Masking and Dual-rail Logic Don't Add Up
|
|
- Melanie Garrison
- 6 years ago
- Views:
Transcription
1 Masking and Dual-rail Logic Don't Add Up Patrick Schaumont Secure Embedded Systems Group ECE Department Kris Tiri Digital Enterprise Group Intel Corporation
2 Our Contributions 1. Using a simple statistical technique, we can break single-bit masked secure logic styles including 1. RSL [Suzuki 2004] 2. MDPL [Popp 2005] 3. DRSL [Chen 2006] 2. Side channel resistance obtained by combining masking and dual-rail logic is not routingindependent
3 Preliminaries: Masked Hardware Signals Secret Sequence Correlated Power Pattern C load Secret Sequence Secret Sequence Mask bit m XOR Uncorrelated Power Pattern C load XOR Secret Sequence
4 Preliminaries: Masked Logic Correlated Power Pattern r r Secret Sequence a b a r r Masked Gate Uncorrelated Power Pattern r b r
5 Preliminaries: Random Switching Logic Precharge Signal e r [Suzuki 2004] x y Masked AND(x,y) q e r q 0 X AND( x, y ) 1 1 OR( x, y ) = AND( a, b ) = q Complementary = OR( a, b ) = q
6 Our Experiment: Sbox in RSL Mask r DUT KEY PRNG 8 AES SBOX 8 out Gate-level DUT Implementation RSL gates Cycle-based simulation, abstracting all timing effects Power Model = toggle counting on DUT gate outputs
7 Power Probability Distribution for SBOX r = 1 r = 0 total Toggle Count
8 Explaining the Cause of Symmetry unmasked value Transitions in single RSL gate prechg masked value r = 0 r = 1 eval prechg eval '0' '1' toggle1 01 toggle1 0 0 Transitions in 970 RSL gates n n '0' '1' n toggle (970 -n) toggle
9 Power Probability Distribution for SBOX r = r = n n Toggle Count
10 An Attack using the Power PDF Equivalent to PDF of single-ended design r = 1 r = Toggle Count
11 An Attack using the Power PDF Average Observed Power Assume r = R Assume r = R 0.02 After folding the power PDF around the average value, DPA on Hamming Weight of input succeeds in only 30 power samples Toggle Count
12 Preliminaries: Masking and DRP Dual-Rail Precharge Logic encodes each value as a complementary signal pair In combination with masking: MDPL [Popp 2005] unmasked value Transitions in single MDPL gate '0' '1' prechg q q q q r = 0 r = 1 eval masked value prechg q q q q eval
13 Preliminaries: Masking and DRP Dual-Rail Precharge Logic encodes each value as a complementary signal pair In combination with masking: MDPL [Popp 2005] unmasked value Transitions in single MDPL gate '0' prechg masked value r = 0 r = 1 eval prechg q toggle q toggle eval '1' q toggle q toggle
14 Impact of Routing Imbalances r MDPL gate q q Cq r MDPL gate Cq unmasked value Transitions in single MDPL gate Δq ~ (Cq-Cq) '0' '1' prechg masked value r = 0 r = 1 eval prechg eval q toggle Δq q toggle Δqq toggle q toggle
15 Impact of Routing Imbalances unmasked value Transitions in single MDPL gate Δq ~ (Cq-Cq) '0' '1' prechg masked value r = 0 r = 1 eval prechg eval q toggle Δq q toggle Δqq toggle q toggle
16 Impact of Routing Imbalances unmasked value Transitions in single MDPL gate Δq ~ (Cq-Cq) '0' '1' prechg masked value r = 0 r = 1 eval prechg eval q toggle Δq q toggle Δqq toggle q toggle Transitions in 970 MDPL gates n '0' n '1' n Δq toggle n Δq toggle
17 Evaluation using Actual Layout Data key 128 KEY Round in 128 AES Round 128 out AES-128 using 16K Dual-rail gates in 0.18 μm CMOS Cycle-based simulation using weighted toggle counts Weights from layout (no routing constraints)
18 Estimated Power PDF of AES r = 1 r =
19 For each power sample in the trace... these signals remain constant... key 128 KEY Round... and these signals change in 128 AES Round 128 out
20 Masking Constant Signals: Binary Effect Distance is set by large and constant C load mismatch
21 Masking Varying Signals: Gaussian Effect Variation set by cumulated mismatch of many small C load
22 An attack on the AES Power PDF Assume r = R Average Observed Power Assume r = R After folding the power PDF around the average value, DPA on Hamming Weight of input succeeds in only 2000 power samples
23 Related Work In software implementations, masking is attacked by combining multiple power samples or by precharacterization of the implementation [Messerges 2000] Second Order DPA [Peeters 2005] Maximum-likelihood [Oswald 2007] Template Attacks For cases where mask and masked signal cannot be observed separately, Waddle proposes the use of squared power samples [Waddle 2004] Zero-Offset DPA Our technique demonstrates direct observation of the mask value, without the need for circuit characterization. We have demonstrated this with known masked circuit styles
24 Conclusions Masking and Dual-Rail Logic are not additive for sidechannel resistance Secure Circuit Styles cannot be developed without considering the system-level perspective on security Effective countermeasures against our attack will need to address the following question: "How can we add a mask without adding information?" When a mask is used to hide the PDF of a data signal, the masking process itself should not reveal the mask PDF
DPA-Resistance without routing constraints?
Introduction Attack strategy Experimental results Conclusion Introduction Attack strategy Experimental results Conclusion Outline DPA-Resistance without routing constraints? A cautionary note about MDPL
More informationSide-Channel Leakage in Masked Circuits Caused by Higher-Order Circuit Effects
Side-Channel Leakage in Masked Circuits Caused by Higher-Order Circuit Effects Zhimin Chen, Syed Haider, and Patrick Schaumont Virginia Tech, Blacksburg, VA 24061, USA {chenzm,syedh,schaum}@vt.edu Abstract.
More informationRandom Delay Insertion: Effective Countermeasure against DPA on FPGAs
Random Delay Insertion: Effective Countermeasure against DPA on FPGAs Lu, Yingxi Dr. Máire O Neill Prof. John McCanny Overview September 2004 PRESENTATION OUTLINE DPA and countermeasures Random Delay Insertion
More informationHow to Evaluate Side-Channel Leakages
How to Evaluate Side-Channel Leakages 7. June 2017 Ruhr-Universität Bochum Acknowledgment Tobias Schneider 2 Motivation Security Evaluation Attack based Testing Information theoretic Testing Testing based
More informationIntroduction to Side Channel Analysis. Elisabeth Oswald University of Bristol
Introduction to Side Channel Analysis Elisabeth Oswald University of Bristol Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage and very briefly Part 3: Countermeasures Part
More informationAUTHOR COPY. A VLSI implementation of an SM4 algorithm resistant to power analysis
Journal of Intelligent & Fuzzy Systems 31 (2016) 795 803 DOI:10.3233/JIFS-169011 IOS Press 795 A VLSI implementation of an SM4 algorithm resistant to power analysis Siyang Yu a,, Kenli Li b, Keqin Li a,b,
More informationOn the Masking Countermeasure and Higher-Order Power Analysis Attacks
1 On the Masking Countermeasure and Higher-Order Power Analysis Attacks François-Xavier Standaert, Eric Peeters, Jean-Jacques Quisquater UCL Crypto Group, Place du Levant, 3, B-1348 Louvain-La-Neuve, Belgium.
More informationPower Analysis to ECC Using Differential Power between Multiplication and Squaring
Power Analysis to ECC Using Differential Power between Multiplication and Squaring Toru Akishita 1 and Tsuyoshi Takagi 2 1 Sony Corporation, Information Technologies Laboratories, Tokyo, Japan akishita@pal.arch.sony.co.jp
More informationLeakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Wednesday, September 16 th, 015 Motivation Security Evaluation Motivation Security Evaluation
More informationDifferential Power Analysis Attacks Based on the Multiple Correlation Coefficient Xiaoke Tang1,a, Jie Gan1,b, Jiachao Chen2,c, Junrong Liu3,d
4th International Conference on Sensors, Measurement and Intelligent Materials (ICSMIM 2015) Differential Power Analysis Attacks Based on the Multiple Correlation Coefficient Xiaoke Tang1,a, Jie Gan1,b,
More informationKINGS COLLEGE OF ENGINEERING DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING QUESTION BANK
KINGS COLLEGE OF ENGINEERING DEPARTMENT OF ELECTRONICS AND COMMUNICATION ENGINEERING QUESTION BANK SUBJECT CODE: EC 1354 SUB.NAME : VLSI DESIGN YEAR / SEMESTER: III / VI UNIT I MOS TRANSISTOR THEORY AND
More informationComparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d
International Conference on Manufacturing Science and Engineering (ICMSE 2015) Comparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d
More informationInvestigations of Power Analysis Attacks on Smartcards *
Investigations of Power Analysis Attacks on Smartcards * Thomas S. Messerges Ezzy A. Dabbish Robert H. Sloan 1 Dept. of EE and Computer Science Motorola Motorola University of Illinois at Chicago tomas@ccrl.mot.com
More informationSymbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes
Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS Inès Ben El Ouahma Quentin Meunier Karine Heydemann Emmanuelle Encrenaz Sorbonne Universités, UPMC Univ Paris
More informationLS-Designs. Bitslice Encryption for Efficient Masked Software Implementations
Bitslice Encryption for Efficient Masked Software Implementations Vincent Grosso 1 Gaëtan Leurent 1,2 François Xavier Standert 1 Kerem Varici 1 1 UCL, Belgium 2 Inria, France FSE 2014 G Leurent (UCL,Inria)
More informationOn the Use of Masking to Defeat Power-Analysis Attacks
1/32 On the Use of Masking to Defeat Power-Analysis Attacks ENS Paris Crypto Day February 16, 2016 Presented by Sonia Belaïd Outline Power-Analysis Attacks Masking Countermeasure Leakage Models Security
More informationFast Evaluation of Polynomials over Binary Finite Fields. and Application to Side-channel Countermeasures
Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-channel Countermeasures Jean-Sébastien Coron 1, Arnab Roy 1,2, Srinivas Vivek 1 1 University of Luxembourg 2 DTU, Denmark
More informationSIDE Channel Analysis (SCA in short) exploits information. Statistical Analysis of Second Order Differential Power Analysis
1 Statistical Analysis of Second Order Differential Power Analysis Emmanuel Prouff 1, Matthieu Rivain and Régis Bévan 3 Abstract Second Order Differential Power Analysis O- DPA is a powerful side channel
More informationYet another side-channel attack: Multi-linear Power Analysis attack (MLPA)
Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA) Thomas Roche, Cédric Tavernier Laboratoire LIG, Grenoble, France. Communications and Systems, Le Plessis Robinson, France. Cryptopuces
More informationHow to Estimate the Success Rate of Higher-Order Side-Channel Attacks
How to Estimate the Success Rate of Higher-Order Side-Channel Attacks Victor Lomné 1, Emmanuel Prouff 1, Matthieu Rivain 2, Thomas Roche 1, and Adrian Thillard 1,3 1 ANSSI firstname.name@ssi.gouv.fr 2
More informationParallel Implementations of Masking Schemes and the Bounded Moment Leakage Model
Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model G. Barthe, F. Dupressoir, S. Faust, B. Grégoire, F.-X. Standaert, P.-Y. Strub IMDEA (Spain), Univ. Surrey (UK), Univ. Bochum
More informationTemplates as Master Keys
Templates as Master Keys Dakshi Agrawal, Josyula R. Rao, Pankaj Rohatgi, and Kai Schramm IBM Watson Research Center P.O. Box 74 Yorktown Heights, NY 1598 USA {agrawal,jrrao,rohatgi}@us.ibm.com Communication
More informationSeveral Masked Implementations of the Boyar-Peralta AES S-Box
Several Masked Implementations of the Boyar-Peralta AES S-Box Ashrujit Ghoshal 1[0000 0003 2436 0230] and Thomas De Cnudde 2[0000 0002 2711 8645] 1 Indian Institute of Technology Kharagpur, India ashrujitg@iitkgp.ac.in
More informationCorrelation Power Analysis. Chujiao Ma
Correlation Power Analysis Chujiao Ma Power Analysis Simple Power Analysis (SPA) different operations consume different power Differential Power Analysis (DPA) different data consume different power Correlation
More informationSwitches: basic element of physical implementations
Combinational logic Switches Basic logic and truth tables Logic functions Boolean algebra Proofs by re-writing and by perfect induction Winter 200 CSE370 - II - Boolean Algebra Switches: basic element
More informationDigital Circuits. 1. Inputs & Outputs are quantized at two levels. 2. Binary arithmetic, only digits are 0 & 1. Position indicates power of 2.
Digital Circuits 1. Inputs & Outputs are quantized at two levels. 2. inary arithmetic, only digits are 0 & 1. Position indicates power of 2. 11001 = 2 4 + 2 3 + 0 + 0 +2 0 16 + 8 + 0 + 0 + 1 = 25 Digital
More informationAffine Masking against Higher-Order Side Channel Analysis
Affine Masking against Higher-Order Side Channel Analysis Guillaume Fumaroli 1, Ange Martinelli 1, Emmanuel Prouff 2, and Matthieu Rivain 3 1 Thales Communications {guillaume.fumaroli, jean.martinelli}@fr.thalesgroup.com
More informationCollision-Correlation Attack against some 1 st -order Boolean Masking Schemes in the Context of Secure Devices
Collision-Correlation Attack against some 1 st -order Boolean Masking Schemes in the Context of Secure Devices Thomas Roche and Victor Lomné ANSSI 51 boulevard de la Tour-Maubourg, 75700 Paris 07 SP, France
More informationTHRESHOLD IMPLEMENTATIONS OF ALL 3x3 AND 4x4 S-BOXES
THRESHOLD IMPLEMENTATIONS OF ALL 3x3 AND 4x4 S-BOXES B.Bilgin, S.Nikova, V.Nikov, V.Rijmen, G.Stütz KU Leuven, UTwente, NXP, TU Graz CHES 2012 - Leuven, Belgium 2012-09-10 Countermeasures Search for a
More informationThe Hash Function JH 1
The Hash Function JH 1 16 January, 2011 Hongjun Wu 2,3 wuhongjun@gmail.com 1 The design of JH is tweaked in this report. The round number of JH is changed from 35.5 to 42. This new version may be referred
More informationENEE 359a Digital VLSI Design
SLIDE 1 ENEE 359a Digital VLSI Design Prof. blj@eng.umd.edu Credit where credit is due: Slides contain original artwork ( Jacob 2004) as well as material taken liberally from Irwin & Vijay s CSE477 slides
More informationA New Framework for Constraint-Based Probabilistic Template Side Channel Attacks
A New Framework for Constraint-Based Probabilistic Template Side Channel Attacks Yossef Oren 1, Ofir Weisse 2, Avishai Wool 3 yos@cs.columbia.edu, ofirweisse@gmail.com, yash@eng.tau.ac.il 1 Network Security
More informationF14 Memory Circuits. Lars Ohlsson
Lars Ohlsson 2018-10-18 F14 Memory Circuits Outline Combinatorial vs. sequential logic circuits Analogue multivibrator circuits Noise in digital circuits CMOS latch CMOS SR flip flop 6T SRAM cell 1T DRAM
More informationCMOS logic gates. João Canas Ferreira. March University of Porto Faculty of Engineering
CMOS logic gates João Canas Ferreira University of Porto Faculty of Engineering March 2016 Topics 1 General structure 2 General properties 3 Cell layout João Canas Ferreira (FEUP) CMOS logic gates March
More informationGates and Logic: From switches to Transistors, Logic Gates and Logic Circuits
Gates and Logic: From switches to Transistors, Logic Gates and Logic Circuits Hakim Weatherspoon CS 3410, Spring 2013 Computer Science Cornell University See: P&H ppendix C.2 and C.3 (lso, see C.0 and
More informationA Very Compact Perfectly Masked S-Box
A Very Compact Perfectly Masked S-Box for AES D. Canright 1 and Lejla Batina 2 1 Applied Math., Naval Postgraduate School, Monterey CA 93943, USA, dcanright@nps.edu 2 K.U. Leuven ESAT/COSIC, Kasteelpark
More informationL2: Combinational Logic Design (Construction and Boolean Algebra)
L2: Combinational Logic Design (Construction and Boolean Algebra) Acknowledgements: Lecture material adapted from Chapter 2 of R. Katz, G. Borriello, Contemporary Logic Design (second edition), Pearson
More informationDual-Field Arithmetic Unit for GF(p) and GF(2 m ) *
Institute for Applied Information Processing and Communications Graz University of Technology Dual-Field Arithmetic Unit for GF(p) and GF(2 m ) * CHES 2002 Workshop on Cryptographic Hardware and Embedded
More informationFormal Verification of Side-Channel Countermeasures
Formal Verification of Side-Channel Countermeasures Sonia Belaïd June 5th 2018 1 / 35 1 Side-Channel Attacks 2 Masking 3 Formal Tools Verification of Masked Implementations at Fixed Order Verification
More informationDigital Integrated Circuits A Design Perspective
Semiconductor Memories Adapted from Chapter 12 of Digital Integrated Circuits A Design Perspective Jan M. Rabaey et al. Copyright 2003 Prentice Hall/Pearson Outline Memory Classification Memory Architectures
More informationALUs and Data Paths. Subtitle: How to design the data path of a processor. 1/8/ L3 Data Path Design Copyright Joanne DeGroat, ECE, OSU 1
ALUs and Data Paths Subtitle: How to design the data path of a processor. Copyright 2006 - Joanne DeGroat, ECE, OSU 1 Lecture overview General Data Path of a multifunction ALU Copyright 2006 - Joanne DeGroat,
More informationL2: Combinational Logic Design (Construction and Boolean Algebra)
L2: Combinational Logic Design (Construction and oolean lgebra) cknowledgements: Lecture material adapted from Chapter 2 of R. Katz, G. orriello, Contemporary Logic Design (second edition), Pearson Education,
More informationMultiple-Differential Side-Channel Collision Attacks on AES
Multiple-Differential Side-Channel Collision Attacks on AES Andrey Bogdanov Horst Görtz Institute for IT Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de www.crypto.rub.de Abstract. In
More informationLightweight Cryptography Meets Threshold Implementation: A Case Study for Simon
Lightweight Cryptography Meets Threshold Implementation: A Case Study for Simon by Aria Shahverdi A Thesis Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the
More informationLOGIC CIRCUITS. Basic Experiment and Design of Electronics. Ho Kyung Kim, Ph.D.
Basic Experiment and Design of Electronics LOGIC CIRCUITS Ho Kyung Kim, Ph.D. hokyung@pusan.ac.kr School of Mechanical Engineering Pusan National University Digital IC packages TTL (transistor-transistor
More informationHardware Security Side channel attacks
Hardware Security Side channel attacks R. Pacalet renaud.pacalet@telecom-paristech.fr May 24, 2018 Introduction Outline Timing attacks P. Kocher Optimizations Conclusion Power attacks Introduction Simple
More informationName: Grade: Q1 Q2 Q3 Q4 Q5 Total. ESE370 Fall 2015
University of Pennsylvania Department of Electrical and System Engineering Circuit-Level Modeling, Design, and Optimization for Digital Systems ESE370, Fall 205 Midterm Wednesday, November 4 Point values
More informationDynamic Combinational Circuits. Dynamic Logic
Dynamic Combinational Circuits Dynamic circuits Charge sharing, charge redistribution Domino logic np-cmos (zipper CMOS) Krish Chakrabarty 1 Dynamic Logic Dynamic gates use a clocked pmos pullup Two modes:
More information7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 7 Cryptanalysis Cryptanalysis Attacks such as exhaustive key-search do not exploit any properties of the encryption algorithm or implementation. Structural attacks
More informationParallel Implementations of Masking Schemes and the Bounded Moment Leakage Model
Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model Gilles Barthe 1, François Dupressoir 2, Sebastian Faust 3, Benjamin Grégoire 4, François-Xavier Standaert 5, and Pierre-Yves
More informationUnit 3 Session - 9 Data-Processing Circuits
Objectives Unit 3 Session - 9 Data-Processing Design of multiplexer circuits Discuss multiplexer applications Realization of higher order multiplexers using lower orders (multiplexer trees) Introduction
More informationCSE 140L Spring 2010 Lab 1 Assignment Due beginning of the class on 14 th April
CSE 140L Spring 2010 Lab 1 Assignment Due beginning of the class on 14 th April Objective - Get familiar with the Xilinx ISE webpack tool - Learn how to design basic combinational digital components -
More information9/18/2008 GMU, ECE 680 Physical VLSI Design
ECE680: Physical VLSI Design Chapter III CMOS Device, Inverter, Combinational circuit Logic and Layout Part 3 Combinational Logic Gates (textbook chapter 6) 9/18/2008 GMU, ECE 680 Physical VLSI Design
More informationDESIGN AND IMPLEMENTATION OF ENCODERS AND DECODERS. To design and implement encoders and decoders using logic gates.
DESIGN AND IMPLEMENTATION OF ENCODERS AND DECODERS AIM To design and implement encoders and decoders using logic gates. COMPONENTS REQUIRED S.No Components Specification Quantity 1. Digital IC Trainer
More informationPARITY BASED FAULT DETECTION TECHNIQUES FOR S-BOX/ INV S-BOX ADVANCED ENCRYPTION SYSTEM
PARITY BASED FAULT DETECTION TECHNIQUES FOR S-BOX/ INV S-BOX ADVANCED ENCRYPTION SYSTEM Nabihah Ahmad Department of Electronic Engineering, Faculty of Electrical and Electronic Engineering, Universiti
More informationDigital Integrated Circuits A Design Perspective. Semiconductor. Memories. Memories
Digital Integrated Circuits A Design Perspective Semiconductor Chapter Overview Memory Classification Memory Architectures The Memory Core Periphery Reliability Case Studies Semiconductor Memory Classification
More informationCS293 Report Side Channel Attack with Machine Learning
000 001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050
More informationMOSIS REPORT. Spring MOSIS Report 1. MOSIS Report 2. MOSIS Report 3
MOSIS REPORT Spring 2010 MOSIS Report 1 MOSIS Report 2 MOSIS Report 3 MOSIS Report 1 Design of 4-bit counter using J-K flip flop I. Objective The purpose of this project is to design one 4-bit counter
More informationConsolidating Masking Schemes
Consolidating Masking Schemes Oscar Reparaz, Begül Bilgin, Svetla Nikova, Benedikt Gierlichs, and Ingrid Verbauwhede firstname.lastname@esat.kuleuven.be KU Leuven ESAT/COSIC and iminds, Belgium Abstract.
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationEE382 Processor Design Winter 1999 Chapter 2 Lectures Clocking and Pipelining
Slide 1 EE382 Processor Design Winter 1999 Chapter 2 Lectures Clocking and Pipelining Slide 2 Topics Clocking Clock Parameters Latch Types Requirements for reliable clocking Pipelining Optimal pipelining
More informationLogical Effort: Designing for Speed on the Back of an Envelope David Harris Harvey Mudd College Claremont, CA
Logical Effort: Designing for Speed on the Back of an Envelope David Harris David_Harris@hmc.edu Harvey Mudd College Claremont, CA Outline o Introduction o Delay in a Logic Gate o Multi-stage Logic Networks
More informationSystematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers
Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers Hui Zhao, Yongbin Zhou,,François-Xavier Standaert 2, and Hailong Zhang State Key Laboratory
More informationStatistical Analysis for Access-Driven Cache Attacks Against AES
Statistical Analysis for Access-Driven Cache Attacks Against AES Liwei Zhang, A. Adam Ding, Yunsi Fei, and Zhen Hang Jiang 1 Department of Mathematics, Northeastern University, Boston, MA 02115 2 Department
More informationDynamic Combinational Circuits. Dynamic Logic
Dynamic Combinational Circuits Dynamic circuits Charge sharing, charge redistribution Domino logic np-cmos (zipper CMOS) Krish Chakrabarty 1 Dynamic Logic Dynamic gates use a clocked pmos pullup Two modes:
More informationSide-channel attacks on PKC and countermeasures with contributions from PhD students
basics Online Side-channel attacks on PKC and countermeasures (Tutorial @SPACE2016) with contributions from PhD students Lejla Batina Institute for Computing and Information Sciences Digital Security Radboud
More informationExperiment 7: Magnitude comparators
Module: Logic Design Lab Name:... University no:.. Group no: Lab Partner Name: Experiment 7: Magnitude comparators Mr. Mohamed El-Saied Objective: Realization of -bit comparator using logic gates. Realization
More informationSemiconductor Memories
Semiconductor References: Adapted from: Digital Integrated Circuits: A Design Perspective, J. Rabaey UCB Principles of CMOS VLSI Design: A Systems Perspective, 2nd Ed., N. H. E. Weste and K. Eshraghian
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationDesign and Analysis of Comparator Using Different Logic Style of Full Adder
RESEARCH ARTICLE OPEN ACCESS Design and Analysis of Comparator Using Different Logic Style of Full Adder K. Rajasekhar**, P. Sowjanya*, V. Umakiranmai*, R. Harish*, M. Krishna* (** Assistant Professor,
More informationA Statistics-based Fundamental Model for Side-channel Attack Analysis
A Statistics-based Fundamental Model for Side-channel Attack Analysis Yunsi Fei, A. Adam Ding, Jian Lao, and Liwei Zhang 1 Yunsi Fei Department of Electrical and Computer Engineering Northeastern University,
More informationFormal Verification of Masked Implementations
Formal Verification of Masked Implementations Sonia Belaïd Benjamin Grégoire CHES 2018 - Tutorial September 9th 2018 1 / 47 1 Side-Channel Attacks and Masking 2 Formal Tools for Verification at Fixed Order
More informationHadamard Matrices, d-linearly Independent Sets and Correlation-Immune Boolean Functions with Minimum Hamming Weights
Hadamard Matrices, d-linearly Independent Sets and Correlation-Immune Boolean Functions with Minimum Hamming Weights Qichun Wang Abstract It is known that correlation-immune (CI) Boolean functions used
More informationA Very Efficient Pseudo-Random Number Generator Based On Chaotic Maps and S-Box Tables M. Hamdi, R. Rhouma, S. Belghith
A Very Efficient Pseudo-Random Number Generator Based On Chaotic Maps and S-Box Tables M. Hamdi, R. Rhouma, S. Belghith Abstract Generating random numbers are mainly used to create secret keys or random
More informationVLSI Design, Fall Logical Effort. Jacob Abraham
6. Logical Effort 6. Logical Effort Jacob Abraham Department of Electrical and Computer Engineering The University of Texas at Austin VLSI Design Fall 207 September 20, 207 ECE Department, University of
More informationFloating Point Representation and Digital Logic. Lecture 11 CS301
Floating Point Representation and Digital Logic Lecture 11 CS301 Administrative Daily Review of today s lecture w Due tomorrow (10/4) at 8am Lab #3 due Friday (9/7) 1:29pm HW #5 assigned w Due Monday 10/8
More informationSolutions to problems from Chapter 3
Solutions to problems from Chapter 3 Manjunatha. P manjup.jnnce@gmail.com Professor Dept. of ECE J.N.N. College of Engineering, Shimoga February 28, 2016 For a systematic (7,4) linear block code, the parity
More informationCryptanalysis of PRESENT-like ciphers with secret S-boxes
Cryptanalysis of PRESENT-like ciphers with secret S-boxes Julia Borghoff Lars Knudsen Gregor Leander Søren S. Thomsen DTU, Denmark FSE 2011 Cryptanalysis of Maya Julia Borghoff Lars Knudsen Gregor Leander
More informationA Novel Circuit Design Methodology to Reduce Side Channel Leakage
A Novel Circuit Design Methodology to Reduce Side Channel Leakage 02.11.2012 Ruhr-Universität Bochum Analogue Integrated Circuits Research Group Andreas Gornik, Ivan Stoychev and Jürgen Oehm A S Contents
More informationCryptanalysis of SP Networks with Partial Non-Linear Layers
Cryptanalysis of SP Networks with Partial Non-Linear Layers Achiya Bar-On 1, Itai Dinur 2, Orr Dunkelman 3, Nathan Keller 1, Virginie Lallemand 4, and Boaz Tsaban 1 1 Bar-Ilan University, Israel 2 École
More informationDigital Integrated Circuits A Design Perspective
igital Integrated Circuits esign Perspective esigning Combinational Logic Circuits 1 Combinational vs. Sequential Logic In Combinational Logic Circuit Out In Combinational Logic Circuit Out State Combinational
More informationIntegrated Circuits & Systems
Federal University of Santa Catarina Center for Technology Computer Science & Electronics Engineering Integrated Circuits & Systems INE 5442 Lecture 16 CMOS Combinational Circuits - 2 guntzel@inf.ufsc.br
More informationSide-Channel Attacks on Threshold Implementations using a Glitch Algebra
Side-Channel Attacks on Threshold Implementations using a Glitch Algebra Serge Vaudenay EPFL CH-1015 Lausanne, Switzerland http://lasec.epfl.ch Abstract. Threshold implementations allow to implement circuits
More informationAE74 VLSI DESIGN JUN 2015
Q.2 a. Write down the different levels of integration of IC industry. (4) b. With neat sketch explain briefly PMOS & NMOS enhancement mode transistor. N-MOS enhancement mode transistor:- This transistor
More informationRandomized Signed-Scalar Multiplication of ECC to Resist Power Attacks
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks Jae Cheol Ha 1 and Sang Jae Moon 2 1 Division of Information Science, Korea Nazarene Univ., Cheonan, Choongnam, 330-718, Korea jcha@kornu.ac.kr
More informationDesigning Information Devices and Systems II Spring 2018 J. Roychowdhury and M. Maharbiz Discussion 1A
EEC 16B esigning Information evices and ystems II pring 2018 J. Roychowdhury and M. Maharbiz iscussion 1A 1 igit Bases (N) p is used to indicate that the number N is expressed in base p. For example, (N)
More informationTHEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys
THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER A. A. Zadeh and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland
More informationGates and Logic: From Transistors to Logic Gates and Logic Circuits
Gates and Logic: From Transistors to Logic Gates and Logic Circuits Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University The slides are the product of many rounds of teaching CS 3410 by
More informationLecture 6: Circuit design part 1
Lecture 6: Circuit design part 6. Combinational circuit design 6. Sequential circuit design 6.3 Circuit simulation 6.4. Hardware description language Combinational Circuit Design. Combinational circuit
More informationXOR - XNOR Gates. The graphic symbol and truth table of XOR gate is shown in the figure.
XOR - XNOR Gates Lesson Objectives: In addition to AND, OR, NOT, NAND and NOR gates, exclusive-or (XOR) and exclusive-nor (XNOR) gates are also used in the design of digital circuits. These have special
More informationEECS 141 F01 Lecture 17
EECS 4 F0 Lecture 7 With major inputs/improvements From Mary-Jane Irwin (Penn State) Dynamic CMOS In static circuits at every point in time (except when switching) the output is connected to either GND
More informationAnswers. Name: Grade: Q1 Q2 Q3 Q4 Total mean: 83, stdev: 14. ESE370 Fall 2017
University of Pennsylvania Department of Electrical and System Engineering Circuit-Level Modeling, Design, and Optimization for Digital Systems ESE370, Fall 2017 Midterm 2 Monday, November 6 Point values
More informationCMOS Digital Integrated Circuits Lec 13 Semiconductor Memories
Lec 13 Semiconductor Memories 1 Semiconductor Memory Types Semiconductor Memories Read/Write (R/W) Memory or Random Access Memory (RAM) Read-Only Memory (ROM) Dynamic RAM (DRAM) Static RAM (SRAM) 1. Mask
More informationDIFFERENTIAL POWER ANALYSIS MODEL AND SOME RESULTS
DIFFERENTIAL POWER ANALYSIS MODEL AND SOME RESULTS Sylvain Guilley, Philippe Hoogvorst and Renaud Pacalet GET / Télécom Paris, CNRS LTCI Département communication et électronique 46 rue Barrault, 75634
More informationEE 466/586 VLSI Design. Partha Pande School of EECS Washington State University
EE 466/586 VLSI Design Partha Pande School of EECS Washington State University pande@eecs.wsu.edu Lecture 8 Power Dissipation in CMOS Gates Power in CMOS gates Dynamic Power Capacitance switching Crowbar
More informationMultiple-Differential Side-Channel Collision Attacks on AES
Multiple-Differential Side-Channel Collision Attacks on AES Andrey Bogdanov Horst Görtz Institute for IT Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de, www.crypto.rub.de Abstract. In
More informationChannel Equalization for Side Channel Attacks
Channel Equalization for Side Channel Attacks Colin O Flynn and Zhizhang (David) Chen Dalhousie University, Halifax, Canada {coflynn, z.chen}@dal.ca Revised: July 10, 2014 Abstract. This paper introduces
More informationDesign of Sequential Circuits
Design of Sequential Circuits Seven Steps: Construct a state diagram (showing contents of flip flop and inputs with next state) Assign letter variables to each flip flop and each input and output variable
More informationDESIGN AND IMPLEMENTATION OF MULTIPLEXER USING POSITIVE FEEDBACK ADIABATIC LOGIC
DESIGN AND IMPLEMENTATION OF MULTIPLEXER USING POSITIVE FEEDBACK ADIABATIC LOGIC 1 Sarathkumar.S, 2 Ravibabu.B 1 PG Scholar,Department of Electronics and Communication Engineering,SVCET. 2 Assistant.Professor,
More informationChapter Overview. Memory Classification. Memory Architectures. The Memory Core. Periphery. Reliability. Memory
SRAM Design Chapter Overview Classification Architectures The Core Periphery Reliability Semiconductor Classification RWM NVRWM ROM Random Access Non-Random Access EPROM E 2 PROM Mask-Programmed Programmable
More information