A 4900-$\mu$ m2 839-Mb/s Side-Channel Attack- Resistant AES-128 in 14-nm CMOS With Heterogeneous Sboxes, Linear Masked MixColumns, and Dual-Rail Key Addition

Autor: Himanshu Kaul, Mark A. Anders, Vikram B. Suresh, Steven K. Hsu, Sanu Mathew, Gregory K. Chen, Sudhir K. Satpathy, Raghavan Kumar, Ram Krishnamurthy, Amit Agarwal, Monodeep Kar, Vivek De
Rok vydání: 2020
Předmět:
Zdroj: IEEE Journal of Solid-State Circuits. 55:945-955
ISSN: 1558-173X
0018-9200
DOI: 10.1109/jssc.2019.2960482
Popis: Cryptographic circuits such as advanced encryption standard (AES) are vulnerable to correlation power analysis (CPA) side-channel attacks (SCAs), where an adversary monitors chip supply current signatures or electromagnetic (EM) emissions to decipher the value of embedded keys. This article describes an all-digital, fully synthesizable SCA-resistant 16-b serial AES-128 hardware accelerator fabricated in 14-nm CMOS, occupying 4900 $\mu \text{m}^{2}$ . Randomized byte-order shuffling through heterogeneous Sboxes, linear masked MixColumns, and dual-rail AddRoundKey circuits enable: 1) 9.2 $\times $ lower correlation between current signatures and hamming distance (HD)/hamming weight (HW) power models compared to an unprotected AES implemented in 14-nm CMOS; 2) 2.3 $\times $ attenuation of a correlation ratio for correct key guesses; 3) 839-Mb/s encryption throughput with 11-mW total power consumption measured at 750 mV, 25 °C; 4) peak energy efficiency of 390 Gbps/W measured at an energy optimal point of 290 mV, 25 °C, representing an overhead of 23% over the unprotected AES engine; 5) 1200 $\times $ improvement in minimum-traces-to-disclosure (MTD) over an unprotected AES accelerator, with no successful CPA attacks observed after 12M encryptions; and 7) >1100 ${\times }$ improvement in test vector leakage assessment (TVLA) metric in power and EM time- and frequency-domain analyses.
Databáze: OpenAIRE
Externí odkaz: