Journal of Cryptographic Engineering

, Volume 3, Issue 3, pp 169–180 | Cite as

A formal study of two physical countermeasures against side channel attacks

  • Sébastien Briais
  • Jean-Luc Danger
  • Sylvain GuilleyEmail author
Special Section on PROOFS workshop


Secure electronic circuits must implement countermeasures against a wide range of attacks. Often, the protection against side channel attacks requires to be tightly integrated within the functionality to be protected. It is now part of the designer’s job to implement them. But this task is known to be error-prone, and with current development processes, countermeasures are evaluated often very late (at circuit fabrication). To improve the confidence of the designer in the efficiency of the countermeasure, we suggest in this article to resort to formal methods early in the design flow for two reasons. First of all, we intend to check that the process of transformation of the design from the vulnerable description to the protected one does not alter the functionality. Second, we wish to prove that the security properties (that can derive from a formal security functional specification) are indeed met after transformation. Our first contribution is to show how such a framework can be setup (in COQ) for netlist-level protections. The second contribution is to illustrate that this framework indeed allows to detect vulnerabilities in dual-rail logics, with the examples of wave differential dynamic logic and balanced cell-based differential logic.


Side-channel attacks Implementation-level countermeasures Dual-rail with precharge logics WDDL BCDL Formal proof COQ 



The authors wish to thank Renaud Pacalet, from LabSoC (Sophia-Antipolis, France), for insightful comments and pieces of advice. We are also grateful to the anonymous reviewers of PROOFS 2012 (Leuven, Belgium), who helped improve the preliminary version of this paper. This work has been supported partly by the French research agency (ANR), via the “SEFPGA” project (Secure embedded Field Programmable Gates Array), also endorsed by the System@tic competitivity cluster, and the joint French-Japan ANR-JSP “SPACES” project (Security evaluation of Physically Attacked Cryptoprocessors in Embedded Systems). Besides, this work has benefited from a grant funded by a French DoD (DGA) in the framework of the “BCDL” RAPID project.


  1. 1.
    Bouesse, G.F., Sicard, G., Renaudin, M.: Path swapping method to improve DPA resistance of quasi delay insensitive asynchronous circuits. In: Goubin, L., Matsui, M. (eds.) CHES. Lecture Notes in Computer Science, vol. 4249, pp. 384–398. Springer, Berlin (2006) Google Scholar
  2. 2.
    Braibant, T.: Coquet: a coq library for verifying hardware. In: Jouannaud, J.-P., Shao, Z. (eds.) CPP. Lecture Notes in Computer Science, vol. 7086, pp. 330–345. Springer, Berlin (2011)Google Scholar
  3. 3.
    Chen, Z., Zhou, Y.: Dual-rail random switching logic: a countermeasure to reduce side channel leakage. In: CHES, October 10–13, Yokohama, Japan. LNCS, vol. 4249, pp. 242–254. Springer, Berlin (2006). doi: 10.1007/11894063_20
  4. 4.
    Common Criteria ($aka$ CC) for Information Technology Security Evaluation (ISO/IEC 15408) (2013).
  5. 5.
    The Coq Development Team. The Coq Proof Assistant Reference Manual Version 7.2. INRIA-Rocquencourt, December 2001.
  6. 6.
    Coupet-Grimal, S., Jakubiec, L.: Certifying circuits in type theory. Formal Aspects Comput. 16(4), 352–373 (2004)zbMATHCrossRefGoogle Scholar
  7. 7.
    Danger, J.-L., Guilley, S., Bhasin, S., Nassar, M.: Overview of dual rail with precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors—new attacks and improved counter measures. In: SCS, 6–8 November, Jerba, Tunisia, pp. 1–8. IEEE, New York (2009). doi: 10.1109/ICSCS.2009.5412599
  8. 8.
    He, W., de la Torre, E., Riesgo, T.: An interleaved EPE-immune PA-DPL structure for resisting concentrated EM side channel attacks on FPGA implementation. In: Schindler, W., Huss, S.A. (eds.) COSADE. Lecture Notes in Computer Science, vol. 7275, pp. 39–53. Springer, Berlin (2012)Google Scholar
  9. 9.
    Nassar, M., Bhasin, S., Danger, J.-L., Duc, G., Guilley, S.: BCDL: a high performance balanced DPL with global precharge and without early-evaluation. In: DATE’10, 8–12 March 2010, Dresden, Germany, pp. 849–854. IEEE Computer Society, New York (2010)Google Scholar
  10. 10.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: ICISC, Seoul, Korea. Lecture Notes in Computer Science, vol. 5461, pp. 218–234. Springer, Berlin (2008)Google Scholar
  11. 11.
    Paulin-Mohring, C.: Circuits as streams in Coq : verification of a sequential multiplier. In: Berardi, S., Coppo, M. (eds.) Types for Proofs and Programs, TYPES’95. Lecture Notes in Computer Science, vol. 1158 (1996)Google Scholar
  12. 12.
    Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: CHES. LNCS, vol. 3659, pp. 172–186 (2005). doi: 10.1007/11545262_13
  13. 13.
    Quémard, J.-P.: Cryptographic algorithms and security mechanisms conformance testing, 10 2010. N10801 NWIP, Draft 6 ISO/IEC JTC 1/SC 27 NGoogle Scholar
  14. 14.
    Soares, R., Calazans, N., Lomné, V., Maurine, P., Torres, L., Robert, M.: Evaluating the robustness of secure triple track logic through prototyping. In: SBCCI’08: Proceedings of the 21st Symposium on Integrated Circuits and System Design, Gramado, Brazil, pp. 193–198. ACM, New York (2008)Google Scholar
  15. 15.
    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of DATE’2004, Paris, France, pp. 246–251 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Sébastien Briais
    • 1
  • Jean-Luc Danger
    • 2
  • Sylvain Guilley
    • 2
    Email author
  1. 1.Secure-IC S.A.S.ParisFrance
  2. 2.Institut Mines-Télécom, Télécom ParistechParis Cedex 13France

Personalised recommendations