Abstract
A provably secure countermeasure against first order side-channel attacks was proposed by Nikova et al. (P. Ning, S. Qing, N. Li (eds.) International conference in information and communications security. Lecture notes in computer science, vol. 4307, pp. 529–545, Springer, Berlin, 2006). We have implemented the lightweight block cipher PRESENT using the proposed countermeasure. For this purpose we had to decompose the S-box used in PRESENT and split it into three shares that fulfill the properties of the scheme presented by Nikova et al. (P. Lee, J. Cheon (eds.) International conference in information security and cryptology. Lecture notes in computer science, vol. 5461, pp. 218–234, Springer, Berlin, 2008). Our experimental results on real-world power traces show that this countermeasure provides additional security. Post-synthesis figures for an ASIC implementation require only 2,300 GE, which makes this implementation suitable for low-cost passive RFID-tags.
Article PDF
Similar content being viewed by others
References
E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in Advances in Cryptology—CRYPTO 1997, ed. by B.S. Kaliski. Lecture Notes in Computer Science, vol. 1294 (Springer, Berlin, 1997), pp. 513–525
G.R. Blakley, Safeguarding cryptographic keys, in National Computer Conference (1979), pp. 313–317
A. Bogdanov, G. Leander, L. Knudsen, C. Paar, A. Poschmann, M. Robshaw, Y. Seurin, C. Vikkelsoe, PRESENT—an ultra-lightweight block cipher, in Cryptographic Hardware and Embedded Systems—CHES 2007, ed. by P. Paillier, I. Verbauwhede. Lecture Notes in Computer Science, vol. 4727 (Springer, Berlin, 2007), pp. 450–466
E. Brier, C. Clavier, F. Olivier, Correlation power analysis with a leakage model, in CHES 2004. Lecture Notes in Computer Science, vol. 3156 (Springer, Berlin, 2004), pp. 16–29
C. Carlet, Vectorial (multi-output) boolean functions for cryptography, in Boolean Methods and Models (Cambridge University Press, Cambridge, to appear)
S. Chari, C.S. Jutla, J.R. Rao, P. Rohatgi, Towards sound approaches to counteract power-analysis attacks, in Advances in Cryptology—CRYPTO 1999, ed. by M. Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 398–412
T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, M.T.M. Shalmani, On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme, in Advances in Cryptology—CRYPTO 2008. Lecture Notes in Computer Science, vol. 5157 (Springer, Berlin, 2008), pp. 203–220
M. Feldhofer, J. Wolkerstorfer, V. Rijmen, AES implementation on a grain of sand. Inf. Secur. IEE Proc. 152(1), 13–20 (2005)
P. Fišer, J. Hlavička, BOOM—a heuristic boolean minimizer. Comput. Inf. 22(1), 19–51 (2003)
P. Fišer, J. Hlavička, Two-level boolean minimizer BOOM-II, in Proceedings of 6th Int. Workshop on Boolean Problems—IWSBP’04 (2004), pp. 221–228
T. Good, M. Benaissa, Hardware results for selected stream cipher candidates. State of the Art of Stream Ciphers 2007 (SASC 2007), Workshop Record, February 2007. Available via www.ecrypt.eu.org/stream
P. Hämäläinen, T. Alho, M. Hännikäinen, T.D. Hämäläinen, Design and implementation of low-area and low-power AES encryption hardware core, in DSD (2006), pp. 577–583
C. Herbst, E. Oswald, S. Mangard, An AES smart card implementation resistant to power analysis attacks, in Applied Cryptography and Network Security—ACNS 2006. Lecture Notes in Computer Science, vol. 3989 (Springer, Berlin, 2006), pp. 239–252
D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B.S. Koo, C. Lee, D. Chang, J. Lee, K. Jeong, H. Kim, J. Kim, S. Chee, HIGHT: a new block cipher suitable for low-resource device, in Cryptographic Hardware and Embedded Systems—CHES 2006, ed. by L. Goubin, M. Matsui. Lecture Notes in Computer Science, vol. 4249 (Springer, Berlin, 2006), pp. 46–59
A. Juels, S.A. Weis, Authenticating pervasive devices with human protocols, in Advances in Cryptology—CRYPTO 2005, ed. by V. Shoup. Lecture Notes in Computer Science, vol. 3126 (Springer, Berlin, 2005), pp. 293–198
L.F.A. Karpinskyy, M. Korkishko, Masked encryption algorithm mCrypton for resource-constrained devices, in IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 2007—IDAACS 2007 (2007), pp. 628–633
M. Khatir, A. Moradi, A. Ejlali, M.T. Manzuri Shalmani, M. Salmasizadeh, A secure and low-energy logic style using charge recovery approach, in International Symposium on Low Power Electronics and Design—ISLPED 2008 (ACM, New York, 2008), pp. 259–264
N.N. Keeloq algorithm. Available via http://en.wikipedia.org/wiki/KeeLoq, November 2006
P.C. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, in Advances in Cryptology—CRYPTO 1996, ed. by N.I. Koblitz. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 104–113
P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Advances in Cryptology—CRYPTO 1999, ed. by M. Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 388–397
G. Leander, C. Paar, A. Poschmann, K. Schramm, New lightweight DES variants, in Fast Software Encryption 2007—FSE 2007. Lecture Notes in Computer Science, vol. 4593 (Springer, Berlin, 2007), pp. 196–210
C. Lim, T. Korkishko, mCrypton—a lightweight block cipher for security of low-cost RFID tags and sensors, in Workshop on Information Security Applications—WISA 2005, ed. by J. Song, T. Kwon, M. Yung. Lecture Notes in Computer Science, vol. 3786 (Springer, Berlin, 2005), pp. 243–258
F. Mace, F.-X. Standaert, J.-J. Quisquater, ASIC implementations of the block cipher sea for constrained applications, in RFID Security—RFIDsec 2007, Workshop Record (Malaga, Spain, 2007), pp. 103–114
S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards (Springer, Berlin, 2007)
S. Mangard, N. Pramstaller, E. Oswald, Successfully attacking masked AES hardware implementations, in Cryptographic Hardware and Embedded Systems—CHES 2005. Lecture Notes in Computer Science, vol. 3659 (Springer, Berlin, 2005), pp. 157–171
A. Moradi, A. Poschmann, Lightweight cryptography and DPA countermeasures: a survey, in Workshop of Lightweight Cryptography—WLC’2010, Proceedings of Financial Cryptography. Lecture Notes in Computer Science, vol. 6054 (Springer, Berlin, 2010), pp. 68–79
S. Nikova, C. Rechberger, V. Rijmen, Threshold implementations against side-channel attacks and glitches, in International Conference in Information and Communications Security—ICICS 2006, ed. by P. Ning, S. Qing, N. Li. Lecture Notes in Computer Science, vol. 4307 (Springer, Berlin, 2006), pp. 529–545
S. Nikova, V. Rijmen, M. Schläffer, Secure hardware implementations of non-linear functions in the presence of glitches, in International Conference in Information Security and Cryptology—ICISC 2008, ed. by P. Lee, J. Cheon. Lecture Notes in Computer Science, vol. 5461 (Springer, Berlin, 2008), pp. 218–234
S. Nikova, V. Rijmen, M. Schläffer, Secure hardware implementations of non-linear functions in the presence of glitches. J. Cryptol. (2010). doi:10.1007/s00145-010-9085-7. Special issue on hardware and security
E. Oswald, S. Mangard, N. Pramstaller, V. Rijmen, A side-channel analysis resistant description of the AES S-box, in Fast Software Encryption—FSE 2005. Lecture Notes in Computer Science, vol. 3557 (Springer, Berlin, 2005), pp. 413–423
T. Popp, M. Kirschbaum, T. Zefferer, S. Mangard, Evaluation of the masked logic style MDPL on a prototype chip, in CHES 2007. Lecture Notes in Computer Science, vol. 4727 (Springer, Berlin, 2007), pp. 81–94
T. Popp, S. Mangard, Masked dual-rail pre-charge logic: DPA-resistance without routing constraints, in Cryptographic Hardware and Embedded Systems—CHES 2005. Lecture Notes in Computer Science, vol. 3659 (Springer, Berlin, 2005), pp. 172–186
F. Regazzoni, A. Cevrero, F.-X. Standaert, S. Badel, T. Kluter, P. Brisk, Y. Leblebici, P. Ienne, A design flow and evaluation framework for DPA-resistant instruction set extensions, in Cryptographic Hardware and Embedded Systems—CHES 2009. Lecture Notes in Computer Science, vol. 5747 (Springer, Berlin, 2009), pp. 205–219
C. Rolfes, A. Poschmann, G. Leander, C. Paar, Ultra-lightweight implementations for smart devices—security for 1000 gate equivalents, in Smart Card Research and Advanced Application—CARDIS 2008, ed. by G. Grimaud, F.-X. Standaert. Lecture Notes in Computer Science, vol. 5189 (Springer, Berlin, 2008), pp. 89–103
A. Shamir, How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Side-channel attack standard evaluation board (SASEBO). Further information are available via http://www.rcis.aist.go.jp/special/SASEBO/index-en.html
D. Suzuki, M. Saeki, T. Ichikawa, DPA leakage models for CMOS logic circuits, in CHES 2005. Lecture Notes in Computer Science, vol. 3659 (Springer, Berlin, 2005), pp. 366–382
Synopsys, Design compiler user guide—version A-2007.12. Available via http://tinyurl.com/pon88o, December 2007
Synopsys, Power compiler user guide—version A-2007.12. Available via http://tinyurl.com/lfqhy5, March 2007
National Security Agency. TEMPEST: a signal problem. Cryptol. Spectr. 2(3), 1972 (declassified 2007)
K. Tiri, M. Akmal, I. Verbauwhede, A dynamic and differential CMOS Logic with signal independent power consumption to withstand differential power analysis on smart cards, in European Solid-State Circuits Conference—ESSCIRC 2002 (2002), pp. 403–406
K. Tiri, I. Verbauwhede, A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation, in Design, Automation and Test in Europe Conference—DATE 2004 (2004), pp. 246–251
Virtual Silicon Inc. 0.18 μm VIP standard cell library tape out ready, part number: UMCL18G212T3, process: UMC logic 0.18 μm generic II technology: 0.18 μm, July 2004
J. Waddle, D. Wagner, Towards efficient second-order power analysis, in Cryptographic Hardware and Embedded Systems—CHES 2004. Lecture Notes in Computer Science, vol. 3156 (Springer, Berlin, 2004), pp. 1–15
M. Weiser, The computer for the 21st century. ACM SIGMOBILE Mob. Comput. Commun. Rev. 3(3), 3–11 (1999)
Xilinx, Virtex-II Pro and Virtex-II ProX Platform FPGAs: Complete data sheet. Available via http://www.xilinx.com/support/documentation/data_sheets/ds083.pdf, November 2007
S. Yang, W. Wolf, N. Vijaykrishnan, D.N. Serpanos, Y. Xie, Power attack resistant cryptosystem design: a dynamic voltage and frequency switching approach, in Design, Automation and Test in Europe—DATE 2005 (IEEE Computer Society, Los Alamitos, 2005), pp. 64–69
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Poschmann, A., Moradi, A., Khoo, K. et al. Side-Channel Resistant Crypto for Less than 2,300 GE. J Cryptol 24, 322–345 (2011). https://doi.org/10.1007/s00145-010-9086-6
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-010-9086-6