36.2 An EM/Power SCA-Resilient AES-256 with Synthesizable Signature Attenuation Using Digital-Friendly Current Source and RO-Bleed-Based Integrated Local Feedback and Global Switched-Mode Control

Abstract

Mathematically secure cryptographic algorithms leak side-channel information in the form of correlated power and electromagnetic (EM) signals, leading to physical side-channel analysis (SCA) attacks. Circuit-level countermeasures against power/EM SCA include current equalizer [1], series LDO [2], IVR [3], enhancing protection up to 10M traces. Recently, current domain signature attenuation [4] and randomized NL-LDO cascaded with arithmetic countermeasures [5] achieved $\gt1\mathrm{B}$ minimum traces to disclosure (MTD) with a single and two countermeasures, respectively. Among these, the highest protection with a single strategy is achieved using signature attenuation [4], [6], which utilized a current source making the supply current mostly constant. While being highly resilient to SCA, [4] required analog-biased cascode current sources and an analog bleed path, making it not easily scalable across different technology generations. Conversely, [2], [5] are synthesizable but a single countermeasure only achieved moderate protection (up to 10M MTD). This work embraces the concept of signature attenuation in the current domain, but makes it fully-synthesizable with digital current sources, control loop and the bleed to increase the MTD from 10M [5] to $250\mathrm{M} (25 \times $ improvement, Fig. 36.2.1) using a single synthesizable countermeasure. Finally, combining the digital signature attenuation circuit (DSAC) with a second synthesizable generic technique in the form of a time-varying transfer function (TVTF), this work achieves an MTD $\gt1.25\mathrm{B}$ for both EM and power SCA.