successively on the three DES modules. We conclude that, provided the backend of the WDDL module is carefully designed, its vulnerability cannot be exploited by the state-of-the-art attacks. Similarly, the SecLib DES module resists all assaults. However, using a principal component analysis, we show that WDDL is more vulnerable than SecLib. The statistical dispersion of WDDL, that reflects the correlation between the secrets and the power dissipation, is proved to be an order of magnitude higher than that of SecLib.
Types and Design Styles, Power Management
L. Sauvage, G. M. Bertoni, S. Guilley, S. Chaudhuri, P. Hoogvorst and R. Pacalet, "Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks," in IEEE Transactions on Computers, vol. 57, no. , pp. 1482-1497, 2008.