The “Backend Duplication” Method
- Cite this paper as:
- Guilley S., Hoogvorst P., Mathieu Y., Pacalet R. (2005) The “Backend Duplication” Method. In: Rao J.R., Sunar B. (eds) Cryptographic Hardware and Embedded Systems – CHES 2005. CHES 2005. Lecture Notes in Computer Science, vol 3659. Springer, Berlin, Heidelberg
Several types of logic gates suitable for leakage-proof computations have been put forward[1,2,3,4]. This paper describes a method, called “backend duplication” to assemble secured gates into leakage-proof cryptoprocessors. To the authors’ knowledge, this article is the first CAD-oriented publication to address all the aspects involved in the backend design of secured hardware. The “backend duplication” method achieves the place-and-route of differential netlists. It allows for 100 % placement density and for balanced routing of dual-rail signals. Wires of every other metal layer are free to make turns. In addition, the method does not require any modification to the design rules passed to the router. The “backend duplication” method has been implemented in 0.13 μm ASIC technology and successfully tested on various ciphers. The example of the design of a DES module resistant against side-channel attacks is described into details.