Fundamental study on randomized processing in cryptographic IC using variable clock against Correlation Power Analysis

Correlation Power Analysis (CPA) is one of the typical side-channel analyses targeting cryptographic IC. CPA calculates the Poisson correlation function between transient currents (which are generated from a cryptographic IC depending on the processed data) and hypothetical current values and then recovers the secret key from a high number of correlation computations. Countermeasures against side-channel attacks mainly focus on algorithms and architecture at the design levels. These methods suffer from some problems, e.g., increase in processing time and circuit scale. This paper discusses a countermeasure against CPA, which can be relatively inexpensively and easily implemented. CPA calculates the correlation value between the transient current waveforms and hypothetical current values under the assumption that the specific process that leaks the secret key information is always performed after a certain time from the time when the cryptographic IC starts performing encryption or decryption and recovers the secret key. Therefore, we consider the possibility of randomizing the time when a cryptographic IC runs the process where the secret key information is leaked to suppress the leakage of side-channel information available in recovering the secret key. In this paper, we propose a method of changing the clock frequencies for each encryption or decryption to randomize the time. In our experiment, we employed Side-channel Attack Standard Evaluation Board (SASEBO-G) and implemented Advanced Encryption Standard (AES) on a field-programmable gate array (FPGA) of SASEBO-G. We measured the transient currents in a cryptographic FPGA that was supplied a spread-spectrum clock while it performs AES encryption. We calculated the correlation value between each transient current waveform and a hypothetical current value and demonstrated that this process is effective as a countermeasure against CPA.