A Low-Overhead Countermeasure against Differential Power Analysis for AES Block Cipher

This paper presents the employment of a DPA attack on the NIST (National Institute of Standards and Technology) standardized AES (advance encryption standard) protocol for key retrieval and prevention. Towards key retrieval, we applied the DPA attack on AES to obtain a 128-bit secret key by measuring the power traces of the computations involved in the algorithm. In resistance to the DPA attack, we proposed a countermeasure, or a new modified masking scheme, comprising (i) Boolean and (ii) multiplicative masking, for linear and non-linear operations of AES, respectively. Furthermore, we improved the complexity involved in Boolean masking by introducing Rebecca’s approximation. Moreover, we provide a novel solution to tackle the zero mask problem in multiplicative masking. To evaluate the power traces, we propose our custom correlation technique, which results in a decrease in the calculation time. The synthesis results for original implementation (without countermeasure) and inclusion of countermeasure are given on a Zynq 7020 FPGA (Artix-7 device). It takes 424 FPGA slices when implemented without considering the countermeasure, whereas 714 slices are required to implement AES with the inclusion of the proposed countermeasure. Consequently, the implementation results provide the acceptability of this work for area-constrained applications that require prevention against DPA attacks.

The Design of Compact SM4 Encryption and Decryption Circuits That Are Resistant to Bypass Attack

In order to achieve the purpose of defending against side channel attacks, a compact SM4 circuit was designed based on the mask and random delay technique, and the linear transformation module was designed with random insertion of the pseudo operation method. By analyzing the glitch data generated by the S-box of SM4 with different inputs, the security against glitch attacks was confirmed. Then, the DPA (Differential Power Analysis) was performed on the designed circuit. The key could not be successfully obtained even in the case of 100,000 power curves, so that the safety of SM4 against DPA is verified. Finally, using Synopsys DC (Design Compiler, Mountain View, CA94043DC, USA) to synthesize the designed circuit, the results show that the area of the designed circuit in the SMIC 0.18 process is 82,734 μm2, which is 48% smaller than results reported in other papers.

The Notion of Transparency Order, Revisited

We revisit the definition of transparency order (TO) and that of modified transparency order (MTO) as well, which were proposed to measure the resistance of substitution boxes (S-boxes) against differential power analysis (DPA). We spot a definitional flaw in original TO, which is proved to significantly affect the soundness of TO. Regretfully, MTO overlooks this flaw, yet it happens to incur no bad effects on the correctness of MTO, even though the start point of this formulation is highly questionable. It is also this neglect that made MTO consider a variant of multi-bit DPA attack, which was mistakenly thought to appropriately serve as an alternative powerful attack. This implies the soundness of MTO is also more or less arguable. Therefore, we fix this definitional flaw and provide a revised definition named reVisited TO (VTO). For demonstrating validity and soundness of VTO, we present simulated and practical DPA attacks on implementations of $4\times 4$ and $8\times 8$ S-boxes. In addition, we also illustrate the soundness of VTO in masked S-boxes. Furthermore, as a concrete application of VTO, we present the distribution of VTO values of optimal affine equivalence classes of $4\times 4$ S-boxes and give some recommended guidelines on how to select $4\times 4$ S-boxes with higher DPA resistance at the identical level of implementation cost.

ЭЛЕКТРОМАГНИТНЫЙ АНАЛИЗ КРИПТОГРАФИЧЕСКИХ МИКРОСХЕМ, "Электронная техника. Серия 3. Микроэлектроника"

В рамках работы продемонстрирована комбинация кластеризации и PCA для подготовки измерений к Correlation Power Analysis или Differential Power Analysis [1].