Abstracts

 
 
 
 
 
 
 
 
 
 
 
 
 
 

  DPA robust S-BOX implementation on a secure asynchronous FPGA

  Taha Beyrouthy, Laurent Fesquet

 
In the last decade FPGAS manufacturers have successfully reached a high level of performance in their designs. Nowadays FPGAs are not only used as fast prototyping tools, but they also become active players as components in embedded systems. Moreover, the increasing attractiveness of embedded systems has made them part of our every day lives, especially when it comes to security applications such as homeland security, banking etc... Thus, as FPGAs become a major player in embedded systems, it is crucial to ensure a high level of security against different forms of attacks like Side Channel attacks (SCA) for example.

At the same time, asynchronous circuits are more and more used in order to remove the clock distribution problems and the power consumption overhead which drastically increases with frequency. Moreover, because of their weak sensitivity to SCAs which aim at illegally retrieving secret information contained in cryptographic systems, the asynchronous circuits appear to be an interesting alternative to their synchronous counterparts for implementing cryptosystems.

In the literature, several architectures of programmable asynchronous circuits have been proposed from the flexibility point of view, most of them are dedicated either to a specific asynchronous circuit style or to a dedicated application. From the security point of view, all these FPGAs are vulnerable to Differential Power Analysis attacks and more generally to SCAs attacks. In spite of this situation, very few research works address the FPGA security. This works consist in specifying, designing and validating an asynchronous programmable circuit suitable for flexible, high performance and secure-implementations. The full-custom FPGA architecture proposed is natively robust to DPA attacks and more flexible than the existing asynchronous programmable circuits. To achieve such a level of robustness, all security problems are addressed at all abstraction layers: logical, electrical, physical and architectural. To maintain of all these features, developing a specific technology mapping algorithm was an obligation. The purpose of this algorithm is to implement - on this asynchronous FPGA - functions whose architectures will be robust against side-channel attacks.

This approach was validated by many successful electrical simulation campaigns that proved the FPGA native robustness against SPA, DPA and timing attacks. One of the tested circuits was a DES sensitive sub-module: SBOX+XOR. It was implemented on the secure FPGA, using the specific technology mapping algorithm. The implementation was in 4-phase, dual-rail data-encoding, using an asynchronous 3-state communication protocol. The results of these simulations bring us to the conclusion that the implemented circuit enjoys a data-independent power-consumption and running time.