Norbert Pramstaller, Frank K. Gürkaynak, S. Haene, H. Kaeslin, N. Felber, W. Fichtner
{"title":"一种抗差分功率分析的AES加密芯片","authors":"Norbert Pramstaller, Frank K. Gürkaynak, S. Haene, H. Kaeslin, N. Felber, W. Fichtner","doi":"10.1109/ESSCIR.2004.1356679","DOIUrl":null,"url":null,"abstract":"Differential power analysis (DPA) implies measuring the supply current of a cipher-circuit in an attempt to uncover part of a cipher-key. Cryptographic security gets compromised if the current waveforms so obtained correlate with those from a hypothetical power model of the circuit. Such correlations can be minimized by masking datapath operations with random bits in a reversible way. We analyze such countermeasures and discuss how they perform and how well they lend themselves to being incorporated into dedicated hardware implementations of the advanced encryption standard (AES) block cipher. Our favorite masking scheme entails a performance penalty of some 40-50%. We also present a VLSI design that can serve for practical experiments with DPA.","PeriodicalId":294077,"journal":{"name":"Proceedings of the 30th European Solid-State Circuits Conference","volume":"109 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"50","resultStr":"{\"title\":\"Towards an AES crypto-chip resistant to differential power analysis\",\"authors\":\"Norbert Pramstaller, Frank K. Gürkaynak, S. Haene, H. Kaeslin, N. Felber, W. Fichtner\",\"doi\":\"10.1109/ESSCIR.2004.1356679\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Differential power analysis (DPA) implies measuring the supply current of a cipher-circuit in an attempt to uncover part of a cipher-key. Cryptographic security gets compromised if the current waveforms so obtained correlate with those from a hypothetical power model of the circuit. Such correlations can be minimized by masking datapath operations with random bits in a reversible way. We analyze such countermeasures and discuss how they perform and how well they lend themselves to being incorporated into dedicated hardware implementations of the advanced encryption standard (AES) block cipher. Our favorite masking scheme entails a performance penalty of some 40-50%. We also present a VLSI design that can serve for practical experiments with DPA.\",\"PeriodicalId\":294077,\"journal\":{\"name\":\"Proceedings of the 30th European Solid-State Circuits Conference\",\"volume\":\"109 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-11-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"50\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 30th European Solid-State Circuits Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ESSCIR.2004.1356679\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 30th European Solid-State Circuits Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ESSCIR.2004.1356679","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards an AES crypto-chip resistant to differential power analysis
Differential power analysis (DPA) implies measuring the supply current of a cipher-circuit in an attempt to uncover part of a cipher-key. Cryptographic security gets compromised if the current waveforms so obtained correlate with those from a hypothetical power model of the circuit. Such correlations can be minimized by masking datapath operations with random bits in a reversible way. We analyze such countermeasures and discuss how they perform and how well they lend themselves to being incorporated into dedicated hardware implementations of the advanced encryption standard (AES) block cipher. Our favorite masking scheme entails a performance penalty of some 40-50%. We also present a VLSI design that can serve for practical experiments with DPA.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
