Cryptology ePrint Archive: Report 2015/198

Side-Channel Protection by Randomizing Look-Up Tables on Reconfigurable Hardware - Pitfalls of Memory Primitives

Pascal Sasdrich and Oliver Mischke and Amir Moradi and Tim GŁneysu

Abstract: Block Memory Content Scrambling (BMS), presented at CHES 2011, enables an effective way of first-order side-channel protection for cryptographic primitives at the cost of a significant reconfiguration time for the mask update. In this work we analyze alternative ways to implement dynamic first-order masking of AES with randomized look-up tables that can reduce this mask update time. The memory primitives we consider in this work include three distributed RAM components (RAM32M, RAM64M, and RAM256X1S) and one BRAM primitive (RAMB8BWER). We provide a detailed study of the area and time overheads of each implementation technique with respect to the operation (encryption) as well as reconfiguration (mask update) phase. We further compare the achieved security of each technique to prevent first-order side-channel leakages. Our evaluation is based on one of the most general forms of leakage assessment methodology known as non-specific t-test. Practical SCA evaluations (using a Spartan-6 FPGA platform) demonstrate that solely the BRAM primitive but none of the distributed RAM elements can be used to realize an SCA-protected implementation.

Category / Keywords: implementation / side-channel protection, FPGA, masking,

Original Publication (in the same form): COSADE 2015

Date: received 4 Mar 2015

Contact author: pascal sasdrich at rub de

Available format(s): PDF | BibTeX Citation

Version: 20150304:164249 (All versions of this report)

Short URL: ia.cr/2015/198

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]