Security evaluation of WDDL and SecLib countermeasures against power attacks

Sylvain Guilley; Laurent Sauvage; Philippe Hoogvorst; Renaud Pacalet; Guido Marco Bertoni; Sumanta Chaudhuri

doi:10.1109/TC.2008.109

Security evaluation of WDDL and SecLib countermeasures against power attacks

Sylvain Guilley, Laurent Sauvage, Philippe Hoogvorst, Renaud Pacalet, Guido Marco Bertoni, Sumanta Chaudhuri

Research output: Contribution to journal › Article › peer-review

Abstract

Power-constant logic styles are promising solutions to counter-act side-channel attacks on sensitive cryptographic devices. Recently, one vulnerability has been identified in a standard-cell based power-constant logic called WDDL. Another logic, nicknamed SecLib, is considered and does not present the flaw of WDDL. In this paper, we evaluate the security level of WDDL and SecLib. The methodology consists in embedding in a dedicated circuit one unprotected DES co-processor along with two others, implemented in WDDL and in SecLib. One essential part of this article is to describe the conception of the cryptographic ASIC, devised to foster side-channel cryptanalyses, in a view to model the strongest possible attacker. The same analyses are carried out successively on the three DES modules. We conclude that, provided the backend of the WDDL module is carefully designed, its vulnerability cannot be exploited by the state-of-the-art attacks. Similarly, the SecLib DES module resists all assaults. However, using a principal component analysis, we show that WDDL is more vulnerable than SecLib. The statistical dispersion of WDDL, that reflects the correlation between the secrets and the power dissipation, is proved to be an order of magnitude higher than that of SecLib.

Original language	English
Pages (from-to)	1482-1497
Number of pages	16
Journal	IEEE Transactions on Computers
Volume	57
Issue number	11
DOIs	https://doi.org/10.1109/TC.2008.109
Publication status	Published - 22 Oct 2008

Keywords

Back-end-level countermeasures
Differential power analysis
SecLib
Secured logic style
Side-channel attacks
WDDL

Access to Document

10.1109/TC.2008.109

Cite this

@article{7b3b8791ef674590865c1a59af191a2f,

title = "Security evaluation of WDDL and SecLib countermeasures against power attacks",

abstract = "Power-constant logic styles are promising solutions to counter-act side-channel attacks on sensitive cryptographic devices. Recently, one vulnerability has been identified in a standard-cell based power-constant logic called WDDL. Another logic, nicknamed SecLib, is considered and does not present the flaw of WDDL. In this paper, we evaluate the security level of WDDL and SecLib. The methodology consists in embedding in a dedicated circuit one unprotected DES co-processor along with two others, implemented in WDDL and in SecLib. One essential part of this article is to describe the conception of the cryptographic ASIC, devised to foster side-channel cryptanalyses, in a view to model the strongest possible attacker. The same analyses are carried out successively on the three DES modules. We conclude that, provided the backend of the WDDL module is carefully designed, its vulnerability cannot be exploited by the state-of-the-art attacks. Similarly, the SecLib DES module resists all assaults. However, using a principal component analysis, we show that WDDL is more vulnerable than SecLib. The statistical dispersion of WDDL, that reflects the correlation between the secrets and the power dissipation, is proved to be an order of magnitude higher than that of SecLib.",

keywords = "Back-end-level countermeasures, Differential power analysis, SecLib, Secured logic style, Side-channel attacks, WDDL",

author = "Sylvain Guilley and Laurent Sauvage and Philippe Hoogvorst and Renaud Pacalet and Bertoni, \{Guido Marco\} and Sumanta Chaudhuri",

year = "2008",

month = oct,

day = "22",

doi = "10.1109/TC.2008.109",

language = "English",

volume = "57",

pages = "1482--1497",

journal = "IEEE Transactions on Computers",

issn = "0018-9340",

number = "11",

}

TY - JOUR

T1 - Security evaluation of WDDL and SecLib countermeasures against power attacks

AU - Guilley, Sylvain

AU - Sauvage, Laurent

AU - Hoogvorst, Philippe

AU - Pacalet, Renaud

AU - Bertoni, Guido Marco

AU - Chaudhuri, Sumanta

PY - 2008/10/22

Y1 - 2008/10/22

N2 - Power-constant logic styles are promising solutions to counter-act side-channel attacks on sensitive cryptographic devices. Recently, one vulnerability has been identified in a standard-cell based power-constant logic called WDDL. Another logic, nicknamed SecLib, is considered and does not present the flaw of WDDL. In this paper, we evaluate the security level of WDDL and SecLib. The methodology consists in embedding in a dedicated circuit one unprotected DES co-processor along with two others, implemented in WDDL and in SecLib. One essential part of this article is to describe the conception of the cryptographic ASIC, devised to foster side-channel cryptanalyses, in a view to model the strongest possible attacker. The same analyses are carried out successively on the three DES modules. We conclude that, provided the backend of the WDDL module is carefully designed, its vulnerability cannot be exploited by the state-of-the-art attacks. Similarly, the SecLib DES module resists all assaults. However, using a principal component analysis, we show that WDDL is more vulnerable than SecLib. The statistical dispersion of WDDL, that reflects the correlation between the secrets and the power dissipation, is proved to be an order of magnitude higher than that of SecLib.

AB - Power-constant logic styles are promising solutions to counter-act side-channel attacks on sensitive cryptographic devices. Recently, one vulnerability has been identified in a standard-cell based power-constant logic called WDDL. Another logic, nicknamed SecLib, is considered and does not present the flaw of WDDL. In this paper, we evaluate the security level of WDDL and SecLib. The methodology consists in embedding in a dedicated circuit one unprotected DES co-processor along with two others, implemented in WDDL and in SecLib. One essential part of this article is to describe the conception of the cryptographic ASIC, devised to foster side-channel cryptanalyses, in a view to model the strongest possible attacker. The same analyses are carried out successively on the three DES modules. We conclude that, provided the backend of the WDDL module is carefully designed, its vulnerability cannot be exploited by the state-of-the-art attacks. Similarly, the SecLib DES module resists all assaults. However, using a principal component analysis, we show that WDDL is more vulnerable than SecLib. The statistical dispersion of WDDL, that reflects the correlation between the secrets and the power dissipation, is proved to be an order of magnitude higher than that of SecLib.

KW - Back-end-level countermeasures

KW - Differential power analysis

KW - SecLib

KW - Secured logic style

KW - Side-channel attacks

KW - WDDL

U2 - 10.1109/TC.2008.109

DO - 10.1109/TC.2008.109

M3 - Article

AN - SCOPUS:54049144710

SN - 0018-9340

VL - 57

SP - 1482

EP - 1497

JO - IEEE Transactions on Computers

JF - IEEE Transactions on Computers

IS - 11

ER -

Security evaluation of WDDL and SecLib countermeasures against power attacks

Abstract

Keywords

Access to Document

Fingerprint

Cite this