



This work was supported in part by National Science Foundation (CCR-0098361), UC-Micro 02-079 and 03-088, Panasonic Foundation, SUN Microsystems, Atmel corporation and the Fannie and John Hertz Foundation



## Outline

- Side-channel attacks
- IC system architecture
- Resisting DPA attacks
  - Secure digital design flow
- Prototype IC
  - Insecure coprocessor as benchmark
  - DPA resistance experimental results
- Conclusions



























## Results

| Parameter                               | Unprotected AES | Protected AES     |
|-----------------------------------------|-----------------|-------------------|
| Gate Count (eq. gates) [K]              | 79              | 245               |
| Area [mm <sup>2</sup> ]                 | 0.79            | 2.45              |
| Maximum Frequency (@1.8V) [MHz]         | 330.0           | 85.5 <sup>*</sup> |
| Maximum Throughput (@1.8V) [Gb/s]       | 3.84            | 0.99              |
| Power Consumption (@1.8V, 50 MHz) [mW]  | 54              | $200^{\dagger}$   |
| Measurements to Disclosure <sup>‡</sup> |                 |                   |
| min                                     | 320             | 21,185            |
| mean                                    | 2,133           | 255,391           |
| max                                     | 8,168           | 1,276,186         |
| Key bytes not found (@1.5M Meas.)       | n/a             | 5                 |

<sup>‡</sup>Based on correctly guessed key bytes

Kris Tiri CHES 2005, 09/01/05

8

16



