4 research outputs found
Improving First-Order Threshold Implementations of SKINNY
Threshold Implementations have become a popular generic technique to construct
circuits resilient against power analysis attacks. In this paper, we look to devise efficient
threshold circuits for the lightweight block cipher family SKINNY. The only threshold circuits
for this family are those proposed by its designers who decomposed the 8-bit S-box into four
quadratic S-boxes, and constructed a 3-share byte-serial threshold circuit that executes the
substitution layer over four cycles. In particular, we revisit the algebraic structure of the S-box
and prove that it is possible to decompose it into (a) three quadratic S-boxes and (b) two
cubic S-boxes. Such decompositions allow us to construct threshold circuits that require three
shares and executes each round function in three cycles instead of four, and similarly circuits
that use four shares requiring two cycles per round. Our constructions significantly reduce
latency and energy consumption per encryption operation. Notably, to validate our designs,
we synthesize our circuits on standard CMOS cell libraries to evaluate performance, and we
conduct leakage detection via statistical tests on power traces on FPGA platforms to assess
security
The Side-Channel Metrics Cheat Sheet
Side-channel attacks exploit a physical observable originating from a cryptographic device in order to extract its secrets. Many
practically relevant advances in the field of side-channel analysis relate to security evaluations of cryptographic functions and devices.
Accordingly, many metrics have been adopted or defined to express and quantify side-channel security. These metrics can relate to
one another, but also conflict in terms of effectiveness, assumptions and security goals. In this work, we review the most commonly
used metrics in the field of side-channel analysis. We provide a self-contained presentation of each metric, along with a discussion
of its limitations. We practically demonstrate the metrics on examples of relevant implementations of the Advanced Encryption
Standard (AES), and make the software implementation of the presented metrics available to the community as open source. This
work, being beyond a survey of the current status of metrics, will allow researchers and practitioners to produce a well-informed
security evaluation through a better understanding of its supporting and summarizing metrics
Are Cloud FPGAs Really Vulnerable to Power Analysis Attacks?
Recent works have demonstrated the possibility of extracting secrets from a cryptographic core running on an FPGA by means of remote power analysis attacks. To mount these attacks, an adversary implements a voltage fluctuation sensor in the FPGA logic, records the power consumption of the target cryptographic core, and recovers the secret key by running a power analysis attack on the recorded traces. Despite showing that the power analysis could also be performed without physical access to the cryptographic core, these works were mostly carried out on dedicated FPGA boards in a controlled environment, leaving open the question about the possibility to successfully mount these attacks on a real system deployed in the cloud. In this paper, we demonstrate, for the first time, a successful key recovery attack on an AES cryptographic accelerator running on an Amazon EC2 F1 instance. We collect the power traces using a delay-line based voltage drop sensor, adapted to the Xilinx Virtex Ultrascale+ architecture used on Amazon EC2 F1, where CARRY8 blocks do not have a monotonic delay increase at their outputs. Our results demonstrate that security concerns raised by multitenant FPGAs are indeed valid and that countermeasures should be put in place to mitigate them
Shared FPGAs and the Holy Grail: Protections against Side-Channel and Fault Attacks
In this paper, we survey recently proposed methods for protecting against side-channel and fault attacks in shared FPGAs. These methods are quite versatile, targeting FPGA compilation flow, real-time timing-fault detection, on-chip active fences, automated bitstream verification, etc. Despite their versatility, they are mostly designed to counteract a specific class of attacks. To understand how to address the problem of security in shared FPGAs in a comprehensive way, we discuss their individual strengths and weaknesses, in an attempt to identify research directions necessitating further investigation