论文部分内容阅读
This paper presents an AES(advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution.Both decryption and encryption procedures of an AES are implemented on the chip.A fine-grained dataflow architecture is proposed,which dynamically exploits intrinsic byte-level independence in the algorithm.A novel circuit called an HMF(Hold-MatchFetch) unit is proposed for random control,which randomly sets execution orders for concurrent operations.The AES chip was manufactured in SMIC 0.18μm technology.The average energy for encrypting one group of plain texts(128 bits secrete keys) is 19 nJ.The core area is 0.43 mm~2.A sophisticated experimental setup was built to test the DPA resistance.Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack.Compared with the corresponding fixed order execution,the hardware based random order execution is improved by at least 21 times the DPA resistance.
This paper presents an AES (advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution. But decryption and encryption procedures of an AES are implemented on the chip. A fine-grained dataflow architecture is proposed, which dynamically exploits intrinsic byte-level independence in the algorithm. A novel circuit called an HMF (Hold-MatchFetch) unit is proposed for random control, which randomly sets execution orders for concurrent operations. The AES chip was manufactured in SMIC 0.18 μm technology. Average energy for encrypting one group of plain texts (128 bits secrete keys) is 19 nJ. The core area is 0.43 mm ~ 2. A sophisticated experimental setup was built to test the DPA resistance. Measurement-based experimental results show that one byte of a secret key can not be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack. Compared with the corresponding fixed order ex ecution, the hardware based random order execution is improved by at least 21 times the DPA resistance.