The Community for Technology Leaders
Green Image
Issue No. 09 - September (2010 vol. 59)
ISSN: 0018-9340
pp: 1250-1263
Sylvain Guilley , TELECOM ParisTech, Paris
Laurent Sauvage , TELECOM ParisTech, Paris
Florent Flament , TELECOM ParisTech, Paris
Vinh-Nga Vong , Airbus, Toulouse, France
Philippe Hoogvorst , CNRS, Paris
Renaud Pacalet , TELECOM ParisTech, Paris
Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.
cryptography, implementation-level security, side-channel analysis, leakage metrics, AES SubBytes, dual-rail with precharge logics (DPL), attacks on DPL, backend-level protections.

R. Pacalet, V. Vong, P. Hoogvorst, S. Guilley, F. Flament and L. Sauvage, "Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics," in IEEE Transactions on Computers, vol. 59, no. , pp. 1250-1263, 2010.
87 ms
(Ver 3.3 (11022016))