Your Rails Cannot Hide from Localized EM: How Dual-Rail Logic Fails on FPGAs

  • Vincent ImmlerEmail author
  • Robert Specht
  • Florian Unterstein
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10529)


Protecting cryptographic implementations against side-channel attacks is a must to prevent leakage of processed secrets. As a cell-level countermeasure, so called DPA-resistant logic styles have been proposed to prevent a data-dependent power consumption.

As most of the DPA-resistant logic is based on dual-rails, properly implementing them is a challenging task on FPGAs which is due to their fixed architecture and missing freedom in the design tools.

While previous works show a significant security gain when using such logic on FPGAs, we demonstrate this only holds for power-analysis. In contrast, our attack using high-resolution electromagnetic analysis is able to exploit local characteristics of the placement and routing such that only a marginal security gain remains, therefore creating a severe threat.

To further analyze the properties of both attack and implementation, we develop a custom placer to improve the default placement of the analyzed AES S-box. Different cost functions for the placement are tested and evaluated w.r.t. the resulting side-channel resistance on a Spartan-6 FPGA. As a result, we are able to more than double the resistance of the design compared to cases not benefiting from the custom placement.


  1. 1.
    Federal Information Processing Standards Publication (FIPS 197). Advanced Encryption Standard (AES) (2001)Google Scholar
  2. 2.
    Betz, V., Rose, J.: VPR: A New Packing, Placement and Routing Ttool for FPGA ResearchGoogle Scholar
  3. 3.
    Bhasin, S., Guilley, S., Flament, F., Selmane, N., Danger, J.-L., Evaluation, C.E.: An approach towards robust dual-rail precharge logic. In: WESS 2010, p. 6. ACM (2010)Google Scholar
  4. 4.
    Canright, D.: A very compact S-box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005). doi: 10.1007/11545262_32 CrossRefGoogle Scholar
  5. 5.
    Cheng, C.-L.E.: RISA: accurate and efficient placement routability modeling. In: Proceedings of the 1994 IEEE/ACM International Conference on Computer-aided Design, ICCAD 1994, Los Alamitos, CA, USA. IEEE Computer Society PressGoogle Scholar
  6. 6.
    Cnudde, T.D., Bilgin, B., Gierlichs, B., Nikov, V., Nikova, S., Rijmen, V.: Does coupling affect the security of masked implementations? Cryptology ePrint Archive, Report 2016/1080 (2016)Google Scholar
  7. 7.
    De Mulder, E., Buysschaert, P., Ors, S., Delmotte, P., Preneel, B., Vandenbosch, G., Verbauwhede, I.: Electromagnetic analysis attack on an FPGA implementation of an elliptic curve cryptosystem. In: The International Conference on Computer as a Tool, EUROCON 2005, vol. 2, pp. 1879–1882, November 2005Google Scholar
  8. 8.
    Durvaux, F., Standaert, F.-X.: From improved leakage detection to the detection of points of interests in leakage traces. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 240–262. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49890-3_10 CrossRefGoogle Scholar
  9. 9.
    Giechaskiel, I., Eguro, K.: Information Leakage Between FPGA Long Wires. CoRR (2016)Google Scholar
  10. 10.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85053-3_27 CrossRefGoogle Scholar
  11. 11.
    Guilley, S., Hoogvorst, P., Mathieu, Y., Pacalet, R.: The “Backend Duplication” method. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 383–397. Springer, Heidelberg (2005). doi: 10.1007/11545262_28 CrossRefGoogle Scholar
  12. 12.
    Güneysu, T., Moradi, A.: Generic side-channel countermeasures for reconfigurable devices. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 33–48. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-23951-9_3 CrossRefGoogle Scholar
  13. 13.
    He, W., de la Torre, E., Riesgo, T.: A precharge-absorbed DPL logic for reducing early propagation effects on FPGA implementations. In: ReConFig 2011. IEEE Computer Society (2011)Google Scholar
  14. 14.
    He, W., Herrmann, A.: Placement security analysis for side-channel resistant dual-rail scheme in FPGA. In: Proceedings of the Second Workshop on Cryptography and Security in Computing Systems, CS2 2015 (2015)Google Scholar
  15. 15.
    He, W., Otero, A., de la Torre, E., Riesgo, T.: Automatic generation of identical routing pairs for FPGA implemented DPL logic. In: ReConFig 2012. IEEE (2012)Google Scholar
  16. 16.
    Herbst, C., Oswald, E., Mangard, S.: An AES smart card implementation resistant to power analysis attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006). doi: 10.1007/11767480_16 CrossRefGoogle Scholar
  17. 17.
    Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-27954-6_15 CrossRefGoogle Scholar
  18. 18.
    Heyszl, J., Merli, D., Heinz, B., Santis, F., Sigl, G.: Strengths and limitations of high-resolution electromagnetic field measurements for side-channel analysis. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 248–262. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-37288-9_17 CrossRefGoogle Scholar
  19. 19.
    Kaps, J.-P., Velegalati, R.: DPA resistant AES on FPGA using partial DDL. In: FCCM 2010, pp. 273–280. IEEE Computer Society (2010)Google Scholar
  20. 20.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_25 CrossRefGoogle Scholar
  21. 21.
    Lavin, C., Padilla, M., Lamprecht, J., Lundrigan, P., Nelson, B., Hutchings, B., Wirthlin, M.: Rapidsmith - a library for low-level manipulation of partially placed-and-routed FPGA designs. Technical report, Brigham Young University, September 2012Google Scholar
  22. 22.
    Lomné, V., Maurine, P., Torres, L., Robert, M., Soares, R., Calazans, N.: Evaluation on FPGA of triple rail logic robustness against DPA and DEMA. In: DATE 2009, pp. 634–639. IEEE (2009)Google Scholar
  23. 23.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2007)zbMATHGoogle Scholar
  24. 24.
    Mangard, S., Schramm, K.: Pinpointing the side-channel leakage of masked AES hardware implementations. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 76–90. Springer, Heidelberg (2006). doi: 10.1007/11894063_7 CrossRefGoogle Scholar
  25. 25.
    Moradi, A., Eisenbarth, T., Poschmann, A., Paar, C.: Power analysis of single-rail storage elements as used in MDPL. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 146–160. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14423-3_11 CrossRefGoogle Scholar
  26. 26.
    Moradi, A., Immler, V.: Early propagation and imbalanced routing, How to diminish in FPGAs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 598–615. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_33 Google Scholar
  27. 27.
    Nam, G.-J., Villarrubia, P.G.: Placement: introduction/problem formulation. In: Alpert, C.J., Mehta, D.P., Sapatnekar, S.S. (eds.) Handbook of Algorithms for Physical Design Automation, 1st edn, pp. 277–287. Auerbach Publications, Boca Raton (2008)Google Scholar
  28. 28.
    Nassar, M., Bhasin, S., Danger, J.-L., Duc, G., Guilley, S.: BCDL: a high speed balanced DPL for FPGA with global precharge and no early evaluation. In: DATE 2010, pp. 849–854. IEEE (2010)Google Scholar
  29. 29.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A side-channel analysis resistant description of the AES S-box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005). doi: 10.1007/11502760_28 CrossRefGoogle Scholar
  31. 31.
    Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Power and electromagnetic analysis: improved model, consequences and comparisons. Integr. VLSI J. 40, 52–60 (2007)CrossRefGoogle Scholar
  32. 32.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). doi: 10.1007/3-540-45418-7_17 CrossRefGoogle Scholar
  33. 33.
    Sauvage, L., Guilley, S., Danger, J.-L., Mathieu, Y., Nassar, M.: Successful attack on an FPGA-based WDDL DES cryptoprocessor without place and route constraints. In: Proceedings of the Conference on Design, Automation and Test in Europe, DATE 2009 (2009)Google Scholar
  34. 34.
    Sauvage, L., Nassar, M., Guilley, S., Flament, F., Danger, J.-L., Mathieu, Y.: DPL on stratix II FPGA: What to expect? In: ReConFig 2009, pp. 243–248. IEEE Computer Society (2009)Google Scholar
  35. 35.
    Specht, R., Heyszl, J., Kleinsteuber, M., Sigl, G.: Improving non-profiled attacks on exponentiations based on clustering and extracting leakage from multi-channel high-resolution EM measurements. In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2014. LNCS, vol. 9064, pp. 3–19. Springer, Cham (2015). doi: 10.1007/978-3-319-21476-4_1 CrossRefGoogle Scholar
  36. 36.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01001-9_26 CrossRefGoogle Scholar
  37. 37.
    Suzuki, D., Saeki, M.: Security evaluation of DPA countermeasures using dual-rail pre-charge logic style. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 255–269. Springer, Heidelberg (2006). doi: 10.1007/11894063_21 CrossRefGoogle Scholar
  38. 38.
    Swartz, W.: Placement using simulated annealing. In: Alpert, C.J., Mehta, D.P., Sapatnekar, S.S. (eds.) Handbook of Algorithms for Physical Design Automation, pp. 311–325. Auerbach Publications, Baco Raton (2008)Google Scholar
  39. 39.
    Tiri, K., Hwang, D., Hodjat, A., Lai, B.-C., Yang, S., Schaumont, P., Verbauwhede, I.: Prototype IC with WDDL and differential routing – DPA resistance assessment. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 354–365. Springer, Heidelberg (2005). doi: 10.1007/11545262_26 CrossRefGoogle Scholar
  40. 40.
    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: DATE 2004, pp. 246–251. IEEE Computer Society (2004)Google Scholar
  41. 41.
    Tiri, K., Verbauwhede, I.: Place and route for secure standard cell design. In: CARDIS 2004, pp. 143–158. Kluwer (2004)Google Scholar
  42. 42.
    Unterstein, F., Heyszl, J., De Santis, F., Specht, R.: Dissecting leakage resilient PRFs with multivariate localized em attacks - a practical security evaluation on FPGA. In: Constructive Side-Channel Analysis and Secure Design: 8th International Workshop, April 13–14, 2017, Paris, France. Springer International Publishing (2017)Google Scholar
  43. 43.
    Wild, A., Moradi, A., Güneysu, T.: GliFreD: Glitch-Free Duplication - Towards Power-Equalized Circuits on FPGAs (2015)Google Scholar
  44. 44.
    Yu, P., Schaumont, P.: Secure FPGA circuits using controlled placement and routing. In: CODES+ISSS 2007, pp. 45–50. ACM (2007)Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Vincent Immler
    • 1
    Email author
  • Robert Specht
    • 1
  • Florian Unterstein
    • 1
  1. 1.Fraunhofer Institute for Applied and Integrated Security (AISEC)MunichGermany

Personalised recommendations