Syn-STELLAR: An EM/Power SCA-Resilient AES-256 With Synthesis-Friendly Signature Attenuation

Autor: Santosh Ghosh, Shreyas Sen, Debayan Das, Josef Danial, Vivek De, Archisman Ghosh
Rok vydání: 2022
Předmět:
Zdroj: IEEE Journal of Solid-State Circuits. 57:167-181
ISSN: 1558-173X
0018-9200
DOI: 10.1109/jssc.2021.3113335
Popis: Mathematically secure cryptographic algorithms leak meaningful side-channel information in the form of correlated power and electromagnetic (EM) signals, leading to physical side-channel analysis (SCA) attacks. Circuit-level countermeasures against power/EM SCA include a current equalizer, IVR, non-linear LDOs, enhancing protection up to 10M traces, and current-domain signature attenuation (CDSA), and randomized NL-LDO cascaded with arithmetic countermeasures achieved protection up to >1B. This work embraces the concept of analog CDSA but makes it easily scalable over technology nodes with digital-friendly current sources, digital control loop, and digital bleed path to increase the MTD from 10M to 250M (25x improvement, using a single digital countermeasure). Ring oscillator (RO) used as the bleed path to bypass encryption-dependent leakage acts as local negative feedback (LNFB). Besides, based on RO oscillation frequency, AES node voltage can be tuned at startup, PVT, or frequency variation. Thus, RO acts as integrated LNFB and global feedback for the digital signature attenuation circuit (DSAC). Another circuit technique, namely, the time-varying transfer function (TVTF), removes the requirement of dc bias in the current-domain equalizer (best switch capacitor-based countermeasure till date) to make it digital and utilizes switch cap-based circuit for time-domain obfuscation to achieve enhanced security. This work, namely, Syn-STELLAR: SYNthesis-friendly Signature aTtenuation Embedded crypto with Low-Level metAl Routing, combines both DSAC and TVTF techniques to achieve an MTD>1.25B for both EM and power SCA, which is 25% higher than the existing state of the art. The 65-nm CMOS test chip contains unprotected and both the protected (DSAC and DSAC-TVTF) parallel AES-256 implementation. This implementation is the first synthesis-friendly countermeasure, which converges two analog-type strong protections (signature attenuation and switched cap current equalizer) in a digital-friendly solution and achieves >1.25B MTD with power and area overheads comparable to previous circuit-level countermeasures.
Databáze: OpenAIRE