



15<sup>th</sup> International Workshop on Cryptographic Architectures Embedded in Logic Devices

# Smolenice, Slovakia

June 18<sup>th</sup> - 21<sup>st</sup> 2017











STU FEI



SLOVAK UNIVERSITY OF

TECHNOLOGY IN BRATISLAVA Faculty of electrical engineering and information technology

# Committees

# Steering committee

| Nathalie Bochard | Jean Monnet University, Saint-Etienne, France         |
|------------------|-------------------------------------------------------|
| Viktor Fischer   | Jean Monnet University, Saint-Etienne, France         |
| Otokar Grosek    | Slovak University of Technology, Bratislava, Slovakia |
| Karol Nemoga     | Slovak Academy of Sciences, Bratislava, Slovakia      |

# Program committee

| Nathalie Bochard   | Jean Monnet University, Saint-Etienne, France         |
|--------------------|-------------------------------------------------------|
| Lilian Bossuet     | Jean Monnet University, Saint-Etienne, France         |
| Jean-Luc Danger    | TELECOM ParisTech, Paris, France                      |
| Milos Drutarovsky  | Technical University of Kosice, Slovakia              |
| Viktor Fischer     | Jean Monnet University, Saint-Etienne, France         |
| Kris Gaj           | George Mason University, Fairfax, USA                 |
| Guy Gogniat        | University of South Brittany, Lorient, France         |
| Otokar Grosek      | Slovak University of Technology, Bratislava, Slovakia |
| Sylvain Guilley    | TELECOM ParisTech, Paris, France                      |
| Tim Güneysu        | Ruhr University Bochum, Germany                       |
| Robert Lórencz     | Czech Technical University Prague, Czech Republic     |
| Philippe Maurine   | CEA-TECH, Gardanne, France                            |
| Nele Mentens       | KU Leuven, ESAT, COSIC, Belgium                       |
| Karol Nemoga       | Slovak Academy of Sciences, Bratislava, Slovakia      |
| Olivier Sentieys   | University of Rennes I, France                        |
| Lionel Torres      | University of Montpellier II, France                  |
| Ingrid Verbauwhede | KU Leuven, ESAT, COSIC, Belgium                       |

# Participants

Wael Adi Alain Aubert Jan Belohoubek Florent Bernard Nathalie Bochard **Brice Colombier** Jean-Luc Danger Markus Dichtl Stanilav Jerabek Tomas Fabsic **Oswald Farin** Viktor Fischer Kris Gaj **Ondrey Gallo Otokar Grosek** Viliam Hromada Stanislav Jerabek Khaled Karray Marcel Kleja Filip Kodytek Marek Laban **Robert Lorencz** Audrey Lucas **Ayoub Mars** Vojtech Miskovsky Ugo Mureddu Karol Nemoga **Richard Newell** Elie Noumon Allini Martin Novotny **Oto Petura** Francesco Regazzoni Tania Richmond **Torsten Schuetze** Arnaud Tisserand Felipe Valencia Michal Varchola

Technical University of Braunschweig, Braunschweig, Germany Lab. Hubert Curien, Université de St-Etienne, France Czech Technical University, Prague, Czech republic Lab. Hubert Curien, Université de St-Etienne, France Lab. Hubert Curien, Université de St-Etienne, France Lab. Hubert Curien. Université de St-Etienne. France Telecom ParisTech, France Siemens AG, Germany Czech Technical University, Prague, Czech republic Slovak University of Technology, Bratislava, Slovakia DGA-MI, Rennes, France Lab. Hubert Curien, Université de St-Etienne, France George Mason University, Fairfax, USA Slovak University of Technology, Bratislava, Slovakia Slovak University of Technology, Bratislava, Slovakia Slovak University of Technology, Bratislava, Slovakia Czech Technical University, Prague, Czech republic Telecom ParisTech, France **MICRONIC**, Slovak Republic Czech Technical University, Prague, Czech republic MICRONIC, Slovak Republic Czech Technical University, Prague, Czech republic CNRS, IRISA, Rennes, France Technical University of Braunschweig, Braunschweig, Germany Czech Technical University, Prague, Czech republic Lab. Hubert Curien, Université de St-Etienne, France Slovak Academy of Sciences, Bratislava, Slovakia System-on-Chip Products Group, Microsemi Corp., USA Lab. Hubert Curien, Université de St-Etienne, France Czech Technical University, Prague, Czech republic Lab. Hubert Curien, Université de St-Etienne, France ALaRI - USI, Lugano, Switzerland Laboratoire IMATH, Toulon, France Rohde & Schwarz SIT GmbH, Stuttgart, Germany CNRS, Lab-STICC, Lorient, France ALaRI - USI, Lugano, Switzerland ELIT SYSTEMS, s.r.o., Kosice, Slovakia



# MONDAY June 19<sup>th</sup> 2017

| 9 :00 - 10 :30  | Session I: Design protection                                                                                                                                        | Chair: V. Fischer |  |
|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------|--|
| 30 min          | 01- <b>Audrey Lucas</b> , Arnaud Tisserand, CNRS - IRISA - LabSTICC, France<br>ECC Protections against both Observation and Pertubation Attacks                     | P 17              |  |
| 30 min          | 02- <b>Brice Colombier</b> , Lilian Bossuet, David Hély, Lab. Hubert Curien, St-Etienne<br><i>Centrality Indicators For Efficient And Scalable Logic Masking</i>    | P 29              |  |
| 30 min          | 03- <b>Tania Richmond</b> , Laboratoire IMATH, Toulon, France<br>Low-complexity DPA Countermeasure for Resource-Constrained Embedded McElie<br>Implementation       | ece P 35          |  |
| 11 :00 - 12 :00 | Session II: Side channel attacks                                                                                                                                    | Chair: M. Dichtl  |  |
| 30 min          | 04- <b>Vojtech Miskovsky</b> , Czech Technical University, Prague<br>Influence of Fault Tolerant Design Techniques on Resistance against Differential P<br>Analysis | ower P 42         |  |
| 30 min          | 05- <b>Jan Belohoubek</b> , Czech Technical University, Prague<br>The Design-Time Side-Channel Information Leakage Estimation                                       | P 50              |  |
| 14 :30 - 15 :30 | Session III: Physical Unclonable Functions                                                                                                                          | Chair: F. Bernard |  |
| 30 min          | 06- <b>J-Luc Danger</b> , O. Rioul, S.Guilley, A. Schaub, Télécom ParisTech<br>Formalism to assess the Loop-PUF entropy and reliability                             | P 59              |  |
| 30 min          | 07- <b>W. Adi</b> , A. Mars, S. Mulhem, Technical University of Braunschweig, Germany Clone-resistant structures in Microsemi SoC units                             | P 66              |  |
| 16 :00 - 17 :00 | Session IV: Implementation of cryptographic architectures with demo                                                                                                 | Chair: V. Fischer |  |
| 30 min          | 08- <b>Marcel Kleja, Marek Laban</b> , Viktor Fischer, Technical University of Kosice, Mic                                                                          | ronic,            |  |
| 30 min          | Secure Portable USB Data Storage                                                                                                                                    | P 77              |  |
|                 | 09- <b>Brice Colombier</b> et al., Lab. Hubert Curien, St-Etienne<br>Complete activation scheme for IP design protection (demo)                                     | P 83              |  |

# TUESDAY June 20<sup>th</sup> 2017

| 9 :00 - 10 :30  | Session V: Random Number Generation                                                                                                                                                                    | Chair: J.L. Danger  |
|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|
| 15 min          | 10- <b>Markus Dichtl</b> , Siemens Corporate Technology, Germany<br>ALESSIO, a Research Project on Updatable Security Components of Persistent Ind<br>Embedded Systems                                 | lustrial P 84       |
| 30 min          | 11- <b>Markus Dichtl</b> , Siemens Corporate Technology, Germany<br>Fibonacci Ring Oscillators as True Random Number Generators - A Security Risk                                                      | Р 86                |
| 15 min          | 12- <b>Viktor Fischer</b> , LaHC St-Etienne, France<br>Design and evaluation of a physical random number generator (guideline for cer                                                                  | tification) P 94    |
| 30 min          | 13- <b>Elie Noumon Allini</b> , Florent Bernard, Viktor Fischer, LaHC St-Etienne, France An illustration of a new certiffication approach for TRNGs                                                    | P 103               |
| 11 :00 - 12 :00 | Session VI: Attack schemes                                                                                                                                                                             | Chair: M. Novotny   |
| 30 min          | 14- <b>K. Karray</b> , J-L Danger, S. Guilley, A. El Aabid, Télécom ParisTech<br>Attack tree construction: an application to the connected vehicle                                                     | P 118               |
| 30 min          | 15-Tomas Fabsic, <b>Ondrej Gallo, Viliam Hromada</b> , Slovak University of Technolog<br>Bratislava, Slovakia<br>Demonstration of the Acoustic Cryptanalysis                                           | у,<br>Р 129         |
| 14 :30 - 15 :30 | Session VII: Post Quantum Cryptosystems                                                                                                                                                                | Chair: A. Tisserand |
| 30 min          | 16-Francesco Regazzoni, <b>Felipe Valencia</b> , ALaRI - USI, Lugano, Switzerland<br>Power Analysis Resistance of Lattice-based Cryptosystems                                                          |                     |
| 30 min          | 17-Malik Umar Sharif, Ahmed Ferozpuri and <b>Kris Gaj</b> , George Mason University,<br>Lessons Learned from High-Speed Implementation and Benchmarking of Two Po.<br>Quantum Public-Key Cryptosystems | USA<br>st- P 136    |
| 16 :00 - 17 :00 | Session VIII: Implementation of cryptographic architectures                                                                                                                                            | Chair: K. Gaj       |
| 30 min          | 18-Gabriel Gallin, <b>Arnaud Tisserand</b> , CNRS - IRISA - LabSTICC, France<br>Hardware Architectures for HECC                                                                                        | P 144               |
| 30 min          | 19- <b>Richard Newell</b> , Microsemi Corp., USA<br>Improving Trust in the FPGA Supply Chain using Blockchain and Keyless-Signature<br>Technology                                                      | e P 156             |

# ABSTRACTS

# Audrey Lucas, Arnaud Tisserand, CNRS - IRISA - LabSTICC, France

Among physical attacks, two types are considered as important threats for embedded cryptoprocessors: observation attacks [1] (or side channel attacks) and perturbation attacks [2] (or fault injection attacks). The first ones use external measurements of the circuit execution to guess secrets (e.g. timings, power consumption, electromagnetic radiation). The second ones disrupt the circuit and exploit its unspecified behavior, directly or not, to deduce secrets. In most of state of the art works, countermeasures only protect the crypto-processor from one type of attacks (i.e. side channel or fault attacks). However, in many cases the crypto-system stays or becomes vulnerable to the other type of attacks.

In this work, we focus on protections against both types of attacks simultaneously for scalar multiplication in elliptic curve cryptography (ECC). This is the main operation:  $k \times P$  where k is a scalar (the secret key in some primitives) and P a public curve point. Scalar multiplication is vulnerable to observation attacks when using weak algorithms where point addition and point doubling operations have different cost or behavior [3]. One countermeasure consists in using double and add always algorithm [4]. Unfortunately, this algorithm is weak to fault attacks (injecting a fault during a dummy point addition does not impact the final result, revealing that the target operation was a dummy one). A common protection against fault attacks on ECC is to verify if the current point is on the curve (by applying its coordinates into the curve equation) [5]. Verification of the current point detects an attack at a specific time during scalar multiplication. For instance, one can choose to only verify the final point of the scalar multiplication for a very low overhead (2 field multiplications, 4 field additions and 1 field multiplication by a scalar). But the secret key may leak before the end. More frequent verification is possible to detect attacks as soon as possible. For instance, one can verify the result after the systematic point doubling in each iteration. This leads to regular scalar multiplication for some coordinate types.

Unlike the current point, the scalar k is not protected by this verification method. To alleviate this vulnerability, we developed a new countermeasure to protect k. Our aim is to count that at the ith iteration, there is a point addition or not. Our protection is efficient against fault attacks named bit flips. The protection cost is about  $\log_2(k)/2$  integer additions for one scalar multiplication. We are working on ways to perform this verification without leakage to avoid observation attacks. We combined and tested these two countermeasures on different coordinates types for Weierstrass curves. Table 1 reports the computation time overheads in the worst case (i.e., a verification after each point doubling). The cost of this type of regular protection is quite small, but it can be reduced if one choose to only verify the point coordinates less frequently (e.g., w-NAF algorithms).

Although the scalar protection is very cheap, it does not protect against stuck-at faults on k digits. We are working on protections against this type of fault without observation leakage.

|                   | Coordinates |          |            |  |
|-------------------|-------------|----------|------------|--|
| Algorithms        | Affine      | Jacobian | Projective |  |
| Double and add    | 5.7%        | 17.2%    | 9.8%       |  |
| Montgomery ladder | 6.0%        | 18.0%    | 8.8%       |  |
| NAF               | 6.1%        | 16.9%    | 11.2%      |  |
| w-NAF             | 7.2%        | 21.2%    | 12.5%      |  |

Table 1: Computation overheads in the worst case for Weierstrass curves.

# Acknowledgments

This work is partly funded by DGA-PEC and the HAH project (Labex CominLab and Lebesgue, Brittany Region, http://h-a-h.inria.fr/).

# References

 S. Mangard, E. Oswald, and T. Popp. Power analysis attacks - revealing the secrets of smart cards. Springer, 2007.
 H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan. The sorcerer's apprentice guide to fault attacks. Proceedings of the IEEE, 94(2):370–382, February 2006. [3] Eric Brier and Marc Joye. Weierstraß Elliptic Curves and Side-Channel Attacks. In Proc. Public Key Cryptography - PKC, pages 335–345, Paris, France, 2002.

[4] Jean-Sébastien Coron. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In Proc. Cryptographic Hardware and Embedded Systems- CHES, pages 292–302, Worcester, MA, USA, 1999.

[5] I. Biehl, B. Meyer, and V. Müller. Differential Fault Attacks on Elliptic Curve Cryptosystems. In Proc. Advances in Cryptology - CRYPTO, pages 131–146, Santa Barbara, California, USA, 2000.

# 02-Centrality Indicators For Efficient And Scalable Logic Masking

# Brice Colombier, Lilian Bossuet, David Hély, Lab. Hubert Curien, St-Etienne, Univ. Grenoble Alpes, LCIS, Valence

Modifying the logic at register transfer level can help to protect a circuit against counterfeiting or illegal copying. By adding extra gates, the outputs can be controllably corrupted. Then the circuit operates correctly only if the right value is applied to the extra gates. The main challenge is to select the best position for these gates, to alter the circuit's behaviour as much as possible. However, another major point is the computational efficiency of the selection process, which should be as good as possible for integration in EDA tools. State-of-the art methods, based on fault analysis, are very demanding and cannot cope with large netlists in a reasonable runtime. We propose to use centrality indicators instead. Centrality is used to identify the most significant vertices of a graph. We show that, when used to select the nodes to modify, they lead to low correlation between original and altered outputs while being computationally efficient. We give experimental results on combinational benchmarks and compare to other previously proposed heuristics. We show that this method is the only efficient selection heuristic that is able to handle large netlists and integrate smoothly into EDA tools.

# 03-Low-complexity DPA Countermeasure for Resource-Constrained Embedded McEliece Implementation P 35

# **Tania Richmond**, Martin Petrvalsky, Milos Drutarovsky, Pierre-Louis Cayrel, Viktor Fischer, Laboratoire IMATH, Toulon, France, Technical University of Kosice, Slovakia, Lab. Hubert Curien, St-Etienne

In this paper, we present a differential power analysis attack on the McEliece public-key cryptosystem. We demonstrate that a part of a private key – permutation matrix – can be recovered using the power analysis. We attack a software implementation of a 'secure' permutation that was proposed by Strenzke et al at PQCrypto 2008. The cryptosystem is implemented on a 32-bit ARM based microcontroller and power consumption measurements of the device provide us leakage. In addition, we outline a novel countermeasure against the introduced attack. The countermeasure uses properties of linear codes and does not require large amount of random bits which can be profitable for low-cost embedded devices.

# 04- Influence of Fault Tolerant Design Techniques on Resistance against Differential Power Analysis

#### P 42

P 29

# Vojtech Miskovsky, Czech Technical University, Prague

The security is becoming more and more important issue these days, but we still should consider reliability. When we design a cryptographic device e.g. for some mission-critical or another reliability demanding system, we need to make the device not only attack resistant, but also fault tolerant.

In context of the digital design we usually talk about resistance against side channel attacks, because these are not based on cryptographic properties of the cipher, but on properties of its physical implementation. For example power attacks use powertrace of the device to reveal some secret information about the device, usually a cipher key during an encryption. We know many digital design techniques used to secure the device against power attacks with some area and time overhead. But what happens, if we want to make the device also fault tolerant? Many fault tolerant architectures are based on some kind of redundancy. This redundancy introduces large area and also power consumption overhead. But does this overhead have any influence on the attack resistance? And what about the overhead? Isn't there any way to decrease the overhead by some combined attack resistant and fault tolerant architecture? We try to answer these questions in our research.

We compared vulnerability to differential power analysis of a simple AES cipher implementation and its multiple fault tolerant variants implemented in FPGA. Results of this comparison will be presented.

When we were experimenting with differential power analysis against FPGAs we found out that computation requirements of the attack demand an implementation that is more efficient than scripts in Wolfram Mathematica or MATLAB. We decided to program a high performance and numerically stable application for this purpose. This application and its properties will also be presented.

# 05-The Design-Time Side-Channel Information Leakage Estimation

P 50

# Jan Belohoubek, Czech Technical University, Prague

The design of today's circuits is an iterative process, where every iteration could influence the information leakage into the side channel. During the design time, bugfixes must be incorporated, and sometimes even architectural changes are performed.

The principles of a new analytical simulation-based method allowing an efficient side-channel information leakage evaluation in various steps of the digital design flow will be presented. If applied, the method allows to decide, if a certain design decision has a positive or negative influence on the sidechannel information leakage independently of any current or future attack schemes.

The experiments with the benchmark circuits showed, that (when the manufacturing variations are supressed) the NModular-Redundancy offers no additional information leakage compared to the single module and the unbalanced dual-rail implementation offers additional information compared to the single-rail implementation.

# Acknowledgement

Computational resources were provided by the CESNET LM2015042 and the CERIT Scientific Cloud LM2015085, provided under the programme "Projects of Large Research, Development, and Innovations Infrastructures".

#### Reference

[1] C. Y. Chu, Improved Models for Switch Level Simulation. Stanford University, 1988.

[2] J. Schmidt and P. Fišer, "A prudent approach to benchmark collection," in Proc. of 12th Int. Workshop on Boolean Problems (IWSBP), Freiberg (Germany), 2016.

[3] D. Karaklajic, J.-M. Schmidt, and I. Verbauwhede, "Hardware designer's guide to fault attacks," IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 21, no. 12, pp. 2295–2306, 2013.

#### 06-Formalism to assess the Loop-PUF entropy and reliability

# J-Luc Danger, O. Rioul, S.Guilley, A. Schaub, Télécom ParisTech

Many Methods exist for Physically Unclonable Function in order to enhance their reliability, but they are at the cost of extra hardware, either coming from the PUF core itself, or from the correction method, as fuzzy extraction [5]. Another issue is to better know the PUF entropy, especially when the PUF is used as a cryptographic key generator. The SRAM and Ring Oscillator PUF provide relatively high entropy, as shown experimentally in [4]. The min-entropy is generally better assessed, as studied in Delvaux et al. [2] which presents the min-entropy of strong PUFs. For strong PUFs, it appears that the number of required challenges to get the min-entropy is significantly higher, thus

P 59

involving compression and extra complexity to generate key bits. We show in this study that it is possible to obtain a strong PUF, relying on a Loop PUF, which presents a high ratio between reliability and complexity. Moreover the entropy can be known when choosing the minimal and optimal number of challenges, namely Hadamard Codes. As the presence of noise inevitably involves an entropy decrease, this paper presents a method allowing the PUF to compensate this loss to meet the requires entropy. The single Ring-Oscillator of the Loop PUF, the hard-coded challenges and the lightweight error correction provide a low complexity PUF, around 1000  $\mu$ m<sup>2</sup>, with an access time of 20 ms to get a 64 key bits with a Bit Error Rate (BER) which can be less than 10<sup>-9</sup> by filltering unreliable bits. As the challenges and responses remain local, the modeling attacks are significantly reduced and are not considered in this work.

#### 07-Clone-resistant structures in Microsemi SoC units

#### P 66

### W. Adi, A. Mars, S. Mulhem, Technical University of Braunschweig, Germany

The concept of Secret Unknown Ciphers SUC is presented. SUC concept appears to be a strange one when proposing to use ciphers which nobody knows. The strongest practical secret is the one which nobody knows. Secret Unknown Ciphers SUCs were introduced by the author in 2009. SUCs are self-created, highly unpredictable unknown-ciphers accommodated in digital non-volatile self-reconfiguring VLSI units. Such VLSI units for accommodating SUCs are still not available. We postulate however, that such VLSI infrastructure may become available in the near future emerging technologies. Realizing such ciphers is a challenging task requiring a "smart software GENNI" to create such ciphers within a short time and disappear out of SoC unit. A research group at the technical university of Braunschweig attained first promising basic results for efficient realization of such ciphers targeting Microsemi SmartFunsion FPGA SoC units or any similar technology. The presentation demonstrates some basic generic protocols for using such SUC digital structures as clone-resistant modules. A broad spectrum of applications in consumer and vehicular electronics is expected when using such ciphers resulting with relatively low-cost, provable, clone-resistant or even possibly unclonable units. The technique allows manufacturer-independent personalization/security in SoC units having non-volatile technology. This allows, commercially-efficient, FPGA units, by creating tiny SUC module among the functional core structures to protect intellectual property rights in such units and create unclonable physical electronic units. The concept makes break-one break-all attacks infeasible on such systems. Each unit requires to be attacked individually and thus frustrates attackers by making legal units always cheaper than cloning them resulting with "pragmatic security". Few practical use cases and protype implementation samples are also presented.

#### **08-Secure Portable USB Data Storage**

*Marcel Kleja, Marek Laban, Viktor Fischer, Technical University of Kosice, Micronic, Slovakia, Lab. Hubert Curien, St-Etienne, France* 

USB flash drive, also called pen drive or USB stick is a popular means of data storage, back-up and transfer. Some cryptographically secure versions of the stick exist, but only few of them can be trusted (if any).

Secure Portable USB Data Storage device was developed as Demonstrator 2 in the framework of the European H2020 project HECTOR (Hardware Enabled CrypTO and Randomness). It is based on a flash based FPGA SoC - Microsemi SmartFusion2 - which features a 32-bit ARM based microcontroller. The device was developed and tested on the HECTOR evaluation platform, which constitutes a modular system and makes evaluation of device features easier by using existing data and control interfaces.

The talk describes developed device and the various challenges during the development process. One of the aims of the talk is also to show the exploitation of the HECTOR project outputs like physically unclonable function, true random number generator and authenticated encryption algorithm in a future commercial device.

P 77

**Brice Colombier,** Ugo Mureddu, Marek Laban, Oto Petura, Lilian Bossuet, Viktor Fischer., Lab. Hubert Curien, St-Etienne, france, MICRONIC, Slovakia

Intellectual Property (IP) illegal copying is a major threat in today's integrated circuits industry which is massively based on a design-and-reuse paradigm. In order to fight this threat, a designer must track how many times an IP has been instantiated. Moreover, illegal copies of an IP must be unusable. We propose a hardware/software scheme which allows a designer to remotely activate an IP with minimal area overhead. The software modifies the IP efficiently and can handle very large netlists. Unique identification of hardware instances is achieved by integrating a TERO-PUF along with a lightweight key reconciliation module. A cryptographic core guarantees security and triggers a logic locking/masking module which makes the IP unusable unless the correct encrypted activation word is applied. The hardware side is implemented on several FPGAs.

#### 10-ALESSIO, Project on Updatable Security Components of Persistent Industrial Embedded Systems

P 84

# Markus Dichtl, Siemens Corporate Technology, Germany

Security is an inevitable precondition for the smart factory. The required security mechanisms can either be implemented in dedicated hardware or in software. As industrial devices tend to be used for longer periods of time than consumer products, and as security requirements are getting stricter in the course of time, the updatability of security components is indispensable for industrial embedded systems.

This need was acknowledged by the German Federal Ministry of Education and Research, which is funding the project ALESSIO investigating solutions for this problem. ALESSIO started in January 2017.

In addition to the evident approach to achieve more demanding security requirements by updating software components, ALESSIO also analyses the usage of modified FPGA configurations to improve security for products in the field. For a secure update of an FPGA, a secure bitstream update mechanism is required. This aspect is investigated in ALESSIO for SOCs containing both hard processors and an FPGA.

The participants in the ALESSSIO project are Infineon Technologies AG (prime), Giesecke & Devrient, Fraunhofer Institute for Applied and Integrated Security, Technical University of Munich, WIBU Systems AG, and Siemens AG.

# 11-Fibonacci Ring Oscillators as True Random Number Generators - A Security Risk

P 86

# Markus Dichtl, Siemens Corporate Technology, Germany

Fibonacci ring oscillators are easily implemented on FPGAs and ASICs and seem to be good source of true randomness. The randomness is assumed to be caused by chaotic oscillations. However, in this paper Fibonacci ring oscillators are shown to have a risk to oscillate periodically instead of chaotically. The security implications of this are discussed. The probability of the occurrence of the periodic oscillations is determined experimentally on an FPGA for Fibonacci ring oscillators of lengths 16 and 32. Means to overcome the problem of the periodic oscillations are also discussed.

#### Viktor Fischer, LaHC St-Etienne, France

French DGA (Direction Générale de l'Armement) is responsible for security in high-security cryptographic applications. The French RNG evaluation scheme is based on the German document AIS 20/31. DGA considered that for high-end security applications some additional guideline is necessary to complete AIS 31 (the PTRNG part).

In 2017, David Lubicz edited the document: "Design and evaluation of a physical random number generator integrated in an electronic chip".

The objective of this talk is to present briefly the document, then the following talk (Elie Noumon) will illustrate the DGA document on a PLL TRNG design.

#### 13-An illustration of a new certiffication approach for TRNGs

### Elie Noumon Allini, Florent Bernard, Viktor Fischer, LaHC St-Etienne, France

Random number generators represent important cryptographic primitives. They generate random numbers or random bit streams that are used at many security levels in various cryptographic schemes, and have to be unpredictable and flawless. Unpredictability is guaranteed the best by using a random physical process in a physical True Random Number Generator (TRNG). However, the design of physical TRNGs is a very challenging one because many aspects related to this kind of generators are not mastered as they should be. A work in progress is aiming to propose an approach to evaluate TRNGs and check if they are safe enough to be used in cryptographic schemes. This approach will be illustrated with the evaluation of a PLL-based TRNG secured by dedicated statistical tests.

#### 14-Attack tree construction: an application to the connected vehicle

#### K. Karray, J-L Danger, S. Guilley, A. El Aabid, Télécom ParisTech

Remote connectivity of today's and future cars have increased their capabilities of autonomy and safety, but also their attack surface, as reported by many research papers. In the automotive domain, the security has a direct impact on the users safety. Thus, the management of risk is becoming the main concern of automotive manufacturers, especially for the future fully connected and autonomous cars. One possible way to quantify the overall risk of a system is the systematic construction of attack graphs and attack trees. These formalism are presented as one of the possible solutions in the new Cybersecurity Guidebook for Cyber-Physical Vehicle Systems (SAE-J3061). In this paper we propose to use a graph transformation to formally model the car architecture and its state evolution in order to study possible attack paths. The resulting attack trees are then used to estimate the overall risk of the system. Consequently, it becomes possible to study improvements to build a more secure architecture. The proposed method is designed to support the conceptual phase of the vehicle's cyber-physical system. We illustrate the method on a small example to show how it is possible to prove its efficiency.

#### **15-Demonstration of the Acoustic Cryptanalysis**

# Tomas Fabsic, Ondrej Gallo, Viliam Hromada, Slovak University of Technology, Bratislava, Slovakia

In 2014, an acoustic cryptanalysis attack on RSA was presented by Daniel Genkin, Adi Shamir and Eran Tromer. The authors demonstrated that acoustic emanations from a laptop can be used to reveal the private key in implementations of RSA in older versions of GnuPG. We repeated their attack and in this presentation we state our observations and demonstrate the fundamental principles of the attack.

P 129

P 103

P 118

#### 16-Power Analysis Resistance of Lattice-based Cryptosystems

#### Francesco Regazzoni, Felipe Valencia, ALaRI - USI, Lugano, Switzerland

The security of cryptographic schemes is based in the difficulty of solving specific mathematical problems. Also, the nature of the basement problems drives some features of the cryptographic primitive implementations, for instance, memory and execution time. Until today, the most well established schemes are based on integer factorization and discrete logarithm problems. This trend is changing because these problems can be solved in polynomial time by quantum computers. Cryptographic schemes based on lattice problems (Lattice-based cryptography) standout because they can not be solved efficiently by quantum computers and its performance is comparable with current cryptosystems (i.e. RSA).

Despite the theoretic security of any cryptographic scheme, for the implementation, it is necessary to take into account physical attacks, which are attacks that take advantage of the implementation vulnerabilities, overpassing the mathematical hardness. These attacks can recover the secret information exploiting the correlation of physical variables - such as power, time and electromagnetic radiation – with the processed data. To destroy this correlation hiding and masking techniques are applied but it implies an overhead in the resource consumption. In this talk we will summarize state of the art protection against power analysis for lattice based cryptography and we will highlight potential research directions.

# 17-Lessons Learned from High-Speed Implementation and Benchmarking of Two Post-Quantum Public- P 136 Key Cryptosystems

# Malik Umar Sharif, Ahmed Ferozpuri and Kris Gaj, George Mason University, USA

If a quantum computer with a sufficient number of qubits was ever built, it would easily break all current American federal standards in the area of public-key cryptography, including algorithms protecting the majority of the Internet traffic, such as RSA, Elliptic Curve Cryptography (ECC), Digital Signature Algorithm (DSA), and Diffie-Hellman. All traditional methods of dealing with growing computational capabilities of potential attackers, such as increasing key sizes, would be futile.

In Feb. 2016, American National Institute of Standards and Technology (NIST) has published a draft report and announced its plans of starting the standardization effort in the area of post-quantum cryptography. This effort is likely to last years and result in the entire portfolio of algorithms capable of replacing current public-key cryptography schemes. The initial announcement was followed by the official Call for Proposals and Request for Nominations for Public-Key Post-Quantum Cryptographic Algorithms, issued in Dec. 2016. As a part of this standardization process, fair and efficient benchmarking of Post-Quantum Cryptography (PQC) algorithms in hardware and software becomes a necessity.

In this talk, we will discuss our hardware high-speed implementations of two PQC schemes:

1. NTRUEncrypt Short Vector Encryption Scheme (SVES), fully compliant with the IEEE 1363.1 Standard Specification for Public Key Cryptographic Techniques Based on Hard Problems over Lattices, and

2. Multivariate Rainbow Signature Scheme.

For fair comparison, both implementations follow the same PQC Hardware Application Programming Interface (API), proposed by our group. The development process, was also standardized, and included common intermediate deliverables, such as a) detailed flow diagrams, b) choice of supported parameter sets, c) top-level block diagram, d) lower-level block diagrams, e) parameters of a hardware architecture, f) cycle-based timing analysis, g) Algorithmic State Machine (ASM) charts, h) Register-Transfer Level (RTL) code, i) software-generated test vectors, j) comprehensive testbenches, k) results of synthesis and implementation, l) analysis of results, m) lessons learned.

As such, both designs provide a valuable reference for any future hardware implementers of PQC schemes, which is very important in the context of the upcoming NIST standard candidate evaluation process.

To the best of our knowledge, we have developed the first synthesizable HDL code of the entire NTRUEncrypt SVES scheme, reported in the scientific literature or available commercially. Our implementation supports two representative parameter sets specified in the 2009 IEEE 1363.1 Standard: ees1087ep1 and ees1499ep1, optimized for speed, which provide security levels of 192 and 256 bits, respectively. The corresponding public key sizes are 1495B and 2062B, respectively, and the corresponding private key sizes, 87B and 109B.

Our hardware implementation is functionally equivalent to the open source software implementation of the IEEE P1363.1 standard, developed by Security Innovation, Inc., and has been thoroughly verified using test vectors generated using this implementation. The speed up of our hardware design running on Xilinx Virtex-7 XC7VX485T FPGA vs. software implementation, running on the Cortex A9 ARM Core of Zynq 7020, with the clock frequency of 666.7 MHz, is over 400.

The relative contribution of various operations to the total execution time is substantially different for the hardware and software implementations. In software, Polynomial Multiplication amounts to about 90% of the total execution time. On the other hand, our hardware implementation is seriously limited by the sequential nature of the SHA-256 calculations. As a result, the operations that are most critical are hash based operations of the Blinding Polynomial Generation Method (BPGM) and the Mask Generation Function (MGF), amounting to about 83% of the total execution time for both supported parameter sets. At the same time, the Polynomial Multiplication can be almost completely overlapped with the computations of BPGM through the use of pipelining, and thus has a negligible influence on the execution time.

In order to remove the hash function bottleneck, multiple solutions have been proposed, including an unrolled hash function architecture, as well as a replacement of the SHA-2/SHA-1 hash functions by more hardware friendly SHA-3 or a pseudorandom function based on the pipelined implementation of AES.

Using the similar methodology, we have developed a new high-speed hardware implementation of the multivariate Rainbow signature scheme, based on the earlier work by Tang et al., presented at the PQCrypto 2011 conference. Our implementation targets an 80-bit security level, through the choice of the following variant of the Rainbow Signature Scheme: Rainbow (GF(28), 17, 12, 12). It has a public key size of 19.64kB and private key size of 30.94kB. It is based on the parallel hardware design for the Gauss-Jordan elimination, which is capable of solving an NxN system of linear equations over GF(28) in N clock cycles. In an effort to optimize the design, multiple architectures for the two-input and three-input multipliers over GF(28) have been implemented and comprehensively benchmarked. Additionally, a novel hardware architecture for the so called pivoting operation (a part of the Optimized Gauss-Jordan Elimination) has been developed.

Our hardware implementation is functionally equivalent to the software implementation by Jintai Ding and Dieter Schmidt from University of Cincinnati, and has been comprehensively verified using test vectors generated using this implementation. The result generation and analysis is currently in progress, and will be presented at the workshop. As a next step, the current architecture will be extended to support at least one additional parameter set, with the higher security level.

Eventually, our goal is to compare the hardware implementations of NTRUEncrypt SVES and the Rainbow Signature Scheme at the same security level, using the same API, from the point of view of the execution time, resource utilization, and speed-up vs. software, as well as flexibility and scalability in terms of supporting multiple parameter sets. This project is intended to pave the way for the future comprehensive, fair, and efficient hardware benchmarking of the most promising encryption, signature, and key agreement schemes from each of several major post-quantum public-key cryptosystem families.

# **18-Hardware Architectures for HECC**

P 144

Gabriel Gallin, Arnaud Tisserand, CNRS - IRISA - LabSTICC, France

# 1. Context

Nowadays, there is an increasing number of applications and systems requiring strong security on small hardware devices. Public-key cryptography (PKC) is mandatory for providing key exchange and digital signature. The first

standard for public-key cryptosystems was RSA. However, to be compliant with the current recommended theoretical security levels, RSA based cryptosystems must use large keys – at least two thousand bits – which make them too costly for embedded applications.

Curves based cryptography such as Elliptic Curve Cryptography (ECC) or Hyper-Elliptic Curve Cryptography (HECC) is known to provide a given security level at a lower cost than RSA. For instance, 226-bit ECC keys offer the same security level as 2048-bit RSA. Due to its reduced cost and better performance, ECC is now recommended as the PKC standard.

# 2. Hyper Elliptic Curve Cryptography

Recent research has pointed out HECC as an attractive alternative to ECC. HECC is based on a different kind of curves, which allows the size of the field elements to be halved, but at the expense of an increased number of finite field operations. In [9], Renes et al. very recently presented software implementations of key exchange and signature schemes based on HECC and Kummer surfaces, targeting embedded processors (ARM Cortex M0 and AVR ATmega). The provided results show very interesting speedups compared to state-of-the-art ECC: 30% speedup for Diffie-Hellman key exchange and up to 70% for signature.

Operations on HECC involve more operations on the underlying finite field than ECC. However, one can observe that in ECC, most of the computations are dependent and must be mostly done in a sequential way. For this reason, the internal parallelism in ECC is quite limited compared to HECC. For instance, in the formulas presented in [9], one can find regular patterns of four to eight independent modular multiplications – the most costly and common finite field operation – feasible in parallel during the whole scalar multiplication. HECC internal parallelism brings forward numerous questions for hardware implementation. Those questions can be summarized as follows: how can one take advantage of the parallelism in HECC to design efficient hardware cryptosystems?

# 3. Arithmetic Units

In order to build an efficient accelerator, the first step is to build efficient arithmetic units. These units are dedicated to the computations over finite field elements. The most common and costly finite field operation in (H)ECC is the modular multiplication. For instance, depending on the multiplier area, one multiplication requires from 30 to 100 clock cycles depending on the field elements width. In [7], Peter L. Montgomery presented an algorithm for modular multiplication, which is still now the base of state-of-the-art multiplication in prime finite fields. It is known as Montgomery modular multiplication (MMM). Many algorithms have been derived from this paper. They mainly aim at improving efficiency by interleaving the multiplication and modular reduction steps in order to reduce the size of the intermediate data and to gain some speedup. One of the most famous variant is the Coarsely Integrated Operand Scanning (CIOS) method presented by Koc, et al. in [5]. However, besides these improvements, Montgomery multiplication still suffers from strong dependencies inside the main loop of partial products accumulation and reduction. This makes hardware implementations difficult to optimize in the case of FPGAs using DSP blocks. In order to reach high frequencies, DSP blocks must indeed use three to four internal pipeline stages. Due to data dependencies, one cannot feed efficiently this pipeline, resulting in a loss of efficiency in the circuit utilization.

In [6], Ma et al. proposed a FPGA implementation of MMM based on an improvement of the algorithm presented by H. Orup in [8]. This implementation is known to be one of the fastest implementations on FPGA in the literature. However, to get rid of some of the internal dependencies, the method implies huge overheads in terms of the size of the computed data, increasing the circuit area of the design.

# 4. Proposed HECC Architectures

Our research group has been studying arithmetic operators and implementations of hardware accelerators for ECC, with robustness against physical attacks such as Side Channel Analysis (SCA) and faults injections. We are now designing hardware accelerators for HECC scalar multiplication by exploring different types of architectures.

For this, we first improved the hardware utilization of the multiplier unit. We decided to use the classical CIOS method as a basis to design an hyper-threaded modular multiplier. The idea behind this hyper-threaded multiplier is to fill the unused stages of the DSP blocks with other independent modular multiplications. In our multiplier, we enter 3 independent sets of operands f(A1;B1); (A2;B2); (A3;B3)g before the first product P1 = A1 B1 is computed.

This way, all the stages in the DSP blocks are full after the very first latency. This is more efficient for HECC since the internal parallelism allows more than 3 independent multiplications at each step during the scalar multiplication.

We then developed a specific CABA (Cycle Accurate, Bit Accurate) simulator for our architectures. With this simulator, we can study the impact of the type, number and size of the arithmetic units and of the choice between different types of parallel architectures on the performances, circuit area and resistance against physical attacks.

We will present implementation results on different FPGAs for various configurations of our modular multiplier, both in terms of computation time and circuit area. As an example, for 128-bit field elements, we reach the same computation time with half the number of DSP blocks compared to the best state-of-the-art [6]. We will show that it provides a better computation time / circuit area cost trade-off when several modular multiplications can be computed in parallel, which is always the case in HECC.

In a second time, and using our simulator, we will explore various architectures for our accelerator, starting from a classical Harvard architecture and changing architectural parameters, such as the numbers and types of arithmetic units. We will also compare different ways to manage internal data transfers and different control flow implementations. The most interesting configurations will be implemented on FPGA and evaluated on our attack setup.

# Acknowledgments

This work is partly funded by the HAH project (Labex CominLab and Lebesgue, Brittany Region, http://h-a-h.inria.fr/).

# References

[1] J. W. Bos, C. Costello, H. Hisil, and K. Lauter. Fast cryptography in genus 2. Journal of Cryptology, 28–60, 2016.
[2] H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, and F. Vercauteren. Handbook of Elliptic and Hyperelliptic Curve Cryptography. Discrete Mathematics and Its Applications. Chapman & Hall/CRC, July 2005.

[3] P. Gaudry. Fast genus 2 arithmetic based on theta functions. Journal of Mathematical Cryptology, 243–265, 2007.
[4] D. Hankerson, A. Menezes, and S. Vanstone. Guide to Elliptic Curve Cryptography. Springer, 2004.

[5] C. K. Koc., T. Acar, and B. S. Kaliski, Jr. Analyzing and comparing Montgomery multiplication algorithms. Micro, IEEE, 16(3):26–33, June 1996.

[6] Y. Ma, Z. Liu, W. Pan, and J. Jing. A high-speed elliptic curve cryptographic processor for generic curves over GF(p). In Proc. 20th International Workshop on Selected Areas in Cryptography (SAC), volume 8282 of LNCS, pages 421–437. Springer, Aug. 2013.

[7] P. L. Montgomery. Modular multiplication without trial division. Mathematics of Computation, 519–521, 1985.

[8] H. Orup. Simplifying quotient determination in high-radix modular multiplication. In Proc. 12th Symposium on Computer Arithmetic (ARITH), pages 193–199. IEEE Computer Society, July 1995.

[9] J. Renes, P. Schwabe, B. Smith, and L. Batina. Kummer: Efficient hyperelliptic signatures and key exchange on microcontrollers. In Proc. Workshop on Cryptographic Hardware and Embedded Systems (CHES), volume 9813 of LNCS, pages 301–320. Springer, Aug. 2016.

# 19-Improving Trust in the FPGA Supply Chain using Blockchain and Keyless-Signature TechnologyP 156

# Richard Newell, Microsemi Corp., USA

Blockchain and Keyless Signature Infrastructure (KSI) technologies that only rely on secure message digests and need no secret keys can be used to provide additional assurances that non-volatile FPGA components and systems moving up the supply chain hierarchy from wafer test through to completed systems are trustworthy. This is done by providing cryptographic evidence of the FPGA's provenance using a verifiable time-stamped audit trail of key events in the FPGA life-cycle using blockchain and KSI technology, complementing existing traditional measures. System manufacturers using those FPGAs can keep appending to the extensible information container that represents the entire history of the FPGA (and eventually the system), strengthening trust in the system, preventing counterfeiting at all levels (component and system), and providing a strong verifiable identity for use in the final run-time application.

# Presentations





| Physical Attacks         Countermeasures against SCAs <ul> <li>Randomization: scalar masking, point blinding, scalar recoding,</li> <li>Uniformization: uniform curve, regular algorithm,</li> </ul> Countermeasures against FAS <ul> <li>Hardware: shielding, sensor,</li> <li>Redundancy calculation: time, space.</li> <li>ECC case:                 <ul> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul>                A. Lucas &amp; A.Tisserand             </li></ul> ECC Protections against SCA and FA               Introduction               Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |  |  |  |  |
|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|
| Countermeasures against SCAs <ul> <li>Randomization: scalar masking, point blinding, scalar recoding,</li> <li>Uniformization: uniform curve, regular algorithm,</li> </ul> Countermeasures against FAs <ul> <li>Hardware: shielding, sensor,</li> <li>Redundancy calculation: time, space.</li> <li>ECC case:                 <ul> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul>                A. Lucas &amp; A.Tisserand               ECC Protections against SCA and FA         </li></ul> Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |  |  |  |
| Countermeasures against SCAs <ul> <li>Randomization: scalar masking, point blinding, scalar recoding,</li> <li>Uniformization: uniform curve, regular algorithm,</li> </ul> Countermeasures against FAs <ul> <li>Hardware: shielding, sensor,</li> <li>Redundancy calculation: time, space.</li> <li>ECC case:                  <ul> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul>                A Lucas &amp; A Tisserand             ECC Protections against SCA and FA               Problem</li></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |  |  |  |  |
| Countermeasures against SCAs <ul> <li>Randomization: scalar masking, point blinding, scalar recoding,</li> <li>Uniformization: uniform curve, regular algorithm,</li> </ul> Countermeasures against FAs <ul></ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |  |  |  |  |
| Countermeasures against SCAs         • Randomization: scalar masking, point blinding, scalar recoding,         • Uniformization: uniform curve, regular algorithm,         Countermeasures against FAs         • Hardware: shielding, sensor,         • Redundancy calculation: time, space.         • ECC case:         • Checking point coordinates at the end of scalar multiplication.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |  |  |  |  |
| <ul> <li>Randomization: scalar masking, point blinding, scalar recoding,</li> <li>Uniformization: uniform curve, regular algorithm,</li> <li>Countermeasures against FAs</li> <li>Hardware: shielding, sensor,</li> <li>Redundancy calculation: time, space.</li> <li>ECC case:         <ul> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul> </li> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |  |  |  |  |
| <ul> <li>Uniformization: uniform curve, regular algorithm,</li> <li>Countermeasures against FAs         <ul> <li>Hardware: shielding, sensor,</li> <li>Redundancy calculation: time, space.</li> <li>ECC case:                 <ul> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul> </li> </ul> </li> <li>A. Lucas &amp; A.Tisserand ECC Protections against SCA and FA CryptArchi 2017 7/27         <ul> <li>Introduction</li> </ul> </li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |  |  |  |  |
| Countermeasures against FAs<br>Hardware: shielding, sensor,<br>Redundancy calculation: time, space.<br>ECC case:<br>Checking point coordinates at the end of scalar multiplication.<br>Cuerter Carter and CryptArchi 2017 7/27<br>Introduction<br>Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |  |  |  |  |
| <ul> <li>Hardware: shielding, sensor,</li> <li>Redundancy calculation: time, space.</li> <li>ECC case: <ul> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul> </li> </ul> A. Lucas & A.Tisserand ECC Protections against SCA and FA CryptArchi 2017 7/27 Introduction Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |  |  |  |  |
| <ul> <li>Redundancy calculation: time, space.</li> <li>ECC case: <ul> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul> </li> </ul> <li> <b>A.</b> Lucas &amp; A.Tisserand ECC Protections against SCA and FA <b>CryptArchi 2017</b> 7/27 Introduction <b>Problem</b></li>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |  |  |  |
| <ul> <li>ECC case:         <ul> <li>Checking point coordinates at the end of scalar multiplication.</li> </ul> </li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplication.</li> <li>Checking point coordinates at the end of scalar multiplicatis.</li> </ul> |  |  |  |  |
| • Checking point coordinates at the end of scalar multiplication.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |  |  |  |  |
| A. Lucas & A.Tisserand ECC Protections against SCA and FA CryptArchi 2017 7 / 27<br>Introduction<br>Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |  |  |  |  |
| A. Lucas & A.Tisserand ECC Protections against SCA and FA CryptArchi 2017 7/27<br>Introduction                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |  |  |
| A. Lucas & A.Tisserand ECC Protections against SCA and FA CryptArchi 2017 7 / 27 Introduction Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |  |  |  |  |
| A. Lucas & A. Tisserand ECC Protections against SCA and FA CryptArchi 2017 7 / 27<br>Introduction                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |  |  |  |  |
| Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |  |  |  |
| Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
| Double and add                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
| (ロト(長)(言)(言)) を つのの (ロト(長)(言)(言)) を つのの (ロト(長)(言)(言)) を つのの (ロト(長)(言)(言)) (ロト(長)(言)(言)(言)(言)(言)(言)(言)(言)(言)(言)(言)(言)(言)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |  |  |  |
| A. Lucas & A. Lisserand ECC Protections against SCA and PA CryptArchi 2017 8 / 27                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
| Problem                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
| DBL ADD DBL DBL DBL ADD                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
| DBL ADD DBL ADD DBL ADD DBL ADD                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
| Double and add always                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |  |  |  |  |
| ・ロト イラト イラト き うくで<br>A. Lucas & A. Tisserand ECC Protections against SCA and FA CryptArchi 2017 8 / 27                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |  |  |  |  |







| Daint Protoction using Coordinator Varification                                                                              |
|------------------------------------------------------------------------------------------------------------------------------|
| Summary                                                                                                                      |
|                                                                                                                              |
|                                                                                                                              |
| Good points                                                                                                                  |
| • This protection is equivalent to <i>double and add always</i> but at for                                                   |
| smaller cost.                                                                                                                |
| • Bit flip detection in all field elements.                                                                                  |
| Weakness                                                                                                                     |
| <ul> <li>Scalar is vulnerable to fault attacks.</li> </ul>                                                                   |
| Future work                                                                                                                  |
| <ul> <li>Uniformization for other coordinates.</li> </ul>                                                                    |
|                                                                                                                              |
| < ロ > 〈長 > 〈長 > 〈長 > 〈長 > 〈し > 〈し > 〈し > 〈し                                                                                  |
| A. Lucas & A. Tisserand ECC Protections against SCA and FA CryptArchi 2017 15 / 27 Scalar Protection using Iteration Counter |
| Outling                                                                                                                      |
| Outline                                                                                                                      |
|                                                                                                                              |
|                                                                                                                              |
|                                                                                                                              |
| 2 Point Protection using Coordinates Verification                                                                            |
| Scalar Protection using Iteration Counter                                                                                    |
| Scalar Protection using iteration counter                                                                                    |
| (a) Evaluation                                                                                                               |
| Conclusion                                                                                                                   |
| Conclusion                                                                                                                   |
|                                                                                                                              |
| <ロ> (長) (注) (注) (注) ( 注) ( 注) ( 注) ( 注) ( 注                                                                                  |
| A. Lucas & A. Tisserand ECC Protections against SCA and FA CryptArchi 2017 16 / 27                                           |
|                                                                                                                              |
| Scalar Protection                                                                                                            |
|                                                                                                                              |
| Point verification does not protect the scalar from fault attack.                                                            |
| Evample                                                                                                                      |
|                                                                                                                              |
| DBL     V     ADD     DBL     V     DBL     V     DBL     V     ADD                                                          |
|                                                                                                                              |
|                                                                                                                              |
|                                                                                                                              |
|                                                                                                                              |
|                                                                                                                              |
|                                                                                                                              |
| ▲ Lucas & A Tisserand ECC Protections against SCA and EA CrystArchi 2017 17 / 27                                             |

| Scalar Protection using Iteration Counter                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Scalar Protection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| Point verification does not protect the scalar from fault attack.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| Example                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| DBL V ADD DBL V DBL V DBL V DBL V ADD                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| (ロシィクシィミシィミン きょうしょう つんで<br>A. Lucas & A. Tisserand ECC Protections against SCA and FA CryptArchi 2017 17 / 27                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| Scalar Protection using Iteration Counter                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| Scalar Protection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| Point verification does not protect the scalar from fault attack.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| Example                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| DRF A ADD DRF A DRF A DRF A VAD                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| DBL V ADD DBL V DBL V DBL V ADD DBL V ADD                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| 4 □ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ▷ < (□ ` ) )))))))))))))))))))))))))))))))) |
| Scalar Protection using Iteration Counter                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| Scalar Protection                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| Point verification does not protect the scalar from fault attack                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| Example                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| DBL V ADD DBL V DBL V DBL V ADD                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
| Attack is not detected: current point is on curve but is wrong result.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| <ul> <li>Proposed countermeasure: Iteration Counter.</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |







ECC Protections against SCA and FA

CryptArchi 2017

A. Lucas & A. Tisserand



# Centrality Indicators For Efficient And Scalable Logic Masking

Brice Colombier, Lilian Bossuet Hubert Curien Laboratory, UMR CNRS 5516, University of Lyon 42000 Saint-Étienne - France {b.colombier,lilian.bossuet}@univ-st-etienne.fr David Hély LCIS, Grenoble Institute of Technology 26000 Valence - France david.hely@lcis.grenoble-inp.fr

Abstract-Modifying the logic at register transfer level can help to protect a circuit against counterfeiting or illegal copying. By adding extra gates, the outputs can be controllably corrupted. Then the circuit operates correctly only if the right value is applied to the extra gates. The main challenge is to select the best position for these gates, to alter the circuit's behaviour as much as possible. However, another major point is the computational efficiency of the selection process, which should be as good as possible for integration in EDA tools. State-of-the art methods, based on fault analysis, are very demanding and cannot cope with large netlists in a reasonable runtime. We propose to use centrality indicators instead. Centrality is used to identify the most significant vertices of a graph. We show that, when used to select the nodes to modify, they lead to low correlation between original and altered outputs while being computationally efficient. We give experimental results on combinational benchmarks and compare to other previously proposed heuristics. We show that this method is the only efficient selection heuristic which is able to handle large netlists and integrate smoothly into EDA tools.

#### Keywords-centrality; logic masking;

#### I. INTRODUCTION

Integrated circuits (IC) are increasingly complex, leading to outsourcing of manufacturing to overseas foundries and adoption of a design-and-reuse paradigm. Therefore, multiple actors take part in the realisation of an IC, from Intellectual Property (IP) core providers to system integrators and foundries. The designer must fully disclose the design for it to be further used, leading to the rise of counterfeiting [1].

Intellectual property protection means were proposed to thwart this threat [2] and some are based on RTL modifications [3]. We add our voice to authors of [4] to explicitly define the terms used for gate level modifications of netlists to achieve intellectual property protection. We use the terminology recently defined in [3], and focus on logic masking.

Logic masking aims at disrupting the outputs of the IC if the wrong masking key is applied. In order to disrupt the outputs as much as possible, some internal nodes of the netlist are modified to be controllably invertible. This is achieved by inserting XOR or XNOR gates on these nodes and connecting the other input of the added gates to the masking key bit inputs. Therefore, the IC operates correctly only if the correct masking key is applied. Otherwise, the added gates act as inverters and disrupt the circuit behaviour.

978-1-5090-6762-6/17/\$31.00 ©2017 IEEE

Two research directions can essentially be observed in logic masking. The first trend aims at making the logic masking scheme resistant to various key-recovery attacks such as hillclimbing [5] or SAT [6]. It can be achieved by inserting an extra module before the key inputs of the masking scheme. Such module can either be an AES core [7] or a "hardware point function" which output is 1 only when the correct key is applied [8], [9]. The second research direction consist in finding the best location for the extra gates so that the outputs of the netlist are maximally corrupted when the wrong key is applied. Initially, their positions were randomly selected [10]. However, this led to very small drop in correlation, hence inefficient masking. More advanced heuristics were proposed later, based on fan-in/out [11], interference graphs [12], corruptibility [13] or fault-analysis [14]. Such methods improve the masking quality with an increasing computational effort. The latest heuristic to date [14] strongly disrupts the circuit outputs but becomes impractical to compute for netlist including more than a few thousand gates nodes. However, the masking scheme insertion method is meant to be integrated into the standard EDA design flow, where performance is crucial. Moreover, designs which are worth protecting are usually large. There is therefore a strong practical requirement for heuristics that offer a better trade-off between computational complexity and masking efficiency.

In this article, we propose to use centrality indicators from graph theory to select the nodes to mask. They leverage graph algorithms for efficiency and allow to reach low correlation between the normal and masked outputs, hence efficient masking. We start with a comparison of centrality indicators. We then compare with existing heuristics in two ways. First, by measuring the masking efficiency using correlation. Second, by comparing computation times required.

This article is organised as follows. Section II describes the use case, including the attacker model. Section III presents existing heuristics to select the nodes to modify for logic masking. Section IV discusses centrality indicators, and how they could be used in the considered context. Section V gives experimental results and compares with existing heuristics. Section VI discusses implementation issues. Section VII concludes the article. Our source code is fully available online<sup>1</sup>

<sup>&</sup>lt;sup>1</sup>https://gitlab.univ-st-etienne.fr/b.colombier/ centrality-based-logic-masking

for reproducibility.

#### **II. PRELIMINARIES**

#### A. Use-case

Counterfeiting can be fought by protection means based on logic modification and meant to be integrated in EDA tools. Their intended users are fabless designers who wish to protect the intellectual property of their designs by modifying them prior to sending them to the foundry for manufacturing. Therefore, the proposed modification methods should have the following properties:

- Efficiency: the modifications should alter the outputs as much as possible when activated, leading to the lowest possible correlation between normal and modified outputs.
- **Complexity:** the modification process should be as computationally efficient as possible, in order to integrate smoothly in the design flow of EDA tools and be capable of handling large netlists which are worth being protected.

#### B. Attacker model

Since the aim of these protection method is to prevent counterfeiting, the attacker model we use is the following. An attacker owns two copies of the same circuit. One is fully functional, and seen as a black box. We then use the black box model for the circuit: the attacker can choose the inputs and observe the outputs. On the other hand, the attacker also owns a locked circuit, and wants to obtain the correct key for it. This occurs typically when a customer purchases circuits from regular and black market, and hopes to activate the ones obtained on the black market with the help of the legitimate circuits.

We assume the attacker cannot micro-probe the functional circuit to get the key. This requires a broader model, and is also much more costly from an attacker point of view.

#### III. STATE-OF-THE-ART

#### A. Logic masking

As stated in [3], "Logic masking consists in inserting XOR or XNOR gates in the data path of the logic circuit of a Boolean function in order to change the logic behaviour of the circuit if the wrong masking key is applied".

First, the designer choses how many gates are to be modified in the netlist. To this end, an *n*-bit *masking word* is randomly generated. Next, a masking gate is inserted according to every bit of the masking word. If the bit is 0, then an XOR gate is inserted. If the bit is 1, then an XNOR gate is inserted. This is shown in Fig. 1.





If the correct masking word is applied the extra gates behave as buffers and the design operates normally. However, if a wrong masking word is applied, some of the extra gates will behave as inverters, effectively disrupting the circuit behaviour and corrupting the outputs.

#### B. Nodes selection heuristics

The following nodes selection heuristics select n nodes in the netlist, on which additional masking gates are to be inserted.

1) Random: The most basic way to select the nodes is random selection. This was the first proposed method, in EPIC [10]. This is fast, since no computation is required.

2) Fan-in/Fan-out cones: In 2009, authors of [11] proposed the first heuristic which improves the selection. It is based on the number of netlist nodes that are in the fan-in and fan-out cones of every other node in the netlist. The exact metric is given in Equation (1): FI and FO are the number of nodes in the fan-in and fan-out cones for every node.  $FI_{max}$  and  $FO_{max}$  are the maximum values of FI and FO observed in the netlist.  $w_1$  and  $w_2$  are normalisation weights which are set to 0.5. The nodes that maximise this metric are modified.

$$M_{node} = \left(\frac{w_1.FO}{FO_{max}} + \frac{w_2.FI}{FI_{max}}\right) \times \frac{FO.FI}{FI_{max}.FO_{max}}$$
(1)

According to this metric, the nodes with the greatest number of nodes in their fan-in/out cones are the most significant.

3) Interference graph: In [12], the random method has been improved. Initially, 10% of the masking gates are inserted randomly, to initiate the procedure. An interference graph is then built from the relative positions of the gates. The interference graph represents how the inserted gates interact with one another. For example, two masking gates placed in a row or two gates that converge to the same node are represented differently in the interference graph. Then, for every node of the netlist a metric is computed with respect to the existing masking gates, from the interference graph. The node that maximises this metric is selected, added to the interference graph and a masking gate is inserted on it. The process is then repeated again until all the masking gates are inserted.

4) Corruptibility: The authors of [12] improved their interference graph-based heuristic in [13] by adding a so-called *corruptibility* metric. This ensures that non-resolvable gates which are selected after analysing the interference graph corrupt the outputs as much as possible. Corruptibility is computed as the ratio of output patterns that differ between the normal and masked behaviour of the circuit. A node then has a high corruptibility if modifying it for logic masking changes the outputs most of the time. Computing the corruptibility requires to simulate the netlist using a dedicated tool. In [13], the authors used a fault-simulation tool, and computed corruptibility by observing one thousand input/output patterns. Such tools are usually computationally heavy.

5) Fault analysis: This is the latest proposed heuristic to date [14]. Based on fault simulation, it acts by computing the Fault Impact for every node of the netlist, given in Equation (2).  $NoP_0$  is the number of patterns that can detect that the node is

stuck-at-0.  $NoO_0$  is the number of output bits affected by this stuck-at-0 fault.  $NoP_1$  and  $NoO_1$  are similar but for stuck-at-1 faults.

Fault Impact = 
$$NoP_0.NoO_0 + NoP_1.NoO_1$$
 (2)

By considering both stuck-at-0 and stuck-at-1 faults, authors select the node with the greatest impact on the outputs. However, this selection heuristic is based on fault simulation, hence it remains computationally heavy. Moreover, it is recomputed every time a gate is added.

#### C. Netlist to graph conversion

We chose to convert the netlists to directed acyclic graphs using the same method as in [3]. Vertices are the netlist nodes and edges are logic functions connecting the nodes. A toy example is shown in Fig. 2.



Fig. 2. A netlist and the equivalent directed acyclic graph. Netlist nodes are converted to vertices and logic functions to edges.

#### IV. CENTRALITY INDICATORS

Centrality indicators determine which vertices are the most significant in a graph. This "significant" term is very broad, and different centrality indicators perform better at identifying the "significant" vertices in different contexts. From a logic masking point of view, significant nodes are the ones for which a modification alters the most the circuit operation. Intuitively, those nodes are the ones through which a lot of information transits, from the inputs to the outputs of the circuit. Among centrality indicators, there are *local* and *global* ones. Local centrality indicators are computed according to the vertices found in the direct neighbourhood of the considered vertex. On the other hand, global indicators take the whole graph into consideration and thus they are more suited in our use case. We start by examining common global centrality indicators, before considering more sophisticated ones that are well suited to identify significant nodes in terms of "information transit".

**Normalised centrality indicators:** In the literature, some indicators are normalised according to the number of vertices in the network. Depending on how vertices are considered, the final indicator value can be divided by the total number of vertices. Since we are interested in the relative value of centrality for the vertices, this normalisation is not necessary. We then use only the non-normalised versions of the following indicators.

#### A. Closeness centrality

Closeness centrality is defined as the inverse of farness [15]. For a given vertex v, the farness is the sum of the distances from v to the other graph vertices (see Equation (3), where d(v, y) stands for the distance between vertices v and y).

$$C_C(v) = \frac{1}{\sum\limits_{y:y \in V} d(v,y)}$$
(3)

Therefore, a vertex is significant in the sense of closeness centrality if it is the closest to all the other vertices in the graph. Practically, the vertices that have the highest closeness centrality are "in the middle" of the netlist.

It is more interesting in the case of logic masking than degree centrality because it is a global centrality indicator. Therefore, it is influenced by the graph structure.

#### B. Betweenness centrality

Betweenness centrality [16] of node v is given by the ratio of shortest paths between all other vertices in the graph that traverse v. This is given in Equation (4), in which  $\sigma_{st}$  stands for the number of shortest paths that go from s to t, and  $\sigma_{svt}$ stands for the total number of shortest paths that go from s to t through v.

$$C_B(v) = \sum_{s \neq t \neq v: \{s,t,v\} \in V} \frac{\sigma_{svt}}{\sigma_{st}}$$
(4)

Intuitively, for a netlist, betweenness centrality will be the highest for nodes that are on the shortest paths from inputs to outputs. This is interesting for logic masking, since those nodes are typically the ones for which masking will have the greatest impact on information transiting from inputs to outputs. The main drawback of this indicator, however, is that it only accounts for shortest paths. As pointed out in [17], this is quite a restrictive constraint. Indeed, it assumes that information only flows along shortest paths, which is certainly not always true.

Alternative centrality indicators based on current flow have been proposed. By assuming that information behaves in the same way as electrical current, the authors of [17], [18] account for the fact that it can split and spread in the network. This is discussed in the next subsections.

#### C. Current-flow betweenness centrality

Current-flow betweenness centrality [18] considers the graph as an electrical network. Vertices are converted to nodes, and the edges connecting them are replaced by unit resistors. Pairs of vertices are successively picked as current input and output. The sum of current that flows through node v for all the pairs of vertices picked gives the current-flow betweenness centrality for this node. This is shown in Equation (5), where  $I_v^{(st)}$  is the current flowing through node v when s is the input and tis the output.

$$C_{CFB}(v) = \sum_{s \neq t: \{s,t\} \in V} I_v^{(st)} \tag{5}$$

This measure of centrality is more subtle than betweenness centrality. Indeed, instead of considering only shortest paths between vertices, the current is inversely proportional to the path length. This is a more precise assumption about the way information spreads in a network.

1) Approximate current-flow betweenness centrality: For current-flow betweenness centrality, running time and space requirements rapidly become prohibitive for large graphs. An approximate version has been proposed in [17]. Instead of using all the s and t pairs in the graph as current inputs and outputs, they show that using a smaller number of randomly selected pairs leads to a good approximation. This is an interesting point in the considered use-case. Large netlists can then be analysed, by relaxing precision.

#### D. Current-flow closeness centrality/Information centrality

Current-flow closeness centrality was proposed in [17], and is equivalent to information centrality [19]. Instead of using distance between nodes as a measure of closeness, it proceeds similarly to current-flow betweenness centrality. First, the graph is converted to an equivalent electrical network with edges replaced by unit resistors. Afterwards, farness is the difference of potential (voltage) between the two nodes. It is the equivalent resistance between the two nodes (see Equation (6)). Thus it also accounts for paths which are not the shortest ones. All the paths between two nodes are considered, contributing to the overall equivalent resistance depending on their length.

$$C_{CFC}(v) = \frac{1}{\sum_{y:y \in V} p(v) - p(y)} = \frac{1}{\sum_{y:y \in V} R_{eq}(v, y)}$$
(6)

V. EXPERIMENTAL RESULTS

The centrality indicators were computed using Python *igraph* [20] and *NetworkX* [21] libraries. Our workstation embeds an Intel Core i5-4570 operating at 3.20GHz and 16GB of RAM. Experimental results were obtained with ITC'99 [22] and EPFL [23] combinational benchmarks. We restrict the size of the benchmarks from 1k to 100k gates. Note that this is the only method demonstrated on large benchmarks, up to 100k gates, when [10], [11], [14] do not exceed a few thousand gates. For large benchmarks, come centrality indicator computations ran out of memory and are not presented. Moreover, we fix a timeout limit for computation of 1h.

#### A. Masking efficiency evaluation

The Hamming distance criterion used in previous articles to evaluate the masking efficiency is not suited as detailed in [3]. As stated in [13], "We need maximum corruption, and thus minimum correlation at the outputs". Therefore, the masking efficiency  $E_m$  is evaluated by computing the quadratic mean of the Pearson's correlation coefficient (see Eq. (7)) obtained between the normal and masked mode for every output bit (see Eq. (8)).

$$r(x,y) = \frac{\sum_{i=1}^{n} (x_i - \bar{x})(y_i - \bar{y})}{\sqrt{\sum_{i=1}^{n} (x_i - \bar{x})^2} \sqrt{\sum_{i=1}^{n} (y_i - \bar{y})^2}}$$
(7)

$$E_m = \sqrt{\frac{1}{n} \sum_{o \in outputs} r^2(o_{normal}, o_{masked})}$$
(8)

The output values are obtained by applying 10k random vectors at the key and primary inputs of the netlist. For each benchmark and area overhead, the most efficient centrality indicator is in bold face.

|       | TABLE I                                             |
|-------|-----------------------------------------------------|
| $E_m$ | VALUES FOR SELECTION HEURISTICS BASED ON CENTRALITY |
| IN    | DICATORS AND DIFFERENT LOGIC RESOURCES OVERHEADS    |

| Benchmark      | #gates       | Centrality | Logic 1 | resources | overhead |
|----------------|--------------|------------|---------|-----------|----------|
|                | 0            | indicator  | 1%      | 5%        | 10%      |
| adder          | $\sim 1 k$   | В          | 0.97    | 0.86      | 0.70     |
|                |              | С          | 0.98    | 0.94      | 0.91     |
|                |              | C-FB       | 0.94    | 0.73      | 0.58     |
|                |              | C-FC       | 0.96    | 0.95      | 0.93     |
|                |              | AC-FB      | 0.91    | 0.75      | 0.68     |
| i2c controller | $\sim 1 k$   | В          | 0.97    | 0.91      | 0.85     |
|                |              | С          | 0.98    | 0.93      | 0.90     |
|                |              | C-FB       | 0.28    | 0.19      | 0.17     |
|                |              | C-FC       | 0.27    | 0.20      | 0.37     |
|                |              | AC-FB      | 0.29    | 0.28      | 0.23     |
| sine           | $\sim 5k$    | В          | 0.23    | 0.26      | 0.22     |
|                |              | С          | 0.26    | 0.20      | 0.23     |
|                |              | C-FC       | 0.21    | 0.01      | 0.01     |
|                |              | AC-FB      | 0.10    | 0.11      | 0.01     |
| b14_1_C        | $\sim 5k$    | В          | 0.92    | 0.61      | 0.50     |
|                |              | С          | 0.74    | 0.65      | 0.48     |
|                |              | AC-FB      | 0.73    | 0.36      | 0.34     |
| b15_1_C        | $\sim 10k$   | В          | 0.82    | 0.57      | 0.45     |
|                |              | С          | 0.81    | 0.61      | 0.48     |
|                |              | AC-FB      | 0.77    | 0.64      | 0.85     |
| round-robin    | $\sim 10k$   | В          | 0.96    | 0.84      | 0.69     |
| arbiter        |              | С          | 0.94    | 0.86      | 0.83     |
|                |              | AC-FB      | 0.94    | 0.88      | 0.83     |
| memory         | $\sim 50k$   | В          | 0.98    | 0.94      | 0.88     |
| controller     |              | С          | 0.98    | 0.91      | 0.83     |
| divisor        | $\sim 50k$   | В          | 0.65    | 0.64      | 0.64     |
|                |              | С          | 0.65    | 0.64      | 0.64     |
| b18_1_C        | $\sim 100 k$ | В          | 0.95    | 0.80      | 0.63     |
|                |              | С          | 0.95    | 0.80      | 0.65     |

B: betweenness

C: closeness C-FB: current-flow betweenness

C-FC: current-flow closeness

AC-FB: approximated current-flow betweenness

The masking efficiency values  $E_m$  obtained are shown in Table I, in which three logic resources overheads are considered, 1%, 5% and 10%. The overhead is computed as the percentage of extra gates added to the design.  $E_m$  values differ greatly depending on the benchmark. For some of them, the correlation drops very fast, even at low overhead. This occurs for benchmarks in which outputs are strongly correlated, such as *sine*. On the other hand, some benchmarks make it very hard to reduce the correlation coefficient, even with a 10% overhead.

The centrality indicators differ in effectiveness. However, the ones based on current-flow are the most efficient is the majority of cases. For the largest benchmark, b18\_1\_C, which comprises 100k gates, the correlation drops to 0.63 for 10% area overhead. This shows that the masking is efficient, even

#### on very large netlists.

Increasing the overhead obviously reduces correlation since inserting more masking gates increases the masking efficiency.

Additionally, we estimated by simulation the corruptibility of the outputs when centrality indicators are used to select the nodes to modify. For all the circuits and all centrality indicators, when an incorrect key is applied, the normal and masked outputs were systematically different.

#### B. Computation time

Fig. 3 shows on a log-log scale how computation time varies with respect to the number of nodes in the netlist. The dark grey line is the baseline for computation time. It is the time required to only build the graph as described in Subsection III-C.

Centrality indicators are efficient to compute in general, although the centrality indicators based on current-flow require more time. However, even for a very large benchmark of 100k gates, computing betweenness and closeness centrality is possible in less than an hour on our desktop workstation. Surely this could be improved with a dedicated server. Moreover, recent research [24] shows that centrality indicators can be computed faster in a distributed manner. Computation time does not depend on the chosen overhead, since the chosen centrality indicator must be computed for all the nodes of the graph in all the cases.



Fig. 3. Computation time required using different heuristics for selection with a 5% logic resources overhead. The baseline is random selection.

#### C. Comparison with existing heuristics

Fig. 4 illustrates the trade-off between correlation reduction and computation time. The baseline for computation time is random selection as it is the simplest method, thus the fastest to compute. The most efficient heuristics are closer to the origin, since they are the fastest to compute and the most efficient at reducing correlation.

Other heuristics can be broadly classified into two categories. First, fault-analysis based selection [14] can reduce correlation significantly, down to 0.2. However, this selection



Fig. 4. Trade-off between computation time and correlation reduction. The logic resources overhead is 5-6%. The correlation and computation time values are obtained after averaging over all benchmarks, except for [14] for which only three small benchmarks from the original article are considered.

heuristic is very computationally expensive. Authors report that "This method took two hours to encrypt the C7552 circuit". This circuit only has 3,500 nodes. Therefore, fault-analysis based selection is highly impractical and cannot cope with large netlists, which are typically the ones worth protecting against counterfeiting. Emulation has been proposed in [25] to speed-up the process but it requires a very large FPGA for implementation since it increases the size of the original a lot. Moreover, the correlation value of 0.2 is obtained from only three combinational benchmarks, which are relatively small. Nothing shows that this low correlation would be observed on larger benchmarks such as the ones we used. On the other hand, random [10] and fan-in/fan-out cones [11] methods are rapidly computed. However, as visible in Fig. 4, the correlation remains very high. Therefore, they do not achieve efficient masking.

Overall, existing heuristics are either efficient at reducing correlation, but complex to compute, or easy to compute but inefficient at reducing correlation. In contrast, centrality indicators can reduce correlation down to 0.4 on average. Moreover, they are much more computationally efficient than fault-analysis based selection, since they run 1,000 times faster on average. Among centrality indicators, the most efficient are the ones based on current flow. They are the closest to the origin, and reduce correlation efficiently while being computationally practical. Therefore, centrality indicators offer a better trade-off than state-of-the-art heuristics between masking efficiency and computational complexity.

#### VI. DISCUSSION

#### A. Impact on maximum operating frequency

When choosing the nodes to modify, critical paths can be excluded. This way, the impact of logic masking on the operating frequency is minimised. Masking efficiency would not be affected much since critical paths are marginal.

#### B. Sequential circuits

When masking sequential circuits, combinational parts must be isolated. Flip-flop inputs are converted to graph output nodes, and the flip-flop outputs to graph input nodes [4].

#### C. Scalability

The results we provide here for computation time are obtained on a standard desktop workstation. In order to improve performances, a dedicated server with more memory could be used to provide more computing power and analyse larger netlists. Another option to improve scalability is to compute the centrality indicator in parallel. Recent research [24] highlight the fact that current flow-based centrality indicators, which are usually the most efficient for logic masking, could be computed faster. Other heuristics based on interference graph [12] or fault analysis [14] are intrinsically sequential since they require the masking metric to be recomputed every time a node is modified.

#### D. Controllability and distance to inputs and outputs

For most of the modified benchmarks, inspection shows that the inserted gates are as close to the inputs as they are to the outputs. They are then approximately in the middle of the netlist. This is a good point against reverse-engineering. Indeed, if the extra gates are embedded deeper in the netlist, they are harder to uniquely identify and disable.

The distance to inputs and outputs is closely related to the controllability of the nodes. In order to make sure that the modified nodes are hard to control, one can set a threshold on their controllability. The controllability value can be computed very fast. By ensuring that the controllability of the selected nodes is high enough, the key value is much harder to reveal on the outputs of the circuit by sensitisation attack [13].

#### VII. CONCLUSION

We proposed to use centrality indicators to select the nodes modified by logic masking. On the one hand, it reduces correlation effectively and is faster to compute than state-ofthe-art effective heuristics. On the other hand, compared to other computationally-efficient heuristics, it reduces correlation significantly more. Overall, it provides a better trade-off between masking efficiency and computational complexity, and is the only realistic candidate for integration in EDA tools dealing with large and complex netlists.

#### **ACKNOWLEDGEMENTS**

The work presented in this paper was realised in the frame of the SALWARE project number ANR-13-JS03-0003 supported by the French 'Agence Nationale de la Recherche" and by the French "Fondation de Recherche pour l'Aéronautique et l'Espace", funding for this project was also provided by a grant from "La Région Rhône-Alpes"

#### REFERENCES

- [1] U. Guin, K. Huang, D. DiMase, J. M. Carulli, M. Tehranipoor, and Y. Makris, "Counterfeit integrated circuits: A rising threat in the global semiconductor supply chain," Proceedings of the IEEE, vol. 102, no. 8, pp. 1207–1228, 2014.
- B. Colombier and L. Bossuet, "Survey of hardware protection of design data for integrated circuits and intellectual properties," IET Computers & Digital Techniques, vol. 8, no. 6, pp. 274-287, Nov. 2014.

- B. Colombier, L. Bossuet, and D. Hély, "From secured logic to IP [3] protection," Elsevier Microprocessors and Microsystems, vol. 47, pp. 44-54 2016
- S. M. Plaza and I. L. Markov, "Protecting integrated circuits from [4] piracy with test-aware logic locking," in International Conference on Computer Aided Design, San Jose, CA, USA, Nov. 2014.
- 'Solving the third-shift problem in IC piracy with test-aware [5] logic locking," IEEE Trans. on CAD of Integrated Circuits and Systems, vol. 34, no. 6, pp. 961-971, 2015.
- P. Subramanyan, S. Ray, and S. Malik, "Evaluating the security of [6] logic encryption algorithms," in IEEE International Symposium on Hardware Oriented Security and Trust, Washington, DC, USA, May 2015, pp. 137-143.
- [7] M. Yasin, J. Rajendran, O. Sinanoglu, and R. Karri, "On improving the security of logic locking," IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 35, no. 9, pp. 1411-1424, 2015.
- [8] M. Yasin, B. Mazumdar, J. J. V. Rajendran, and O. Sinanoglu, "Sarlock: SAT attack resistant logic locking," in IEEE International Symposium on Hardware Oriented Security and Trust, McLean, VA, USA, May 2016, pp. 236-241.
- [9] Y. Xie and A. Srivastava, "Mitigating SAT attack on logic locking," in International Conference on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, USA, Aug. 2016, pp. 127–146. J. A. Roy, F. Koushanfar, and I. Markov, "Ending piracy of integrated
- [10] circuits," Computer, vol. 43, no. 10, pp. 30–38, 2010.
- R. S. Chakraborty and S. Bhunia, "HARPOON: an obfuscation-based [11] soc design methodology for hardware protection," IEEE Transations on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493-1502, 2009.
- [12] J. Rajendran, Y. Pino, O. Sinanoglu, and R. Karri, "Security analysis of logic obfuscation," in Annual Design Automation Conference, San Francisco CA, USA, Jun. 2012, pp. 83-89.
- J. Rajendran, M. Sam, O. Sinanoglu, and R. Karri, "Security analysis [13] of integrated circuit camouflaging," in ACM Conference on Computer & communications security, Berlin, Germany, Nov. 2013, pp. 709-720.
- [14] J. Rajendran, H. Zhang, C. Zhang, G. S. Rose, Y. Pino, O. Sinanoglu, and R. Karri, "Fault analysis-based logic encryption," IEEE Transactions
- on Computers, vol. 64, no. 2, pp. 410–424, 2015. G. Sabidussi, "The centrality index of a graph," *Psychometrika*, vol. [15]
- J. no. 4, pp. 581–603, 1966. J. M. Anthonisse, "The rush in a directed graph," *Mathematische* [16] Besliskunde, no. BN 9/71, pp. 1–10, 1971.
- U. Brandes and D. Fleischer, "Centrality measures based on current [17] flow," in Annual Symposium on Theoretical Aspects of Computer Science, vol. 3404, Stuttgart, Germany, Feb. 2005, pp. 533-544.
- [18] M. E. J. Newman, "A measure of betweenness centrality based on random walks," Social Networks, vol. 27, no. 1, pp. 39-54, 2005.
- [19] K. Stephenson and M. Zelen, "Rethinking centrality: Methods and examples," Social Networks, vol. 11, no. 1, pp. 1-37, 1989.
- [20] G. Csardi and T. Nepusz, "The igraph software package for complex network research," InterJournal Complex Systems, vol. 1695, no. 5, pp. 1–9, 2006.
- [21] A. A. Hagberg, D. A. Schult, and P. J. Swart, "Exploring network structure, dynamics, and function using NetworkX," in Python in Science Conference, Pasadena, CA USA, Aug. 2008, pp. 11-15.
- [22] S. Davidson, "ITC'99 benchmark circuits - preliminary results," in IEEE International Test Conference, Atlantic City, NJ, USA, Sep. 1999, p. 1125.
- L. Amarú, P.-E. Gaillardon, and G. D. Micheli, "The EPFL com-binational benchmark suite," in *International Workshop on Logic* & [23] Synthesis, Mountain View, CA, USA, Jun. 2015.
- [24] A. Lulli, L. Ricci, E. Carlini, and P. Dazzi, "Distributed current flow betweenness centrality," in International Conference on Self-Adaptive and Self-Organizing Systems, Cambridge, MA, USA, Sep. 2015, pp. 71-80.
- S. Gören, C. C. Gürsoy, and A. Yildiz, "Speeding up logic locking [25] via fault emulation and dynamic multiple fault injection," Journal of Electronic Testing, vol. 31, no. 5-6, pp. 525-536, 2015.

# Low-complexity DPA Countermeasure for Resource-Constrained Embedded McEliece Implementation

Martin Petrvalský Miloš Drutarovský Dept. of Electronics & Multimedia Communications, Technical University of Kosice, Park Komenskeho 13, 041 20 Kosice, Slovakia Email: {martin.petrvalsky, milos.drutarovsky}@tuke.sk Tania Richmond Institut de Mathématiques B.P. 20132, 83957, La Garde, France. Email: tania.richmond@univ-tln.fr Pierre-Louis Cayrel and Viktor Fischer Laboratoire Hubert Curien, Rue du Prof. Benoît Lauras, 18, 42000, Saint-Étienne, France. Email:{pierre.louis.cayrel, fischer}@univ-st-etienne.fr

Abstract-In this paper, we present an efficient countermeasure against side-channel attacks on the McEliece publickey cryptosystem. Firstly, we deploy a novel correlation based differential power analysis attack combined with a chosen ciphertext attack targeting a secure implementation of the McEliece cryptosystem. We demonstrate that a part of a private key (permutation matrix) can be recovered using the attacks. Furthermore, we show that a revelation of the permutation matrix possess a critical threat to the cryptosystem. The cryptosystem and its variations are implemented on a 32-bit ARM-based microcontroller. We provide details and results of the attack using power consumption measurements of the hardware. As a main contribution, we provide an experimental results of a novel efficient countermeasure against the attack. The countermeasure (which is a derivate of a masking technique) uses properties of the McEliece cryptosystem in order to reduce the complexity of the masking technique. Our new method does not require a large amount of random bits and it reduces computational time compared to the regular masking technique. These properties can be profitable for low-cost constrained and embedded devices.

Keywords—Correlation based differential power analysis, masking countermeasure, McEliece public-key cryptosystem, secure bit permutation, side-channel attack.

#### I. INTRODUCTION

Requirements for low-cost embedded device security rises its importance in the context of the Internet of Things (IoT) [1]. Cryptographic algorithms are implemented on these devices in order to provide needed security features. If we are thinking in a long-term manner, currently used public-key cryptosystems (PKCs) such as RSA [2] and ECC [3] will be vulnerable with advances in quantum computing. The solution for this problem are PKCs which will be theoretically secure even in the post-quantum era (post-quantum PKCs [4]). McEliece PKC [5] is one of the promising cryptosystems which is invariant against quantum computing algorithms. It is based on error-correcting codes and it was proposed by McEliece in 1978. The cryptosystem offers interesting properties - fast computation, favorable theoretical complexity which make the cryptosystem suitable for currently used low-cost embedded devices such as microcontrollers.

Theoretical security of the algorithm, especially for embedded devices, is often not sufficient in order to protect the device against possible attacks. Side-channel attacks (SCAs) exploit a physical phenomenon of an implementation, e.g. running time in software or power consumption in hardware. The first SCA against the McEliece PKC was proposed in 2008 [6] and more papers have followed during the last years. Most of those attacks target the Patterson's algorithm [7] and they are based on timing attack [6], [8]–[11]. We are focused on power consumption attacks on the McEliece PKC of which simple power analyses (SPAs) have been proposed in [12], [13] and differential power analyses (DPAs) attacks have been proposed in [14]–[16].

Regarding [12, Section 3], there are four profiles used for the first steps of the McEliece decryption. Profiles III and IV do not require permutation algorithm and thus they are more secure. However, the first step in profiles I and II permutes input ciphertexts which is convenient for some applications, e.g. in [6] or for low-cost embedded and constrained devices. In this work, we are focused on the profiles I and II where the permutation algorithm must be implemented. We focus on a development of a countermeasure which efficiently complicates (not completely avoids) side-channel attacks with emphasis on a low computational and memory requirements.

Compared to our previous work [15], [16], we present a novel correlation based DPA (CBDPA) attack on a secure implementation of a bit permutation in McEliece PKC. Furthermore, we provide new details on a possible security threat on revealed permutation matrix. In addition, we design a new countermeasure against side-channel attacks and we provide experimental results of the secure implementation of the bit permutation and its security against DPA attacks.

The paper is organized as follows. We start with a short review on Goppa codes and the McEliece PKC in Section II. In Section III, we present a CBDPA attack on the protected
McEliece ciphertext permutation and a syndrome computation given in [15]. Furthermore, in Section IV, we propose a new low-complexity countermeasure against CBDPA attacks. We show experimental results of our work in Section V. Finally, we conclude the paper in Section VI.

#### II. THEORETICAL BACKGROUND

### A. Goppa Codes

Goppa proposed a large class of linear error-correcting codes in 1970 [17], [18]. However our interest is focused exclusively on (irreducible) binary Goppa codes, that are available for encryption. For the sake of simplicity, we will call them Goppa codes.

Definition 1: Let m and t be positive integers. Let a support  $\mathcal{L} = \{\alpha_1, \alpha_2, \ldots, \alpha_n\}$  represent a subset of  $\mathbb{F}_{2^m}$  such that the  $\alpha_i$  are pairwise distinct elements, so  $n \leq 2^m$ . Given a monic (irreducible) polynomial  $g(x) \in \mathbb{F}_{2^m}[x]$  such that  $\deg(g) = t$  and  $g(\alpha_i) \neq 0$ , the (irreducible) Goppa code  $\Gamma(\mathcal{L}, g)$  is defined as:  $\Gamma(\mathcal{L}, g) =$ 

$$\{C = (C_1, C_2, \dots, C_n) \in \mathbb{F}_2^n \mid \sum_{i=1}^n \frac{C_i}{x \oplus \alpha_i} \equiv 0 \mod g(x)\}.$$
$$\mathcal{S}_C(x) = \sum_{i=1}^n \frac{C_i}{x \oplus \alpha_i}.$$
(1)

We call the syndrome polynomial, a polynomial associated to  $C \in \mathbb{F}_2^n$  given by (1). To decode a binary Goppa codeword containing errors, one commonly adopted solution is to use the so-called Patterson's algorithm [7]. We will focus on the first step of this algorithm consisting of computing a product between the codeword C with at most t errors and a paritycheck matrix of the Goppa code denoted  $\mathcal{H}$ , i.e.  $S = C \cdot \mathcal{H}^T$ . The result of this operation is called the syndrome and it can be viewed as a polynomial as  $S_C(x) = [x^{t-1}, \ldots, x, 1] \cdot S$ , i.e. (1).

# B. The McEliece Cryptosystem

McEliece proposed the first public-key code-based encryption scheme in 1978 [5]. The McEliece PKC, using Goppa codes as in the original paper, is performed using the three following algorithms - key generation, plaintext encryption and ciphertext decryption.

*Key Generation.* The key generation consists of the determination of the Goppa code according to Definition 1 given in Section II-A. Since Goppa codes are linear, they can be generated by a so-called  $k \times n$  generator matrix denoted  $\mathcal{G}$  (usual values of n are 1024, 2048, ...). We randomly choose a non-singular  $k \times k$  matrix  $\mathcal{S}$  and a  $n \times n$  permutation matrix  $\mathcal{P}$ . Then we compute the public  $k \times n$  generator matrix given by  $\tilde{\mathcal{G}} = \mathcal{S} \cdot \mathcal{G} \cdot \mathcal{P}$ . The key generation provides the private key sk =  $(\Gamma(\mathcal{L}, g), \mathcal{S}, \mathcal{P})$  and the public key pk =  $(m, t, \tilde{\mathcal{G}})$ . Notice that k and n are also public because  $\tilde{\mathcal{G}}$  is a  $k \times n$  matrix.

Plaintext Encryption. During the plaintext encryption, the message M is encrypted using the public generator matrix. This operation can be expressed by  $C = M \cdot \tilde{\mathcal{G}}$ . Then an error vector E of length n and weight t is randomly selected and added to the codeword C, giving the ciphertext  $\tilde{C} = C \oplus E$ .

Ciphertext Decryption. At first, the product  $\tilde{C}_p = \tilde{C} \cdot \mathcal{P}^{-1}$  is computed during the decryption of the ciphertext  $\tilde{C}$ . The attack described in Section III targets this phase of the ciphertext decryption. This step is leading to a codeword containing an error, i.e. :  $\underline{M} \cdot S \cdot \mathcal{G} \oplus \underline{E} \cdot \mathcal{P}^{-1}$ . Next, a decoding algorithm

word error vector of weight 
$$t$$

(the Patterson's algorithm in our case) must be applied on the obtained secret code. Let  $\mathcal{G}_r^{-1}$  be the  $\mathcal{G}$  right-side inverse, i.e.  $\mathcal{G} \cdot \mathcal{G}_r^{-1} = \mathcal{I}_k$ , where  $\mathcal{I}_k$  is the  $k \times k$  identity matrix. Thereafter the obtained codeword  $M \cdot S \cdot \mathcal{G}$  is multiplied by  $\mathcal{G}_r^{-1}$  on the right-side, in order to find  $\tilde{M} = M \cdot S$ . Finally, we compute  $M = \tilde{M} \cdot S^{-1}$  to recover the plaintext.

# III. CBDPA OF THE PRIVATE PERMUTATION

We attack a secure implementation of a bit permutation algorithm from [15] (recalled in this paper in Algorithm 1). In [16], different secure implementation of the bit permutation [6] is successfully attacked. Side-channel vulnerabilities can be found in both implementations. They leak an information about the private permutation matrix  $\mathcal{P}^{-1}$  in the McEliece PKC decryption.

In Algorithm 1, the vulnerable operation is the state 9. If a bit of the permuted ciphertext  $\tilde{C}_{p_i} = 0$  then tmp = 0; if  $\tilde{C}_{p_i} = 1$  then  $tmp = (FFF \dots F)_{hex}$ . Using multiple measurements with different inputs (e.g. 500 measurements) we are able to detect the exact time when particular bits are handled in tmp variable. Time of the particular bit handling corresponds to the current location in the vector  $\tilde{C}_p$ . By comparing input vector  $\tilde{C}$  and permuted vector  $\tilde{C}_p$  extracted from the CBDPA attack, it is possible to extract the whole permutation matrix  $\mathcal{P}^{-1}$ . We attack an implementation [15] using n = 1024. Compared to the the attack in [16], we extract a permutation matrix  $\mathcal{P}$  by attacking a secure syndrome computation (parity-check matrix multiplication) which is scheduled after the bit permutation.

Algorithm 1 Bit permutation and a secure syndrome computation (multiplication by the parity-check matrix)  $S = (\tilde{C} \cdot \mathcal{P}^{-1}) \cdot \mathcal{H}^T$  (from [15])

**Require:** Private permutation matrix  $\mathcal{P}^{-1}$  represented by lookup-table  $t^{\mathcal{P}}$ , private parity-check matrix  $\mathcal{H}^{\mathcal{T}}$ , ciphertext vector  $\tilde{C}$  and mask M. **Ensure:** Syndrome S

1:  $\tilde{C}_p = 0$ 2: for i = 0 to n - 1 do if  $\tilde{C}_i = 1$  then  $\tilde{C}_p = \tilde{C}_p \oplus (1 \ll t_i^{\mathcal{P}})$ 3: 4: 5. end if 6: end for 7: S = M8: for i = 0 to n - 1 do  $tmp = unsigned(0 - \tilde{C}_{p_i})$ <u>9</u>.  $10 \cdot$  $S = S \oplus (tmp \ \& \ H_i^T)$ 11: end for 12:  $S = S \oplus M$ 13: return S

#### A. Methods of the CBDPA Attack

We deploy the CBDPA attack based on the Pearson's correlation coefficient [19] with known input ciphertext. The workflow of the CBDPA is depicted in Fig. 1. We apply a Hamming weight of individual bits leakage model ( $H_i \in \{0, 1\}$ ). We choose the Hamming weight model since it accurately



Figure 1. Main steps of the CBDPA attack on the secure bit permutation. We input random ciphertexts while the permutation matrix  $\mathcal{P}^{-1}$  remains the same. We measure a leakage on a syndrome computation operation which is scheduled after the bit permutation (the attack on [15]).

represents the leakage of the attacked device. We use (2) for correlation analyses:

$$r_{H,X}(\eta) = \frac{\sum_{i=1}^{N} [(X_i(\eta) - \bar{X}(\eta))(H_i - \bar{H})]}{\sqrt{\sum_{i=1}^{N} [X_i(\eta) - \bar{X}(\eta)]^2 \sum_{i=1}^{N} (H_i - \bar{H})^2}}$$
(2)

where  $r_{H,X}(\eta)$  is the Pearson's correlation coefficient for  $\eta$ th sample (measured during execution of the cryptographic algorithm), N is a number of measured traces,  $X_i(\eta)$  is a value of  $\eta$ -th sample measured during *i*-th measurement (*i*-th trace),  $\bar{X}(\eta)$  is a mean value of corresponding  $\eta$ -th samples (from all traces),  $H_i$  is a hypothesis of power consumption for one bit of input data corresponding with *i*-th measurement (*i*-th trace) and  $\bar{H}$  is a mean value of all hypotheses  $H_i$ .

#### B. A threat of the revealed $\mathcal{P}$

Assuming one knows the private permutation matrix  $\mathcal{P}$  and the support  $\mathcal{L}$  is in lexicographic order (or any other one, but known by the attacker). That means the only remaining part of the private key still unknown is the Goppa polynomial. Indeed, the knowledge of the scrambling matrix S is useless because  $\mathcal{G}$ and  $S \cdot \mathcal{G}$  generate the same code. Multiply a generator matrix by an invertible matrix on the left side is the only way to get another generator matrix of the same code.

Notice that a parity-check matrix  $\mathcal{H}$  of the Goppa code can be computed as a product between the *t*-rows Vandermonde

matrix  $\mathcal{Y}$  of support  $\mathcal{L}$  elements and the diagonal matrix  $\mathcal{Z}$  with the inverse polynomial evaluation of g on all elements in the support  $\mathcal{L}$ , where each component is an m-bit vector over  $\mathbb{F}_2$ . That is, over  $\mathbb{F}_{2^m}$ ,  $\mathcal{H}$  looks like:

$$\mathcal{H} = \underbrace{\begin{pmatrix} 1 & 1 & \dots & 1 \\ \alpha_1 & \alpha_2 & \dots & \alpha_n \\ \vdots & \vdots & \dots & \vdots \\ \alpha_1^{t-1} & \alpha_2^{t-1} & \dots & \alpha_n^{t-1} \end{pmatrix}}_{\mathcal{Y}} \cdot \underbrace{\begin{pmatrix} \frac{1}{g(\alpha_1)} & 0 & \dots & 0 \\ 0 & \frac{1}{g(\alpha_2)} & \ddots & \vdots \\ \vdots & \ddots & \ddots & 0 \\ 0 & \dots & 0 & \frac{1}{g(\alpha_n)} \end{pmatrix}}_{\mathcal{Z}}$$

$$= \begin{pmatrix} \frac{1}{g(\alpha_1)} & \frac{1}{g(\alpha_2)} & \dots & \frac{1}{g(\alpha_n)} \\ \frac{\alpha_{\alpha_1}}{g(\alpha_1)} & \frac{\alpha_2}{g(\alpha_2)} & \dots & \frac{\alpha_n}{g(\alpha_n)} \\ \vdots & \vdots & \dots & \vdots \\ \frac{\alpha_1^{t-1}}{g(\alpha_1)} & \frac{\alpha_2^{t-1}}{g(\alpha_2)} & \dots & \frac{\alpha_n^{t-1}}{g(\alpha_n)} \end{pmatrix}$$
(3)

This parity-check matrix form comes from the definition of an alternant code. Indeed, a Goppa code is a specific alternant code. Since  $\mathcal{L}$  is assuming known, the matrix  $\mathcal{Y}$  can be computed by an attacker. Let  $y_i$  be  $1/g(\alpha_i)$  for all *i* for 1 to *n*. Then, by writing  $\mathcal{H}$  over  $\mathbb{F}_{2^m}$ ,  $\mathcal{H}$  becomes for an attacker:

$$\mathcal{H} = \begin{pmatrix} y_1 & y_2 & \dots & y_n \\ \alpha_1 \cdot y_1 & \alpha_2 \cdot y_2 & \dots & \alpha_n \cdot y_n \\ \vdots & \vdots & \dots & \vdots \\ \alpha_1^{t-1} \cdot y_1 & \alpha_2^{t-1} \cdot y_2 & \dots & \alpha_n^{t-1} \cdot y_n \end{pmatrix}$$

where  $y_i$  are unknown for the adversary. This matrix leads to a linear system of tmn equations in  $(tm)^2 + nm$  unknowns over  $\mathbb{F}_2$ . It was shown in [20, Section 5.6] that this attack succeeds only if the error weight is at most  $\lfloor t/2 \rfloor$ .

Another proposition was done in [15] using the definition of a generalized Reed-Solomon (GRS) code. Indeed, an alternant code is a specific GRS code, moreover a Goppa code is the restriction to  $\mathbb{F}_2$  of a GRS code over  $\mathbb{F}_{2^m}$ . That is why both propositions are based on the same idea.

In addition, a Goppa code generated with  $g^2$  instead of g, when g is irreducible, is still the same code [21, Chapter 12]:  $\Gamma(\mathcal{L},g) = \Gamma(\mathcal{L},g^2)$ . Therefore, using a parity-check matrix with  $g^2$  instead of g, an attacker can get a linear system of twice more equations and hope to succeed in all error weight cases (up to t).

To finish about g recovering through a linear system given by a parity-check matrix, using the syndrome polynomial (1), another parity-check matrix of  $\Gamma(\mathcal{L}, g)$  is:

Since  $g_t \neq 0$ ,  $\mathcal{X}$  is invertible. Therefore,  $\mathcal{XYZ}$  and  $\mathcal{YZ}$  define the same code. For further research, it can be interesting to try the attack proposed in [20] using these two matrices, with g and  $g^2$ , then compare all results.

Finally, another idea to recover the Goppa polynomial is to compute the Greatest Common Divisor (GCD) between all polynomials  $f'_C(x)$  given in (5), with *C* as rows in  $S \cdot G$ . Since each row in  $S \cdot G$  is a codeword and from [21, Chapter 12] we have:

$$C \in \Gamma(\mathcal{L}, g) \Leftrightarrow g(x) | f'_C(x), \tag{4}$$

where

$$f_{C}(x) = \prod_{i=1}^{n} C_{i}(x - \alpha_{i})$$
  

$$f_{C}'(x) = \sum_{i=1}^{n} C_{i} \prod_{\substack{j=1\\ i \neq i}}^{n} (x - \alpha_{j}),$$
(5)

and with

$$\mathcal{S}_C(x) = \sum_{i=1}^n \frac{C_i}{x \oplus \alpha_i} = \frac{f'_C(x)}{f_C(x)}.$$
(6)

So the second way seems to be simpler, because there are (k-1) GCDs to compute in the worst case instead of a linear system to solve. All together, a revelation of permutation matrix  $\mathcal{P}$  is a significant step towards breaking the whole McEliece cryptosystem.

#### C. Measurement Setup

We attack software implementation of the McEliece PKC decryption algorithm running on a low-cost STM32F103 microcontroller (MCU) [22]. The MCU features a 32-bit ARM Cortex-M3 (clocked at 72 MHz) and 64kB Flash ROM (sufficient for McEliece decryption). We acquire traces by measuring voltage drop on a 1 $\Omega$  resistor placed in series between a grounding pin of the MCU and the ground. The setup was especially developed for SCAs and it provides clear view on the MCU leakage.

Traces are acquired using the Agilent Technologies oscilloscope DSO9404A [23] (using 2 of 4 analog channels). All traces required for an attacking protected device are acquired at sample rate  $250 \times 10^6$  samples per second (250 MS/s). Two 500 MHz passive probes were connected directly to SubMiniature version A (SMA) connectors available on the testing board with the MCU. Data acquisition is controlled by the software running on the oscilloscope's internal PC. The software sets up the oscilloscope, sends the ciphertext to the MCU - design under test (DUT) via UART and waits for the acknowledgment. The DUT rises a trigger and starts the ciphertext decryption. The oscilloscope measures power consumption during the first two steps of the decryption. Once the acquisition is finished, the PC stores the measured trace to the hard disk. The measurement process is repeated depending on the desired number of traces (usually from dozens to millions of traces, in our case it is 500).

#### D. Results of the CBDPA attack

We successfully deployed the CBDPA attack on a permutation matrix  $\mathcal{P}^{-1}$ . The attack is performed using power consumption traces with different and random inputs. Then, we perform the correlation analysis *n* times for each input bit - 1024 times in our case. We obtain positions of permuted bits by searching for correlation peaks during analyses as depicted in Fig. 2. By comparing positions of permuted bits with bits in input ciphertexts, we reconstruct the permutation matrix  $\mathcal{P}^{-1}$ .

During the attack, we measure 500 traces each with 1024 bits long random input ciphertexts  $\tilde{C}$ . As we can see in Fig. 2, we are able to find permuted positions of the input bits. Compared to the attack in [16], this attack produces a thin correlation peak as shown in Fig. 2. It is caused by a difference between implementations of the algorithms.We are able to extract the permutation matrix  $\mathcal{P}$  with 100% success rate (1024 × 1024 bits). The proposed attacks can be enhanced to any value of n in order to attack other more practical implementations ( $n = 2048, n = 4096, \ldots$ ).

#### IV. NOVEL CBDPA COUNTERMEASURE

At the end of [16], we outline a possible countermeasure. We further investigate and develop the idea in this paper. We introduce a novel implementation of the countermeasure (Algorithm 2). We are able to use the masking with decreased effects of two main disadvantages - requirement of random bits and increased computational complexity. Our new method of countermeasure uses the following properties of linear codes:

- rows in generator matrix  $\mathcal{G}$  are codewords,
- every codeword has a zero syndrome,



Figure 2. Correlation analyses using 500 power consumption traces. We can clearly distinguish the moment (marked with dashed ellipses) when the first bit (upper figure) and the second bit (lower figure) from input ciphertext are handled during the decryption algorithm (Algorithm 1). The first and the second bits are permuted to position 479 and 857 of 1024, respectively.

• syndrome computation is scheduled right after bit permutation in the McEliece decryption.

Algorithm 2 CBDPA resistant bit permutation and a syndrome computation (multiplication by the parity-check matrix)  $S = [(\tilde{C} \oplus_p B) \cdot \mathcal{P}^{-1}] \cdot \mathcal{H}^T$ 

**Require:** Private permutation matrix  $\mathcal{P}^{-1}$  represented by lookup-table  $t^{\mathcal{P}}$ , private parity-check matrix  $\mathcal{H}^{\mathcal{T}}$ , ciphertext vector  $\tilde{C}$ , masks  $M_1$ ,  $M_2$  and a private generator matrix of  $\Gamma(\mathcal{L}, g)$ . **Ensure:** Syndrome S

1: Choose  $_{p}B$  such that  $_{p}B = B \cdot \mathcal{P}$  and  $B \in \Gamma(\mathcal{L}, g)$ 2:  $\overline{\tilde{C}' = \tilde{C} \oplus {}_{p}B}$ 3:  $\tilde{C}'_p = M_1$ 4: for i = 0 to n - 1 do  $tmp = unsigned(0 - \tilde{C}'_i)$ 5:  $\tilde{C}'_p = \tilde{C}'_p \oplus (tmp \& (1 \ll t_i^{\mathcal{P}}))$ 6: 7: end for 8:  $\tilde{C}'_p = \tilde{C}'_p \oplus M_1$ 9:  $S = M_2$ 10: for i = 0 to n - 1 do  $tmp = unsigned(0 - \tilde{C}'_{p_i})$ 11:  $S = S \oplus (tmp \& H_i^T)$ 12: 13: end for 14:  $S = S \oplus M_2$ 15: return S

Since the syndrome computation is a linear operation and the syndrome equals zero for all codewords, the main idea for our countermeasure is to add a codeword to the permuted ciphertext and compute the syndrome with this new word  $\tilde{C}'_p = \tilde{C}_p \oplus B$ , where  $B \in \Gamma(\mathcal{L}, g)$  (for example one row in  $\mathcal{G}$ ). The syndrome is the same since  $S = \tilde{C}'_p \cdot \mathcal{H}^T = (\tilde{C}_p \oplus B) \cdot \mathcal{H}^T = \tilde{C}_p \cdot \mathcal{H}^T \oplus \underbrace{B \cdot \mathcal{H}^T}_{=0} = \tilde{C}_p \cdot \mathcal{H}^T$ .

Hence we need to add the mask to the input ciphertext Cbefore the permutation algorithm, we add a permuted codeword  ${}_{p}B$  such that  ${}_{p}B \cdot \mathcal{P}^{-1} = B$ . After the permutation, we get  $\tilde{C}'_{p} = (\tilde{C} \oplus {}_{p}B) \cdot \mathcal{P}^{-1} = (\tilde{C} \cdot \mathcal{P}^{-1}) \oplus ({}_{p}B \cdot \mathcal{P}^{-1}) = \tilde{C}_{p} \oplus B$ which is input for the syndrome computation in the previous paragraph. From the point of view of an adversary, we add input ciphertexts to random values (with operation  $\oplus$ ). The adversary can not know the variable tmp of the state 9 in Algorithm 1. The reason is that the hypotheses which the adversary would create are completely altered by the addition of the mask  ${}_{p}B$  as shown in Fig 3.

In regular masking method, we need to generate random masks with width at least equal to the width of masked data. Afterwards, we perform calculations with mask and masked data. In the end, we merge mask and masked data into resulting data of the desired operation. In our case, we have to obtain a permuted Goppa codeword  $_pB$ . There are several possibilities to do so. It can be done either by choosing a random Goppa codeword or we can use a row in the generator matrix  $\mathcal{G}$  (or linear combinations of rows) and modify them offline using the permutation matrix  $\mathcal{P}^{-1}$ . Another possibility is to use linear combinations of rows from public matrix G (this option is potentially vulnerable to an attack since an adversary knows the  $\hat{\mathcal{G}}$  matrix). For resource-constrained devices we can precompute a sufficient amount of permuted codewords  $_{p}B$  and use their linear combinations for each decryption. After we add  $_{p}B$  to the ciphertext, we get correct result from the McEliece PKC decryption with no additional steps assuming that the input ciphertext C is stored in the MCU memory during the decryption process.

#### V. EXPERIMENTAL RESULTS

The results of the new countermeasure in terms of computational complexity are in Tab. I. Compared to masking scheme, our novel method is more effective in terms of computational time and required random bits (RB). Using properties of the McEliece PKC, we avoid storing multiple values (masks and masked data) and we compute operations of permutation and parity-check matrix multiplication only once. Relations between intermediate values and input data are broken and thus the overall first-order DPA leakage is significantly reduced.

Results of the proposed CBDPA attack resistant bit permutation are given in and Fig. 4. We apply the novel countermeasure for the implementation of the permutation and then we repeat the CBDPA attack. If we compare the figures before and after the countermeasure, the results show that the leakage is significantly reduced. The CBDPA attacks are no longer possible as they were introduced.

#### VI. CONCLUSION

In this paper, we successfully deployed the CBDPA attack targeting the permutation matrix  $\mathcal{P}$  of the McEliece PKC. The



Figure 3. Secure bit permutation with the proposed countermeasure. Permuted Goppa codes are added to ciphertexts as masks before the permutation. During and after the permutation, an adversary is unable to find patterns (gray and dashed ellipses) in permuted ciphertexts with added Goppa codewords.

| Secret bit permutation      | Cycles      | RB |
|-----------------------------|-------------|----|
| SPA protected [15]          | 517,845     | 0  |
| DPA prot. (our method)      | 518,211     | 0* |
| DPA prot. (regular masking) | 1,036,422   | n  |
| SPA prot. [6], [16]         | 62,375,424  | 0  |
| DPA prot. (our method)      | 62,375,790  | 0* |
| DPA prot. (regular masking) | 124,751,580 | n  |

DPA prot. (regular masking) 124,751,580 nTable I. Comparison table between various implementations of a secret bit permutation. The cycle counts are obtained from 32-bit ARM Cortex-M3 microprocessor. We perform all measurements with n = 1024 for each method. Similar results are obtained for a syndrome computation. \*Our method can be applied without random bits when a sufficient amount of masking codewords is precomputed and stored in ROM with usage of pseudo-random bits.



Figure 4. Correlation analysis using 500 power consumption traces. The figure corresponds to Fig. 2 with applied countermeasure. We are unable to detect significant correlation peaks in any of the 1024 correlation analyses.

algorithm was attacked on the ARM Cortex-M3 based MCU. We showed that we were able to fully recover the whole  $n \times n$  permutation matrix. The attack can be extended to McEliece PKC parameters which are more suitable regarding current level of security, e.g. n = 2048.

Secondly, we develop and test an efficient countermeasure

against possible CBDPA attacks on the implementation of the first steps of the McEliece PKC decryption. The countermeasure is based on a masking technique. We added Goppa codewords (random or rows of  $\mathcal{G}$ ) to ciphertexts during the decryption algorithm as masks. By using properties of the McEliece PKC, we reduced the number of random bits and computational time that are required for the regular masking technique. After the codeword addition, there are no changes in the decryption algorithm thus the complexity of the countermeasure is significantly reduced.

Furthermore, we successfully measured and tested the proposed countermeasure. The results showed that the leakage of both implementations are significantly reduced. We did not intend to fully secure the algorithms with the novel countermeasure but we reduce the side-channel leakage with a method suitable for low-cost embedded and resource-constrained devices. Indeed, a higher order DPA attack is still possible as well as higher order masking techniques [24].

## ACKNOWLEDGMENT

This work was performed in the framework of the COST Action IC1204 (Trustworthy Manufacturing and Utilization of Secure Devices). It was supported by the Slovak Research and Development Agency, project number APVV-0586-11 and in part by NATO's Public Diplomacy Division in the framework of 'Science for Peace', SPS Project 984520. Furthermore, the authors would like to thank Pascal Véron for his helpful advices.

#### REFERENCES

- R. Roman, P. Najera, and J. Lopez, "Securing the internet of things," *Computer*, vol. 44, no. 9, pp. 51–58, 2011.
- [2] D. J. Bernstein, Y.-A. Chang, C.-M. Cheng, L.-P. Chou, N. Heninger, T. Lange, and N. van Someren, *Factoring RSA Keys from Certified Smart Cards: Coppersmith in the Wild.* Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp. 341–360. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-42045-0\\_18
- [3] C.-C. Lee, C.-T. Li, C.-Y. Weng, J.-J. Jheng, X.-Q. Zhang, and Y.-R. Zhu, "Cryptanalysis and improvement of an ECC-based password authentication scheme using smart cards," in *Cyberspace Safety and Security*, ser. Lecture Notes in Computer Science, G. Wang, I. Ray, D. Feng, and M. Rajarajan, Eds., 2013, vol. 8300.

- [4] D. J. Bernstein, J. Buchmann, and E. Dahmen, *Post Quantum Cryptog-raphy*, 1st ed. Springer Publishing Company, Incorporated, 2008.
- [5] R. J. McEliece, "A public-key cryptosystem based on algebraic coding theory," California Inst. Technol., Pasadena, CA, Tech. Rep. 44, January 1978.
- [6] F. Strenzke, E. Tews, H. G. Molter, R. Overbeck, and A. Shoufan, "Side channels in the McEliece PKC," in *The Second International Workshop* on Post-Quantum Cryptography (PQCrypto 2008), ser. Lecture Notes in Computer Science, J. Buchmann and J. Ding, Eds. Berlin Heidelberg: Springer, October 2008, vol. 5299, no. 5299/2008, pp. 216–229. [Online]. Available: http://dx.doi.org/10.1007/978-3-540-88403-3\\_15
- [7] N. J. Patterson, "The algebraic decoding of Goppa codes," *IEEE Transactions on Information Theory*, vol. 21, no. 2, pp. 203–207, March 1975.
- [8] A. Shoufan, F. Strenzke, H. G. Molter, and M. Stöttinger, "A timing attack against Patterson algorithm in the McEliece PKC," in *Proceedings of the 12th International Conference on Information*, *Security and Cryptology (ICISC 2009)*, ser. Lecture Notes in Computer Science, D. Lee and S. Hong, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, vol. 5984, pp. 161–175. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-14423-3\_12
- [9] F. Strenzke, "A timing attack against the secret permutation in the McEliece PKC," in *Proceedings of the Third international conference* on Post-Quantum Cryptography (PQCrypto 2010), ser. Lecture Notes in Computer Science, N. Sendrier, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, vol. 6061, pp. 95–107. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-12929-2\\_8
- [10] R. M. Avanzi, S. Hoerder, D. Page, and M. Tunstall, "Sidechannel attacks on the McEliece and Niederreiter public-key cryptosystems," *Journal of Cryptographic Engineering*, vol. 1, no. 4, pp. 271–281, November 2011. [Online]. Available: http: //dx.doi.org/10.1007/s13389-011-0024-9
- [11] F. Strenzke, "Timing attacks against the syndrome inversion in code-based cryptosystems," in *The 5th International Workshop* on Post-Quantum Cryptography (PQCrypto 2013), ser. Lecture Notes in Computer Science, P. Gaborit, Ed. Berlin Heidelberg: Springer, 2013, vol. 7932, pp. 217–230. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-38616-9\\_15
- [12] S. Heyse, A. Moradi, and C. Paar, "Practical power analysis attacks on software implementations of McEliece," in *Proceedings of the Third international conference on Post-Quantum Cryptography (PQCrypto* 2010), ser. Lecture Notes in Computer Science, N. Sendrier, Ed. Berlin Heidelberg: Springer, 2010, vol. 6061, pp. 108–125. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-12929-2\\_9
- [13] H. G. Molter, M. Stöttinger, A. Shoufan, and F. Strenzke, "A simple power analysis attack on a McEliece cryptoprocessor," *Journal of Cryptographic Engineering*, vol. 1, no. 1, pp. 29–36, April 2011. [Online]. Available: http://dx.doi.org/10.1007/s13389-011-0001-3
- [14] C. Chen, T. Eisenbarth, I. von Maurich, and R. Steinwandt, "Differential power analysis of a McEliece cryptosystem," Cryptology ePrint Archive, Report 2014/534, 2014. [Online]. Available: http: //eprint.iacr.org/2014/534
- [15] M. Petrvalsky, T. Richmond, M. Drutarovsky, P.-L. Cayrel, and V. Fischer, "Countermeasure against the spa attack on an embedded mceliece cryptosystem," in *Radioelektronika (RADIOELEKTRONIKA)*, 2015 25th International Conference, April 2015, pp. 462–466.
- [16] M. Petrvalsky, T. Richmond, M. Drutarovsky, P. L. Cayrel, and V. Fischer, "Differential power analysis attack on the secure bit permutation in the mceliece cryptosystem," in 2016 26th International Conference Radioelektronika (RADIOELEKTRONIKA), April 2016, pp. 132–137.
- [17] V. D. Goppa, "A new class of linear error-correcting codes," *Problemy Peredachi Informatsii*, vol. 6, no. 3, pp. 24–30, September 1970.
- [18] E. R. Berlekamp, "Goppa codes," *IEEE Transactions on Information Theory*, vol. 19, no. 5, pp. 590–592, September 1973.
- [19] E. Brier, C. Clavier, and F. Olivier, "Correlation power analysis with a leakage model," in CHES, 2004, pp. 16–29.
- [20] R. Heiman, "On the security of cryptosystems based on linear error correcting codes," Master's thesis, Feinburg Craduate School of the Weitzmann Institute of Science, Rehovot, August 1987.

- [21] F. J. MacWilliams and N. J. A. Sloane, *The theory of error-correcting codes*, N.-H. M. Library, Ed. North-Holland, 2006.
- [22] ST Microelectronics, "STM32 product information, software and datasheets," http://www.st.com/web/en/catalog/mmc/FM141/SC1169, [online] Cited 12/12/2015.
- [23] Agilent Technologies, "DSO9404A datasheet and product information," http://www.keysight.com/en/pd-1632456-pn-DSO9404A/ oscilloscope-4-ghz-4-analog-channels?&cc=SK&lc=eng, [online] Cited 12/12/2015.
- [24] M. Rivain, E. Prouff, and J. Doget, "Higher-order masking and shuffling for software implementations of block ciphers." in *CHES*, ser. Lecture Notes in Computer Science, C. Clavier and K. Gaj, Eds., vol. 5747. Springer, 2009, pp. 171–188.



| Motivation and goals | <b>DPA</b><br>00 | F-T architectures | Measurement | Results                                          | Conclusion      |
|----------------------|------------------|-------------------|-------------|--------------------------------------------------|-----------------|
|                      |                  |                   |             |                                                  |                 |
|                      |                  |                   |             |                                                  |                 |
| Motivation           | and go           | als               |             |                                                  |                 |
|                      |                  |                   |             |                                                  |                 |
| DPA                  |                  |                   |             |                                                  |                 |
|                      |                  |                   |             |                                                  |                 |
| F-1 archite          | ctures           |                   |             |                                                  |                 |
| Maasuromo            | t                |                   |             |                                                  |                 |
| weasureme            | anu              |                   |             |                                                  |                 |
| Results              |                  |                   |             |                                                  |                 |
|                      |                  |                   |             |                                                  |                 |
| Conclusion           |                  |                   |             |                                                  |                 |
|                      |                  |                   |             |                                                  |                 |
|                      |                  |                   |             |                                                  |                 |
|                      |                  |                   | < □ > < 6   | <b>₽ &gt;                                   </b> | ▶ ≣ ৩৭৫<br>2/22 |
|                      |                  |                   |             |                                                  | ,               |







| Motivation and goals<br>○○○●   | <b>DPA</b><br>00       | F-T architecture              | s Measurement                      | Results     | Conclu |
|--------------------------------|------------------------|-------------------------------|------------------------------------|-------------|--------|
|                                |                        | Relate                        | d work                             |             |        |
| Similar stuc                   | ly was pre             | sented by Re                  | egazzoni et al. [1]                |             |        |
| <b>Table:</b> Comp<br>approach | parison of I           | key features o                | f Regazzoni et al. a               | pproach and | d our  |
|                                | Regazzor               | ni                            | Our App                            | oroach      |        |
| Fault att                      | tack resist            | ant design                    | Fault-tolera                       | nt design   |        |
| S-                             | Box prote              | cted                          | the whole encryptor prot           |             | ted    |
|                                | ASIC                   |                               | FPGA                               |             |        |
| Simulated                      | d power co             | onsumption                    | Real power consumption             |             |        |
| Regazzoni c<br>attacks are     | concluded<br>more vulr | that the des<br>nerable to po | igns protected aga<br>wer attacks. | ainst fault |        |
|                                |                        |                               | • • • • • • • • • • • • • • • • •  |             | ▶ 臣 ×  |

























| Motivation | and goals DP            | A F-T a    | architectures N<br>2000 c | Aeasurement | Results<br>●○                                        | Conclusion      |
|------------|-------------------------|------------|---------------------------|-------------|------------------------------------------------------|-----------------|
|            |                         |            | Results                   |             |                                                      |                 |
|            |                         |            |                           |             |                                                      |                 |
|            |                         |            |                           |             |                                                      |                 |
| Та         | ble: Compariso          | n of AES v | ariants based or          | n mediar    | and interquartile                                    |                 |
| ra         | nge of <i>min Irace</i> | S          |                           |             |                                                      | -               |
|            | Architecture            | Median     | Interquartile             | range       | Diff. from AES                                       |                 |
| [          | AES                     | 850        | 175                       |             | 0%                                                   |                 |
| ĺ          | AES-SPC                 | 950        | 250                       |             | +12%                                                 | 1               |
|            | AES-HR-R                | 900        | 275                       |             | +6%                                                  | 1               |
| ĺ          | AES-HR-A                | 812        | 150                       |             | -4%                                                  | ~7              |
| ĺ          | AES-TR-R                | 1025       | 250                       |             | +21%                                                 | M W             |
|            | AES-TR-A                | 1037       | 275                       |             | +22%                                                 | 20              |
|            |                         |            |                           |             | P                                                    |                 |
|            |                         |            |                           |             |                                                      | Z)              |
|            |                         |            |                           | < 🗆 I       | <ul> <li>&lt; 個&gt; &lt; 글&gt; &lt; 글&gt;</li> </ul> | ≣ ৩৭.়<br>19/22 |





| Motivation and g                | goals DPA<br>00                                                                                         | F-T architectures                                                                                    | Measurement                                                                      | Results                                                                  | Conclusion                   |
|---------------------------------|---------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------|--------------------------------------------------------------------------|------------------------------|
|                                 |                                                                                                         | Referen                                                                                              | ces                                                                              |                                                                          |                              |
| [1] F.<br>fau<br>att            | Regazzoni, L. Bre<br>ult attack counter<br>tacks," in <i>Fault A</i>                                    | eveglieri, P. lenne, a<br>measures and the re<br>nalysis in Cryptogra                                | nd I. Koren, "Inte<br>esistance against  <br>aphy. Springer, 2                   | eraction betw<br>power analys<br>2012, pp. 257                           | veen<br>is<br>'–272.         |
| [2] P.<br>Int                   | Kocher, J. Jaffe,<br>ternational Cryptc                                                                 | and B. Jun, "Differ<br>logy Conference.                                                              | ential power anal<br>Springer, 1999, pj                                          | ysis," in <i>Ann</i><br>5. 388–397.                                      | ual                          |
| [3] V.<br>mo<br>in<br>Int       | Fischer, F. Berna<br>odular system for<br><i>Field Programma</i><br><i>ternational Confer</i>           | rd, and P. Haddad,<br>fair benchmarking c<br><i>ble Logic and Appli</i><br><i>ence on</i> . IEEE, 20 | "An open-source<br>of true random nu<br><i>cations (FPL), 20</i><br>13, pp. 1–4. | multi-FPGA<br>mber genera<br>113 23rd                                    | tors,"                       |
| [4] P.<br>Pe<br>dif<br>De<br>20 | Socha, V. Miškov<br>arson correlation of<br>fferent approaches<br>esign and Diagnos<br>17, pp. 184–189. | ský, H. Kubátová,<br>coefficient calculatio<br>," in 2017 IEEE 20<br>tics of Electronic C            | and M. Novotný,<br>on for DPA and c<br>th International S<br>ircuits Systems (L  | "Optimizatic<br>omparison of<br><i>ymposium or</i><br><i>DECS</i> ), Apr | n of<br>ii<br>ii<br>, E Dace |
|                                 |                                                                                                         |                                                                                                      |                                                                                  |                                                                          | 22 / 22                      |

# The Design-Time Side-Channel Information Leakage Estimation

Jan Bělohoubek

jan.belohoubek@fit.cvut.cz

Faculty of Information Technology Czech Technical University in Prague

# Motivation

# $Information \ Leakage$

- Digital circuits offer sensitive information while computation(side-channel)
- Today circuit designers compete with attackers:
  - Designers are trying to build circuits resistant to SPA, DPA, Fault-attack, Combined (Fault + PA)  $\ldots$
  - $\rightarrow$  **Decrease** the information offered thru side-channel
  - $\rightarrow\,$  Measure the information offered thru side-channel



• Unbalanced data/control paths (Different loads, Place&Route, Early evaluation)

1

- Unbalanced computation (data-dependent algorithms)
- Completion detection asynchronous circuits

## Localize Weakness and Estimate Potential

- How to distinguish good idea<sup>1</sup> and bad idea during the different design phases?
  - post-Synthesis what can be achieved with current design?
  - post-Map what can be achieved with current cell library?
  - post-Place&Route how will behave the physical design?

## How to measure vulnerability?

# • Production time

- Number of traces needed to break the circuit (get AES key)
- Design time
  - Use number of traces  $^2$  accurate simulation + many traces  $\rightarrow$  time !?
  - − Use well established methods make conservative (but subjective) estimation  $\rightarrow$  accuracy !?
  - Do we have objective and efficient metric?

# The Method

# Using Power Traces

- The sensitive information leaking from the circuit influences the character of the power traces
  - Timing differential peak position; duration of the computation
  - Fault differential peak position, width or height; duration of the computation
  - Unbalanced paths differential peak position, width or height
- $\rightarrow$  Many types of information leakage are aggregated in power traces
- $\rightarrow\,$  Using only power traces for vulnerability evaluation is sufficient

<sup>&</sup>lt;sup>1</sup>Is a certain circuit implementation better from the side-channel vulnerability point of view? <sup>2</sup>K. Smith and M. Łukowiak, "Methodology for simulated power analysis attacks on AES,"

<sup>&</sup>lt;sup>2</sup>K. Smith and M. Łukowiak, "Methodology for simulated power analysis attacks on AES," 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE, San Jose, CA, 2010, pp. 1292-1297.

# • What is Required?

- Fast vulnerability estimation allowing incorporation into the design flow process
- Measure the information contained in power trace
- Estimation at different design levels post-Synthesis, post-Map, post-Place&Route

# • What is Observed?

- The information in the power trace is proportional to the similarity of traces
  - $\rightarrow\,$  if all traces would be equal, the attacker can extract no information
  - $\rightarrow\,$  if there is a dependency between the processed data and power trace patterns, the attacker may extract information

## Data vs. Power Trace Dependency

- Let's search for data vs. power trace dependency
  - Data similarity metric: Hamming distance
  - Power trace similarity metric: **Pearson correlation**
  - $\rightarrow\,$  Is correlation of traces for similar data high and for different data (significantly) low?



# Methodology The Current Design Potential

- post-Synthesis what can be achieved with current design?
  - No physical layer information!
  - Is simulation-based estimation possible? It is not possible without any assumption about technology!
- post-Map what can be achieved with current cells?
  - Take information about cells only (parasitic capacitances, conductivity,  $\ldots)$
  - Interconnection is assumed ideally balanced (or zero delay/power)
  - Place&Route can make things worse
- post-Place&Route the "reality"
  - Should be close to physical design



4

# Combinational Circuits

- Generate the stimuli set:
  - initial vector is generated randomly
  - other vectors are derived by inverting bits in the initial vector
  - $\rightarrow\,$  the stimuli set contains vectors with Hamming distances (0% 100 %)
- Use stimuli to get power traces (simulation)
- Compute Pearson correlation for all pairs of power traces
- Build a data-set containing pairs: [Hamming distance, Correlation] (plot ...)
- Compare different implementations: formulate hypothesis and test by using the t-test



## Simulation Tools

- Spice open (ngSpice); too accurate; too slow
- Synopsys PrimeTime PX commercial looks fine (not tested yet)
- IRSIM open alternative to PTPX?; fast; too old
  - Produces event times, not power traces (poweEst package is available)
  - Good for CMOS with lambda  $\geq 1 \; \mu m$  technology
  - For CMOS below 1  $\mu m,$  the results looks bad characterization failed  $\ldots$

## Combinational Circuits

- stimuli set contains i vectors, where i is equal to # of circuit inputs
- $\rightarrow\,$  we have  $i^2/2$  pairs of vectors with all possible Hamming distances
  - number of stimuli vectors is reduced
  - SPICE simulation is feasible for relative small circuits like C3540:
    - $* \approx 1000$  gates
    - $\ast~50~{\rm inputs}$
    - $\ast~1250$  input vector and power trace pairs

 $IRSIM - Above \ 1 \ \mu m$ 



- + Nice graph, looks as expected T-test (and my eyes) says: singleRail is (much) worse than dualRail
- IRSIM gives similar results for TSMC180nm here disagrees with SPICE! (wrong tech. characterization)



• Real measurements – Asynchronous dualRail DES on FPGA



 $\bullet\,$ dual Rail layout (TSMC180nm) of the benchmark circuit<br/> C3540

<sup>+</sup> precise SPICE simulation looks very similar to measured data! (C3540 is similar to DES)





• The sum of two singleRails is equal to the single SingleRail – no additional information leakage!

# Summary

## Preliminary Results Show Interesting Facts

When no manufacturing variations were taken into account:

- 1 More logic working data-dependently is bad  $\rightarrow$  information leakage is increased
  - both branches of DualRail circuits perform data-dependent computations  $\rightarrow$  balancing becomes extremely important!
- 2 Adding more logic blocks producing exactly the same power traces is OK  $\rightarrow$  NMR will not increase information leakage

# When manufacturing variations will be taken into account, the 2. case will slightly became case 1!

#### Future Work and Challanges

- Is it possible to measure information leakage simpler?
- $\rightarrow$  the area of circuit parts performing data-dependent computations independently
- Is singleRail really better than dualRail in practice? ... No!
- $\rightarrow$  Where are the limits of masking (balancing dual rails)?
- $\rightarrow$  What is the relationship of information leakage and circuit vulnerability?
- $\rightarrow$  Is the attacker's strength estimation without focusing to the particular attack possible?
- There is no (open) efficient and accurate simulator of CMOS producing power traces.

## Highlights

- The information leakage is proportional to the amount of logic working data-dependently!
- The presented method is able to estimate information leakage (fast open simulator is missing).
- Ideal duplex (no voters!) does not offer additional information to attacker.

### Acknowladgements

This research has been partially supported by the grant GA16-05179S of the Czech Grant Agency and by CTU grant SGS17/213/OHK3/3T/18.

Computational resources were provided by the CESNET LM2015042 and the CERIT Scientific Cloud LM2015085, provided under the programme "Projects of Large Research, Development, and Innovations Infrastructures".











































| Clone-Re<br>in Micr      | esistant Str<br>osemi SoC                                                       | uctures<br>Units |
|--------------------------|---------------------------------------------------------------------------------|------------------|
|                          | Cryptarchi 2017                                                                 |                  |
|                          | 18-21 June 2017<br>Smolenice Castle, Slovakia                                   |                  |
|                          | W. Adi, A. Mars                                                                 |                  |
| IDA, Instit<br>Teo       | tute of Computer and Network Eng<br>chnical University of Braunschwe<br>Germany | jineering<br>ig  |
| Institute of<br>Computer | Technische<br>Universität                                                       | Page: 1          |
























































| The following t<br>SmartFusion®2 | able presents the hard<br>SoC FPGAs Families | lware complexity | of SUC (in perc | ent) for differer |
|----------------------------------|----------------------------------------------|------------------|-----------------|-------------------|
| Gate Complexity                  | : 213 LUTs + 72 DFFs                         |                  |                 |                   |
|                                  |                                              |                  |                 |                   |
|                                  | SmartFusion2                                 | Resources usage  |                 |                   |
|                                  | SoC FPGA                                     | LUTs             | DFFs            |                   |
|                                  | Families                                     | % of usage       | % of usage      |                   |
|                                  | M2S005                                       | 3,51             | 1,19            |                   |
|                                  | M2S010                                       | 1,76             | 0,6             |                   |
|                                  | M2S025                                       | 0,77             | 0,26            |                   |
|                                  | M2S050                                       | 0,37             | 0,12            |                   |
|                                  | M2S060                                       | 0,37             | 0,12            |                   |
|                                  | M2S090                                       | 0,24             | 0,08            |                   |
|                                  | M2S150                                       | 0,14             | 0,04            |                   |
|                                  |                                              |                  |                 |                   |



|     | <b>CONCLUSIONS</b>                                                              |
|-----|---------------------------------------------------------------------------------|
| \$  | Relatively low-cost pure Digital PUFs (in best case "zero-cost")                |
| \$  | "Highly robust <u>digital</u> physical identity"<br>(compared to analog PUFs !) |
| \$  | Negligible aging!                                                               |
| \$  | Scalable security level!.                                                       |
| \$  | System inherently more resistant to "Side Channel Attacks"                      |
| \$  | Security is, manufacturer and trusted authority independent                     |
| W   | ork in Progress:                                                                |
| \$  | Investigating new "GENIEs", operation scenarios and use protocols               |
| \$  | Practical real field applications,                                              |
| \$  | Task is multidisciplinary and challenging!                                      |
| ID/ | Institute of Computer and Network Engineering Page : 32                         |





# <page-header><page-header><section-header><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item><list-item>

#### **HECIOR**

## Secure Portable Data Storage Data are stored on a replaceable SD-card (up to 32 GB) Based on Microsemi SmartFusion2 Passphrase entered directly on device – reduces risk of keylogger attacks The data throughput is >19MB/s for read and >13MB/s for write

16 June, 2017

HECTOR - Hardware enabled crypto and randomnes

3













### **HECTOR HECTOR Evaluation Platform – Motherboard** Based on Microsemi SmartFusion2 → 64 MB of external RAM, USB interface → Only low-noise linear regulators are used → Complex acquisition system implemented → Controlled by the PC using a USB interface and TCL scripts

79

#### HECIOR







#### HECIOR

## Decrete Usage of the Device Empty Security critical data zeroized Enrolled Security critical data generated: helper data, data encryption key Once enrolled – user just enters his passphrase to generate 96 bits of the key (remaining 32 come from the PUF)

|              |                                                 | HECIOR |
|--------------|-------------------------------------------------|--------|
| Demonstratio | on                                              |        |
| → Follows…   |                                                 |        |
|              |                                                 |        |
|              |                                                 |        |
|              |                                                 |        |
|              |                                                 |        |
|              |                                                 |        |
| 46 June 2017 | UECTOR Hardware applied apple and randomeses    |        |
|              | HECTOR – Hardware enabled crypto and randomness | 14     |





#### Complete activation scheme for IP design protection

Brice Colombier<sup>1</sup>, Ugo Mureddu<sup>1</sup>, Marek Laban<sup>2</sup>, Oto Petura<sup>1</sup>, Lilian Bossuet<sup>1</sup>, Viktor Fischer<sup>1</sup> <sup>1</sup>Hubert Curien Laboratory, UMR CNRS 5516, University of Lyon, 42000 Saint-Étienne - France

{b.colombier, ugo.mureddu, oto.petura, lilian.bossuet, fischer}@univ-st-etienne.fr

<sup>2</sup>Department of Electronics and Multimedia Communications, Technical University of Košice, Park Komenskho 13

04120 Košice, Slovak Republic,

MICRONIC, Sliačska 2/C, 83102, Bratislava, Slovak Republic

laban@micronic.sk

Abstract—Intellectual Property (IP) illegal copying is a major threat in today's integrated circuits industry which is massively based on a designand-reuse paradigm. In order to fight this threat, a designer must track how many times an IP has been instantiated. Moreover, illegal copies of an IP must be unusable. We propose a hardware/software scheme which allows a designer to remotely activate an IP with minimal area overhead. The software modifies the IP efficiently and can handle very large netlists. Unique identification of hardware instances is achieved by integrating a TERO-PUF along with a lightweight key reconciliation module. A cryptographic core guarantees security and triggers a logic locking/masking module which makes the IP unusable unless the correct encrypted activation word is applied. The hardware side is implemented on several FPGAs.

#### I. GOAL OF THE DEMO

The goal of the proposed hardware demo is to show how a designer can modify an IP so that it can be activated remotely and securely. Before activation, the IP can be instantiated but is unusable. Its outputs are either forced to a fixed logic value or disturbed. Later, upon activation request, the designer sends an encrypted activation word. This is then decrypted inside the IP to activate it. Each IP instance is made unique by integrating a PUF, leveraged to derive a secret key. It prevents a malicious system integrator from instantiating the IP on a non-trusted hardware target. We make the whole system open-source.

#### II. EXPERIMENTAL SETUP

From a hardware perspective, the experimental setup (Fig. 1) comprises a laptop and an FPGA board, connected via a serial interface. A user interface can perform the following actions:

- Modify the IP, using logic masking [1] or logic locking [2] to make it controllably unusable. Several parameters can be tuned, as well as the area overhead.
- Obtain the reference response from the TERO-PUF [3] during the enrolment phase.
- Reconcile the key with CASCADE [4] and activate the IP.

#### III. DEMO SCENARIO AND OBSERVABLES

The typical demo scenario is the following. First, an IP in the form of a netlist is modified and the associated activation word (AW) is stored. The motherboard is then connected to the PC and the daughterboard is enrolled by obtaining a response from a PUF instantiated at a known location. This response is used to encrypt AW. The protected IP is instantiated on the enrolled daughter-board. Before activation, the IP does not operate correctly. When the activation phase starts, the key reconciliation procedure is conducted to ensure that the PUF response generated on the daughter-board is identical to the one obtained during enrollment. Then, AW is encrypted and sent to the board. It is then internally decrypted and sent to the logic masking/locking module, to make the IP fully operational. If the IP is instantiated on a different daughter-board, it does not operate correctly since the PUF response is different. Each IP is then securely bound to a trusted hardware target.

#### ACKNOWLEDGMENTS

The work presented in this paper was realized in the frame of the SALWARE project number ANR-13-JS03-0003 supported by the French "Agence Nationale de la Recherche" and by the French "Fondation de Recherche pour l'Aéronautique et l'Espace", funding for this project was also provided by a grant from "La Région Rhône-Alpes".

This project has also received funding from the European Unions Horizon 2020 research and innovation program under grant agreement no. 644052.

#### REFERENCES

- J. A. Roy, F. Koushanfar, and I. Markov, "EPIC: Ending piracy of integrated circuits," in *DATE*, 2008, pp. 1069–1074.
- [2] B. Colombier, L. Bossuet, and D. Hély, "Reversible denial-of-service by locking gates insertion for IP cores design protection," in *IEEE ISVLSI*, 2015, pp. 210–215.
- [3] A. Cherkaoui, L. Bossuet, and C. Marchand, "Design, evaluation and optimization of physical unclonable functions based on transient effect ring oscillators," *IEEE Transactions on Information Forensics and Security*, vol. 11, no. 6, pp. 1291–1305, 2016.
- [4] B. Colombier, L. Bossuet, D. Hély, and V. Fischer, "Key reconciliation protocols for error correction of silicon PUF responses," *IACR Cryptology ePrint Archive*, vol. 2016, p. 939, 2016.



Fig. 1. Experimental setup showing the software user interface and the hardware wrapper added to the IP.





Siemens: 1 M€, 40% funding

Restricted © Siemens AG 2017 Page 3 May 2017

Markus Dichtl / CT RDA ITS SES-DE



## Architektur für langfristige Sicherheit durch Secure Elements mit Update-Funktion

#### Architecture for long term security by secure elements with update function

Restricted © Siemens AG 2017 Page 4 May 2017

Markus Dichtl / CT RDA ITS SES-DE













































Restricted © Siemens AG 2017 Page 20 May 2017

Markus Dichtl / CT RDA ITS SES-DE



























#### Definition 2 - Statistical model of the physical noise

- Statistical model of the physical noise a stochastic model of time variable t with value in the space of phases V describing the change of E(t).
- ▶ It may appear as a probability distribution  $\mathbb{P}(E(t)|p_1,...,p_n, E(t_0) = ...)$ , with  $t > t_0$  on E(t), depending on parameters  $p_1,...,p_n$  and preconditions on  $E(t_0)$ .
- ▶ We make the assumption that the distribution  $\mathbb{P}(E(t)|p_1,...,p_n, E(t_0))$  contains all the information accessible to an observer (whatever his calculation power) with knowledge of the preconditions on  $E(t_0)$ .
- Afterwards, such a statistical model is denoted  $M(t, p_1, \ldots, p_n)$ .

E LABORATOIRE

## ► There must be a statistical model M(t, p<sub>1</sub>,..., p<sub>n</sub>) for the

Comments:

physical noise used.

- The parameters (e.g. temperature, supply voltage) and the preconditions (e.g. initial phase) are assumed to be known to the attacker.
- They can be manipulated by the attacker but only within certain limits.
- Remarks:
  - The model can only be deduced from an explanation and physical modelling of phenomena.
  - A statistical analysis of the physical noise, e.g., using statistical tests is insufficient.

UBERT CURIEN

### Requirement 3 – Experimental evaluation of input parameters of the noise model

- ► One must be able to evaluate experimentally the parameters p<sub>1</sub>,...,p<sub>n</sub> of the statistical model for physical noise M(t,p<sub>1</sub>,...,p<sub>n</sub>).
- One must be able to evaluate the measurement errors of these parameters.
- ► Comments:
  - Parameters can be evaluated externally or internally.
  - External measurements can use high-end measurement tools, but:
    - Measurement can be unprecise, because of data interface.
    - It can be difficult to implement on a production line and complicate testing each device.
  - Here, the use of statistical tests is legitimate.

E LABORATOIRE



|       | Introduction Physical n                                                                                                                   | oise <b>Digitizer</b> Co                                               | onclusions                                           | Requirement 5                                                   | Requirement 6                                     | Requirement 7          | Requirement 8 |
|-------|-------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------|---------------------------------------------------|------------------------|---------------|
| Outli | ne                                                                                                                                        |                                                                        |                                                      |                                                                 |                                                   |                        |               |
| 2     | Introduction<br>Physical noise<br>Requirement<br>Requirement<br>noise model                                                               | 1 – Identific<br>2 – Charac<br>3 – Experir                             | cation of<br>terization<br>nental e                  | f the source<br>on of the phy<br>avaluation of                  | of random<br>sical noise<br>input para            | ness<br>e<br>meters of | the           |
|       | <ul> <li>Requirement time</li> </ul>                                                                                                      | 4 – Evaluat                                                            | tion of s                                            | tability of no                                                  | ise model                                         | paramete               | rs in         |
| 3     | Analog-to-digita <ul> <li>Requirement <ul> <li>TRNG</li> <li>Requirement</li> <li>Requirement</li> <li>Requirement</li> </ul> </li> </ul> | l converter<br>5 – Availab<br>6 – Setup c<br>7 – Parame<br>8 – Availab | ility of th<br>of the RI<br>etric stat<br>ility of a | ne statistical<br>NG design p<br>tistical tests<br>deterministi | model of t<br>arameters<br>and their e<br>ic test | the comple             | ete           |
| 4     | Conclusions                                                                                                                               |                                                                        |                                                      |                                                                 |                                                   | i                      | E LABORATOIRE |
|       | 14/25                                                                                                                                     | V                                                                      | . FISCHER                                            | Design and eva                                                  | luation of a physi                                | cal random numi        | ber generator |



















#### Conclusions

- Requirements presented in this document represent an extension of those given in AIS 31 (requirements of AIS 31 remain valid).
- Because the highest security levels are targeted by the document, comparing to AIS 31, some additional requirements are given:
  - Statistical model of the source of randomness must be given.
  - Deterministic part of the whole TRNG (not only of the post-processing) must be tested.
  - Parametric tests must be based on the statistical model of the TRNG.
  - General purpose statistical tests should not be used as parametric tests.

E LABORATOIRE



























Random number generator

Evaluation process Conclusion

11 Internal state in the diagram Formal definition Physical device  $\begin{array}{cccc} \blacktriangleright & \mbox{internal state} & E: & \mathbb{R}_+ & \longrightarrow & V \\ & t & \longmapsto & E(t) \end{array}$ ▶ produces a sequence of bits  $(b_{t_i})_{1 \leq i \leq n}$  in some given time. A Value of  $b_{t_i}$  knowing E is determined. Example ρο/μ  $Ii : t \longmapsto P(\omega t + \varphi_0)$ ► *P* is 2*π*-periodic  $V = [0, 2\pi]$  $\rightarrow t$  $E: t \longmapsto \omega t + \varphi_0 \mod 2\pi$ 0  $T = \frac{2\pi}{\omega}$ E. Noumon Allini • F. Bernard • V. Fischer




## General principle of an oscillator based TRNG

Evaluation process Conclusion



13





# 108

# <page-header><page-header><section-header><section-header><section-header><section-header><section-header><section-header><section-header><section-header><section-header><table-container>

# Input clock jitter

- 16
- Input jitter with frequency lower than the PLL bandwidth :
   passed by the PLL without being modified (not filtered out).
- When frequency corresponds to the PLL bandwidth :

Evaluation process Conclusion

- the closed loop transfer function of the PLL features a peak,
- $\blacktriangleright$  input jitter amplified by the relative size of the peak,  $\hookrightarrow$  depending on the loop damping factor.
- When frequency is higher than the PLL bandwidth
  - input jitter is attenuated at 20db/decade.

### Conclusions

- Jitter of the input clock should be as small as possible
  - limit the PLL output jitter to the PLL intrinsic jitter,
    use of quartz.
- Input clock frequency should be as high as possible
  - much higher then the PLL bandwidth.
  - E. Noumon Allini F. Bernard V. Fischer

Evaluation process Conclu

# Intrinsic noise of the PLL



- VCO contributes the most to PLL intrinsic noise.
- Main components of the PLL intrinsic noise :
  - Thermal noise
  - Flicker noise
- Flicker noise may be significantly reduced :
  - ► appropriate selection of multiplication and division factors.

## Conclusions

- Output clock frequency should be as high as possible
   reduce the contribution of the flicker noise.
- PLL bandwidth should be as large as possible

E. Noumon Allini • F. Bernard • V. Fischer An illust

reduce the long term jitter at PLL output.





E. Noumon Allini • F. Bernard • V. Fischer













# <page-header><page-header><page-header><page-header><page-header><section-header>







E. Noumon Allini • F. Bernard • V. Fischer An illus

# Statistical model of a TRNG

# Requirement 5 A statistical model of the TRNG should be available and should use the probability distribution $\mathbb{P}(\varphi(t)|p_1, p_2, \cdots, p_n, \varphi(t_0))$ .

Evaluation process Conclusion



# Statistical model of a TRNG

25

25

### Requirement 5

A statistical model of the TRNG should be available and should use the probability distribution  $\mathbb{P}(\varphi(t)|p_1, p_2, \cdots, p_n, \varphi(t_0))$ .

### In the case of a PLL-based TRNG

♣ X<sub>i</sub> random variable with values in {0,1}
 ▶ logical level of the sampled bit at time iT<sub>clk</sub>.

Evaluation process Conclusion

**♣** Probability to sample bit 1 at  $i \times T_{clk}^{a}$ 

E. Noumon Allini • F. Bernard • V. Fischer

$$\mathbb{P}(X_i = 1) = \mathbb{P}(\varphi_i < \alpha T_{clj}) - \mathbb{P}(\varphi_i < 0) + 1 - \mathbb{P}(\varphi_i < T_{clj})$$

<sup>a</sup>F. Bernard, V. Fischer, B. Valtchanov. Mathematical Model of Physical RNGs Based On Coherent Sampling. Tatra Mountains - Mathematical Publications, 2010.

### Evaluation process Conclusion Physical noise Anale Use of the statistical model of a TRNG Obtaining the best configuration

E. Noumon Allini • F. Bernard • V. Fischer An illustration of a

26

### Requirement 6

From the statistical model of the TRNG, it should be possible to adjust parameters  $q_1, q_2, \dots, q_m$  in order to bound the value defined by the bias on the bits that output from the generator.



# Image: Section Physical noise Analog to digital converter Description 26 Obtaining the best configuration 26 **Requirement 6** From the statistical model of the TRNG, it should be possible to adjust parameters $q_1, q_2, \cdots, q_m$ in order to bound the value defined by the bias on the bits that output from the generator. **In the case of a PLL-based TRNG** • Combinatorial optimization • heuristic and metaheuristic methods. • Work still in progress.

E. Noumon Allini • F. Bernard • V. Fischer



### Evaluation process Conclusion Physical noise Analy Use of the statistical model of a TRNG Monitoring the source of entropy



27



### Evaluation process Conclus 28 Deterministic tests Requirement 8 There must be tests of deterministic functions that verify proper operation of the functional elements of the TRNG. $\downarrow$ output Noise source 1 Physical noise Noise source 2 Physical device source Digitizer $(q_1, q_2, \cdots, q_m)$ total failure rement 8 $p_1, p_2, \cdots, p_n$ online Noise source r Source of randomness rement Tests Requi start-up Measuring principle E. Noumon Allini • F. Bernard • V. Fischer



























|                                  | Plan                                                                          |                      |                      |
|----------------------------------|-------------------------------------------------------------------------------|----------------------|----------------------|
| Introdu<br>Cy<br>Att             | uction<br>ber-physical architecture<br>acks on cars<br>otections and Counterm | e<br>easures         |                      |
| <mark>Risk a</mark><br>Pro<br>Ap | ssessment and attack tr<br>blem statement<br>proach to attack modelin         | ree generation<br>ng |                      |
| Concl                            |                                                                               |                      |                      |
|                                  |                                                                               |                      |                      |
| 11/33                            |                                                                               | Khaled Karray        | TELECOM<br>ParisTech |







































|       | Illustration: Attack tree - countermeasure          |
|-------|-----------------------------------------------------|
|       | Figure : Attack tree: Speed acquisition and display |
| 31/33 | TELECOM<br>Paristech<br>Khaled Karray               |

| Plan                                                                                              |  |
|---------------------------------------------------------------------------------------------------|--|
| Introduction<br>Cyber-physical architecture<br>Attacks on cars<br>Protections and Countermeasures |  |
| Risk assessment and attack tree generation<br>Problem statement<br>Approach to attack modeling    |  |
| Conclusion                                                                                        |  |
| 32/33 Khaled Karray                                                                               |  |





























| Introduction<br>Equipment<br>Acoustic leakage during RSA decryption<br><b>The attack</b> |                                   |
|------------------------------------------------------------------------------------------|-----------------------------------|
|                                                                                          |                                   |
|                                                                                          |                                   |
| <ul> <li>We can do an adaptive chosen cipher</li> </ul>                                  | text attack.                      |
| • We reveal the value of the secret prim                                                 | ne q bit by bit.                  |
| • We know the length of <i>q</i> .                                                       |                                   |
| • We know <i>q</i> starts with 1.                                                        |                                   |
|                                                                                          |                                   |
|                                                                                          |                                   |
|                                                                                          |                                   |
|                                                                                          |                                   |
|                                                                                          |                                   |
|                                                                                          | ・ロ・・一部・・川市・ 小田・ 小田・ うへの           |
| Tomas Fabsic, Ondrej Gallo, Viliam Hromada Demonstrati                                   | ion of the Acoustic Cryptanalysis |





|         | Acoustic leakage durin  | Introduction<br>Equipment<br>g RSA decryption<br><b>The attack</b> |                      |                      |    |
|---------|-------------------------|--------------------------------------------------------------------|----------------------|----------------------|----|
| Spectro | gram when th            | e second bit i                                                     | s 1:                 |                      |    |
| 5000    | 37500                   | 40000                                                              | 42500                | 45000                | Hz |
|         |                         |                                                                    |                      |                      |    |
| Tom     | as Fabsic, Ondrej Gallo | Viliam Hromada                                                     | Demonstration of the | Acoustic Cryptanalys | is |



Lessons Learned from High-Speed Implementation and Benchmarking of Two Post-Quantum Public-Key Cryptosystems

> Malik Umar Sharif, Ahmed Ferozpuri, and <u>Kris Gaj</u> George Mason University USA

# Post-Quantum Cryptography

- Quantum Computers could potentially break all current American federal standards in the area of public-key cryptography (RSA, ECC, Diffie-Hellman)
- Increasing key sizes would be futile
- Search for new public key cryptographic families resistant against quantum computing cryptanalysis, collectively referred to as Post-Quantum Cryptography (PQC)
- PQC algorithms capable of
  - being implemented using any traditional methods, including software and hardware
  - running efficiently on any modern computing platforms: PCs, tablets, smartphones, servers with hardware accelerators, etc.



| Family                                     | Encryption | Signature | Key Agreemen |
|--------------------------------------------|------------|-----------|--------------|
| Hash-based                                 |            | Х         |              |
| Code-based                                 | X          |           |              |
| Lattice-based                              | X          | X         |              |
| Multivariate                               | X          | X         |              |
| Supersingular<br>Elliptic Curve<br>Isogeny |            |           | X            |

# **Our Objectives**

# Paving the way for the future comprehensive, fair, and efficient hardware benchmarking of PQC candidates through

- 1. Uniform Hardware API
- 2. Uniform & Efficient Development Process based on
  - a. detailed flow diagrams
  - b. choice of supported parameter sets
  - c. top-level & lower-level block diagrams
  - d. cycle-based timing analysis
  - e. Algorithmic State Machine (ASM) charts
  - f. Register-Transfer Level (RTL) code
  - g. software-generated test vectors,
  - h. comprehensive testbenches,
  - i. results of synthesis and implementation

5

j. analysis of results & lessons learned







# NTRUEncrypt – Core Functionality (2)

### **Encryption:**

e = r \* h + m (mod q) where r is a random polynomial with small coefficients

### Decryption:

1) calculate f \* e (mod q)

2) shift coefficients of the obtained polynomial to the range [-q/2, q/2),

9

3) reduce the obtained coefficients mod p









# Major Component Operations Resource Utilization & Performance

|                     | LUTs : Slices       | Clk Freq<br>[MHz] | Latency<br>[cycles] | Latency·LUTs |
|---------------------|---------------------|-------------------|---------------------|--------------|
| Poly Mult           | 138,475 :<br>55,535 | 89.51             | 474                 | 6,387,150    |
| BPGM                | 2519 : 766          | 148.28            | 845                 | 2,128,555    |
| MGF                 |                     |                   | 1004                | 2,529,076    |
| B2T                 | 104 : 55            | 734.75            | 1                   | 104          |
| T2B                 | 198: 103            | 495.04            | 1                   | 198          |
| Poly Adds           | 1868 : 718          | 264.55            | 1                   | 1868         |
| e=(Mtrin+mask)+K_fe | 2.42 1.25           | 670.41            | 1                   | 2.42         |
| cMtrin=ci-mask      | 342:127             | 5/2.41            | 1                   | 342          |

# Comparison with Previous Work on Implementing Polynomial Multiplication

14

| Source             | Resources    | Clk Freq            | Latency  | Latency |
|--------------------|--------------|---------------------|----------|---------|
|                    |              | [MHz]               | [cycles] | [µs]    |
|                    | Paran        | neter set: ees1499e | ep1      |         |
| Liu et al.<br>[22] | 83,949 LEs   | 63.64               | 867      | 13.62   |
| This Work          | 138,475 LUTs | 89.51               | 474      | 5.30    |
|                    | Speed-up     | x1.41               | x1.83    | x2.57   |
|                    | Paran        | neter set: ees1087e | ep1      |         |
| Liu et al.<br>[22] | 60,876 LEs   | 73.71               | 638      | 8.65    |
| This Work          | 138,475 LUTs | 89.51               | 378      | 4.22    |
|                    | Speed-up     | x1.21               | x1.69    | x2.05   |

B. Liu and H. Wu, "Efficient Multiplication Architecture over Truncated Polynomial Ring for NTRUEncrypt System," IEEE International Symposium on Circuits and Systems, ISCAS 2016  $$_{\rm rs}$$ 

# Profiling Software Implementation on ARM Cortex A9

| Software Function              | Hardware Equivalent      | Clock     | % of   |
|--------------------------------|--------------------------|-----------|--------|
|                                | -                        | cycles    | Total  |
|                                |                          | -         | Time   |
| ntru_gen_poly                  | Performing BPGM on       | 24,779    | 2.3%   |
| ntru_octets_2_elements         | sData & calculating R    | 12,728    | 1.2%   |
| ntru ring mult product indices | using Poly Mult          | 950,892   | 89.4%  |
| ······                         | (in a pipelined fashion) | -         | ·      |
| ntru_coeffs_mod4_2_octets      | Calculating cR4 using    | 9,427     | 0.9%   |
| ntru_mgftp1                    | mod 4 & mask using       | 30,703    | 2.9%   |
| ntru_bits_2_trits              | MGF                      | 3,020     | 0.3%   |
| adding Mtrin to mask           | Calculating m' using     | 8,108     | 0.8%   |
| ntru poly check min weight     | Poly Add & performing    | 6,910     | 0.6%   |
|                                | Check 1                  |           |        |
| add_m'                         |                          | 8,672     | 0.8%   |
| elements_2_octets              | Unloading ciphertext e   | 13,549    | 1.3%   |
| Total                          |                          | 1,068,788 | 100.0% |
|                                |                          |           |        |
|                                |                          |           | 46     |
|                                |                          |           | 10     |

# **Profiling Hardware Implementation on Xilinx Virtex-7**

|                                          | Latency | % of  | Latency | % of  |
|------------------------------------------|---------|-------|---------|-------|
| Operation                                | (clock  | Total | (clock  | Total |
|                                          | cycles) | Time  | cycles) | Time  |
|                                          | ees1499 | ep1   | ees108  | 7ep1  |
| ENCRY                                    | PTION   |       |         |       |
| Performing BPGM on sData & calculating R | 890     | 38.8% | 701     | 39.5% |
| asing Poly Mult                          |         |       |         | ·     |
| (in a pipelined fashion)                 |         |       |         |       |
| Calculating cR4 using mod 4 &            | 1005    | 43.8% | 787     | 44.3% |
| mask using MGF                           |         |       |         |       |
| Calculating m' using Poly Add &          | 97      | 4.2%  | 70      | 3.9%  |
| performing Check 1                       |         |       |         |       |
| Unloading ciphertext e                   | 300     | 13.1% | 218     | 12.3% |
| Total                                    | 2292    | 100%  | 1776    | 100%  |

# Hash Function Bottleneck

### Software

Poly Mult amounts to about 90% of the total execution time

## Hardware

- · Execution time dominated by hash-based
  - ➢ MGF: Mask Generation Function: 44%
  - > BPGM: Blinding Polynomial Generation Method: 39.5%
- Poly Mult almost completely overlapped with the computations of BPGM through the use of pipelining
- Poly Mult naturally parallelizable
- Hash function naturally sequential

17



Eliminating the dependence of the execution time on message size







| curity Levels  | :                  |                          |                       |
|----------------|--------------------|--------------------------|-----------------------|
| TRU: Paramete  | er sets supporting | 112, 128, 192, & 2       | 56 bit security lev   |
| ainbow: Publis | shed parameter set | ts at 80-90 bit secu     | urity levels          |
| y Sizes:       |                    |                          |                       |
|                | Security           | Public Key               | Private Kev           |
|                | Level              | Size                     | Size                  |
| NTRU           | Level<br>192       | Size<br>1495 B           | Size<br>87 B          |
| NTRU           | 192<br>256         | Size<br>1495 B<br>2062 B | Size<br>87 B<br>109 B |

| Feature                                                 | NTRUEncrypt                                     | Rainbow SS                                      |
|---------------------------------------------------------|-------------------------------------------------|-------------------------------------------------|
| High-security levels                                    | Easy to implement                               | Challenging to<br>implement                     |
| Key sizes                                               | Small                                           | Very Large                                      |
| Support for multiple parameter sets swapped at run time | Relatively easy to<br>implement                 | Challenging to<br>implement                     |
| Component operations                                    | Standard: variable<br>rotator, hash<br>function | Complex: System<br>of Linear<br>Equation Solver |
| Dependence of the execution time on message size        | Strong                                          | Weak                                            |






## Summary Context & Motivations HECC Operations Arithmetic Units Architectures and Tools Conclusion Public-Key Cryptography (PKC) • Provides cryptographic primitives such as digital signature, key exchange and specific encryption schemes • First PKC standard: RSA - Large keys (≥ 2000 bits recommended today) - Too costly for embedded applications • Elliptic Curve Cryptography (ECC): - Better performances and lower cost than RSA - Allows more advanced schemes • Hyper-Elliptic Curve Cryptography (HECC): - Evolution of ECC focusing on larger sets of curves

- Studied for future generations of asymmetric crypto-systems

Hardware Architectures for HECC

CryptArchi 2017 3 / 23

CrvptArchi 2017 4 / 23

CryptArchi 2017 5 / 23



## ECC, HECC, Kummer-HECC

G. Gallin - A. Tisserand

G. Gallin - A. Tisserand

|        | size of $\mathbb{F}_{\mathcal{P}}$                  | ADD      | DBL     | source                |
|--------|-----------------------------------------------------|----------|---------|-----------------------|
| ECC    | $\ell_{\rm ECC}$                                    | 12M + 2S | 7M + 3S | [Bernstein and Lange] |
| HECC   | $\ell_{\rm HECC}\approx \tfrac{1}{2}\ell_{\rm ECC}$ | 40M + 4S | 38M+6S  | [Lange, 2005]         |
| Kummer | $\ell_{\rm HECC}$                                   | 19M -    | - 12S   | [Renes et al., 2016]  |

Hardware Architectures for HECC

• ECC:

- Size of  $\mathbb{F}_\mathcal{P}$  elements  $2\times$  larger
- Simpler ADD and DBL operations
- HECC:

G. Gallin - A. Tisserand

- Smaller  $\mathbb{F}_{\mathcal{P}}$
- More operations in  $\mathbb{F}_\mathcal{P}$  for ADD and DBL
- Kummer-HECC is more efficient than ECC, see [Renes et al., 2016]: - ARM Cortex M0: up to 75% clock cycles reduction for signatures
  - AVR AT-mega: up to 32% cycles reduction for Diffie-Hellman

Hardware Architectures for HECC





G. Gallin - A. Tisserand

CryptArchi 2017 6 / 23







8 / 23







CryptArchi 2017 10 / 23

G. Gallin - A. Tisserand







Arithmetic Units

CryptArchi 2017 12 / 23

CryptArchi 2017 13 / 23

## HTMM Implementations Results

G. Gallin - A. Tisserand

G. Gallin - A. Tisserand

Results for 3 independent multiplications:

| Varaian           | EDCA | DCD | BRAM   | ЕЕ   | 1.117          | Clines | Freq. | nb.    | Time |
|-------------------|------|-----|--------|------|----------------|--------|-------|--------|------|
| Version           | FPGA | DSP | 18K/9K |      | LUI            | Slices | (MHz) | cycles | (ns) |
|                   | V4   | 21  | 6*/0   | 1311 | 1201           | 879    | 252   |        | 258  |
| [Ma et al., 2013] | V5   | 21  | 6*/0   | 1310 | 1027           | 406    | 296   | 65     | 220  |
|                   | S6   | 21  | 0/6*   | 1280 | 1600           | 540    | 210   |        | 309  |
|                   | V4   | 11  | 0/0    | 1638 | 1128           | 1346   | 330   |        | 239  |
| HTMM_DRAM         | V5   | 11  | 0/0    | 1616 | 652            | 517    | 400   | 79     | 198  |
|                   | S6   | 11  | 0/0    | 1631 | 1344           | 483    | 302   |        | 261  |
|                   | V4   | 11  | 2/0    | 615  | 364            | 449    | 328   |        | 241  |
| HTMM_BRAM         | V5   | 11  | 2/0    | 593  | 371 249 357 79 | 79     | 221   |        |      |
|                   | S6   | 11  | 0/2    | 587  | 359            | 180    | 304   |        | 260  |

Hardware Architectures for HECC

For only 1 single M, HTMM is less efficient (69 cycles against 25)



## Summary Context & Motivations HECC Operations Arithmetic Units Architectures and Tools Conclusion Architectures Exploration for (H)ECC • Constraints: Coding a complete accelerator and its units in HDL is costly • Large solution space for various architectures types and parameters (nb. units, algorithms, internal communications and control) • Need for evaluation of various architectures and parameters then select interesting solutions • Need for numerical validation and debug • Proposed solution: • Hierarchical description and simulation at CCABA level (Critical-Cycle Accurate, Bit Accurate) • Units described in HDL with perfectly known behavior - High-level architecture description supporting many models and parameters

Hardware Architectures for HECC

CryptArchi 2017 14 / 23

CryptArchi 2017

CryptArchi 2017

16 / 23

15 / 23



Hardware Architectures for HECC

## Modeling of Architectures

- Architecture models built over a set of units
  - Arithmetic units: adders, subtractors, multipliers, ...
  - Memories, registers, ...
  - Interconnect: buses, multiplexers, ...
- Units models:

G. Gallin - A. Tisserand

G. Gallin - A. Tisserand

G. Gallin - A. Tisserand

- All inputs/outputs are bit accurate
- All inputs/outputs and control signals are critical cycle accurate
- Units characteristics come from FPGA implementation
- (latency, area cost, ...)
- Control from curve operations formulas and units configurations
  - Manage activity of units in the architecture
  - Manage all internal communications
  - Developed tool for scheduling  $\mathbb{F}_\mathcal{P}$  operations (work in progress)

Hardware Architectures for HECC



## Summary Context & Motivations HECC Operations Arithmetic Units Architectures and Tools Conclusion Gene Units Configuration Fp adder-subtractor unit (ADD/SUB): • Fp adder-subtractor unit (ADD/SUB): • One unit for two types of operation • Pipelined operator (4 cycles latency) • Delay: 8 ~ 11 cycles depending on external datapath width • Fp multiplier unit (HTMM): • Hyper-threaded multiplier: 3 sets of operands computed in parallel • Delay: 68 ~ 71 cycles depending on external datapath width • Latency: 5 cycles (for loading and reading) • CSWAP unit: • Secure management of key bits • Delay: 2 ~ 4 cycles depending on w

Hardware Architectures for HECC

G. Gallin - A. Tisserand

CryptArchi 2017 18 / 23

|          | 000              |           | 000           |          | 00000       |          | oc  | 000000 |               | 000        |
|----------|------------------|-----------|---------------|----------|-------------|----------|-----|--------|---------------|------------|
| Results  | s for t          | he Bas    | ic Archi      | tect     | ure (       | (1 A     | رdd | /Sub   | , 1 HT        | MM)        |
|          |                  |           |               |          |             |          |     |        |               |            |
|          | Version          | Number of | Functional    | DSP      | BRAM        | FF       | LUT | Slices | RAM size      |            |
|          | $(s \times w)^*$ | cycles    | Unit          |          |             |          |     |        | (nb. lines)   |            |
|          |                  |           | HTMM          | 11       | 2           | 587      | 359 | 180    | 12            |            |
|          |                  |           | ADDSUB        | 0        | 0           | 366      | 226 | 80     | -             |            |
|          | 4x34             | 207383    | DATA_MEM      | 0        | 1           | 0        | 0   | 0      | 112           |            |
|          |                  |           | PRGM_MEM      | 0        | 1           | 0        | 0   | 0      | 208           |            |
|          |                  |           | CSWAP         | 0        | 0           | 536      | 290 | 103    | -             |            |
|          |                  |           | HTMM          | 11       | 2           | 970      | 633 | 315    | 12            |            |
|          |                  |           | ADDSUB        | 0        | 0           | 713      | 382 | 148    | -             |            |
|          | 2×68             | 185615    | DATA_MEM      | 0        | 2           | 0        | 0   | 0      | 56            |            |
|          |                  |           | PRGM_MEM      | 0        | 1           | 0        | 0   | 0      | 234           |            |
|          |                  |           | CSWAP         | 0        | 0           | 553      | 297 | 122    | -             |            |
|          |                  |           | HTMM          | 11       | 2           | 1066     | 623 | 309    | 12            |            |
|          |                  | 183051    | ADDSUB        | 0        | 0           | 784      | 464 | 212    | -             |            |
|          | 1×136            |           | DATA_MEM      | 0        | 4           | 0        | 0   | 0      | 26            |            |
|          |                  |           | PRGM_MEM      | 0        | 1           | 0        | 0   | 0      | 250           |            |
|          |                  |           | CSWAP         | 0        | 0           | 685      | 431 | 155    | -             |            |
|          |                  |           | * s: number o | of words | , w: size d | of words |     |        |               |            |
| G. Galli | in - A. Tisser   | rand      | Hardware A    | Architec | tures for ⊦ | IECC     |     |        | CryptArchi 20 | 17 19 / 23 |

| easir | ig th           | ie ivum   | iber of <i>i</i> | Arit | nmet |      | Units | Ś      | l .         |
|-------|-----------------|-----------|------------------|------|------|------|-------|--------|-------------|
|       |                 |           |                  |      |      |      |       |        |             |
|       | Version         | Number of | Functional       | DSP  | BRAM | FF   | LUT   | Slices | RAM size    |
| (     | $s \times w$ )* | cycles    | Unit             |      |      |      |       |        | (nb. lines) |
|       |                 |           | HTMM x 2         | 22   | 4    | 1174 | 718   | 360    | 12          |
|       |                 | 203543    | ADDSUB x 2       | 0    | 0    | 732  | 452   | 160    | -           |
|       | 4x34            |           | DATA_MEM         | 0    | 1    | 0    | 0     | 0      | 108         |
|       |                 |           | PRGM_MEM         | 0    | 1    | 0    | 0     | 0      | 213         |
|       |                 |           | CSWAP            | 0    | 0    | 536  | 290   | 103    | -           |
|       |                 |           | HTMM x 2         | 22   | 4    | 1940 | 1266  | 630    | 12          |
|       |                 | 125455    | ADDSUB x 2       | 0    | 0    | 1426 | 764   | 296    | -           |
|       | 2×68            |           | DATA_MEM         | 0    | 4    | 0    | 0     | 0      | 50          |
|       |                 |           | PRGM_MEM         | 0    | 1    | 0    | 0     | 0      | 211         |
|       |                 |           | CSWAP            | 0    | 0    | 553  | 297   | 122    | -           |
|       |                 |           | HTMM x 2         | 22   | 4    | 2132 | 1246  | 618    | 12          |
|       |                 |           | ADDSUB x 2       | 0    | 0    | 1568 | 928   | 424    | -           |
|       | 1×136           | 115211    | DATA_MEM         | 0    | 4    | 0    | 0     | 0      | 25          |
|       |                 |           | PRGM_MEM         | 0    | 1    | 0    | 0     | 0      | 235         |
|       |                 |           | CSWAP            | 0    | 0    | 685  | 431   | 155    | -           |

| 2 | 56b EC | CC vs 128 | b HE | CC (simi | lar the | oretica | l securi | ty)  |
|---|--------|-----------|------|----------|---------|---------|----------|------|
|   |        |           |      |          |         |         |          |      |
|   |        |           |      | RDAM     |         | Frog    | nh       | Time |
|   | FPGA   | Version   | DSP  | 36K/18K  | Slices  | (MHz)   | cycles   | (ms) |
|   |        | ECC       | 37   | 0/11     | 4655    | 250     | 109297   | 0.44 |
|   | V4     | HECC_1u   | 11   | 0/7      | 1413    | 330     | 183051   | 0.55 |
|   |        | HECC_2u   | 22   | 0/9      | 2356    | 330     | 115211   | 0.35 |
|   |        | ECC       | 37   | 10/0     | 1725    | 291     | 109297   | 0.38 |
|   | V5     | HECC_1u   | 11   | 0/7      | 873     | 360     | 183051   | 0.51 |
|   |        | HECC_2u   | 22   | 0/9      | 1542    | 360     | 115211   | 0.32 |

Hardware Architectures for HECC

CryptArchi 2017 20 / 23

Architectures and Tools

CryptArchi 2017

CryptArchi 2017 22 / 23

21 / 23

ECC results from [Ma et al., 2013]

G. Gallin - A. Tisserand

G. Gallin - A. Tisserand

## Conclusions and Perspectives

- Kummer based HECC is an efficient alternative to ECC - More complex formulas but larger internal parallelism
  - Large exploration space for architectures and arithmetic
- We designed a CCABA simulator and modeling
  - High-level hierarchical description of architectures
  - Units described in HDL, only critical cycles are used
  - Fast validation/debug and evaluation of solutions in exploration space
- Perspectives and future work

G. Gallin - A. Tisserand

- Study advanced scheduling algorithms
- Automating generation of HDL code from high-level description

Hardware Architectures for HECC

- Explore new architectural solutions









# <page-header> 2 (2 mm m) (2

## Elliptic and Hyper-Elliptic Curves for Crypto

### Elliptic Curves

- Equation (Weierstrass)  $E/\mathbb{K}: y^2 + a_1xy + a_3y = x^3 + a_2x^2 + a_4x + a_6$
- Defined over finite fields  $\mathbb{K}$ :  $\mathbb{F}_{2^m}$ , prime finite field  $\mathbb{F}_{\mathcal{P}}$  or GF(p)
- $\mathbb{F}_{\mathcal{P}}$  elements for coefficients and coordinates: 200  $\sim$  400 bits

## • Hyper-Elliptic Curves

- More complex!
- Equation  $H/\mathbb{K}: y^2 + h(x)y = f(x)$ , deg(h) < g and deg(f) = 2g + 1
- g: genus of the curve,  $g \le 2$  in practice for reliable HECC
- $\mathbb{F}_{\mathcal{P}}$  elements for coefficients and coordinates: 100  $\sim$  200 bits

Hardware Architectures for HECC

CryptArchi 2017

## Kummer surface

G. Gallin - A. Tisserand

- Not an additive group: no addition law
- Can be used in HECC using some (magic) trick
- Reduced complexity for curve operations





## Improving Trust in the FPGA Supply Chain using Blockchain and Keyless-Signature Technology

© 2014 Microsemi Corporation. COMPANY PROPRIETARY

## Abstract:

- Blockchain and Keyless Signature Infrastructure (KSI) technologies that only rely on secure message digests and need no secret keys can be used to provide additional assurances that non-volatile FPGA components and systems moving up the supply chain hierarchy from wafer test through to completed systems are trustworthy.
- This is done by providing cryptographic evidence of the FPGA's provenance using a verifiable time-stamped audit trail of key events in the FPGA life-cycle using blockchain and KSI technology, complementing existing traditional measures.
- System manufacturers using those FPGAs can keep appending to the extensible information container that represents the entire history of the FPGA (and eventually the system), strengthening trust in the system, preventing counterfeiting at all levels (component and system), and providing a strong verifiable identity for use in the final run-time application.

© 2014 Microsemi Corporation. COMPANY PROPRIETARY

Power Matters. 2

🕥 Microsemi.







| JVM Integrity              |                                                   |                     |                   |
|----------------------------|---------------------------------------------------|---------------------|-------------------|
| olarFire FPGA              | Digest Commands and Serv                          | ices                |                   |
|                            | Digest Commands and Cerv                          | 1003                |                   |
|                            |                                                   |                     |                   |
|                            |                                                   |                     |                   |
|                            |                                                   | JTAG/SPI<br>Command | System<br>Service |
| Bitstream, IAP, and UIC    | Authentication Services (external SPI Flash)      |                     | X                 |
| Export C-of-C tags (during | ng bitstream pgm'g)                               | X                   |                   |
| Export Digests Stored D    | uring Programming (on demand)                     | X                   | X                 |
| Compute/Export Fresh E     | Digests (on demand)                               | X                   | X                 |
| Compute/Report Fresh S     | Status Flags (on-demand)                          | X                   | X                 |
| Compute/Report Fresh 7     | Tamper Flag (after Power-on-Reset)                |                     | X                 |
| Export Zeroization Proof   | (after zeroization)                               | X                   |                   |
| Device Integrity Flag (for | r new devices)                                    | X                   |                   |
| sNVM Authentication (w     | hen page is read)                                 |                     |                   |
| Up to thirteen SHA-2       | 56 digests or flags reported, ensuring integ      | grity of the assoc  | iated NVM         |
| » Microsemi                | © 2014 Microsemi Corporation. COMPANY PROPRIETARY | Pov                 | ver Matters.      |



© 2014 Microsemi Corporation. COMPANY PROPRIETARY

Power Matters.

\sub Microsemi

































