Abstract
In this work, we present RAMBAM, a novel concept of designing countermeasures against side-channel attacks and the Statistical Ineffective Fault Attack (specifically SIFA-1) on AES that employs redundant representations of finite field elements. From this concept, we derive a family of protected hardware implementations of AES. A fundamental property of RAMBAM is a security parameter d that along with other attributes of the scheme allows for making trade-offs between gate count, maximal frequency, performance, level of robustness to the first and higher-order side-channel attacks, and protection against SIFA-1. We present an analytical model that explains how the scheme reduces the leakage and how the design choices affect it. Furthermore, we demonstrate experimentally how different design choices achieve the required goals. In particular, the compact version exhibits a gate count as low as 12.075 kGE, while maintaining adequate protection. The performance-oriented version provides latency as low as one round per cycle, thus combining protection against SCA and SIFA-1 with high performance which is one of the original design goals of AES. Finally, we assess the leakage of the scheme for the first and the second (bivariate) orders using TVLA methodology on an FPGA implementation and observe resilience to at least 348M traces with 16 Sboxes.
Highlights
As Kocher et al [KJJ99] have shown in their seminal work, cryptographic secrets, e.g. keys, can be discovered using side-channel attacks that exploit the correlation between intermediate values of the internal state of the cryptographic algorithm and a physical signal, such as power consumption or electromagnetic emanation
We present a general scheme of AES protection which we called RAMBAM (Redundancy AES Masking Basis for Attack Mitigation) protected against both side-channel attacks and SIFA-1, based on the mathematical foundations similar to [GT03] and [WHB99]
– A security parameter that enables trade-offs between security and gate count – Protection against side-channel attacks of any order, with side channel leakage that rapidly decreases as a function of the security parameter – Inherent protection against SIFA-1 up to four simultaneous faults in the internal state register – A trade-off between gate count and latency, with minimal latency of one round per cycle, a latency not feasible in the glitch masking approach – High throughput per gate
Summary
As Kocher et al [KJJ99] have shown in their seminal work, cryptographic secrets, e.g. keys, can be discovered using side-channel attacks that exploit the correlation between intermediate values of the internal state of the cryptographic algorithm and a physical signal, such as power consumption or electromagnetic emanation. The number of shares (and the gate count, performance, and amount of required random bits) in any glitch masking scheme depends on the maximal order of the attack, against which the scheme is intended to be robust. – A security parameter that enables trade-offs between security and gate count – Protection against side-channel attacks of any order, with side channel leakage that rapidly decreases as a function of the security parameter – Inherent protection against SIFA-1 up to four simultaneous faults in the internal state register – A trade-off between gate count and latency, with minimal latency of one round per cycle, a latency not feasible in the glitch masking approach – High throughput per gate
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have