| Presentation | 2022-03-08 Evaluation of Side-channel Leaks Specific to Unrolled AES Hardware Ayano Nakashima, Rei Ueno, Naofumi Homma, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | This paper presents the evaluation of a unique side-channel leakage occurred from the middle roundsof (pipelined) unrolled AES hardware. A full-round countermeasure is ideal for an unrolled implementation ofblock ciphers. However, for reducing the large hardware overhead, only the vulnerable rounds should be protected. Generally, the first and last rounds are vulnerable to side-channel attacks, and should be protected . In addition, recently the first few rounds could also be attacked with the same amount of computation as the first round. This isbecause the side channel leakage depending on the result of the first round occurs from the following rounds wherethe input diffusion is not sufficient. This leakage is unique to unrolled implementation. In this paper we evaluatethe presence or absence of such a unique leakage from the middle rounds of unrolled AES hardware by CPA. Inparticular, we propose a new power model to estimate the middle round leakage more accurately from the AESfirst round intermediate values. The conventional model employs the Hamming Distance (HD) value correspondingto the amount of the first round switching in order to perform CPAs with the middle round power consumption. But we found that this was not applicable to the diffusion characteristics of AES. The proposed model classifies theintermediate values directly by the difference value by an XOR operation in stead of the HD value, and considers theestimated power value as the HD value given by the key-averaged pre-computation. We demonstrate through CPAswith the proposed model that a unique side-channel leakage occurs even from the first several rounds of unrolledAES hardware. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Side-channel attacks / Block cipher / Unrolled implementation / AES / Differential power analysis |
| Paper # | VLD2021-100,HWS2021-77 |
| Date of Issue | 2022-02-28 (VLD, HWS) |
| Conference Information | |
| Committee | VLD / HWS |
|---|---|
| Conference Date | 2022/3/7(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Design Technology for System-on-Silicon, Hardware Security, etc. |
| Chair | Kazutoshi Kobayashi(Kyoto Inst. of Tech.) / Yasuhisa Shimazaki(Renesas Electronics) |
| Vice Chair | Minako Ikeda(NTT) / Makoto Nagata(Kobe Univ.) / Daisuke Suzuki(Mitsubishi Electric) |
| Secretary | Minako Ikeda(Osaka Univ.) / Makoto Nagata(NEC) / Daisuke Suzuki(NTT) |
| Assistant | |
| Paper Information | |
| Registration To | Technical Committee on VLSI Design Technologies / Technical Committee on Hardware Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Evaluation of Side-channel Leaks Specific to Unrolled AES Hardware |
| Sub Title (in English) | |
| Keyword(1) | Side-channel attacks |
| Keyword(2) | Block cipher |
| Keyword(3) | Unrolled implementation |
| Keyword(4) | AES |
| Keyword(5) | Differential power analysis |
| 1st Author's Name | Ayano Nakashima |
| 1st Author's Affiliation | Tohoku University(Tohoku Univ.) |
| 2nd Author's Name | Rei Ueno |
| 2nd Author's Affiliation | Tohoku University(Tohoku Univ.) |
| 3rd Author's Name | Naofumi Homma |
| 3rd Author's Affiliation | Tohoku University(Tohoku Univ.) |
| Date | 2022-03-08 |
| Paper # | VLD2021-100,HWS2021-77 |
| Volume (vol) | vol.121 |
| Number (no) | VLD-412,HWS-413 |
| Page | pp.pp.135-140(VLD), pp.135-140(HWS), |
| #Pages | 6 |
| Date of Issue | 2022-02-28 (VLD, HWS) |