Cryptology ePrint Archive: Report 2015/727

DPA, Bitslicing and Masking at 1 GHz

Josep Balasch and Benedikt Gierlichs and Oscar Reparaz and Ingrid Verbauwhede

Abstract: We present DPA attacks on an ARM Cortex-A8 processor running at 1 GHz. This high-end processor is typically found in portable devices such as phones and tablets. In our case, the processor sits in a single board computer and runs a full-fledged Linux operating system. The targeted AES implementation is bitsliced and runs in constant time and constant flow. We show that, despite the complex hardware and software, high clock frequencies and practical measurement issues, the implementation can be broken with DPA starting from a few thousand measurements of the electromagnetic emanation of a decoupling capacitor near the processor. To harden the bitsliced implementation against DPA attacks, we mask it using principles of hardware gate-level masking. We evaluate the security of our masked implementation against first-order and second-order attacks. Our experiments show that successful attacks require roughly two orders of magnitude more measurements.

Category / Keywords: implementation / side-channel analysis, DPA, ARM Cortex-A8, bitslicing, gate-level masking

Original Publication (with minor differences): IACR-CHES-2015

Date: received 20 Jul 2015

Contact author: josep balasch at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20150721:065410 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]