Abstract
In recent years, different instruction set extensions for cryptography have been proposed for integration into general-purpose RISC processors. Both public-key and secret-key algorithms can profit tremendously from a small set of custom instructions specifically designed to accelerate performance-critical code sections. While the impact of instruction set extensions on performance and silicon area has been widely investigated in the recent past, the resulting security aspects (i.e. resistivity to side-channel attacks) of this particular design approach remain an open research topic. In this paper we discuss and analyze different techniques for increasing the side-channel resistance of AES software implementations using instruction set extensions. Furthermore, we propose a combination of hardware and software-related countermeasures and investigate the resulting effects on performance, cost, and security. Our experimental results show that a moderate degree of protection can be achieved with a simple software countermeasure. Hardware countermeasures, such as the implementation of security-critical functional units using a DPA-resistant logic style, lead to much higher resistance against side-channel attacks at the cost of a moderate increase in silicon area and power consumption.
Chapter PDF
References
Bertoni, G., Breveglieri, L., Farina, R., Regazzoni, F.: Speeding Up AES By Extending a 32-Bit Processor Instruction Set. In: Proceedings of the IEEE 17th International Conference on Application-specific Systems, Architectures and Processors (ASAP 2006), pp. 275–282. IEEE Computer Society, Los Alamitos (2006)
Blömer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)
Bucci, M., Guglielmo, M., Luzzi, R., Trifiletti, A.: A Power Consumption Randomization Countermeasure for DPA-Resistant Cryptographic Processors. In: Macii, E., Paliouras, V., Koufopavlou, O. (eds.) PATMOS 2004. LNCS, vol. 3254, pp. 481–490. Springer, Heidelberg (2004)
Elbirt, A.J.: Fast and Efficient Implementation of AES via Instruction Set Extensions. In: 21st International Conference on Advanced Information Networking and Applications (AINA 2007). Workshops Proceedings, Niagara Falls, Canada, May 21-23, 2007, vol. 1, pp. 481–490. IEEE Computer Society Press, Los Alamitos (2007)
Großschädl, J., Savaş, E.: Instruction Set Extensions for Fast Arithmetic in Finite Fields GF(p) and GF(2m). In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 133–147. Springer, Heidelberg (2004)
Gürkaynak, F.K., Luethi, P., Bernold, N., Blattmann, R., Goode, V., Marghitola, M., Kaeslin, H., Felber, N., Fichtner, W.: Hardware Evaluation of eSTREAM Candidates: Achterbahn, Grain, MICKEY, MOSQUITO, SFINKS, Trivium, VEST, ZK-Crypt. In: Record of The State of the Art of Stream Ciphers (SASC) Workshop 2006 (February 2006)
ISEC project. Instruction Set Extensions for Cryptography (ISEC): Project Webpage, http://www.iaik.tugraz.at/isec
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)
Nadehara, K., Ikekawa, M., Kuroda, I.: Extended Instructions for the AES Cryptography and their Efficient Implementation. In: IEEE Workshop on Signal Processing Systems (SIPS 2004), Austin, Texas, USA, pp. 152–157. IEEE Press, Los Alamitos (2004)
Schgaguler, K.: Assay of the DPA Vulnerability of Micro Electric Circuits Based on FPGA Measurements. Master’s thesis, Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, 8010 Graz, Austria (October 2005)
National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), Available online at http://www.itl.nist.gov/fipspubs/
Shi, Z., Lee, R.B.: Bit Permutation Instructions for Accelerating Software Cryptography. In: Swartzlander, E.E., Jullien, G.A., Schulte, M.J. (eds.) 12th IEEE International Conference on Application-Specific Systems, Architectures, and Processors (ASAP 2000), Boston, MA, USA, 10-12 July 2000, pp. 138–148. IEEE Computer Society Press, Los Alamitos (2000)
Tillich, S., Großschädl, J.: Instruction Set Extensions for Efficient AES Implementation on 32-bit Processors. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 270–284. Springer, Heidelberg (2006)
Tillich, S., Herbst, C., Mangard, S.: Protecting AES Software Implementations on 32-bit Processors against Power Analysis. In: TSDM 2000. LNCS, vol. 4521, pp. 141–157. Springer, Heidelberg (to be published, 2007)
Tiri, K., Hwang, D., Hodjat, A., Lai, B.-C., Yang, S., Schaumont, P., Verbauwhede, I.: Prototype IC with WDDL and Differential Routing - DPA Resistance Assessment. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 354–365. Springer, Heidelberg (2005)
Tiri, K., Verbauwhede, I.: A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. In: 2004 Design, Automation and Test in Europe Conference and Exposition (DATE 2004), Paris, France, 16-20 February 2004, vol. 1, pp. 246–251. IEEE Computer Society, Los Alamitos (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tillich, S., Großschädl, J. (2007). Power Analysis Resistant AES Implementation with Instruction Set Extensions. In: Paillier, P., Verbauwhede, I. (eds) Cryptographic Hardware and Embedded Systems - CHES 2007. CHES 2007. Lecture Notes in Computer Science, vol 4727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74735-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-540-74735-2_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74734-5
Online ISBN: 978-3-540-74735-2
eBook Packages: Computer ScienceComputer Science (R0)