Differential Power Analysis

Wireless Network Systems are usually deployed in hostile environments where they encountered a wide variety of malicious attacks. A wireless sensor network (WSN) is a wireless network composed of a large number of sensor nodes. In WSNs the scarcest resource is energy which includes low power, less storage space, low computation ability and short communication range. For this reason, algorithmic research in WSN mostly focuses on the study and design of energy aware algorithms for data computation. This problem becomes harder in the case of security, as most of the security algorithms are quite heavy. Although symmetric cryptography may be one of the approaches to solve the problem due to their small computation requirement. In order to further reduce the computational cost of any protocol for WSN, Elliptic curve cryptography (ECC) has been attractive to the researcher due to its smaller key size and its high strength of security. Scalar multiplication is most important cryptographic ...

In this paper we describe some countermeasures against differential side-channel attacks on hyperelliptic curve cryptosystems. The techniques are modelled on the corresponding ones for elliptic curves. The first method consists in picking a random group isomorphic to the one where we are supposed to compute, transferring the computation to the random group and then pulling the result back. The second method consists in altering the internal representation of the divisors on the curve in a random way. The impact of the recent attack of L. Goubin is assessed and ways to avoid it are proposed.

The basic principle is "A function is easy to evaluate but its invert is infeasible unless a secret key is known". It is mathematically proved that security of cryptographic does not imply its implementation security of system against Side-channel Attacks. The security of system lies in the difficulty of extracting k from P and Q. It is essential to secure the implementation of cryptosystems in embedded devices against side-channel attacks. These attacks monitor the power consumption or the Electromagnetic emanations of a device Ex smart cards or mobile devices. The attacker's goal is to retrieve partial or full information about a long-term key that is employed in several ECSM executions. We are implementing a secret key avoid to retrieving the valuable information by the attacker through Simple Power Analysis Attacks.

Modern communication systems rely on ubiquitous data access in a wide variety of environments. While the ubiquity of the required data access can be achieved thanks to the present communication techniques, it however generates security challenges. Indeed, remote and secure data access requires the use of appropriate security methods. For example, using modern cryptographic tools allows avoiding problems such as privacy issues or loss of confidentiality. Modern cryptography therefore responds to this need for security but its adapted integration in the wide variety of communication systems has opened new design challenges. Amongst them, this thesis addresses two in particular, related to hardware integration of cryptographic algorithms: constrained environments and side-channel security. In the context of constrained environments, we propose to study the interest of the Scalable Encryption Algorithm SEA for constrained hardware applications. We investigate both the FPGA and ASIC contexts and illustrate, using practical implementation results, the interest of this algorithm. Indeed, we demonstrate how hardware implementations can keep its high scalability properties while achieving interesting implementation figures in comparison to conventional algorithms such as the AES. Next, we deal with three complementary aspects related to side-channel resistance. We first propose a new class of dynamic and differential logic families achieving low-power performance with matched leakage of information to stateof-the-art countermeasures. We then discuss a power consumption model for these logic styles and apply it to DyCML implementations. It is based on the use of the isomorphism existing between the gate structures of the implemented functions and the binary decision diagrams describing them. Using this model, we are not only able to predict the power consumption, and therefore attack such implementations, but also to efficiently choose the gate structures achieving the best resistance against this model. We finally study a methodology for the security evaluation of cryptographic applications all along their design and test phases. We illustrate the interest of such a methodology at different design steps and with different circuit complexity, using either simulations or power consumption measurements. I am also thankful to the past and present members of the UCL Crypto Group and the people from the DICE laboratory and more particularly to Julien

The central question in constructing a secure and efficient masking method for AES is to address the interaction between additive masking and the inverse S-box of Rijndael. All recently proposed methods to protect AES against power attacks try to avoid this problem and work by decomposing the inverse in terms of simpler operations that are more easily protected against DPA by generic methods. In this paper, for the first time, we look at the problem in the face, and show that this interaction is not as intricate as it seems. In fact, any operation, even complex, can be directly protected against DPA of any given order, if it can be embedded in a group that has a compact representation. We show that a secure computation of a whole masked inverse can be done directly in this way, using the group of homographic transformations over the projective space (but not exactly, with some non-trivial technicalities). This is used to propose a general high-level algebraic method to protect AES against power attacks of any given order.

During the years 2018-2024, considerable advancements have been achieved in the use of deep learning for side channel attacks. The security of cryptographic algorithm implementations is put at risk by this. The aim is to conceptually keep an eye out for specific types of information loss, like power usage, on a chip that is doing encryption. Next, one trains a model to identify the encryption key by using expertise of the underpinning encryption algorithm. The encryption key is then recovered by applying the model to traces that were obtained from a victim chip. Deep learning is being used in many different fields in the past several years. Convolutional neural networks and recurrent neural networks, for instance, have demonstrated efficacy in text generation and object detection in images, respectively. Deep learning has been effective throughout the side-channel analysis field. Until 2024, there was no deep learning layers made especially for SCAs. In this article, a systematic review on hybrid deep learning models for enhancing encryption techniques against side channel attacks is presented here.

Encryption algorithms and encryption devices both play a key role in ensuring the safety of data that has been encrypted. Various types of attacks, such as energy analysis, can be used to assess the reliability of the encryption devices. Since it was originally introduced, side channel attacks' deep learning-based methodology has drawn plenty of attention. This is one of several different attack strategies. In this paper, a side channel attack method based on the LSTM deep learning network is suggested. The method use Correlation Power Analysis (CPA) to find the relevant information in the side channel power consumption data. The choice of a suitable interest interval to utilize as the feature vector in the creation of the neural network model is then guided by the position of the interest points. The trials' findings show that the LSTM model outperforms both MLP and CNN in terms of how well it executes side channel attacks.

Side channel attacks are known to be efficient techniques to retrieve secret data. In this context, this paper concerns the evaluation of the robustness of triple rail logic against power and electromagnetic analyses on FPGA devices. More precisely, it aims at demonstrating that the basic concepts behind triple rail logic are valid and may provide interesting design guidelines to get DPA resistant circuits which are also more robust against DEMA.

An increasing concern amongst designers and integrators of military and defense-related systems is the underlying security of the individual microprocessor components that make up these systems. Malicious circuitry can be inserted and hidden at several stages of the design process through the use of third-party Intellectual Property (IP), design tools, and manufacturing facilities. Such hardware Trojan circuitry has been shown to be capable of shutting down the main processor after a random number of cycles, broadcasting sensitive information over the bus, and bypassing software authentication mechanisms. In this work, we propose an architecture that can prevent information leakage due to such malicious hardware. Our technique is based on guaranteeing certain behavior in the memory system, which will be checked at an external guardian core that "approves" each memory request. By sitting between off-chip memory and the main core, the guardian core can monitor bus activity and verify the compiler-defined correctness of all memory writes. Experimental results on a conventional x86 platform demonstrate that application binaries can be statically reinstrumented to coordinate with the guardian core to monitor offchip access, resulting in less than 60% overhead for the majority of the studied benchmarks. 1

The recent developments of side channel attacks have lead implementers to use more and more sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication in the elliptic curve setting. In this paper, we propose a new attack against a classical implementation of these operations that only requires two queries to the device. The complexity of this so-called "doubling attack" is much smaller than previously known ones. Furthermore, this approach defeats two of the three countermeasures proposed by Coron at CHES '99.

The recent development of side channel attacks has lead implementers to use increasingly sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication on elliptic curves. A new class of countermeasures is based on inserting random decisions when choosing one representation of the secret scalar out of a large set of representations of the same value. For instance, this is the case of countermeasures proposed by Oswald and Aigner, or Ha and Moon, both based on randomized Binary Signed Digit (BSD) representations. Their advantage is to offer excellent speed performances. However, the first countermeasure and a simplified version of the second one were already broken using Markov chain analysis. In this paper, we take a different approach to break the full version of Ha-Moon's countermeasure using a novel technique based on detecting local collisions in the intermediate states of computation. We also show that randomized BSD representations present some fundamental problems and thus recommend not to use them as a protection against side-channel attacks.

As FPGA use becomes more diverse, the shared use of these devices becomes a security concern. Multi-tenant FPGAs that contain circuits from multiple independent sources or users will soon be prevalent in cloud and embedded computing environments. The recent discovery of a new attack vector using neighboring long wires in Xilinx SRAM FPGAs presents the possibility of covert information leakage from an unsuspecting user's circuit. The work described in this paper makes two contributions that dramatically extend this finding. First, we rigorously evaluate several Intel SRAM FPGAs and confirm that long wire information leakage is also prevalent in these devices. Second, we present the first successful attack on an unsuspecting circuit in an FPGA using information passively obtained from neighboring long-lines. Information obtained from a single AES S-box input wire combined with analysis of encrypted output is used to rapidly expose an AES key. This attack is performed remotely without modifying the victim circuit, using electromagnetic probes or power measurements, or modifying the FPGA in any way. We show that our approach is effective for three different FPGA devices. Our results demonstrate that the attack can recover encryption keys from AES circuits running at 10MHz, and has the capability to scale to much higher frequencies.

HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés. Copyright

Since the announcement of the Differential Power Analysis (DPA) by Paul Kocher and al., several countermeasures were proposed in order to protect software implementations of cryptographic algorithms. In an attempt to reduce the resulting memory and execution time overhead, Thomas Messerges recently proposed a general method that "masks" all the intermediate data. This masking strategy is possible if all the fundamental operations used in a given algorithm can be rewritten with masked input data, giving masked output data. This is easily seen to be the case in classical algorithms such as DES or RSA. However, for algorithms that combine Boolean and arithmetic functions, such as IDEA or several of the AES candidates, two different kinds of masking have to be used. There is thus a need for a method to convert back and forth between Boolean masking and arithmetic masking. In the present paper, we show that the 'BooleanToArithmetic' algorithm proposed by T. Messerges is not sufficient to prevent Differential Power Analysis. In a similar way, the 'ArithmeticToBoolean' algorithm is not secure either.

The central question in constructing a secure and efficient masking method for AES is to address the interaction between additive masking and the inverse S-box of Rijndael. All recently proposed methods to protect AES against power attacks try to avoid this problem and work by decomposing the inverse in terms of simpler operations that are more easily protected against DPA by generic methods. In this paper, for the first time, we look at the problem in the face, and show that this interaction is not as intricate as it seems. In fact, any operation, even complex, can be directly protected against DPA of any given order, if it can be embedded in a group that has a compact representation. We show that a secure computation of a whole masked inverse can be done directly in this way, using the group of homographic transformations over the projective space (but not exactly, with some non-trivial technicalities). This is used to propose a general high-level algebraic method to protect AES against power attacks of any given order.

Sflash is a multivariate signature scheme, and a candidate for standardisation, currently evaluated by the European call for primitives Nessie. The present paper is about the design of a highly optimized implementation of Sflash on a low-cost 8-bit smart card (without coprocessor). On top of this, we will also present a method to protect the implementation protection against power attacks such as Differential Power Analysis. Our fastest implementation of Sflash takes 59 ms on a 8051 based CPU at 10MHz. Though the security of Sflash is not as well understood as for example for RSA, Sflash is apparently the fastest signature scheme known. It is suitable to implement PKI on low-cost smart card, token or palm devices. It allows also to propose secure low-cost payment/banking solutions.

In order to protect a cryptographic algorithm against Power Analysis attacks, a well-known method consists in hiding all the internal data with randomly chosen masks. Following this idea, an AES implementation can be protected against Differential Power Analysis (DPA) by the "Transformed Masking Method", proposed by Akkar and Giraud at CHES'2001, requiring two distinct masks. At CHES'2002, Trichina, De Seta and Germani suggested the use of a single mask to improve the performances of the protected implementation. We show here that their countermeasure can still be defeated by usual first-order DPA techniques. In another direction, Akkar and Goubin introduced at FSE'2003 a new countermeasure for protecting secret-key cryptographic algorithms against high-order differential power analysis (HO-DPA). As particular case, the "Unique Masking Method" is particularly well suited to the protection of DES implementations. However, we prove in this paper that this method is not sufficient, by exhibiting a (first-order) enhanced differential power analysis attack. We also show how to avoid this new attack.

In this work, we present RAMBAM, a novel concept of designing countermeasures against side-channel attacks and the Statistical Ineffective Fault Attack (specifically SIFA-1) on AES that employs redundant representations of finite field elements. From this concept, we derive a family of protected hardware implementations of AES. A fundamental property of RAMBAM is a security parameter d that along with other attributes of the scheme allows for making trade-offs between gate count, maximal frequency, performance, level of robustness to the first and higher-order side-channel attacks, and protection against SIFA-1. We present an analytical model that explains how the scheme reduces the leakage and how the design choices affect it. Furthermore, we demonstrate experimentally how different design choices achieve the required goals. In particular, the compact version exhibits a gate count as low as 12.075 kGE, while maintaining adequate protection. The performance-oriented version provides...

Authenticated Key Exchange (AKE) protocols enable two parties to establish a shared, cryptographically strong key over an insecure network using various authentication means, such as cryptographic keys, short (i.e., lowentropy) secret keys or credentials. In this paper, we provide a general framework, that encompasses several previous AKE primitives such as (Verifier-based) Password-Authenticated Key Exchange or Secret Handshakes, we call LAKE for Language-Authenticated Key Exchange. We first model this general primitive in the Universal Composability (UC) setting. Thereafter, we show that the Gennaro-Lindell approach can efficiently address this goal. But we need smooth projective hash functions on new languages, whose efficient implementations are of independent interest. We indeed provide such hash functions for languages defined by combinations of linear pairing product equations. Combined with an efficient commitment scheme, that is derived from the highly-efficient UC-secure Lindell's commitment, we obtain a very practical realization of Secret Handshakes, but also Credential-Authenticated Key Exchange protocols. All the protocols are UC-secure, in the standard model with a common reference string, under the classical Decisional Linear assumption. Motivation. PAKE, for Password-Authenticated Key Exchange, was formalized by Bellovin and Merritt [BM92] and followed by many proposals based on different cryptographic assumptions (see [ACP09,CCGS10] and references therein). It allows users to generate a strong cryptographic key based on a shared "human-memorable" (i.e. low-entropy) password without requiring a public-key infrastructure. In this setting, an adversary controlling all communication in the network should not be able to mount an off-line dictionary attack. The concept of Secret Handshakes has been introduced in 2003 by Balfanz, Durfee, Shankar, Smetters, Staddon and Wong [BDS + 03] (see also [JL09, AKB07]). It allows two members of the same group to identify each other secretly, in the sense that each party reveals his affiliation to the other only if they are members of the same group. At the end of the protocol, the parties can set up an ephemeral session key for securing further communication between them and an outsider is unable to determine if the handshake succeeded. In case of failure, the players do not learn any information about the other party's affiliation. More recently, Credential-Authenticated Key Exchange (CAKE) was presented by Camenisch, Casati, Groß and Shoup [CCGS10]. In this primitive, a common key is established if and only if a specific relation is satisfied between credentials hold by the two players. This primitive includes variants of PAKE and Secret Handshakes, and namely Verifier-based PAKE, where the client owns a password pw and the server knows a one-way transformation v of the password only. It prevents massive password recovering in case of server corruption. The two players eventually agree on a common high entropy secret if and only if pw and v match together, and off-line dictionary attacks are prevented for third-party players. Our Results. We propose a new primitive that encompasses most of the previous notions of authenticated key exchange. It is closely related to CAKE and we call it LAKE, for Language-Authenticated Key-Exchange, since parties establish a common key if and only if they hold credentials that belong to specific (and possibly independent) languages. The definition of the primitive is more practice-oriented than the definition of CAKE

This paper describes two new dynamic differential self-timed logic families that can be used either to implement low-power security components or low-power high-speed self-timed circuits. Electrical simulations in 0.13 mm partially depleted (PD) SOI CMOS under a V dd of 1.2 V have shown that the substitution box (S-box), a module of the Khazad cipher algorithm, implemented with the improved feedback low swing current mode logic (IFLSCML) features a power consumption standard deviation almost five times smaller than that of the self-timed DDCVSL one, while consuming 37% less. On the other hand, the 8b CLA implemented with dynamic differential swing limited logic (DDSLL) features a power delay product about 19% lower than that of its counterpart implemented with self-timed DDCVSL.

Since their publication in 1998, power analysis attacks have attracted significant attention within the cryptographic community. So far, they have been successfully applied to different kinds of implementations (e.g. smart cards, ASICs, FPGAs) of cryptographic algorithms. To protect such devices against power analysis attacks, it has been proposed to use a dynamic and differential logic style for which the power consumption does not depend on the data handled. In this paper, we suggest to use the Dynamic Current Mode Logic to counteract power analysis. The resulting circuits exhibit similar resistance to the previously published proposals but significantly reduce the power delay product. We also demonstrate that certain criteria previously used to evaluate the resistance against power analysis have no cryptographic relevance.

A new logic style called low-swing current mode logic (LSCML) is presented. It features a dynamic and differential structure and a low-swing current mode operation. The LSCML logic style may be used for hardware implementation of secure smart cards against differential power analysis (DPA) attacks but also for implementation of self-timed circuits thanks to its self-timed operation. Electrical simulations of the Khazad S-box have been carried out in 0.13 mm PD (partially depleted) SOI CMOS technology. For comparison purpose, the Khazad S-box was implemented with the LSCML logic and two other dynamic differential logic styles previously reported. Simulation results have shown an improved reduction of the data-dependent power signature when using LSCML circuits. Indeed the LSCML based Khazad S-box has shown a power consumption standard deviation more than two times smaller than the one in DyCML and almost two times smaller than the one in DDCVSL.

We present as-strong-as-possible definitions of privacy, and constructions achieving them, for public-key encryption schemes where the encryption algorithm is deterministic. We obtain as a consequence database encryption methods that permit fast (i.e. sub-linear, and in fact logarithmic, time) search while provably providing privacy that is as strong as possible subject to this fast search constraint. One of our constructs, called RSA-DOAEP, has the added feature of being length preserving, so that it is the first example of a public-key cipher. We generalize this to obtain a notion of efficiently-searchable encryption schemes which permit more flexible privacy to search-time trade-offs via a technique called bucketization. Our results answer much-asked questions in the database community and provide foundations for work done there.

The Statistical Ineffective Fault Analysis, SIFA, is a recent addition to the family of fault based cryptanalysis techniques. SIFA based attack is shown to be formidable and is able to bypass virtually all the conventional fault attack countermeasures. Reported countermeasures to SIFA incur overheads of the order of at least thrice the unprotected cipher. We propose a novel countermeasure that reduces the overhead (compared to all existing countermeasures) as we rely on a simple duplication based technique. In essence, our countermeasure eliminates the observation that enables the attacker to perform SIFA. The core idea we use here is to choose the encoding for the state bits randomly. In this way, each bit of the state is free from statistical bias, which renders SIFA unusable. Our approach protects against stuck-at faults and also does not rely on any side channel countermeasure. We show the effectiveness of the countermeasure through an open source gate-level fault attack simulation tool. Our approach is probably the simplest and the most cost effective.

Computing devices continue to be increasingly spread out within our everyday environments. Computers are embedded into everyday devices in order to serve the functionality of electronic components or to enable new services in their own right. Existing Substitution-Permutation Network (SPN) ciphers, such as the Advanced Encryption Standard (AES), are not suitable for devices where memory, power consumption or processing power is limited. Lightweight SPN ciphers, such as GIFT-128 provide a solution for running cryptography on low resource devices. The GIFT-128 cryptographic scheme is a building block for GIFT-COFB (Authenticated Encryption with Associated Data), one of the finalists in the ongoing NIST lightweight cryptography standardization process (NISTIR 8369). Determination of an adequate level of security and providing subsequent mechanisms to achieve it, is one of the most pressing problems regarding embedded computing devices. In this paper we present experimental results and comparative study of Deep Learning (DL) based Side Channel Attacks on lightweight GIFT-128. To our knowledge, this is the first study of the security of GIFT-128 against DL-based SCA attacks.

Boolean function plays a prominent role in building strong cryptography algorithm especially in symmetric block cipher. However, there may be some issues and conflicting criteria which prevent such a Boolean function to resist the algorithm to all known attacks. Within this work, the nonlinearity and correlation immunity issues of Boolean function is discussed followed by complementary counter measure against side channel attack especially differential power attack (DPA)

This paper emphasises the study on ways of constructing the substitution boxes (S-boxes). To improve the strength of block cipher, a new proposed substitution box for symmetric key cryptography was designed based on Fibonacci numbers and prime factor. This new security approach was designed for better security of block ciphers. The level of security S-box was evaluated based on the cryptographic properties such as balance criteria, nonlinearity, correlation immunity, algebraic degree, transparency order, propagation, number of fixed points and opposite fixed points, algebraic immunity, robustness to differential cryptanalysis, signal to noise ratio (SNR) Differential Power Analysis (DPA) as well as confusion coefficient. The AES S-box and the new proposed S-box were analysed to verify the cryptographical security of the S-box. Result showed that the new proposed S-box using the Fibonacci numbers and prime factor possessed good cryptographic properties compared to the AES S-box.

Dynamic and partial reconfiguration together with hardware parallelism make FPGAs attractive as virtualized accelerators. However, recently it has been shown that multi-tenant FPGAs are vulnerable to remote side-channel attacks (SCA) from malicious users, allowing them to extract secret keys without a logical connection to the victim core. Typical mitigations against such attacks are hiding and masking schemes, to increase attackers' efforts in terms of side-channel measurements. However, they require significant efforts and tailoring for a specific algorithm, hardware implementation and mapping. In this paper, we show a hiding countermeasure against voltage-based SCA that can be integrated into any implementation, without requiring modifications or tailoring to the protected module. We place a properly mapped Active Fence of ring oscillators between victim and attacker circuit, enabled as a feedback of an FPGA-based sensor, leading to reduced side-channel leakage. Our experimental results based on a Lattice ECP5 FPGA and an AES-128 module show that two orders of magnitude more traces are needed for a successful key recovery, while no modifications to the underlying cryptographic module are necessary.

Modular reduction of large values is a core operation in most common public-key cryptosystems that involves intensive computations in finite fields. Within such schemes, efficiency is a critical issue for the effectiveness of practical implementation of modular reduction. Recently, Residue Number Systems have drawn attention in cryptography application as they provide a good means for extreme long integer arithmetic and their carry-free operations make parallel implementation feasible. In this paper, we present an algorithm to calculate the precise value of “ X mod p ” directly in the RNS representation of an integer. The pipe-lined, non-pipe-lined, and parallel hardware architectures are proposed and implemented on XILINX FPGAs.

Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have been proposed to protect implementations of cryptographic algorithms. In this paper we propose a new protection principle: the transformed masking method. We apply this method to protect two of the most popular block ciphers: DES and the AES Rijndael. To this end we introduce some transformed S-boxes for DES and a new masking method and its applications to the non-linear part of Rijndael.

Cryptographic algorithms albeit mathematically sure may have security breaches when implemented on hardware chips. There are several ways to compromise their security, one method is to analyze their electromagnetic (EM) emissions in order to find secrets (cryptographic keys for example). This paper proposes a proof of concept of a countermeasure against these attacks, it is based on a chaotic oscillator coupled with an antenna to blur the EM emissions of the chip. The objective is to generate EM noise within the chip with an internal system in order to make the secret information harder to extract. A testchip was developed and tested in conditions as close as possible to real usecase to prove the relevance of the concept. The EM field collected while running the chip were superposed to AES (Advanced Encryption Standard) emissions collected using a similar setup to test the disturbing effect of the noise on a CPA, a classic attack to retrieve AES keys. The experiment shows that it ca...

Side-channel attacks exploit physical characteristics of implementations of cryptographic algorithms in order to extract sensitive information such as the secret key. These physical attacks are among the most powerful attacks against real-world crypto-systems. This paper analyses the non-linear part (called Sboxes) of ciphers, which is often targeted by implementation attacks. We analyse Sboxes of several candidates that were submitted to the competition on authenticated encryption (CAESAR) as well as several other ciphers. We compare theoretical metrics with results from simulations and with real experiments. In this paper, we demonstrate that, in some contexts, the theoretical metrics provide no information on the resiliency of the Sboxes against side-channel attacks.

Electromagnetic analysis (EMA) can be used to compromise secret information by analysing the electric and/or magnetic fields emanating from a device. It follows differential power analysis (DPA) becoming an important side channel cryptanalysis attack on many cryptographic implementations, so that constitutes a real threat to smart card security. A systematic simulation methodology is proposed to identify and assess electromagnetic (EM) leakage characteristics of secure processors at design time. This EM simulation methodology involves current flow simulation, chip layout parasitics extraction, then data processing to simulate direct EM emissions or modulated emissions. Tests implemented on synchronous and asynchronous processors indicates that the synchronous processor has data dependent EM emission, while the asynchronous processor has data dependent timing which is visible in differential EM analysis (DEMA). In particular, DEMA of amplitude demodulated emissions reveals greater leakage compared to DEMA of direct emissions and DPA. The proposed simulation methodology can be easily employed in the framework of an integrated circuit (IC) design flow to perform a systematic EM characteristics analysis.

A systematic simulation methodology is proposed to identify and assess electromagnetic (EM) leakage characteristics of secure processors. This EM simulation methodology involves current simulation, chip layout parasitics extraction, then data processing to simulate direct EM emissions or modulated emissions. We demonstrate that differential EM analysis (DEMA) of direct emissions and DEMA of envelope detection based amplitude demodulated emissions reveal the same level of leakage as in differential power analysis, while DEMA of product detection based amplitude demodulated emissions reveals increased leakage. A comparison is also made between the EMA on synchronous and asynchronous processors, which indicates that the synchronous processor has data dependent EM emission, while the asynchronous processor has data dependent timing which is visible in DEMA.

Paul Kocher recently developped attacks based on the electric consumption of chips that perform cryptographic computations. Among those attacks, the "Differential Power Analysis" (DPA) is probably one of the most impressive and most difficult to avoid. In this paper, we present several ideas to resist this type of attack, and in particular we develop one of them which leads, interestingly, to rather precise mathematical analysis. Thus we show that it is possible to build an implementation that is provably DPA-resistant, in a "local" and restricted way (i.e. when-given a chip with a fixed key-the attacker only tries to detect predictable local deviations in the differentials of mean curves). We also briefly discuss some more general attacks, that are sometimes efficient whereas the "original" DPA fails. Many measures of consumption have been done on real chips to test the ideas presented in this paper, and some of the obtained curves are printed here.

White-box cryptography was first introduced by Chow et al. in 2002 as a software technique for implementing cryptographic algorithms in a secure way that protects secret keys in an untrusted environment. Ever since, Chow et al.'s design has been subject to the well-known Differential Computation Analysis (DCA). To resist DCA, a natural approach that white-box designers investigated is to apply the common side-channel countermeasures such as masking. In this paper, we suggest applying the well-studied leakage detection methods to assess the security of masked white-box implementations. Then, we extend some well-known side-channel attacks (i.e. the bucketing computational analysis, the mutual information analysis, and the collision attack) to the higher-order case to defeat higher-order masked white-box implementations. To illustrate the effectiveness of these attacks, we perform a practical evaluation against a first-order masked white-box implementation. The obtained results have demonstrated the practicability of these attacks in a real-world scenario.

When cryptosystems are being used in real life, hardware and software implementations themselves present a fruitful field for attacks. Side channel attacks exploit information such as time measurements, power consumption, and electromagnetic emission that leaks from a device when it executes cryptographic applications. When leaked information is correlated to a secret key, an adversary may be able to recover the key by monitoring this information. This paper describes an AES coprocessor that provides complete protection against first-order differential power analysis by embedding a widely used software countermeasure that decorrelates data being processed from the leaked information, so-called data masking, at a hardware level. This work had been done when the author was with the Smart Card System Engineering Business Unit, System LSI Division, Samsung Electronics Co. LTD., Korea.

Software counter measures against side channel attacks considerably hinder performance of cryptographic algorithms in terms of memory or execution time or both. The challenge is to achieve secure implementation with as little extra cost as possible. In this paper we optimize a counter measure for the AES block cipher consisting in transforming a boolean mask to a multiplicative mask prior to a non-linear Byte Substitution operation (thus, avoiding S-box re-computations for every run or storing multiple S-box tables in RAM), while preserving a boolean mask everywhere else. We demonstrate that it is possible to achieve such transformation for a cost of two additional multiplications in the field. However, due to an inherent vulnerability of multiplicative masking to so-called zero attack, an additional care must be taken to securize its implementation. We describe one possible, although not perfect, approach to such an implementation which combines algebraic techniques and partial re-computation of S-boxes. This adds one more multiplication operation, and either occasional S-box re-computations or extra 528 bytes of memory to the total price of the counter measure.

In implementing cryptographic algorithms on limited devices such as smart cards, speed and memory optimization had always been a challenge. With the advent of side channel attacks, this task became even more difficult because a programmer must take into account countermeasures against such attacks, which often increases computational time, or memory requirements, or both. In this paper we describe a new method for secure implementation of the Advanced Encryption Standard algorithm. The method is based on a data masking technique, which is the most widely used countermeasure against power analysis and timing attacks at a software level. The change of element representation allows us to achieve an efficient solution that combines low memory requirements with high speed and resistance to attacks. Key words and phrases. AES, Galois field, field generator, multiplication in GF (2 n) inversion in in GF (2 n), lookup tables, side-channel attacks, data masking.

Cryptography is a science of creating a secret message and it is constantly developed. The development consists of attacking and defending the cryptography itself. Power analysis is one of many Side-Channel Analysis (SCA) attack techniques. Power analysis is an attacking technique that uses the information of a cryptographic hardware's power consumption. Power analysis is carried on by utilizing side-channel information to a vulnerability in a cryptographic algorithm. Power analysis also uses a mathematical model to recover the secret key of the cryptographic device. This research uses design research methodology as a research framework started from research clarification to descriptive study. In this research, power analysis attack is implemented to three symmetrical cryptographic algorithms: DES (Data Encryption Standard), AES (Advanced Encryption Standard), and BC3 (Block Cipher 3). The attack has successfully recovered 100% of AES secret key by using 500 traces and 75% DES secret key by using 320 traces. The research concludes that the power analysis attack using Pearson Correlation Coefficient (PCC) method produces more optimal result compared to a difference of means method.

This research demonstrates the revealing of an advanced encryption standard (AES) encryption device key. The encryption device is applied to an ATMEGA328P microcontroller. The said microcontroller is a device commonly used in internet of things (IoT). We measured power consumption when the encryption process is taking place. The message sent to the encryption device is randomly generated, but the key used has a fixed value. The novelty of this research is the creation of a systematic and optimal circuit in carrying the differential power analysis or difference of means (DPA/DoM) technique, so the technique can be applied in key revealing on a microcontroller device by using 500 traces in 120 seconds.

The segment of post-quantum cryptography rises its importance with increasing improvements in the quantum computing. Cryptographic post-quantum algorithms have been proposed since 1970s. However, side-channel attack vulnerabilities of these algorithms are still in focus of the recent research. In this paper, we present a differential power analysis attack on the McEliece public-key cryptosystem. We demonstrate that a part of a private key, permutation matrix, can be recovered using the power analysis. We attack a software implementation of a secure bit permutation that was proposed by Strenzke et al. at PQCrypto 2008. The cryptosystem is implemented on a 32-bit ARM based microcontroller. We provide details of the attack and results using power consumption measurements of the device. In addition, we outline a novel countermeasure against the introduced attack. The countermeasure uses properties of the linear codes and does not require large amount of random bits which can be profitable for low-cost embedded devices.

Masking techniques are used to protect the hardware implementation of cryptographic algorithms against side-channel attacks. Reconfigurable hardware, such as FPGA, is an ideal target for the secure implementation of cryptographic algorithms. Due to the restricted resources available to the reconfigurable hardware, efficient secure implementation is crucial in an FPGA. In this paper, a two-share threshold technique for the implementation of AES is proposed. In continuation of the work presented by Shahmirzadi et al. at CHES 2021, we employ built-in Block RAMs (BRAMs) to store component functions. Storing several component functions in a single BRAM may jeopardize the security of the implementation. In this paper, we describe a sophisticated method for storing two separate component functions on a single BRAM to reduce area complexity while retaining security. Out design is well suited for FPGAs, which support both encryption and decryption. Our synthesis results demonstrate that the number of BRAMs used is reduced by 50% without affecting the time or area complexities.

https://www.isecure-journal.com/article_162641.html

Within the context of secure applications, side channel attacks are a major threat. The main characteristic of these attacks is that they exploit physical syndromes, such as power consumption rather than Boolean data. Among all the known side channel attacks the differential power analysis appears as one of the most efficient. This attack constitutes the main topic of this paper. More precisely, a design oriented modelling of the syndrome (signature) obtained while performing Differential Power Analysis of Kocher is introduced. As a validation of this model, it is shown how it allows identifying the leaking nets and gates during the logical synthesis step. The technology considered herein is a 130nm process.

Dual rail logic is considered as a relevant hardware countermeasure against Differential Power Analysis (DPA) by making power consumption data independent. In this paper, we deduce from a thorough analysis of the robustness of dual rail logic against DPA the design range in which it can be considered as effectively robust. Surprisingly this secure design range is quite narrow. We therefore propose the use of an improved logic, called Secure Triple Track Logic, as an alternative to more conventional dual rail logics. To validate the claimed benefits of the logic introduced herein, we have implemented a sensitive block of the Data Encryption Standard algorithm (DES) and carried out by simulation DPA attacks.

Side channel attacks are known to be efficient techniques to retrieve secret data. In this context, this paper concerns the evaluation of the robustness of triple rail logic against power and electromagnetic analyses on FPGA devices. More precisely, it aims at demonstrating that the basic concepts behind triple rail logic are valid and may provide interesting design guidelines to get DPA resistant circuits which are also more robust against DEMA.

Side channel attacks are known to be efficient techniques to retrieve secret data. Within this context, the scope of this paper is to evaluate, on and for FPGA, the robustness of triple rail logic against power analyses. More precisely, this paper aims at demonstrating that the basic concepts on which leans this logic are valid and may provide interesting design guidelines to obtain DPA (Differential Power Analysis) resistant circuits.