DRECON: DPA Resistant Encryption by Construction

  • Suvadeep Hajra
  • Chester Rebeiro
  • Shivam Bhasin
  • Gaurav Bajaj
  • Sahil Sharma
  • Sylvain Guilley
  • Debdeep Mukhopadhyay
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8469)

Abstract

Side-channel attacks are considered as one of the biggest threats against modern crypto-systems. This motivates the design of ciphers which are naturally resistant against side-channel attacks. The present paper proposes a scheme called DRECON to construct a block cipher with innate protection against differential power attacks (DPA). The scheme is motivated by tweakable block ciphers and is shown to be secure against first-order DPA using information theoretic metrics. DRECON is shown to be less expensive than masking and re-keying countermeasures from the implementation perspective and can be efficiently realized in both hardware and software platforms. On FPGAs especially, DRECON can optimally utilize the abundant block RAMs available and therefore have minimal overheads. We estimate the cost overhead of DRECON in micro-controllers and FPGAs, two common targets for cryptographic applications. Finally we demonstrate practical side-channel resistance of a DRECON implementation on a Xilinx Virtex-5 FPGA (SASEBO GII board).

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdalla, M., Bellare, M.: Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 546–559. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. 2.
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener (ed.) [40], pp. 398–412Google Scholar
  3. 3.
    Clavier, C., Coron, J.S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Koç, Ç.K., Paar (eds.) [12], pp. 252–263Google Scholar
  4. 4.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved Collision-Correlation Power Analysis on First Order Protected AES. In: Preneel, B., Takagi, T. (eds.) [30], pp. 49–62Google Scholar
  5. 5.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Series in Telecommunications and Signal Processing. Wiley-Interscience (July 2006)Google Scholar
  6. 6.
    Gérard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block Ciphers That Are Easier to Mask: How Far Can We Go? In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 383–399. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  7. 7.
    Goubin, L., Patarin, J.: DES and Differential Power Analysis (The “Duplication” Method). In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Guajardo, J., Mennink, B.: On side-channel resistant block cipher usage. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 254–268. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Guilley, S., Sauvage, L., Flament, F., Vong, V.N., Hoogvorst, P., Pacalet, R.: Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics. IEEE Trans. Computers 59(9), 1250–1263 (2010)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Herbst, C., Oswald, E., Mangard, S.: An AES Smart Card Implementation Resistant to Power Analysis Attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Hoheisel, A.: Side-Channel Analysis Resistant Implementation of AES on Automotive Processors. Master’s thesis, Ruhr-University Bochum, Germany (June 2009)Google Scholar
  12. 12.
    Paar, C., Koç, Ç.K. (eds.): CHES 2000. LNCS, vol. 1965. Springer, Heidelberg (2000)MATHGoogle Scholar
  13. 13.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener (ed.) [40], pp. 388–397Google Scholar
  14. 14.
    Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Maghrebi, H., Prouff, E., Guilley, S., Danger, J.-L.: A first-order leak-free masking countermeasure. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 156–170. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Mangard, S., Popp, T., Gammel, B.M.: Side-Channel Leakage of Masked CMOS Gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully Attacking Masked AES Hardware Implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    McEvoy, R.P., Tunstall, M., Whelan, C., Murphy, C.C., Marnane, W.P.: All-or-Nothing Transforms as a Countermeasure to Differential Side-Channel Analysis. IACR Cryptology ePrint Archive 2009, 185 (2009)Google Scholar
  19. 19.
    Medwed, M., Standaert, F.X., Großschädl, J., Regazzoni, F.: Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 279–296. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Messerges, T.S.: Using Second-Order Power Analysis to Attack DPA Resistant Software. In: Koç, Ç.K., Paar (eds.) [12], pp. 238–251Google Scholar
  21. 21.
    Micali, S., Reyzin, L.: Physically Observable Cryptography (Extended Abstract). In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 278–296. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Moradi, A.: Statistical Tools Flavor Side-Channel Collision Attacks. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 428–445. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  23. 23.
    Moradi, A., Mischke, O.: How Far Should Theory Be from Practice? - Evaluation of a Countermeasure. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 92–106. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-Enhanced Power Analysis Collision Attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  25. 25.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the Limits: A Very Compact and a Threshold Implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  26. 26.
    Nassar, M., Souissi, Y., Guilley, S., Danger, J.L.: RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs. In: Rosenstiel, W., Thiele, L. (eds.) DATE, pp. 1173–1178. IEEE (2012)Google Scholar
  27. 27.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches. J. Cryptology 24(2), 292–321 (2011)CrossRefMATHMathSciNetGoogle Scholar
  28. 28.
    Kocher, P.C.: Leak-Resistant Cryptograhic Indexed Key Update, US Patent 6539092 (2003)Google Scholar
  29. 29.
    Piret, G., Roche, T., Carlet, C.: PICARO – A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 311–328. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  30. 30.
    Preneel, B., Takagi, T. (eds.): CHES 2011. LNCS, vol. 6917, pp. 2011–2013. Springer, Heidelberg (2011)MATHGoogle Scholar
  31. 31.
    Prouff, E., Roche, T.: Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols. In: Preneel, B., Takagi, T. (eds.) [30], pp. 63–78Google Scholar
  32. 32.
    Regazzoni, F., Yi, W., Standaert, F.X.: FPGA Implementations of the AES Masked Against Power Analysis Attacks. In: Proceedings of 2nd International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE) (February 2011)Google Scholar
  33. 33.
    Research Center for Information Security National Institute of Advanced Industrial Science and Technology: Side-channel Attack Standard Evaluation Board SASEBO-GII Specification, Version 1.01 (2009)Google Scholar
  34. 34.
    Rivain, M., Prouff, E., Doget, J.: Higher-Order Masking and Shuffling for Software Implementations of Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  35. 35.
    Shah, S., Velegalati, R., Kaps, J.P., Hwang, D.: Investigation of DPA Resistance of Block RAMs in Cryptographic Implementations on FPGAs. In: Prasanna, V.K., Becker, J., Cumplido, R. (eds.) ReConFig, pp. 274–279. IEEE Computer Society (2010)Google Scholar
  36. 36.
    Standaert, F.X., Pereira, O., Yu, Y., Quisquater, J.J., Yung, M., Oswald, E.: Leakage Resilient Cryptography in Practice. Cryptology ePrint Archive, Report 2009/341 (2009), http://eprint.iacr.org/
  37. 37.
    Tiri, K., Akmal, M., Verbauwhede, I.: A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards. In: ESSCIRC 2002, pp. 403–406 (2002)Google Scholar
  38. 38.
    Tiri, K., Verbauwhede, I.: A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. In: DATE, pp. 246–251. IEEE Computer Society (2004)Google Scholar
  39. 39.
    Waddle, J., Wagner, D.: Towards Efficient Second-Order Power Analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  40. 40.
    Wiener, M. (ed.): CRYPTO 1999. LNCS, vol. 1666. Springer, Heidelberg (1999)MATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Suvadeep Hajra
    • 1
  • Chester Rebeiro
    • 1
  • Shivam Bhasin
    • 2
  • Gaurav Bajaj
    • 1
  • Sahil Sharma
    • 1
  • Sylvain Guilley
    • 2
    • 3
  • Debdeep Mukhopadhyay
    • 1
  1. 1.Dept. of Computer Science and EngineeringIndian Institute of Technology KharagpurIndia
  2. 2.Institut MINES-TELECOM, TELECOM ParisTech, Department COMELECParis Cedex 13France
  3. 3.Secure-IC S.A.S.RennesFrance

Personalised recommendations