DPA-Resistance Without Routing Constraints?

– A Cautionary Note About MDPL Security –
  • Benedikt Gierlichs
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4727)

Abstract

MDPL is a logic style claiming to provide resistance against Differential Side Channel Analysis on power consumption measurements. In this paper we show that the power consumption of a non-linear MDPL gate can be reliably exploited to determine signal values and hence secret data, if the random masks have a slight bias. We present an attack methodology and a case study on how to infer secret key bits of an MDPL secured AES-ASIC in practice by attacking a single MDPL AND gate in a VLSI circuit. Our attack is not based on frequently made assumptions on circuit “anomalies”, but on the per definition unbalanced routing, realistic PRNG biases, and knowledge of the circuit layout.

Keywords

Differential Side Channel Analysis DSCA Masked Dual-rail Pre-charge Logic MDPL Gate-level masking DRP 

References

  1. 1.
    Popp, T., Mangard, S.: Masked Dual-Rail Pre-charge Logic. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Fischer, W., Gammel, B.: Masking at Gate Level in the Presence of Glitches. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 187–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Aigner, M., Mangard, S., Menichelli, F., Menicocci, R., Olivieri, M., Popp, T., Scotti, G., Trifiletti, A.: Side channel analysis resistant design flow. In: IEEE International Symposium on Circuits and Systems, ISCAS 2006, p. 4. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  4. 4.
    Mangard, S., Aigner, M., Dominikus, S.: A highly regular and scalable AES hardware architecture. IEEE Transactions on Computers 52(4), 483–491 (2003)CrossRefGoogle Scholar
  5. 5.
    Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC Implementation of the AES SBoxes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 67–78. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Tiri, K., Schaumont, P.: Changing the odds against Masked Logic. Selected Areas of Cryptography (SAC) 2006, LNCS. Springer (to appear)Google Scholar
  8. 8.
    Suzuki, D., Saeki, M.: Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logic Style. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 255–269. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Trichina, E., Korkishko, T., Lee, K.-H.: Small size, low power, side channel immune AES coprocessor design and synthesis results. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) Advanced Encryption Standard – AES. LNCS, vol. 3373, pp. 113–127. Springer, Heidelberg (2005)Google Scholar
  11. 11.
    Mangard, S., Popp, T., Gammel, B.: Side-Channel leakage of masked CMOS gates. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Akkar, M., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A Side-Channel Analysis Resistant Description of the AES S-box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Clavier, C., Coron, J.S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 253–263. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining Smart-Card Security under the Threat of Power Analysis Attacks. In: Proc. USENIX Workshop on Smartcard Technology, pp. 151–161 (1999)Google Scholar
  20. 20.
    Tiri, K., Verbauwhede, I.: A Digital Design Flow for Secure Integrated Circuits. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 25(7), 1197–1208 (2006)CrossRefGoogle Scholar
  21. 21.
    Suzuki, D., Saeki, M., Ichikawa, T.: Random Switching Logic: A Countermeasure against DPA based on Transition Probability. Cryptology ePrint Archive, Report 2004/346 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Benedikt Gierlichs
    • 1
  1. 1.K.U. Leuven, ESAT/SCD-COSIC, Kasteelpark Arenberg 10, B-3001 Leuven-HeverleeBelgium

Personalised recommendations