International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Unrolled Cryptography on Silicon: A Physical Security Analysis

Authors:
Thorben Moos , Ruhr University Bochum, Horst Görtz Institute for IT Security, Germany
Download:
DOI: 10.13154/tches.v2020.i4.416-442
URL: https://tches.iacr.org/index.php/TCHES/article/view/8689
Search ePrint
Search Google
Presentation: Slides
Abstract: Cryptographic primitives with low-latency performance have gained momentum lately due to an increased demand for real-time applications. Block ciphers such as PRINCE enable data encryption (resp. decryption) within a single clock cycle at a moderately high operating frequency when implemented in a fully-unrolled fashion. Unsurprisingly, many typical environments for unrolled ciphers require protection against physical adversaries as well. Yet, recent works suggest that most common SCA countermeasures are hard to apply to low-latency circuits. Hardware masking, for example, requires register stages to offer resistance, thus adding delay and defeating the purpose of unrolling. On another note, it has been indicated that unrolled primitives without any additional means of protection offer an intrinsic resistance to SCA attacks due to their parallelism, asynchronicity and speed of execution. In this work, we take a closer look at the physical security properties provided by unrolled cryptographic IC implementations. We are able to confirm that the nature of unrolling indeed bears the potential to decrease the susceptibility of cipher implementations significantly when reset methods are applied. With respect to certain adversarial models, e.g., ciphertext-only access, an amazingly high level of protection can be achieved. While this seems to be a great result for cryptographic hardware engineers, there is an attack vector hidden in plain sight which still threatens the security of unrolled implementations remarkably – namely the static power consumption of CMOS-based circuits. We point out that essentially all reasons which make it hard to extract meaningful information from the dynamic behavior of unrolled primitives are not an issue when exploiting the static currents for key recovery. Our evaluation is based on real-silicon measurements of an unrolled PRINCE core in a custom 40nm ASIC. The presented results serve as a neat educational case study to demonstrate the broad differences between dynamic and static power information leakage in the light of technological advancement.
Video from TCHES 2020
BibTeX
@article{tches-2020-30560,
  title={Unrolled Cryptography on Silicon: A Physical Security Analysis},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2020, Issue 4},
  pages={416-442},
  url={https://tches.iacr.org/index.php/TCHES/article/view/8689},
  doi={10.13154/tches.v2020.i4.416-442},
  author={Thorben Moos},
  year=2020
}