RUHR-UNIVERSITÄT BOCHUM Unrolled Cryptography on Silicon A Physical Security Analysis Thorben Moos Ruhr University Bochum, Horst Görtz Institute for IT Security, Germany September 15th, 2020
Section 1 Introduction Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 1
RUHR-UNIVERSITÄT BOCHUM Target Introduction Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 2
RUHR-UNIVERSITÄT BOCHUM Background Introduction • Cryptographic primitives with high-speed (low-latency) performance in hardware have received growing attention in the last decade • This design goal requires a short critical path as a fully-unrolled combinatorial circuit without memory elements • PRINCE has been developed for high-speed single-cycle encryption and decryption at moderate hardware cost • Tempting for many different applications, e.g., memory encryption Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 3
RUHR-UNIVERSITÄT BOCHUM PRINCE Introduction PRINCE core k ′ k 0 0 RC 0 RC 1 RC 2 RC 3 RC 4 RC 5 RC 6 RC 7 RC 8 RC 9 RC 10 RC 11 R 0 R 1 R 2 R 3 R 4 R 5 R -1 R -1 R -1 R -1 R -1 R -1 SR -1 M ′ SR 6 7 8 9 10 11 k 1 RC i RC i k 1 M -1 S -1 S M Source: TikZ for Cryptographers, https://www.iacr.org/authors/tikz, Author Jérémy Jean Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 4
RUHR-UNIVERSITÄT BOCHUM Motivation 1 Introduction • Unrolled circuits are hard to protect against SCA attacks • Glitch-resistant masking is arguably the most relevant class of SCA countermeasures for hardware circuits • It can not easily be applied to unrolled circuits as it requires registers as synchronization stages • Generic low-latency masking [1] causes an exponential increase in the circuit size when trying to avoid register stages • However, it has been reported that the high parallelism, asynchronicity and speed of execution of unrolled circuits create an inherent resistance to side-channel attacks Source: [1] Gross et al., Generic Low-Latency Masking in Hardware, TCHES Volume 2018 Issue 2 Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 5
RUHR-UNIVERSITÄT BOCHUM Motivation 2 Introduction • Previous works on the physical security of unrolled PRINCE are all FPGA-based • According to [2] an FPGA implementation occupies about 35 × as much area, consumes about 14 × as much dynamic power and is more than 4 × slower than an equivalent standard-cell-based ASIC design • Hard to transfer conclusions from one platform to the other • Static leakage of unrolled circuits has not been considered as a threat to such implementations yet Source: [2] Kuon et al., Measuring the Gap Between FPGAs and ASICs, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2007 Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 6
RUHR-UNIVERSITÄT BOCHUM Gate-Level Simulations Introduction • 9 169 logic gates corresponding to 10 036 (GE), synthesized for 200 MHz • 114 803 gate transitions (avg) for random plaintext and key transition, 96% glitches • 56 920 gate transitions (avg) for random plaintext transition, 92% glitches Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 7
Section 2 Experimental Results Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 8
RUHR-UNIVERSITÄT BOCHUM No Reset Dynamic Power Analysis 1 Power cons. 0 -1 0 100 200 300 400 500 600 Time samples 0.12 0.1 Correlation Correlation 0.1 0.05 0.08 0 0 100 200 300 400 500 600 1 2 3 4 5 Time samples Number of measurements 10 5 Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 9
RUHR-UNIVERSITÄT BOCHUM Plaintext Reset to Zero Dynamic Power Analysis 1 200 Power cons. t-statistics 100 0 0 -1 0 100 200 300 400 500 600 0 100 200 300 400 500 600 Time samples Time samples Frequ. of occur. 200 fixed 200 t-statistics random 100 100 0 0 0 50 100 150 200 250 300 0 2000 4000 6000 8000 10000 Power consumption Number of measurements Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 10
RUHR-UNIVERSITÄT BOCHUM Plaintext and Key Reset to Zero Dynamic Power Analysis 1 Power cons. 0 t-statistics 0 -20 -1 -40 -2 -60 0 100 200 300 400 500 600 0 100 200 300 400 500 600 Time samples Time samples Frequ. of occur. fixed 60 200 t-statistics random 40 100 20 0 0 0 50 100 150 0 2000 4000 6000 8000 10000 Power consumption Number of measurements Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 11
RUHR-UNIVERSITÄT BOCHUM Plaintext Reset to Random Value Dynamic Power Analysis 1 Power cons. 20 t-statistics 0 10 0 -1 0 100 200 300 400 500 600 0 100 200 300 400 500 600 Time samples Time samples Frequ. of occur. fixed 80 20 t-statistics random 60 40 10 20 0 0 0 50 100 150 200 250 300 0 2000 4000 6000 8000 10000 Power consumption Number of measurements Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 12
RUHR-UNIVERSITÄT BOCHUM Plaintext and Key Reset to Random Value Dynamic Power Analysis 1 Power cons. 20 t-statistics 0 10 -1 0 -2 0 100 200 300 400 500 600 0 100 200 300 400 500 600 Time samples Time samples Frequ. of occur. fixed 20 t-statistics 100 random 50 10 0 0 0 50 100 150 200 250 300 0 2000 4000 6000 8000 10000 Power consumption Number of measurements Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 13
RUHR-UNIVERSITÄT BOCHUM Plaintext and Key Reset to Random Value Dynamic Power Analysis Reset Type Attack Best Power Model Found Rec. Nib. HD(S( p i − 1, j ⊕ ˆ k j ), S( p i , j ⊕ ˆ no reset CPA k j )) 16/16 HD(S(0 ⊕ ˆ k j ), S( p i , j ⊕ ˆ plain zero CPA k j )) 7/16 HD(S(0 ⊕ 0), S( p i , j ⊕ ˆ plain and key zero CPA k j )) 5/16 HW(S( p i , j ⊕ ˆ plain random CPA k j )) 2/16 HW(S( p i , j ⊕ ˆ plain and key random CPA k j )) 3/16 Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 14
RUHR-UNIVERSITÄT BOCHUM Signal-to-Noise-Ratio (SNR) Dynamic Power Analysis 0.4 0.3 0.04 SNR SNR 0.2 0.02 0.1 0 0 2 4 6 8 10 12 2 4 6 8 10 12 Round Round 0.003 0.02 0.002 SNR SNR 0.01 0.001 0 0 2 4 6 8 10 12 2 4 6 8 10 12 Round Round Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 15
RUHR-UNIVERSITÄT BOCHUM Static Power Results Static Power Analysis Frequ. of occur. 100 fixed 200 t-statistics random 50 100 0 0 0 50 100 150 200 250 300 0 2000 4000 6000 8000 10000 Power consumption Number of measurements Correlation Correlation 0.04 0.04 0.02 0.02 0 0 1 2 3 4 5 1 2 3 4 5 10 5 10 5 Number of measurements Number of measurements Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 16
RUHR-UNIVERSITÄT BOCHUM Static Power Results Static Power Analysis Round Attack Best Power Model Found Rec. Nib. LSB(S( p i , j ⊕ ˆ k j )) first CPA 15/16 LSB(S( c i , j ⊕ ˆ last CPA k ′ j )) 16/16 Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 17
RUHR-UNIVERSITÄT BOCHUM Signal-to-Noise-Ratio (SNR) Static Power Analysis static 0.03 dynamic 0.02 SNR 0.01 0 2 4 6 8 10 12 Round Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 18
RUHR-UNIVERSITÄT BOCHUM Conclusion • Protecting unrolled circuits without causing severe area or latency penalties is hard • Some simple usage principles deliver promising results • Resetting the plaintext input of an unrolled cipher to a random value between encryptions makes is effective against information leakage through the dynamic power • Static power adversaries can remain dangerous in such a scenario if clock control is an option or if other mistakes are made • Due to its nature the static power consumption is often the easiest way to extract the full 128-bit key of unrolled PRINCE because each round can be targeted with the same effort Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 19
Thank you for your attention. Any questions? Thorben Moos | Unrolled Cryptography on Silicon | September 15th, 2020 20
Recommend
More recommend
