Paper 2015/198
Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives
Pascal Sasdrich, Oliver Mischke, Amir Moradi, and Tim Güneysu
Abstract
Block Memory Content Scrambling (BMS), presented at CHES 2011, enables an effective way of first-order side-channel protection for cryptographic primitives at the cost of a significant reconfiguration time for the mask update. In this work we analyze alternative ways to implement dynamic first-order masking of AES with randomized look-up tables that can reduce this mask update time. The memory primitives we consider in this work include three distributed RAM components (RAM32M, RAM64M, and RAM256X1S) and one BRAM primitive (RAMB8BWER). We provide a detailed study of the area and time overheads of each implementation technique with respect to the operation (encryption) as well as reconfiguration (mask update) phase. We further compare the achieved security of each technique to prevent first-order side-channel leakages. Our evaluation is based on one of the most general forms of leakage assessment methodology known as non-specific t-test. Practical SCA evaluations (using a Spartan-6 FPGA platform) demonstrate that solely the BRAM primitive but none of the distributed RAM elements can be used to realize an SCA-protected implementation.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. COSADE 2015
- Keywords
- side-channel protectionFPGAmasking
- Contact author(s)
- pascal sasdrich @ rub de
- History
- 2015-03-04: received
- Short URL
- https://ia.cr/2015/198
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/198,
author = {Pascal Sasdrich and Oliver Mischke and Amir Moradi and Tim Güneysu},
title = {Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/198},
year = {2015},
url = {https://eprint.iacr.org/2015/198}
}
