Abstract:
A multiplicative masked advanced encryption standard (AES)-128/-256 engine with measured side-channel resistance to correlation power and electromagnetic (EM) attacks in ...View moreMetadata
Abstract:
A multiplicative masked advanced encryption standard (AES)-128/-256 engine with measured side-channel resistance to correlation power and electromagnetic (EM) attacks in Intel 4 CMOS process is presented. While conventional additive masking offers significant improvements in minimum-time-to-disclosure (MTD) for the extracted key bytes, mask compensations in non-linear Sboxes incur >100% area overheads. Multiplicative masking provides a simpler computation of non-linear inverse operation by converting the inputs from an additive to a multiplicative domain. However, multiplicative masked AES designs suffer from zero-value attacks, where “0” valued inputs on Sbox bytes exhibit distinct power signatures compared to a random input byte. The AES engine implements dual-rail zero-value attack detection and mitigation circuits to counteract zero-valued input Sbox bytes. Low-overhead mask conversion and multiplicative Sbox datapath circuits enable
1.8\times
and 50% reduction in area and performance overheads, respectively. The countermeasure enables 34000–40
000\times
improvements in measured MTD against correlation power and EM attacks compared to an unprotected AES implementation while limiting the area and performance overheads to 65% and 4%, respectively.
Published in: IEEE Journal of Solid-State Circuits ( Volume: 58, Issue: 4, April 2023)