Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics

Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (D...

Full description

Saved in:

Bibliographic Details
Published in	IEEE transactions on computers Vol. 59; no. 9; pp. 1250 - 1263
Main Authors	Guilley, Sylvain, Sauvage, Laurent, Flament, Florent, Vinh-Nga Vong, Hoogvorst, Philippe, Pacalet, Renaud
Format	Journal Article
Language	English
Published	New York IEEE 01.09.2010 The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Institute of Electrical and Electronics Engineers
Subjects	AES SubBytes Algorithms attacks on DPL backend-level protections Classification Computer architecture Computer information security Computer Science Computer simulation Countermeasures cryptography Cryptography and Security dual-rail with precharge logics (DPL) Electronics Embedded Systems Engineering Sciences Hardware Architecture implementation-level security leakage metrics Libraries Logic Logic gates Mathematical models Microprocessors Military technology Modeling and Simulation Registers Routing Security side-channel analysis Studies Very large scale integration dual-rail with precharge logics (DPL) AES SubBytes attacks on DPL side-channel analysis backend-level protections leakage metrics cryptography implementation-level security
Online Access	Get full text

Cover

Loading…

Abstract	Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.
AbstractList	Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.
Author	Vinh-Nga Vong Sauvage, Laurent Hoogvorst, Philippe Guilley, Sylvain Pacalet, Renaud Flament, Florent
Author_xml	– sequence: 1 givenname: Sylvain surname: Guilley fullname: Guilley, Sylvain email: sylvain.guilley@TELECOM-ParisTech.fr organization: Dept. COMELEC, TELECOM ParisTech, Paris, France – sequence: 2 givenname: Laurent surname: Sauvage fullname: Sauvage, Laurent email: laurent.sauvage@TELECOM-ParisTech.fr organization: Dept. COMELEC, TELECOM ParisTech, Paris, France – sequence: 3 givenname: Florent surname: Flament fullname: Flament, Florent email: florent.flament@TELECOM-ParisTech.fr organization: Dept. COMELEC, TELECOM ParisTech, Paris, France – sequence: 4 surname: Vinh-Nga Vong fullname: Vinh-Nga Vong email: vinhnga.vong@free.fr organization: Airbus, Toulouse, France – sequence: 5 givenname: Philippe surname: Hoogvorst fullname: Hoogvorst, Philippe email: philippe.hoogvorst@TELECOM-ParisTech.fr organization: Dept. COMELEC, TELECOM ParisTech, Paris, France – sequence: 6 givenname: Renaud surname: Pacalet fullname: Pacalet, Renaud email: renaud.pacalet@TELECOM-ParisTech.fr organization: Dept. COMELEC, TELECOM ParisTech, Sophia-Antipolis, France
BackLink	https://telecom-paris.hal.science/hal-02893100$$DView record in HAL
BookMark	eNp1kUFr3DAQhUVJoZu0px57EfRQQnAykiXLOi7eNClsSWh9F7J3vFHqtVJJTsi_r7Zbcgj0JJ70vceM3jE5mvyEhHxkcM4Y6Iu2OeewFyDekAWTUhVay-qILABYXehSwDtyHOM9AFQc9IL8uny042yT8xP1A731Txho46eY7JToarZj8cO6ka791vUxv8xTwrBDG-eAkdqtdZmlq9slfXLpjq4wuu1EW7dD-hP7Obj0TL9jCtn9nrwd7Bjxw7_zhLRfL9vmuljfXH1rluuiL2uRCtZvlOSytpyVfACNlWJcAped6LDGjrG6Fr1UstIbqWo1DF25ARSWDaLbYHlCTg-xd3Y0D8HtbHg23jpzvVyb_R3wWpcM4JFl9suBfQj-94wxmZ2LPY6jndDP0eR4XuoKqkx-fkXe-zlMeQ_DgCulatCQqbMD1QcfY8DhZQAGZl-RaRuzryhrkWn2iu5d-ttFCvnT_-P5dPA4RHxJl6JSIKryDxzHnJU
CODEN	ITCOB4
CitedBy_id	crossref_primary_10_1109_TIM_2013_2259754 crossref_primary_10_4236_cs_2013_42019 crossref_primary_10_3390_app12052390 crossref_primary_10_1016_j_sysarc_2012_08_004 crossref_primary_10_1109_TVLSI_2024_3374257 crossref_primary_10_1049_iet_ifs_2018_5136 crossref_primary_10_4218_etrij_17_0116_0876 crossref_primary_10_1109_JETCAS_2014_2315878 crossref_primary_10_1109_TIM_2012_2200399 crossref_primary_10_1007_s13389_016_0143_4 crossref_primary_10_1002_cta_2296 crossref_primary_10_1049_iet_cds_2014_0150 crossref_primary_10_1587_transfun_E99_A_1833 crossref_primary_10_1109_TCAD_2017_2717780 crossref_primary_10_1049_iet_wss_2018_5157
Cites_doi	10.1007/3-540-44709-1_21 10.1109/DATE.2004.1269113 10.1007/3-540-44709-1_16 10.1016/S0141-9331(03)00092-9 10.1109/VLSID.2007.44 10.1007/11596219_5 10.1109/DATE.2004.1268856 10.1007/3-540-45760-7_6 10.1007/11894063_1 10.1109/92.736128 10.1145/988952.989019 10.1007/1-4020-8147-2_10 10.1109/HST.2008.4559042 10.1007/1-4020-8147-2_9 10.1007/11502760_29 10.1109/CCST.2005.1594857 10.1007/11545262_12 10.1007/978-3-540-28632-5_2 10.1109/DELTA.2008.61 10.1007/978-3-642-04138-9_15 10.1007/11545262_13 10.1007/978-3-540-74735-2_29 10.1007/11545262_28 10.1109/TC.2008.109 10.1007/s11265-007-0158-2 10.1109/MDT.2007.202 10.1007/11894063_21 10.1007/11796435_46
ContentType	Journal Article
Copyright	Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Sep 2010 Distributed under a Creative Commons Attribution 4.0 International License
Copyright_xml	– notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Sep 2010 – notice: Distributed under a Creative Commons Attribution 4.0 International License
DBID	97E RIA RIE AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D F28 FR3 1XC VOOES
DOI	10.1109/TC.2010.104
DatabaseName	IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Electronic Library (IEL) CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional ANTE: Abstracts in New Technology & Engineering Engineering Research Database Hyper Article en Ligne (HAL) Hyper Article en Ligne (HAL) (Open Access)
DatabaseTitle	CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional Engineering Research Database ANTE: Abstracts in New Technology & Engineering
DatabaseTitleList	Technology Research Database Technology Research Database
Database_xml	– sequence: 1 dbid: RIE name: IEEE Electronic Library url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher
DeliveryMethod	fulltext_linktorsrc
Discipline	Engineering Computer Science
EISSN	1557-9956
EndPage	1263
ExternalDocumentID	oai_HAL_hal_02893100v1 2720447891 10_1109_TC_2010_104 5467046
Genre	orig-research
GroupedDBID	--Z -DZ -~X .55 .DC 0R~ 29I 3EH 3O- 4.4 5GY 5VS 6IK 85S 97E AAJGR AARMG AASAJ AAWTH ABAZT ABFSI ABQJQ ABVLG ACGFO ACIWK ACNCT AENEX AETEA AETIX AGQYO AGSQL AHBIQ AI. AIBXA AKJIK AKQYR ALLEH ALMA_UNASSIGNED_HOLDINGS ASUFR ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 E.L EBS EJD HZ~ H~9 IAAWW IBMZZ ICLAB IEDLZ IFIPE IFJZH IPLJI JAVBF LAI M43 MS~ MVM O9- OCL P2P PQQKQ RIA RIE RNI RNS RXW RZB TAE TN5 TWZ UHB UKR UPT VH1 X7M XJT XOL XZL YXB YYQ YZZ ZCG AAYOK AAYXX CITATION RIG 7SC 7SP 8FD JQ2 L7M L~C L~D F28 FR3 1XC VOOES
ID	FETCH-LOGICAL-c384t-1cd75258a2132f09e67125025b4be8eb11884c57569d5787ffb3d0e4a1f4bde3
IEDL.DBID	RIE
ISSN	0018-9340
IngestDate	Fri May 09 12:29:01 EDT 2025 Fri Jul 11 11:58:19 EDT 2025 Mon Jun 30 04:06:23 EDT 2025 Sun Jul 06 05:08:33 EDT 2025 Thu Apr 24 23:03:32 EDT 2025 Wed Aug 27 02:49:04 EDT 2025
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Issue	9
Keywords	dual-rail with precharge logics (DPL) AES SubBytes attacks on DPL side-channel analysis backend-level protections leakage metrics cryptography implementation-level security
Language	English
License	https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html Distributed under a Creative Commons Attribution 4.0 International License: http://creativecommons.org/licenses/by/4.0
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c384t-1cd75258a2132f09e67125025b4be8eb11884c57569d5787ffb3d0e4a1f4bde3
Notes	ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 ObjectType-Article-2 ObjectType-Feature-1 content type line 23
ORCID	0000-0002-6118-7927 0000-0002-6940-6856 0000-0002-5044-3534 0000-0002-6676-1123
OpenAccessLink	https://telecom-paris.hal.science/hal-02893100
PQID	1027778090
PQPubID	85452
PageCount	14
ParticipantIDs	crossref_primary_10_1109_TC_2010_104 proquest_journals_1027778090 proquest_miscellaneous_787239606 crossref_citationtrail_10_1109_TC_2010_104 ieee_primary_5467046 hal_primary_oai_HAL_hal_02893100v1
PublicationCentury	2000
PublicationDate	2010-09-01
PublicationDateYYYYMMDD	2010-09-01
PublicationDate_xml	– month: 09 year: 2010 text: 2010-09-01 day: 01
PublicationDecade	2010
PublicationPlace	New York
PublicationPlace_xml	– name: New York
PublicationTitle	IEEE transactions on computers
PublicationTitleAbbrev	TC
PublicationYear	2010
Publisher	IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) Institute of Electrical and Electronics Engineers
Publisher_xml	– name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) – name: Institute of Electrical and Electronics Engineers
References	ref13 ref12 Satoh (ref39) 2010 ref15 ref37 ref14 ref36 ref31 ref30 ref33 ref10 ref32 ref2 (ref40) 2010 ref17 Danger (ref3) ref16 ref38 ref19 ref18 (ref8) 2001 Guilley (ref5) Guilley (ref28) ref24 ref23 ref26 ref25 ref20 ref22 ref21 Hanley (ref35) ref27 (ref29) 2002 Rijmen (ref11) 2000 ref9 ref4 Schaumont (ref7) ref6 Kocher (ref1) Peeters (ref34) 2006
References_xml	– ident: ref22 doi: 10.1007/3-540-44709-1_21 – volume-title: Proc. Workshop Secure Control Systems (SCS) ident: ref3 article-title: Overview of Dual Rail with Precharge Logic Styles to Thwart Implementation-Level Attacks on Hardware Cryptoprocessors,—New Attacks and Improved Counter-Measures – ident: ref9 doi: 10.1109/DATE.2004.1269113 – ident: ref12 doi: 10.1007/3-540-44709-1_16 – start-page: 95 volume-title: Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES) ident: ref7 article-title: Masking and Dual Rail Logic Dont Add Up – ident: ref10 doi: 10.1016/S0141-9331(03)00092-9 – ident: ref15 doi: 10.1109/VLSID.2007.44 – ident: ref27 doi: 10.1007/11596219_5 – ident: ref4 doi: 10.1109/DATE.2004.1268856 – ident: ref13 doi: 10.1007/3-540-45760-7_6 – ident: ref30 doi: 10.1007/11894063_1 – ident: ref19 doi: 10.1109/92.736128 – start-page: 1 volume-title: Proc. Conf. Design of Circuits and Integrated Systems (DCIS 08) ident: ref5 article-title: Security Evaluation of a Secured Quasi-Delay Insensitive Library – year: 2006 ident: ref34 article-title: Towards Security Limits of Embedded Hardware Devices: From Practice to Theory – ident: ref14 doi: 10.1145/988952.989019 – ident: ref33 doi: 10.1007/1-4020-8147-2_10 – ident: ref36 doi: 10.1109/HST.2008.4559042 – ident: ref25 doi: 10.1007/1-4020-8147-2_9 – ident: ref26 doi: 10.1007/11502760_29 – ident: ref37 doi: 10.1109/CCST.2005.1594857 – ident: ref24 doi: 10.1007/11545262_12 – start-page: 1 volume-title: Proc. Intl Workshop Boolean Functions: Cryptography and Applications (BFCA) ident: ref28 article-title: Improving Side-Channel Attacks by Exploiting Substitution Boxes Properties – ident: ref2 doi: 10.1007/978-3-540-28632-5_2 – ident: ref38 doi: 10.1109/DELTA.2008.61 – ident: ref32 doi: 10.1007/978-3-642-04138-9_15 – year: 2010 ident: ref40 article-title: A Side-Channel Eavesdropping System-on-Chip – ident: ref6 doi: 10.1007/11545262_13 – ident: ref31 doi: 10.1007/978-3-540-74735-2_29 – ident: ref20 doi: 10.1007/11545262_28 – ident: ref23 doi: 10.1109/TC.2008.109 – start-page: 145 volume-title: Proc. Irish Signals and System Conf. (ISSC) ident: ref35 article-title: Correlation Power Analysis of Large Word Sizes – volume-title: Informal Communication year: 2000 ident: ref11 article-title: Efficient Implementation of the Rijndael S-Box – ident: ref17 doi: 10.1007/s11265-007-0158-2 – ident: ref21 doi: 10.1109/MDT.2007.202 – start-page: 388 volume-title: Proc. Ann. Intl Conf. Cryptology (CRYPTO 99) ident: ref1 article-title: Differential Power Analysis: LeakingSecrets – ident: ref18 doi: 10.1007/11894063_21 – start-page: 1 year: 2002 ident: ref29 article-title: IEEE Standard VHDL (Very High Speed Integrated Circuits Description Language) Reference Manual – ident: ref16 doi: 10.1007/11796435_46 – volume-title: project of the AIST—Research Center for Information Security (RCIS) year: 2010 ident: ref39 article-title: Side-Channel Attack Standard Evaluation Board, SASEBO – year: 2001 ident: ref8 article-title: FIPS PUB 197: Advanced Encryption Standard (AES)
SSID	ssj0006209
Score	2.1255927
Snippet	Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting...
SourceID	hal proquest crossref ieee
SourceType	Open Access Repository Aggregation Database Enrichment Source Index Database Publisher
StartPage	1250
SubjectTerms	AES SubBytes Algorithms attacks on DPL backend-level protections Classification Computer architecture Computer information security Computer Science Computer simulation Countermeasures cryptography Cryptography and Security dual-rail with precharge logics (DPL) Electronics Embedded Systems Engineering Sciences Hardware Architecture implementation-level security leakage metrics Libraries Logic Logic gates Mathematical models Microprocessors Military technology Modeling and Simulation Registers Routing Security side-channel analysis Studies Very large scale integration
Title	Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics
URI	https://ieeexplore.ieee.org/document/5467046 https://www.proquest.com/docview/1027778090 https://www.proquest.com/docview/787239606 https://telecom-paris.hal.science/hal-02893100
Volume	59
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
link	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1Lb9QwEB51e4IDhRZEaEEW6gmRrb1xXsfVbqsVYlEFi9RbZDsTqLraRSTpgV_PTOJECHrglsc4sjKe8Yzn8QGcI22pCqUO0wh1qCulQqudCl1lMS61pT2II7rrT8nqq_5wE98cwPuxFgYRu-QznPJlF8sv967lo7KLmKSa_LkJTMhx62u1Rq2bDOkcigQ40tLX4imZX2wWfQqX8mhsw-4z-c65jx2oyj-auNtero5gPUyszyq5m7aNnbpff_Vs_N-ZP4Un3s4U835hPIMD3B3D0YDhILxIH8PjPxoSnsDd5dj8W-wrcc0QamLRm5CNWLZmG342t1vBCM2uFlzQzqq9P2eshflmbolWLK_ngg94xbLLDxFcZyK-eKQ8sWYQL1c_h83V5WaxCj0cQ-iiTDehcmUaz-LMzMiDrWSOSUrWEdlMVlvMSOerLNOOzL8kL1kPVJWNSonaqErbEqMXcLjb7_AlCENWk9M0RCaokwwNOZk0BnUVWwbBCeDdwKXC-VbljJixLTqXRebFZlEwS-leB3A-Ev_oO3Q8TPaW2D1ScFft1fxjwc842MpxjnsVwAnzbqTybAvgbFgdhRfxmr45S9M0k7kMQIyvSTg54mJ2uG_rgv7CLGIf8dXDHz6FR302AuesncFh87PF12TkNPZNt7p_A8nC-C4
linkProvider	IEEE
linkToHtml	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1Lb9NAEB615QAcWmipcCmwQj0hnO7a69cxSloFSKoKjNSb5V2PoWqUIGxz4Ncz45cQ9MDNj7FleXZeO48P4AzJpCqU2o181K4ulXKNtsq1pcGg0IZsEGd0V1fh4ov-cBPc7MC7sRcGEdviM5zwYZvLL7a24a2y84CkmuK5XXhAdj_wum6tUe-GQ0GHIhH2tey78ZRMztNZV8Slejy2wf7sfuPqxxZW5R9d3BqYywNYDZ_W1ZXcTZraTOyvv6Y2_u-3P4H93tMU025pPIUd3BzCwYDiIHqhPoTHf4wkPIK7i3H8t9iW4ppB1MSscyJrMW_ytfspv10Lxmi2leCWdlbu3U5jJfKv-S3Rivn1VPAWr5i3FSKCO03E5x4rT6wYxstWzyC9vEhnC7cHZHCtH-vaVbaIAi-Ic49i2FImGEbkH5HXZLTBmLS-imNtyQEMk4I1QVkav5Coc1VqU6B_DHub7Qafg8jJb7KaHpEh6jDGnMJMegZ1GRiGwXHg7cClzPbDyhkzY521QYtMsnSWMUvpXDtwNhJ_72Z03E_2htg9UvBc7cV0mfE1TrdypuOncuCIeTdS9Wxz4HRYHVkv5BW904uiKJaJdECMt0k8OeeSb3DbVBn9Bc_nKPHk_he_hoeLdLXMlu-vPr6AR11tAlewncJe_aPBl-Ty1OZVu9J_A-FM-3g
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Evaluation+of+Power+Constant+Dual-Rail+Logics+Countermeasures+against+DPA+with+Design+Time+Security+Metrics&rft.jtitle=IEEE+transactions+on+computers&rft.au=Guilley%2C+Sylvain&rft.au=Sauvage%2C+Laurent&rft.au=Flament%2C+Florent&rft.au=Vong%2C+Vinh-Nga&rft.date=2010-09-01&rft.issn=0018-9340&rft.volume=59&rft.issue=9&rft.spage=1250&rft.epage=1263&rft_id=info:doi/10.1109%2FTC.2010.104&rft.externalDBID=NO_FULL_TEXT
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0018-9340&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0018-9340&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0018-9340&client=summon