Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box
(2012) Workshop on Cryptographic Hardware and Embedded Systems (CHES 2011) — Location: Nara (Japan) (28.September.2011)
Files
104.pdf
Open Access - Adobe PDF
- 473.39 KB
Details
- Authors
- Abstract
- In a recent work from Eurocrypt 2011, Renauld et al. discussed the impact of the increased variability in nanoscale CMOS devices on their evaluation against side-channel attacks. In this paper, we complement this work by analyzing an implementation of the AES S-box, in the DDSLL dual-rail logic style, using the same 65-nanometer technology. For this purpose, we first compare the performance results of the static CMOS and dual-rail S-boxes. We show that full custom design allows to nicely mitigate the performance drawbacks that are usually reported for dual-rail circuits. Next, we evaluate the side-channel leakages of these S-boxes, using both simulations and actual measurements. We take advantage of state-of-the-art evaluation tools, and discuss the quantity and nature (e.g. linearity) of the physical information they provide. Our results show that the security improvement of the DDSLL S-box is typically in the range of one order of magnitude (in terms of umber of traces to recover the key"). They also confirm the importance of a profiled information theoretic analysis for the worst-case security evaluation of leaking devices. They finally raise the important question whether dual-rail logic styles remain a promising approach for reducing the side-channel information leakages in front of technology scaling, as hardware constraints such as balanced routing may become increasingly challenging to fulfill, as circuit sizes tend towards the nanometer scale.
- Affiliations
Citations
Renauld, M., Kamel, D., Standaert, F.-X., & Flandre, D. (2012). Information Theoretic and Security Analysis of a 65-Nanometer DDSLL AES S-Box. Lecture Notes in Computer Science, 223-239. https://doi.org/10.1007/978-3-642-23951-9_15