Intra-Masking Dual-Rail Memory on LUT Implementation for SCA-Resistant AES on FPGA

摘要

In current countermeasure design trends against differential power analysis (DPA), security at gate level is required in addition to the security algorithm. Several dual-rail pre-charge logics (DPL) have been proposed to achieve this goal. Designs using ASIC can attain this goal owing to its backend design restrictions on placement and routing. However, implementing these designs on field programmable gate arrays (FPGA) without information leakage is still a problem because of the difficulty involved in the restrictions on placement and routing on FPGA. This article describes our novel masked dual-rail pre-charged memory approach, called "intra-masking dual-rail memory (IMDRM) on LUT", and its implementation on FPGA for Side-Channel Attack-resistant (SCA-resistant) AES. In the proposed design, all unsafe nodes, such as unmasking and masking, and parts of dual-rail memory with unsafe buses (buses that are not masked) are packed into a single LUT. This makes them balanced and independent of the placement and routing tools. Inputs and outputs of all LUTs are masked, and so can be considered safe signals. Several LUTs can be combined to create a safe SBox. The design is independent of the cryptographic algorithm, and hence, it can be applied to available cryptographic standards such as DES or AES as well as future standards. It requires no special placement or route constraints in its implementation. A correlation power analysis (CPA) attack on 1,000,000 traces of AES implementation on FPGA showed that the secret information is well protected against first-order side-channel attacks. Even though the number of LUTs used for memory in this implementation is seven times greater than that of the conventional unprotected single-rail memory table-lookup AES and three times greater than the implementation based on a composite field, it requires a smaller number of LUTs than all other advanced SCA-resistant implementations such as the wave dynamic differential logic, masked dual-rail pre-charge logic, and threshold.