Differential Power Analysis (DPA) is an effective attack method to break the crypto chips and it has been considered to be a threat to security of information system. With analyzing the prin-ciple of resisting DPA,an ...Differential Power Analysis (DPA) is an effective attack method to break the crypto chips and it has been considered to be a threat to security of information system. With analyzing the prin-ciple of resisting DPA,an available countermeasure based on randomization is proposed in this paper. Time delay is inserted in the operation process and random number is precharged to the circuit during the delay time,the normal schedule is disturbed and the power is randomized. Following this meth-odology,a general DPA resistance random precharge architecture is proposed and DES algorithm following this architecture is implemented. This countermeasure is testified to be efficient to resist DPA.展开更多
Leakage power analysis(LPA) attacks aim at finding the secret key of a cryptographic device from measurements of its static(leakage) power. This novel power analysis attacks take advantage of the dependence of the lea...Leakage power analysis(LPA) attacks aim at finding the secret key of a cryptographic device from measurements of its static(leakage) power. This novel power analysis attacks take advantage of the dependence of the leakage power of complementary metal oxide semiconductor(CMOS) integrated circuits on the data they process. This paper proposes symmetric dual-rail logic(SDRL), a standard cell LPA attack countermeasure that theoretically resists the LPA attacks. The technique combines standard building blocks to make new compound standard cells, which are close to constant leakage power consumption. Experiment results show SDRL is a promising approach to implement an LPA-resistant crypto processor.展开更多
A power balance static random-access memory(SRAM) for resistance to differential power analysis(DPA) is proposed. In the proposed design, the switch power consumption and short-circuit power consumption are balanc...A power balance static random-access memory(SRAM) for resistance to differential power analysis(DPA) is proposed. In the proposed design, the switch power consumption and short-circuit power consumption are balanced by discharging and pre-charging the key nodes of the output circuit and adding an additional shortcircuit current path. Thus, the power consumption is constant in every read cycle. As a result, the DPA-resistant ability of the SRAM is improved. In 65 nm CMOS technology, the power balance SRAM is fully custom designed with a layout area of 5863.6 μm^2.The post-simulation results show that the normalized energy deviation(NED) and normalized standard deviation(NSD) are 0.099% and 0.04%, respectively. Compared to existing power balance circuits, the power balance ability of the proposed SRAM has improved 53%.展开更多
Side-channel attacks(SCAs)play an important role in the security evaluation of cryptographic devices.As a form of SCAs,profiled differential power analysis(DPA)is among the most powerful and efficient by taking advant...Side-channel attacks(SCAs)play an important role in the security evaluation of cryptographic devices.As a form of SCAs,profiled differential power analysis(DPA)is among the most powerful and efficient by taking advantage of a profiling phase that learns features from a controlled device.Linear regression(LR)based profiling,a special profiling method proposed by Schindler et al.,could be extended to generic-emulating DPA(differential power analysis)by on-the-fly profiling.The formal extension was proposed by Whitnall et al.named SLR-based method.Later,to improve SLR-based method,Wang et al.introduced a method based on ridge regression.However,the constant format of L-2 penalty still limits the performance of profiling.In this paper,we generalize the ridge-based method and propose a new strategy of using variable regularization.We then analyze from a theoretical point of view why we should not use constant penalty format for all cases.Roughly speaking,our work reveals the underlying mechanism of how different formats affect the profiling process in the context of side channel.Therefore,by selecting a proper regularization,we could push the limits of LR-based profiling.Finally,we conduct simulation-based and practical experiments to confirm our analysis.Specifically,the results of our practical experiments show that the proper formats of regularization are different among real devices.展开更多
This paper presents an AES(advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution.Both decryption and encryption procedu...This paper presents an AES(advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution.Both decryption and encryption procedures of an AES are implemented on the chip.A fine-grained dataflow architecture is proposed,which dynamically exploits intrinsic byte-level independence in the algorithm.A novel circuit called an HMF(Hold-MatchFetch) unit is proposed for random control,which randomly sets execution orders for concurrent operations.The AES chip was manufactured in SMIC 0.18μm technology.The average energy for encrypting one group of plain texts(128 bits secrete keys) is 19 nJ.The core area is 0.43 mm^2.A sophisticated experimental setup was built to test the DPA resistance.Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack.Compared with the corresponding fixed order execution,the hardware based random order execution is improved by at least 21 times the DPA resistance.展开更多
文摘Differential Power Analysis (DPA) is an effective attack method to break the crypto chips and it has been considered to be a threat to security of information system. With analyzing the prin-ciple of resisting DPA,an available countermeasure based on randomization is proposed in this paper. Time delay is inserted in the operation process and random number is precharged to the circuit during the delay time,the normal schedule is disturbed and the power is randomized. Following this meth-odology,a general DPA resistance random precharge architecture is proposed and DES algorithm following this architecture is implemented. This countermeasure is testified to be efficient to resist DPA.
基金the Software and Integrated CircuitIndustries Development Foundation of Shanghai(No.12Z116010001)
文摘Leakage power analysis(LPA) attacks aim at finding the secret key of a cryptographic device from measurements of its static(leakage) power. This novel power analysis attacks take advantage of the dependence of the leakage power of complementary metal oxide semiconductor(CMOS) integrated circuits on the data they process. This paper proposes symmetric dual-rail logic(SDRL), a standard cell LPA attack countermeasure that theoretically resists the LPA attacks. The technique combines standard building blocks to make new compound standard cells, which are close to constant leakage power consumption. Experiment results show SDRL is a promising approach to implement an LPA-resistant crypto processor.
基金Project supported by the Zhejiang Provincial Natural Science Foundation of China(No.LQ14F040001)the National Natural Science Foundation of China(Nos.61274132,61234002)the K.C.Wong Magna Fund in Ningbo University,China
文摘A power balance static random-access memory(SRAM) for resistance to differential power analysis(DPA) is proposed. In the proposed design, the switch power consumption and short-circuit power consumption are balanced by discharging and pre-charging the key nodes of the output circuit and adding an additional shortcircuit current path. Thus, the power consumption is constant in every read cycle. As a result, the DPA-resistant ability of the SRAM is improved. In 65 nm CMOS technology, the power balance SRAM is fully custom designed with a layout area of 5863.6 μm^2.The post-simulation results show that the normalized energy deviation(NED) and normalized standard deviation(NSD) are 0.099% and 0.04%, respectively. Compared to existing power balance circuits, the power balance ability of the proposed SRAM has improved 53%.
基金supported by the State Grid Science and Technology Project of China under Grant No.546816190003.
文摘Side-channel attacks(SCAs)play an important role in the security evaluation of cryptographic devices.As a form of SCAs,profiled differential power analysis(DPA)is among the most powerful and efficient by taking advantage of a profiling phase that learns features from a controlled device.Linear regression(LR)based profiling,a special profiling method proposed by Schindler et al.,could be extended to generic-emulating DPA(differential power analysis)by on-the-fly profiling.The formal extension was proposed by Whitnall et al.named SLR-based method.Later,to improve SLR-based method,Wang et al.introduced a method based on ridge regression.However,the constant format of L-2 penalty still limits the performance of profiling.In this paper,we generalize the ridge-based method and propose a new strategy of using variable regularization.We then analyze from a theoretical point of view why we should not use constant penalty format for all cases.Roughly speaking,our work reveals the underlying mechanism of how different formats affect the profiling process in the context of side channel.Therefore,by selecting a proper regularization,we could push the limits of LR-based profiling.Finally,we conduct simulation-based and practical experiments to confirm our analysis.Specifically,the results of our practical experiments show that the proper formats of regularization are different among real devices.
基金supported by the National Natural Science Foundation of China(No.61006021)the Beijing Natural Science Foundation(No. 4112029)
文摘This paper presents an AES(advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution.Both decryption and encryption procedures of an AES are implemented on the chip.A fine-grained dataflow architecture is proposed,which dynamically exploits intrinsic byte-level independence in the algorithm.A novel circuit called an HMF(Hold-MatchFetch) unit is proposed for random control,which randomly sets execution orders for concurrent operations.The AES chip was manufactured in SMIC 0.18μm technology.The average energy for encrypting one group of plain texts(128 bits secrete keys) is 19 nJ.The core area is 0.43 mm^2.A sophisticated experimental setup was built to test the DPA resistance.Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack.Compared with the corresponding fixed order execution,the hardware based random order execution is improved by at least 21 times the DPA resistance.
