Demonstrating an LPPN Processor

Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security Pub Date : 2018-01-15 DOI:10.1145/3266444.3266445

D. Kamel, Davide Bellizia, François-Xavier Standaert, D. Flandre, D. Bol

{"title":"Demonstrating an LPPN Processor","authors":"D. Kamel, Davide Bellizia, François-Xavier Standaert, D. Flandre, D. Bol","doi":"10.1145/3266444.3266445","DOIUrl":null,"url":null,"abstract":"Secure authentication is a necessary feature for the deployment of low-cost IoT devices. Due to their conceptual simplicity, protocols based on the Learning Parity with Noise (LPN) problem have been proposed as promising candidates for this purpose. However, recent research has shown that some implementation issues may limit the practical relevance of such protocols. First, they require a (Pseudo) Random number Generator (RNG) which may be expensive. Second, this RNG may be an easy target for side-channel analysis. The recently introduced Learning with Physical Noise (LPPN) assumption aims at mitigating these two issues. It removes the need of an RNG by directly performing erroneous computations, which is expected to lead to more efficient implementations and improved side-channel security. So far, the LPPN assumption has only been analyzed mathematically, and its feasibility discussed based on simulations, putting forward the possibility to control the error rate of an implementation thanks to frequency/voltage overscaling. In this paper, we confirm these promises by demonstrating a first prototype implementation of LPPN in a 28nm FDSOI CMOS technology which occupies an area of 19,400 μ m ^2$. We used a mixed 512-bit parallel/serial architecture in order to limit the exploitation of data-dependent errors with so-called filtering attacks. We additionally designed an on-chip feedback loop that adjusts a variable delay line in order to control the error rate, which prevents other attacks altering external parameters such as the supply voltage, operating temperature and clock frequency. Measurement results show that a simple authentication protocol based on LPPN would consumes 1 μJ per authentication at 0.45V supply. Combined with the excellent algorithmic properties of LPPN regarding security against side-channel and fault attacks, these concrete feasibility results therefore open the way towards the design of full authentication systems with high physical security, at lower cost than standard solutions based on block ciphers.","PeriodicalId":104371,"journal":{"name":"Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3266444.3266445","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Secure authentication is a necessary feature for the deployment of low-cost IoT devices. Due to their conceptual simplicity, protocols based on the Learning Parity with Noise (LPN) problem have been proposed as promising candidates for this purpose. However, recent research has shown that some implementation issues may limit the practical relevance of such protocols. First, they require a (Pseudo) Random number Generator (RNG) which may be expensive. Second, this RNG may be an easy target for side-channel analysis. The recently introduced Learning with Physical Noise (LPPN) assumption aims at mitigating these two issues. It removes the need of an RNG by directly performing erroneous computations, which is expected to lead to more efficient implementations and improved side-channel security. So far, the LPPN assumption has only been analyzed mathematically, and its feasibility discussed based on simulations, putting forward the possibility to control the error rate of an implementation thanks to frequency/voltage overscaling. In this paper, we confirm these promises by demonstrating a first prototype implementation of LPPN in a 28nm FDSOI CMOS technology which occupies an area of 19,400 μ m ^2$. We used a mixed 512-bit parallel/serial architecture in order to limit the exploitation of data-dependent errors with so-called filtering attacks. We additionally designed an on-chip feedback loop that adjusts a variable delay line in order to control the error rate, which prevents other attacks altering external parameters such as the supply voltage, operating temperature and clock frequency. Measurement results show that a simple authentication protocol based on LPPN would consumes 1 μJ per authentication at 0.45V supply. Combined with the excellent algorithmic properties of LPPN regarding security against side-channel and fault attacks, these concrete feasibility results therefore open the way towards the design of full authentication systems with high physical security, at lower cost than standard solutions based on block ciphers.

查看原文本刊更多论文

演示LPPN处理器

安全认证是部署低成本物联网设备的必要功能。由于其概念简单，基于噪声学习奇偶性(LPN)问题的协议已被提出作为这一目的的有希望的候选人。然而，最近的研究表明，一些实现问题可能会限制这些协议的实际相关性。首先，它们需要一个(伪)随机数生成器(RNG)，这可能很昂贵。其次，这种RNG可能是侧通道分析的一个容易的目标。最近引入的物理噪声学习(LPPN)假设旨在缓解这两个问题。它通过直接执行错误计算来消除对RNG的需求，这有望导致更有效的实现和改进的侧信道安全性。到目前为止，LPPN假设仅在数学上进行了分析，并在仿真的基础上讨论了其可行性，提出了通过频率/电压过标来控制实现错误率的可能性。在本文中，我们通过在28nm FDSOI CMOS技术上展示LPPN的第一个原型实现来证实这些承诺，该技术占地19,400 μ m ^2$。我们使用了一个混合的512位并行/串行架构，以限制所谓的过滤攻击对数据依赖错误的利用。我们还设计了一个片上反馈回路，调整可变延迟线以控制错误率，从而防止其他攻击改变外部参数，如电源电压，工作温度和时钟频率。测试结果表明，在0.45V电压下，基于LPPN的简单认证协议每次认证功耗为1 μJ。结合LPPN在抗侧信道和故障攻击方面的优异算法特性，这些具体的可行性结果为设计具有高物理安全性的完整认证系统开辟了道路，其成本低于基于分组密码的标准解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security

自引率

0.00%

发文量