Masking and Dual-Rail Logic Don’t Add Up

  • Patrick Schaumont
  • Kris Tiri
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4727)

Abstract

Masked logic styles use a random mask bit to de-correlate the power consumption of the circuit from the state of the algorithm. The effect of the random mask bit is that the circuit switches between two complementary states with a different power profile. Earlier work has shown that the mask-bit value can be estimated from the power consumption profile, and that masked logic remains susceptible to classic power attacks after only a simple filtering operation. In this contribution we will show that this conclusion also holds for masked pre-charged logic styles and for all practical implementations of masked dual-rail logic styles. Up to now, it was believed that masking and dual-rail can be combined to provide a routing-insensitive logic style. We will show that this assumption is not correct. We demonstrate that the routing imbalances can be used to detect the value of the mask bit. Simulations as well as analysis of design data from an AES chip support this conclusion.

References

  1. 1.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, vol. XXIV, p. 338. Springer, Heidelberg (2007)MATHGoogle Scholar
  2. 2.
    Tiri, K., Schaumont, P.: Changing the Odds against Masked Logic, Selected Areas of Cryptography 2006 (SAC), LNCS. Springer, Heidelberg (to appear) Google Scholar
  3. 3.
    Suzuki, D., Saeki, M., Ichikawa, T.: Random Switching Logic: A Countermeasure against DPA based on Transition Probability, Cryptology ePrint Archive, Report 2004/346 (2004)Google Scholar
  4. 4.
    Popp, T., Mangard, S.: Masked Dual-Rail Pre-charge Logic: DPA Resistance without the Routing Constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Chen, Z., Zhou, Y.: Dual-Rail Random Switching Logic: A Countermeasure to Reduce Side Channel Leakage. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 242–254. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Mangard, S., Popp, T., Gammel, B.: Side-channel Leakage of Masked CMOS Gates. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Suzuki, D., Saeki, M.: Security Evaluation of DPA Countermeasures using Dual-Rail Pre-charge Logic Style. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 255–269. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Suzuki, D., Saeki, M., Ichikawa, T.: DPA Leakage Models for CMOS Logic Circuits. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 366–382. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Tiri, K., Verbauwhede, I.: A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. In: Design, Automation and Test in Europe Conference (DATE 2004), pp. 246–251 (2004)Google Scholar
  10. 10.
    Standaert, F.-X., Peeters, E., Archambeau, C., Quisquater, J.J.: Towards Security Limits of Side-Channel Attacks. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 30–45. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Patrick Schaumont
    • 1
  • Kris Tiri
    • 2
  1. 1.ECE Department, Virginia Tech, Blacksburg VA 24061USA
  2. 2.Digital Enterprise Group, Intel Corporation, Hillsboro OR 97124USA

Personalised recommendations