Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation

Rei Ueno; Naofumi Homma; Takafumi Aoki

doi:10.1007/978-3-319-64647-3_4

Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation

Rei Ueno, Naofumi Homma, Takafumi Aoki

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

23 Citations (Scopus)

Abstract

This paper presents a highly efficient AES hardware architecture resistant to differential power analyses (DPAs) on the basis of threshold implementation (TI). In contrast to other conventional masking schemes, the major feature of TI is to guarantee DPA-resistance under d-probing condition at the resister-transfer level (RTL). On the other hand, TI utilizes pipelining techniques between the non-linear functions to avoid propagating glitches, which would lead to non-negligible overheads of circuit area and latency. In this paper, we first propose a compact first-order TI-based AES S-box which has a major effect on the performance and DPA-resistance of AES hardware. The proposed S-box exploits a state-of-the-art TI construction with d+1 shares in addition to the algebraic characteristics of AES S-box. We then propose an efficient AES hardware architecture suitable with the above TI-based S-box. The architectural advantage is given by register-retiming and tower-field arithmetic techniques. The performance of the proposed AES hardware was evaluated in comparison with that of conventional best ones. The logic synthesis result suggests that the proposed AES hardware architecture achieves more compact and 11–21% lower-latency than the conventional ones, which indicates that the proposed architecture can perform encryption based on TI with the lowest-energy. We also confirm the DPA-resistance of the proposed AES hardware by the Test Vector Leakage Assessment (TVLA) methodology with its FPGA implementation.

Original language	English
Title of host publication	Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Revised Selected Papers
Editors	Sylvain Guilley
Publisher	Springer Verlag
Pages	50-64
Number of pages	15
ISBN (Print)	9783319646466
DOIs	https://doi.org/10.1007/978-3-319-64647-3_4
Publication status	Published - 2017
Event	8th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2017 - Paris, France Duration: 2017 Apr 13 → 2017 Apr 14

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10348 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	8th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2017
Country/Territory	France
City	Paris
Period	17/4/13 → 17/4/14

Keywords

AES
DPA
Hardware implementation
Side-channel attacks
Threshold implementation

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-64647-3_4

Cite this

Ueno, R., Homma, N., & Aoki, T. (2017). Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation. In S. Guilley (Ed.), Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Revised Selected Papers (pp. 50-64). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10348 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-64647-3_4

Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation. / Ueno, Rei ; Homma, Naofumi ; Aoki, Takafumi.
Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Revised Selected Papers. ed. / Sylvain Guilley. Springer Verlag, 2017. p. 50-64 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10348 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ueno, R , Homma, N & Aoki, T 2017, Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation. in S Guilley (ed.), Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10348 LNCS, Springer Verlag, pp. 50-64, 8th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2017, Paris, France, 17/4/13. https://doi.org/10.1007/978-3-319-64647-3_4

Ueno R , Homma N , Aoki T. Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation. In Guilley S, editor, Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Revised Selected Papers. Springer Verlag. 2017. p. 50-64. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-64647-3_4

Ueno, Rei ; Homma, Naofumi ; Aoki, Takafumi. / Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation. Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Revised Selected Papers. editor / Sylvain Guilley. Springer Verlag, 2017. pp. 50-64 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7061e64fdd1746008b68779db407fbfa,

title = "Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation",

abstract = "This paper presents a highly efficient AES hardware architecture resistant to differential power analyses (DPAs) on the basis of threshold implementation (TI). In contrast to other conventional masking schemes, the major feature of TI is to guarantee DPA-resistance under d-probing condition at the resister-transfer level (RTL). On the other hand, TI utilizes pipelining techniques between the non-linear functions to avoid propagating glitches, which would lead to non-negligible overheads of circuit area and latency. In this paper, we first propose a compact first-order TI-based AES S-box which has a major effect on the performance and DPA-resistance of AES hardware. The proposed S-box exploits a state-of-the-art TI construction with d+1 shares in addition to the algebraic characteristics of AES S-box. We then propose an efficient AES hardware architecture suitable with the above TI-based S-box. The architectural advantage is given by register-retiming and tower-field arithmetic techniques. The performance of the proposed AES hardware was evaluated in comparison with that of conventional best ones. The logic synthesis result suggests that the proposed AES hardware architecture achieves more compact and 11–21% lower-latency than the conventional ones, which indicates that the proposed architecture can perform encryption based on TI with the lowest-energy. We also confirm the DPA-resistance of the proposed AES hardware by the Test Vector Leakage Assessment (TVLA) methodology with its FPGA implementation.",

keywords = "AES, DPA, Hardware implementation, Side-channel attacks, Threshold implementation",

author = "Rei Ueno and Naofumi Homma and Takafumi Aoki",

note = "Funding Information: Acknowledgments. This research has been supported by JSPS KAKENHI Grants No. 16K12436 and No. 16J05711. Publisher Copyright: {\textcopyright} 2017, Springer International Publishing AG.; 8th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2017 ; Conference date: 13-04-2017 Through 14-04-2017",

year = "2017",

doi = "10.1007/978-3-319-64647-3_4",

language = "English",

isbn = "9783319646466",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "50--64",

editor = "Sylvain Guilley",

booktitle = "Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Revised Selected Papers",

}

TY - GEN

T1 - Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation

AU - Ueno, Rei

AU - Homma, Naofumi

AU - Aoki, Takafumi

PY - 2017

Y1 - 2017

N2 - This paper presents a highly efficient AES hardware architecture resistant to differential power analyses (DPAs) on the basis of threshold implementation (TI). In contrast to other conventional masking schemes, the major feature of TI is to guarantee DPA-resistance under d-probing condition at the resister-transfer level (RTL). On the other hand, TI utilizes pipelining techniques between the non-linear functions to avoid propagating glitches, which would lead to non-negligible overheads of circuit area and latency. In this paper, we first propose a compact first-order TI-based AES S-box which has a major effect on the performance and DPA-resistance of AES hardware. The proposed S-box exploits a state-of-the-art TI construction with d+1 shares in addition to the algebraic characteristics of AES S-box. We then propose an efficient AES hardware architecture suitable with the above TI-based S-box. The architectural advantage is given by register-retiming and tower-field arithmetic techniques. The performance of the proposed AES hardware was evaluated in comparison with that of conventional best ones. The logic synthesis result suggests that the proposed AES hardware architecture achieves more compact and 11–21% lower-latency than the conventional ones, which indicates that the proposed architecture can perform encryption based on TI with the lowest-energy. We also confirm the DPA-resistance of the proposed AES hardware by the Test Vector Leakage Assessment (TVLA) methodology with its FPGA implementation.

AB - This paper presents a highly efficient AES hardware architecture resistant to differential power analyses (DPAs) on the basis of threshold implementation (TI). In contrast to other conventional masking schemes, the major feature of TI is to guarantee DPA-resistance under d-probing condition at the resister-transfer level (RTL). On the other hand, TI utilizes pipelining techniques between the non-linear functions to avoid propagating glitches, which would lead to non-negligible overheads of circuit area and latency. In this paper, we first propose a compact first-order TI-based AES S-box which has a major effect on the performance and DPA-resistance of AES hardware. The proposed S-box exploits a state-of-the-art TI construction with d+1 shares in addition to the algebraic characteristics of AES S-box. We then propose an efficient AES hardware architecture suitable with the above TI-based S-box. The architectural advantage is given by register-retiming and tower-field arithmetic techniques. The performance of the proposed AES hardware was evaluated in comparison with that of conventional best ones. The logic synthesis result suggests that the proposed AES hardware architecture achieves more compact and 11–21% lower-latency than the conventional ones, which indicates that the proposed architecture can perform encryption based on TI with the lowest-energy. We also confirm the DPA-resistance of the proposed AES hardware by the Test Vector Leakage Assessment (TVLA) methodology with its FPGA implementation.

KW - AES

KW - DPA

KW - Hardware implementation

KW - Side-channel attacks

KW - Threshold implementation

UR - http://www.scopus.com/inward/record.url?scp=85028471416&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85028471416&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-64647-3_4

DO - 10.1007/978-3-319-64647-3_4

M3 - Conference contribution

AN - SCOPUS:85028471416

SN - 9783319646466

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 50

EP - 64

BT - Constructive Side-Channel Analysis and Secure Design - 8th International Workshop, COSADE 2017, Revised Selected Papers

A2 - Guilley, Sylvain

PB - Springer Verlag

T2 - 8th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2017

Y2 - 13 April 2017 through 14 April 2017

ER -

Toward More Efficient DPA-Resistant AES Hardware Architecture Based on Threshold Implementation

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this