Amir Moradi
ABSTRACT
Our contribution is twofold: first we describe a very compact hardware implementation of AES-128, which requires only 2400 GE. This is to the best of our knowledge the smallest implementation reported so far. Then we apply the threshold countermeasure by Nikova et al. to the AES S-box and yield an implementation of the AES improving the level of resistance against first-order side-channel attacks. Our experimental results on real-world power traces show that although our implementation provides additional security, it is still susceptible to some sophisticated attacks having enough number of measurements.
- Side-channel attack standard evaluation board (sasebo), Further information are http://www.rcis.aist.go.jp/special/SASEBO/index-en.htmlGoogle Scholar
- Agrawal, D., Rao, J.R., Rohatgi, P.: Multi-channel Attacks. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 2-16. Springer, Heidelberg (2003).Google Scholar
- Blakley, G.R.: Safeguarding Cryptographic Keys. In: National Computer Conference, pp. 313-317 (1979).Google ScholarCross Ref
- Blömer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69-83. Springer, Heidelberg (2004). Google ScholarDigital Library
- Bogdanov, A., Leander, G., Knudsen, L., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450-466. Springer, Heidelberg (2007). Google ScholarDigital Library
- Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16-29. Springer, Heidelberg (2004).Google Scholar
- De Cannière, C., Dunkelman, O., Kneževic, M.: KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272-288. Springer, Heidelberg (2009). Google ScholarDigital Library
- Canright, D.: A Very Compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441-455. Springer, Heidelberg (2005). Google ScholarDigital Library
- Canright, D., Batina, L.: A Very Compact "Perfectly Masked" S-Box for AES. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 446-459. Springer, Heidelberg (2008), the corrected version is available at Cryptology ePrint Archive, Report 2009/011 http://eprint.iacr.org/2009/011 Google ScholarDigital Library
- Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398-412. Springer, Heidelberg (1999). Google ScholarDigital Library
- Coron, J.-S., Prouff, E., Rivain, M.: Side Channel Cryptanalysis of a Higher Order Masking Scheme. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 28-44. Springer, Heidelberg (2007). Google ScholarDigital Library
- Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203-220. Springer, Heidelberg (2008). Google ScholarDigital Library
- Feldhofer, M., Wolkerstorfer, J., Rijmen, V.: AES Implementation on a Grain of Sand. IEE Proceedings of Information Security 152(1), 13-20 (2005).Google ScholarCross Ref
- Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426-442. Springer, Heidelberg (2008). Google ScholarDigital Library
- Hämäläinen, P., Alho, T., Hännikäinen, M., Hämäläinen, T.D.: Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core. In: DSD, pp. 577-583 (2006). Google ScholarDigital Library
- Herbst, C., Oswald, E., Mangard, S.: An AES Smart Card Implementation Resistant to Power Analysis Attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239-252. Springer, Heidelberg (2006). Google ScholarDigital Library
- Daemen, G.J., Peeters, M., Rijmen, V.: The Noekeon Block Cipher. In: First Open NESSIE Workshop (2000).Google Scholar
- Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388-397. Springer, Heidelberg (1999). Google ScholarDigital Library
- Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007). Google ScholarDigital Library
- Mangard, S., Pramstaller, N., Oswald, E.: Successfully Attacking Masked AES Hardware Implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157-171. Springer, Heidelberg (2005). Google ScholarDigital Library
- Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-Enhanced Power Analysis Collision Attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125-139. Springer, Heidelberg (2010). Google ScholarDigital Library
- National Institute of Standards and Technology (NIST). Announcing the Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197 (November 2001).Google Scholar
- Nikova, S., Rechberger, C., Rijmen, V.: Threshold Implementations Against Side-Channel Attacks and Glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529-545. Springer, Heidelberg (2006). Google ScholarDigital Library
- Nikova, S., Rijmen, V., Schläffer, M.: Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 218-234. Springer, Heidelberg (2009). Google ScholarDigital Library
- Nikova, S., Rijmen, V., Schläffer, M.: Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. Journal of Cryptology (2010) (in press), doi:10.1007/s00145-010-9085-7. Google ScholarDigital Library
- Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A Side-Channel Analysis Resistant Description of the AES S-Box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413-423. Springer, Heidelberg (2005). Google ScholarDigital Library
- Popp, T., Mangard, S.: Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172-186. Springer, Heidelberg (2005). Google ScholarDigital Library
- Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-Channel Resistant Crypto for less than 2,300 GE. Journal of Cryptology (2010) (in press), doi: 10.1007/s00145-010-9086-6. Google ScholarDigital Library
- Rijmen, V., Daemen, J.: The Design of Rijndael: AES. The Advanced Encryption Standard, 1st edn. Springer, Heidelberg (2002). Google ScholarDigital Library
- Rolfes, C., Poschmann, A., Leander, G., Paar, C.: Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 89-103. Springer, Heidelberg (2008). Google ScholarDigital Library
- Shamir, A.: How to Share a Secret. Communications of the ACM 22(11), 612-613 (1979). Google ScholarDigital Library
- Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The World is Not Enough: Another Look on Second-Order DPA. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 112-129. Springer, Heidelberg (2010).Google Scholar
- Virtual Silicon Inc. 0.18 µm VIP Standard Cell Library Tape Out Ready, Part Number: UMCL18G212T3, Process: UMC Logic 0.18 µm Generic II Technology: 0.18µm (July 2004).Google Scholar
- Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1-15. Springer, Heidelberg (2004).Google Scholar
- Xilinx: Virtex-II Pro and Virtex-II ProX Platform FPGAs: Complete Data Sheet (November 2007), http://www.xilinx.com/support/documentation/data_sheets/ds083.pdfGoogle Scholar
Index Terms
- Pushing the limits: a very compact and a threshold implementation of AES
Index terms have been assigned to the content through auto-classification.
Recommendations
Side-Channel Resistant Crypto for Less than 2,300 GE
Special Issue on Hardware and SecurityA provably secure countermeasure against first order side-channel attacks was proposed by Nikova et al. (P. Ning, S. Qing, N. Li (eds.) International conference in information and communications security. Lecture notes in computer science, vol. 4307, ...
DES with any reduced masked rounds is not secure against side-channel attacks
The literature offers several efficient masking methods for providing resistance to side-channel attacks against iterative block ciphers, such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES). One of the proposed methods is to ...
Towards Evaluating DPA Countermeasures for Keccak K1012ECCAK on a Real ASIC
COSADE 2015: Revised Selected Papers of the 6th International Workshop on Constructive Side-Channel Analysis and Secure Design - Volume 9064We present Zorro, a taped-out ASIC hosting three distinct authenticated encryption architectures based on the SpongeWrap construction. All designs target resource-constrained environments such as smart cards or embedded devices and therefore, have been ...
Comments