As most of the DPA-resistant logic is based on dual-rails, properly implementing them is a challenging task on FPGAs which is due to their fixed architecture and missing freedom in the design tools. While previous works show a significant security gain when using such logic on FPGAs, we demonstrate this only holds for power-analysis. In contrast, our attack using high-resolution electromagnetic analysis is able to exploit local characteristics of the placement and routing such that only a marginal security gain remains, therefore creating a severe threat.
To further analyze the properties of both attack and implementation, we develop a custom placer to improve the default placement of the analyzed AES S-box. Different cost functions for the placement are tested and evaluated w.r.t. the resulting side-channel resistance on a Spartan-6 FPGA. As a result, we are able to more than double the resistance of the design compared to cases not benefiting from the custom placement.
Category / Keywords: Side-Channel Analysis, Dual-Rail, Localized EM, Placement, Routing Original Publication (in the same form): IACR-CHES-2017 Date: received 22 Jun 2017 Contact author: vincent immler at aisec fraunhofer de Available format(s): PDF | BibTeX Citation Version: 20170626:153312 (All versions of this report) Short URL: ia.cr/2017/608 Discussion forum: Show discussion | Start new discussion