A Design Flow and Evaluation Framework for DPA-Resistant Instruction Set Extensions

  • Francesco Regazzoni
  • Alessandro Cevrero
  • François-Xavier Standaert
  • Stephane Badel
  • Theo Kluter
  • Philip Brisk
  • Yusuf Leblebici
  • Paolo Ienne
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5747)


Power-based side channel attacks are a significant security risk, especially for embedded applications. To improve the security of such devices, protected logic styles have been proposed as an alternative to CMOS. However, they should only be used sparingly, since their area and power consumption are both significantly larger than for CMOS. We propose to augment a processor, realized in CMOS, with custom instruction set extensions, designed with security and performance as the primary objectives, that are realized in a protected logic. We have developed a design flow based on standard CAD tools that can automatically synthesize and place-and-route such hybrid designs. The flow is integrated into a simulation and evaluation environment to quantify the security achieved on a sound basis. Using MCML logic as a case study, we have explored different partitions of the PRESENT block cipher between protected and unprotected logic. This experiment illustrates the tradeoff between the type and amount of application-level functionality implemented in protected logic and the level of security achieved by the design. Our design approach and evaluation tools are generic and could be used to partition any algorithm using any protected logic style.


  1. 1.
    Alioto, M., Palumbo, G.: Model and Design of Bipolar and MOS Current-Mode Logic: CML, ECL and SCL Digital Circuits. Springer, Dordrecht (2005)Google Scholar
  2. 2.
    Allam, M.W., Elmasry, M.I.: Dynamic current mode logic (DyCML): A new low-power high-performance logic style. IEEE Journal of Solid-State Circuits 36(3), 550–558 (2001)CrossRefGoogle Scholar
  3. 3.
    Badel, S., Guleyupoglu, E., Inac, O., Martinez, A.P., Vietti, P., Gürkaynak, F.K., Leblebici, Y.: A generic standard cell design methodology for differential circuit styles. In: Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Munich, March 2008, pp. 843–848 (2008)Google Scholar
  4. 4.
    Bartolini, S., Branovic, I., Giorgi, R., Martinelli, E.: A performance evaluation of ARM ISA extension for elliptic curve cryptography over binary finite fields. In: Proceedings of the 16th Symposium on Computer Architecture and High Performance Computing, Foz do Igua cu, Brazil, October 2004, pp. 238–245 (2004)Google Scholar
  5. 5.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Bucci, M., Guglielmo, M., Luzzi, R., Trifiletti, A.: A power consumption randomization countermeasure for DPA-resistant cryptographic processors. In: Macii, E., Paliouras, V., Koufopavlou, O. (eds.) PATMOS 2004. LNCS, vol. 3254, pp. 481–490. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Coron, J.-S., Goubin, L.: On boolean and arithmetic masking against differential power analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Fischer, W., Gammel, B.M.: Masking at gate level in the presence of glitches. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 187–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Hassoune, I., Macé, F., Flandre, D., Legat, J.-D.: Low-swing current mode logic (LSCML): A new logic style for secure and robust smart cards against power analysis attacks. Microelectronics Journal 37(9), 997–1006 (2006)CrossRefGoogle Scholar
  10. 10.
    Intel’s advanced encryption standard (AES) instructions set (white paper) (April 2009)Google Scholar
  11. 11.
    Irwin, J., Page, D., Smart, N.P.: Instruction Stream Mutation for Non-Deterministic Processors. In: Proceedings of the 13th International Conference on Application-specific Systems, Architectures and Processors, San Jose, Calif., July 2002, pp. 286–295 (2002)Google Scholar
  12. 12.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N.I. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  14. 14.
    Lampret, D.: OpenRISC 1000 Architecture Manual (April 2006)Google Scholar
  15. 15.
    Macé, F., Standaert, F.-X., Hassoune, I., Legat, J.-D., Quisquater, J.-J.: A dynamic current mode logic to counteract power analysis attacks. In: Proceedings of the XIX Conference on Design of Circuits and Integrated Systems, Bordeaux, France (November 2004)Google Scholar
  16. 16.
    Macé, F., Standaert, F.-X., Quisquater, J.-J.: Information theoretic evaluation of side-channel resistant logic styles. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 427–442. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Advances in Information Security. Springer, New York (2007)MATHGoogle Scholar
  18. 18.
    May, D., Muller, H.L., Smart, N.P.: Non-deterministic processors. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 115–129. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    May, D., Muller, H.L., Smart, N.P.: Random register renaming to foil DPA. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 28–38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Moore, S., Anderson, R., Cunningham, P., Mullins, R., Taylor, G.: Improving Smart Card security using self-timed circuits. In: Proceedings of the 8th International Symposium on Advanced Research in Asynchronous Circuits and Systems, Manchester, April 2002, pp. 211–218 (2002)Google Scholar
  21. 21.
    Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Regazzoni, F., Eisenbarth, T., Poschmann, A., Großschädl, J., Gurkaynak, F., Macchetti, M., Toprak, Z., Pozzi, L., Paar, C., Leblebici, Y., Ienne, P.: Evaluating resistance of MCML technology to power analysis attacks using a simulation-based methodology. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science IV. LNCS, vol. 5430, pp. 230–243. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Rostovtsev, A.G., Shemyakina, O.V.: AES side channel attack protection using random isomorphisms. Cryptology e-print archive (March 2005), http://eprint.iacr.org/
  24. 24.
    Standaert, F.-X., Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Tillich, S., Großschädl, J.: Instruction set extensions for efficient AES implementation on 32-bit processors. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 270–284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Tillich, S., Großschädl, J.: Power analysis resistant AES implementation with instruction set extensions. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 303–319. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Tiri, K., Akmal, M., Verbauwhede, I.: A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on Smart Cards. In: Proceedings of the 28th European Solid-State Circuits Conference, Florence, September 2002, pp. 403–406 (2002)Google Scholar
  28. 28.
    Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Paris, February 2004, pp. 246–251 (2004)Google Scholar
  29. 29.
    Toprak, Z., Leblebici, Y.: Low-power current mode logic for improved DPA-resistance in embedded systems. In: Proceedings of the IEEE International Symposium on Circuits and Systems, Kobe, Japan, May 2005, pp. 1059–1062 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Francesco Regazzoni
    • 1
    • 4
  • Alessandro Cevrero
    • 2
    • 3
  • François-Xavier Standaert
    • 1
  • Stephane Badel
    • 3
  • Theo Kluter
    • 2
  • Philip Brisk
    • 2
  • Yusuf Leblebici
    • 3
  • Paolo Ienne
    • 2
  1. 1.UCL Crypto GroupUniversité catholique de LouvainLouvain-la-NeuveBelgium
  2. 2.School of Computer and Communication SciencesEPFLLausanneSwitzerland
  3. 3.School of EngineeringEPFLLausanneSwitzerland
  4. 4.ALaRIUniversity of LuganoLuganoSwitzerland

Personalised recommendations