research article asynchronous advanced encryption standard...

Research ArticleAsynchronous Advanced Encryption StandardHardware with Random Noise Injection for ImprovedSide-Channel Attack Resistance

Siva Kotipalli1 Yong-Bin Kim2 and Minsu Choi3

1 Samsung Electronics Austin TX 78754 USA2Department of Electrical and Computer Engineering Northeastern University Boston MA 02115 USA3Department of Electrical and Computer Engineering Missouri University of Science amp Technology Rolla MO 65409 USA

Correspondence should be addressed to Minsu Choi choimmstedu

Received 18 February 2014 Revised 22 May 2014 Accepted 22 May 2014 Published 20 July 2014

Academic Editor Sos Agaian

Copyright copy 2014 Siva Kotipalli et al This is an open access article distributed under the Creative Commons Attribution Licensewhich permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

This work presents the design hardware implementation and performance analysis of novel asynchronous AES (advancedencryption standard) Key Expander and Round Function which offer increased side-channel attack (SCA) resistance Thesedesigns are based on a delay-insensitive (DI) logic paradigm known as null convention logic (NCL) which supports usefulproperties for resisting SCAs including dual-rail encoding clock-free operation and monotonic transitions Potential benefitsinclude reduced and more uniform switching activities and reduced signal-to-noise (SNR) ratio A novel method to furtheraugment NCLAES hardware with random voltage scaling technique is also presented for additional securityThereby the proposedcomponents leak significantly less side-channel information than conventional clocked approaches To quantitatively verify suchimprovements functional verification and WASSO (weighted average simultaneous switching output) analysis have been carriedout on both conventional synchronous approach and the proposed NCL based approach using Mentor Graphics ModelSim andXilinx simulation tools Hardware implementation has been carried out on both designs exploiting a specified side-channel attackstandard evaluation FPGA board called SASEBO-GII and the corresponding power waveforms for both designs have beencollected Along with the results of software simulations we have analyzed the collected waveforms to validate the claims relatedto benefits of the proposed cryptohardware design approach

1 Introduction

Advanced encryption standard (AES) is the most widelyused symmetric-key algorithm standard in different securityprotocols [1] Originally the algorithm was called Rijndaelbut after its selection as the candidate for AES due to itsmerits it gained popularity It is used by hundreds of millionsof users worldwide to protect security in various applicationsAES was conceived as reliable in providing security for datauntil researchers proved that side-channel attacks (SCA)weresuccessful in compromising its security Since the discoveryof various efficient SCAs such as power analysis and EM(electromagnetic) analysis researchers have started exploringdifferent approaches to design countermeasures

Wave dynamic differential logic (WDDL) [2] and senseamplifier based logic (SABL) [3] are some of the previouslyproposed countermeasures of synchronous category Butboth of these approaches suffer from timing related issuesthat could leak side-channel information Wu et al [4]proposed an asynchronous S-box design that proved to bepower efficient and side-channel attack resistant Sui et al[5] proposed a design approach that combines S-box designwith random dynamic voltage scaling (RDVS) to boost SCAresistance to a greater extent

This paper proposes a scalable asynchronous AES KeyExpander and Round Function designs that incorporate themerits of null convention logic (NCL) and random voltagescaling In this work these two modules are then utilized to

Hindawi Publishing CorporationJournal of Electrical and Computer EngineeringVolume 2014 Article ID 837572 13 pageshttpdxdoiorg1011552014837572

2 Journal of Electrical and Computer Engineering

design a NCL based subset of the AES cryptosystem Thereason for calling it a subset is that in an actual AES thetwo modules are utilized iteratively But for the cryptosystemsubset discussed in this work we utilize the twomodules onlyfor a single iteration for verification purposes

This work has multiple contributions in improving SCAresistance of cryptohardware as follows

(1) the proposed approach contributes to a uniformand reduced switching activity in cryptosystem andthereby curtail the leaked power and improve resis-tance against power analysis SCA

(2) the anticipated improved switching profile also trans-lates to uniform and reduced EM radiation side-channel information emanating from cryptosystemand boosts the resistance of cryptosystem against EMSCA [6]

(3) the proposed Key Expander and Round Functiondesigns allow easy scaling for implementing entireAES algorithm of any of the following variantsmdash128192 or 256 bits

(4) they can also be easily scaled and implemented for dif-ferent modes of AES like electronic codebook (ECB)cipher feedback (CFB) and cipher block chaining(CBC) modes

(5) both proposed designs incorporate a power efficientNCL combinational substitution box design whichprovides power benefits when compared to the con-ventional approach

(6) the proposed design can also be effectively coupledwith STRVDS (spatial temporal random dynamicvoltage scaling) technique to intentionally inject ran-dom noise for even higher SCA resistance

The rest of the paper is arranged as follows Section 2gives a background of AES NCL and vulnerabilities ofsynchronous AES which are essential in understanding theproposed design techniques Section 3 details the influence ofswitching activity on SCA Section 4 describes the proposedNCL AES Key Expander Section 5 describes the proposedNCL AES Round Function The proposed STRDVS noiseinjection technique for NCL cryptohardware is discussed inSection 6 Section 7 discusses the results which include thefunctional verification WASSO analysis hardware imple-mentation and power trace analysis for both conventionaland proposed designs This is finally followed by conclusionand future work

2 Preliminaries and Review

21 Advanced Encryption Standard The AES algorithm isa symmetric block cipher that processes data blocks of128 bits using cipher keys of three different lengths 128 192or 256 bits Its operations are performed on the State TheState is a two-dimensional array of bytes which contains thePlaintext consisting of four rows and119873119887 columns where119873119887is the block length divided by 32 Similarly the Key Scheduleis a two-dimensional array of bytes which contains the Key

At the start of the cipher operation input Plaintext iscopied to the State and input Key is copied to the KeySchedule After an initial Round Key addition the State istransformed by a Round Function implemented 119873119903 timesThis number depends on the key length119873119903 = 10 for 128 bits119873119903 = 12 for 192 bits and119873119903 = 14 for a key length of 256 bits

Figure 1 shows the two main components of AES KeyExpander and Round Function have four basic byte-orientedtransformations each which are applied to the Key Scheduleand the State respectively

22 Vulnerability of Synchronous AES Hardware DesignCryptographic algorithms including AES have been usedin many applications which require high security To sat-isfy these security requirements various publicprivate-keyalgorithms have been proposed and hardware models aredesigned for encryption and decryption processes Howeverwithout proper hardware implementation these algorithmsand models are still vulnerable to side-channel attacks [7ndash9] Differential power analysis (DPA) is one good exam-ple of side-channel attack where a series of power tracesis intentionally collected for a set of input Plaintexts (orciphertexts) and statistically analyzed to reveal the privatekey or significantly narrow down the key search space [78 10 11] The statistical nature of DPA makes it harder tocounteract since extremely small deviations in power can beaccumulated and amplified to locate power peaks and thesecret key can still be attacked Even more powerful CPA(correlation power analysis) attack has been also recentlygaining attentions [12]

Just as the power consumption of CMOS devices is data-dependent the electromagnetic radiation emanating from acryptosystem is also data-dependent This data-dependentradiation is again the origin of side-channel informationleakages The leaked side-channel information is analyzed bymeans of electromagnetic analysis (EMA) which measureselectromagnetic fields near cryptographic device [6] and usesthis data to compromise the security But if we can curtail theleakage of side-channel information we can thereby makeit difficult for the attacker to have sufficient informationto identify the segments in the power waveform and EMradiation We can secure the cryptosystem more effectivelyagainst these power analysis and EMA SCA

23 Null Convention Logic (NCL) NCL is a delay-insensitive(DI) logic design paradigm The delay insensitivity of NCLcircuits is achieved by dual-rail and quad-rail logic [13] Adual-rail signal can effectively represent four states Out ofthem the three valid states are DATA0 DATA1 and NULLThe fourth state in which both rails are asserted is consideredas an illegal state The valid data states DATA0 and DATA1correspond to Boolean logic 0 Boolean logic 1 respectivelyThe control signal NULL is used for asynchronous hand-shaking The clock-free operation is implemented via thetwo delay-insensitive registers located on either side of thecombinational circuit and the local handshaking signals

Themain benefit ofNCL is thatmore uniformpower con-sumption signature can be achieved since the signals are

Journal of Electrical and Computer Engineering 3

PlaintextInput Key AddRoundKey SubBytes

ShiftRows

MixColumns

AddRoundKey Round Function

RoundFunction

output

RotateWord

SubWord

Round constant

XOR

Round Key

KeyExpander

Figure 1 Block diagram of AES Round Function with Key Expander

implemented by two complementary wires Furthermoredue to delay-insensitive nature these DI circuits adhere tomonotonic transitions between DATA and NULL so thereis no glitching unlike clocked Boolean circuits that producesubstantial glitch power and information leakage resultingfrom glitching DI systems better distribute switching overtime and area reducing the switching activity peak powerdemand and system noise unlike clocked Boolean circuitswhere much of the circuitry switches simultaneously atthe clock edge Another important potential of NCL is itinherently allows intentional noise injection by randomizingtiming of switching activities to further reduce the side-channel information leakage The downside is it generallyincurs area and wire overhead

3 Influence of Switching Activity on SCA

31 Role of Switching Activity on Power Analysis SCA Thedynamic power consumption of CMOS gates is particularlyrelevant from a side-channel point of view since it determinesa simple relationship between a devicersquos internal data and itsexternally observable power consumption It can be writtenas

119875dyn = 119860 sdot 119862119871 sdot 1198812

dd sdot 119891 (1)

In (1) 119875dyn is the power consumed 119860 is the switchingactivity factor 119862119871 is the switched capacitance 119881dd is thesupply voltage and 119891 is the clock frequency This data-dependent power consumption is the origin of side-channelinformation leakages If we are able to reduce the switchingactivity factor 119860 in (1) that would directly translate todecreased dynamic power consumption Messerges et aldiscussed the role of SNR ratio in determining the successprobability of a DPA attack in [14] Consider

SNR =var (119875expl)var (119875noise)

(2)

Equation (2) can be used to estimate SNR [15] In thisequation var(119875expl) is the variance of exploitable componentof power consumption and var(119875noise) is the variance of noisecomponent By reducing this exploitable power information

119875expl we can lower the SNR ratioThe lower the SNR ratio thelower the leakage so performing the power analysis attackbecomes harder

32 Role of Switching Activity on EM SCA The switchingactivity also influences the EM radiation leaked from thecryptosystem The voltage fluctuation caused by groundbounce can be expressed as [6]

Δ119881 = 119871eff sdot 119872 sdot119889119868

119889119905 (3)

In this equation 119871eff is the effective parasitic inductance119872 is the number of simultaneous switching outputs and119889119868119889119905 is the rate of change of the current So it is clear that ifwe are able to reduce the switching activity119872 we can reducethe information leakage due to Δ119881 as Δ119881 prop 119872

4 NCL AES Key Expander Design

The AES algorithm uses a Key Expander to calculate theRound Keys used in AddRoundKey stage of the RoundFunction The AES specification refers to this process as theKeyExpansion The motive behind the purpose of this unit isthat generating multiple keys from an initial key and using aunique key for each round instead of using the same key forall the rounds greatly increase the diffusion of bits For thisresearch we chose AES with a key size of 128 bits

The control unit for these NCL AES Key Expander andRound Function is shown in Figure 2 In this control unitthe input data which is in ordinary binary format is read andis converted into dual-rail inputs by single-rail to dual-railconverter 119870119900 is the output acknowledgement signal comingout of the NCLRound function andKey Expander It acts likeclock signal for the other units in the controllerThe converterand multiplexer (MUX) are controlled by 119870119900 When 119870119900 is 1it means NCL Round function and Key expander are readyfor NULL wavefront then MUX will send all 0rsquos to Plaintextand Input Key to nullify the NCL Key Expander and Roundfunction Otherwise MUX will select the dual-rail data thatis output from the converter The dual-rail ldquoInput Keyrdquo is fedas input to theNCLKey Expander and it generates the RoundKeys necessary for each encryption round of AES


Plaintext [128 0]

Plaintext [128 0]

Input Key [128 0]

Single-rail todual-rail

converter

feedback to

Reset

Control unit

256

256 256256

256256

256

0

0

MUX

ldquoDual-rail

ldquoDual-rail

ldquoDual-rail

Round Key [128 0]

Input Key [128 0]

NCL AESKey

Expander

To NCL AESRound Function

21

MUX21

Ko Ko KiKi

Figure 2 Block diagram of NCL AES control unit

The block diagram of the Key Expander architecture[16] is presented in Figure 3 The 1199080 1199081 1199082 and 1199083 arethe four columns of the Key Schedule The columns of theKey Schedule which have their index as a multiple of fourundergo the ldquoRSX steprdquo along with the XOR operation all theremaining columns undergo XOR operations to generate theRound Key As depicted in the figure Key Expander consistsof the following modules

RotateWord This operation accepts an array of 4 bytes androtates them 1 position to the leftTheRotWord function usedby KeyExpansion is very similar to the ShiftRows routineused by the encryption algorithm except that it works on asingle column of the Key Schedule instead of the rows of theState array

SubWord The SubWord routine performs a byte-by-bytesubstitution on a given row of the Key Schedule table usingthe NCL S-box The substitutions in KeyExpansion operateexactly like those in the SubBytes step of Round FunctionThe input byte to be substituted is fed as input to theNCL combinational S-box and this input then undergoesmultiplicative inversion in GF(28) and affine transformationduring encryptionWe employed the dual-rail combinationalNCL S-box proposed in [4] for this step as this design alreadyproved to be very power efficient and resistant to SCA Thearchitecture of the S-box and the block diagram of its internalmultiplicative inversion module are presented in Figures 4and 5

Round Constant Module This module uses an array Rconcalled the round constant table In the synchronous imple-mentation these round constants are 4 bytes each to matchwith a column of the Key Schedule table The AES Key-Expansion routine [1] requires 10 round constants one for

RSX

RSX

RSX

++++

++++

RotateWord

SubWord

XOR

Round constant

w1w0 w2 w3

w7

w9 w11w10w8

w4 w5 w6

Figure 3 Block diagram of AES Key Expander [16]

each round of the AES algorithm In our implementation weimplement this as an array of round constants represented indual-rail notation

XORModule In this module we perform the XOR operationbetween the columns of the Key Schedule with or without theround constant selected in previous step depending on thecolumnwhich is being calculated In order to realize this XORfunction in NCL we have to make use of NCL XOR functiondesigned using the NCL threshold gates

Unlike Boolean logic NCL has 27 fundamental thresholdgates to realize arbitrary logic [13] In order to achievethe input-completeness and observability it is important tochoose appropriate threshold gates For the design of NCLXOR function the sum-of-product (SOP) expressions are1198851= 11986011198610+11986001198611 and1198850 = 11986001198610+11986011198611They can be realized

by mapping them to THxor0 gates as shown in Figure 6However two transistors can be eliminated for each rail of 119885


Inverse affinetransformation

invaff out

MUX

MUX

mul in

Multiplicativeinversion in GF (28)

mul out

Affinetransformation

aff out

Encryption Decryption

Din

Dout

Figure 4 Combinational S-box architecture

(when using static gates) by realizing this same functionalityusing TH24comp gatesThis is done by adding the two do notcare terms representing the cases when both rails of either 119860or 119861 are simultaneously asserted

The new equations are 1198851 = 11986011198610 + 11986001198611 + 11986001198601 + 11986101198611and 1198850 = 11986001198610 + 11986011198611 + 11986001198601 + 11986101198611 The NCL XORfunction realized using these equations and TH24comp gatesis presented in Figure 7 and is used in our proposed designThis TH24comp based XOR offers a 10 reduction in thenumber of transistors required compared to the approachusing THxor0 gates

5 NCL AES Round Function

The top-level architecture of the proposed NCL AES RoundFunction design is presented in Figure 8 Controller for thismodule is presented previously in Figure 2 This control unittakes care of converting the ordinary Plaintext and Input Keyinto dual-rail notations The dual-rail ldquoInput Keyrdquo is fedas input to the NCL Key Expander and it generates theRound Key which along with the dual-rail Plaintext from thecontroller is fed to the AES Round Function

The NCL AES Round Function consists of the followingfour steps which are performed sequentially

(1) NCL SubBytes In this transformation each dual-rail byteof the State matrix is substituted independently by another

a8

Map

ah aI

4 4

44

MM

MM MM

XOR

XOR

XOR

ah998400 aI998400

Map998400

8

aminus1

and2 and2

GF(28) inversion

andminus1

MMe

Figure 5 Block diagram of multiplicative inversion over GF(28)where MM is modular multiplication unit

THxor0

THxor0

A1

A0

B1

B0

Z1

Z0

Figure 6 NCL XOR function using THxor gates


A1

A0

B1

B0

Z1

Z0

TH24comp

TH24comp

Figure 7 NCL XOR function using TH24comp gates

one which is computed by the NCL S-box The S-box is a keyelement in the AES architecture as it significantly influencesthe security power consumption and throughput of the AEShardware We are using the dual-rail combinational NCL S-box proposed in [4] for this step as this design already provedto be very power efficient and resistant to SCA

(2) NCL ShiftRows The NCL ShiftRow transformation func-tion performs byte transposition of all dual-rail NCL signalsby using circular shifting where each row of dual-rail State isrotated cyclically to left using 0- 1- 2- and 3-byte offsets forencryption

(3) NCL MixColumns In this transformation each columnof the dual-rail State matrix is multiplied by a circulant max-imum distance separable matrix This MixColumns functiontakes four dual-rail bytes as inputs and four dual-rail bytes asoutputs where each input byte affects all four output bytesThe multiplication of the State array element with 2 in thedual-rail domain is realized by 1-bit left shift of dual-railsignals followed by a conditional NCL XOR operation Themultiplication with 3 is implemented in a similar fashion butit involves an additional NCL XOR operation

(4) NCL AddRoundKey AddRoundKey transformation per-forms a byte level dual-rail XOR operation on the dual-railoutput of MixColumn and corresponding dual-rail RoundKey

6 Spatial Temporal Random DynamicVoltage Scaling (STRDVS) Augmentationof NCL AES for Higher SCA Resistance

Recently Yang et al [17] applied randomdynamic voltage andfrequency scaling (RDVFS) to synchronous cryptoprocessors

to enhance resistance against side-channel attacks By ran-domly changing the supply voltage ldquonoiserdquo can be injectedinto the power trace making the attack more difficultThe clock frequency changes with different supply voltagesto avoid timing violation However since the circuits aresynchronous the change in clock frequency can be easilyobserved in the power trace and using certain hypothesis thevoltage corresponding to the frequency can also be obtainedAs such the attack can still be successful To alleviate theproblem [18] proposes to use random DVS (RDVS) onlywithout changing the clock frequency However the tighttiming constraint gives little room to do the voltage scaling

It is obvious that the security enhancement highlydepends on how much ldquonoiserdquo can be injected this in turndepends on how much room is available for the voltagescalingWe argue that RDVS ismore suitable for QDI designsfor two reasons First there will be no timing constraint asin the synchronous or bounded-delay counterparts leavingmore room for voltage scaling Second since there is no clocksignal fewer gates will switch simultaneously and thus thepower supply noise is reduced Accordingly the noise marginis increased providing even more room for voltage scaling

Different from [17 18] in addition to changing thesupply voltage randomly over time (temporal randomness)we propose to supply different random voltages over differentregions in the chip (spatial randomness) Since NCL is self-timed and event-driven difference in latencies among theregions caused by STRDVS is inherently tolerated unlikethe clocked counterpart Such spatial and temporal RDVS(STRDVS) in NCL will maximize the noise injected and thusthe resistance to side-channel attacks

Spatial and temporal random dynamic voltage scaling(STRDVS) is especially suitable for delay-insensitive designsto provide additional resistance to side-channel attack and tofurther reduce the power consumption as a byproduct [19]The reason for QDI circuits to still have vulnerabilities is theimbalanced load capacitances between the two rails of a sig-nal Although the total number of switching is independent ofdata pattern the switching activities between the two rails aredifferent For example passing consecutive DATA1s makesRail1 switch all the time while passing consecutive DATA0smakes Rail0 switch all the time Since most likely the tworails drive different loads power is still imbalanced acrossdata patterns and is still coupled with data being processed Anumber of literature proposed various techniques to mitigatethis problem

61 Leveraging TRNG for the Proposed STRDVS NCL Crypto-hardware TRNG (true random number generator) is widelyused for designing hardware systems for secure applicationssuch as secure wireless communications electronic financialtransactions smart cards mobile computing and secureRFID Unlike PRNG (pseudorandom number generator)which always gives the samenumber sequence for a particularseed state (ie thereby less secure) TRNG are based onmicroscopic phenomena that generate a low-level statisti-cally random ldquonoiserdquo signal with high information entropy[20] such as thermal noise oscillator drift the photoelectric


Plaintext [128 0]

256256

256 256

ldquoDual-rail

ldquoDual-rail

Input Key [128 0]

NCL AESKey

Expander

ldquoDual-rail

ldquoDual-rail

RoundKey [128 0]

Reset

Controlunit

NCL AES RoundFunction

RoundFunc op [128 0]

Ko

Ki

Figure 8 Block diagram of NCL AES Round Function top-level architecture

effect or other quantum phenomena [21] There exist vari-ous TRNG designs for hardware implementation purposesincluding ones that are reported in [22ndash30] One goodexample is TRNG1 IP (intellectual property) core by IPCoresInc [31] TRNG1 features a high entropy source (ie either128 or 256 bits) and satisfies Federal Information ProcessingStandard (FIPS) Publication 140-2 Annex C (ie ldquoapprovedrdquorandom number generator) from the US National Instituteof Standards and Technology (NIST) [32] and passes therequirements of the NIST SP 800-22 test suite [33]

TheproposedNCLAES components leverage aTRNG forthe proposed STRDVS technique for even higher resistanceover SCA by intentionally injecting noise Since TRNGalready exists in most secure HW systems it is not anoverhead to the proposed design

62 SpatialTemporal Randomness amp Granularity of STRDVSThe entire circuit is divided into several regions and differentrandomly generated voltage control signals from TRNG aresupplied to dynamically scale the voltage level in each regionSince NCL is asynchronous and event-driven difference inlatencies among the regions caused by STRDVS is inherentlytolerated unlike the clocked counterpart For example sup-pose the entire circuit is divided into 56 voltage regions witheight dynamically scaling voltage levels Then each regionwill need a 3-bit randomly-generated voltage control signalAccordingly the 8-bit random number generator can yield1198628

3= 56 different random control signals for 56 regions As

such the temporal randomness can be achievedFigure 9 shows a gated signal from TRNG controlling

the supply voltage of a STRDVS region as an example Inorder for STRDVS to enhance side-channel attack resistancethe power difference due to the change in supply voltage(ie for the same input bit) must be comparable with thepower difference due to the change in input bit (ie forthe same supply voltage) As such the correlation betweenthe input data and the power consumption is substantiallyreducedThereby the difference in power traces can hardly beused to identify input switching However scaling down thevoltage has a direct impact on the latency of the processorAccordingly the lowest possible voltage that can keep thelatency of our NCL processor within the tolerable boundshould be determined at design time

With that determined we still need to determine twocritical parameters the number of voltage levels119870 (ie tem-poral granularity) and the number of voltage domains 119871 (ieregions with different supply voltages spatial granularity)Larger 119870 and 119871 can result in increased security as morenoise is injected into the power trace on the other handthey may also increase the area and design complexity As afuture work we will investigate the tradeoffs between areapower latency and security and find out the optimal settingof the parameters In addition a natural property of ourSTRDVS method is that the level of security is related tothe encryptiondecryption data rate a high data rate giveslittle room to perform voltage scaling and thus little room toimprove the security It will also be interesting to see a tradeoffcurve between the encryptiondecryption data rate and thelevel of security

7 Experimental Verification ofthe Proposed Design

71 Functional Verification of the Proposed Design The con-ventional synchronous implementation and the proposedNCLAES Key Expander andNCLAES Round Function havebeen implemented in VHDL for a comparative study Thefunctional verification simulations of these designs have beenperformed with Mentor Graphics ModelSim The proposeddesigns have been functionally verified completely using alarge set of test vectors from [1] A sample set of test vectorsis presented in Figure 10 and the corresponding functionalverification results are presented in Figures 11 12 and 13

72 Weighted Average Simultaneous Switching Output(WASSO) Analysis WASSO tool is an utility of Xilinx PlanA-head suite that validates signal integrity of the device basedon the IO pin and bank assignments made in the design

This analysis gives a measure of the amount of simultane-ous switching occurring in the design So we used this anal-ysis to determine the variation in switching activity acrossboth AES Round Function designs The results obtainedwere plotted and presented in Figure 14The implementationplatform chosen for carrying out WASSO analysis is XilinxVirtex-5 FPGA As switching activity directly depends on


Transient response60

50

40

30

20

10

0

minus10

525

50

475

45

425

40

375

35

325

30

0 05 10 15 20 25 30

Time (us)

0 05 10 15 20 25 30

Time (us)

(a)

(b)

V(V

)V

(V)

CLK

Output

Figure 9 Waveforms of the gated signal from TRNG (a) to generate temporal randomness in the final supply voltage ranging from 325V to50V at 025V resolution (b)

Plaintext

CiphertextKey

3243F6A8885A308d313198A2E0370734

A49C7FF2689F352B6B5BEA43026A5049

2B7E151628AED2A6ABF7158809CF4F3C

Figure 10 A set of sample AES test vectors used for Figures 11sim13

the number of simultaneously switching outputs switchingactivity can be reduced if SNR gets reduced

From Figures 14(a) and 14(b) it can be observed thatthe switching activity in the proposed design is lessened toa considerable extent and is also more uniform as comparedto its synchronous counterpart This reduction decreasesthe amount of unintentionally leaked information and theuniformity makes it more difficult to exploit the remainingleaked information to carry out SCAs

73 Effects of Switching Activity on Signal-to-Noise RatioAccording to (2) it is clear that SNR is directly proportionalto var(119875expl) The 119875expl is a combination of two quantities119875oprn and 119875data But var(119875oprn) is zero as we are consideringa DPA attack in which we perform the same operation

Figure 11 Functional verification result for synchronous design

again and again but with different input data So var(119875expl)becomes equal to var(119875data)The119875data is data-dependent and isa function of switching activity So the reduction of switchingactivity observed from WASSO simulations will translateinto reduction of 119875data of all the points on the power traceThis overall reduction of 119875data will translate into reduction ofvar(119875expl) and consequently reduction of SNR


Figure 12 Functional verification result for the proposed NCLbased Key Expander design

Figure 13 Functional verification result for the proposed NCLbased Round Function design

Additionally as discussed previously power consump-tion of a cryptosystem is heavily dependant on Hammingweight of data it processes Due to this equal Hammingweights of all inputs in our proposed design will enable ourNCL design to maintain a uniform power consumption andthereby a uniform SNR on power trace Thus the proposeddesign enables the cryptosystem to have a reduced anduniform SNR which is a key element for enhancing security

By using the switching activity results we performedparametric simulations and plotted SNR of NCL design incomparison to the synchronous approachThese approximateresults are presented in Figure 15(a) Using this SNR dataFigure 15(b) shows how variation in SNR influences numberof traces that an attacker must collect to perform a successfulDPA attack As SNR ratio decreases performance of this NCLbased approach keeps getting better So this is the advantageof employing NCL for cryptosystem design

74 Power Benefits In AES implementations the SubBytestransformation which entirely depends on the S-box is themost crucial factor deciding the energy performance of theAES itself More than 50 of entire power is dependent onthis step [34ndash36] Due to the use of novel NCL S-box designwe achieve a 22 reduction in power consumption [4] atthis SubBytes step So this reduction will cause significantimprovement in the energy efficiency of the proposed NCLbased design approach

75 Hardware Implementation and Power Trace AnalysisIn the previous section the performance of our proposeddesign was evaluated using software simulations Howeverto get a more accurate performance analysis simulationson the hardware implementation are necessary In this sec-tion we discuss in detail the procedure used for hardwareimplementation experiment of the proposed design and thesynchronous AES Additionally we present the power tracedata obtained from the powermeasurements on the hardwareimplementations and discuss the variations between thisobtained data for the two designs Figure 16 shows theside-channel attack standard evaluation board (SASEBO-GII board) [37] that is used as the basic platform in thisexperiment

The reason for choosing this FPGA board as a platformfor hardware implementation is that this board has beenspecifically designed for security evaluation of cryptographiccircuits and for the purpose of side-channel attack experi-ments There are two FPGA cores in this board that can beutilized The first FPGA is a cryptographic FPGA which is aXilinx Virtex-5 series FPGA The second one is the controlFPGA which is a Spartan-3A series FPGA These FPGAs areconnected through a general-purpose inputoutput commonbusThe AES Round Function and Key Expander circuits areimplemented in the cryptographic FPGA and the configu-ration circuit is programmed into the configuration FPGAThe purpose of separating these two circuits is to preventthe power trace of the configuration circuit from interferingwith the power trace of the cryptographic circuit so that themeasurements of power traces which decide the resistance ofthe design to power analysis attacks can be done fairly

For the purpose of power trace measurement shuntresistors are present on FPGA board which utilize core119881DD andor ground lines of cryptographic FPGA to give anaccurate measurement of the cryptographic FPGA powerconsumption These measurements can be captured by anoscilloscope via a voltage probe

Figure 17 presents the experimental setup used for powertrace analysis For making a qualitative comparison in termsof security between the quality of power traces of theconventional design and the proposedNCLdesign we supplya set of three inputs to both designs As the same inputsare applied to both designs this enables us to evaluate theperformance of different circuits to the same input data

If we are able to prove that the following two featuresof the power trace are true for NCL based design then wecan conclude that the proposed approach enhances securityThey are as follows (1) The power trace is more uniformcompared to synchronous design for the same input and (2)the power trace of NCL based approach exhibits a higherdegree of similarity between all the three different inputcases as compared to the similarity exhibited by synchronousapproach

So in order to perform a qualitative comparison weapplied a series of three Plaintexts which are shown inFigure 18 to both cryptosystem designs and encrypted it withthe same key Then we recorded the power traces for eachof these cases for both designs and compared their quality interms of securityThe results are presented in Figures 19 to 24


Synchronous designNCL based design

40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18

Individual FPGA IO banks

(a) Individual Banks

Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18

FPGA IO bank-neighbors

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors

Figure 14 WASSO utilization plots for individual banks and neighbors

SNR

valu

e


SNR of synchronous design

12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10

(a) Relative decrease in SNR


SNR

ratio

Number of traces

(b) Relative increase in difficulty for performing DPA

Figure 15 Comparison of SNR and difficulty of performing successful DPA for both designs

From Figures 20 22 and 24 we can clearly see that thepower waveforms look considerably similar for the proposeddesign in all the three cases even when the input Plaintextis different But on the contrary for synchronous designfrom Figures 19 21 and 23 we can see that the power tracehas clear variations between the three cases as representedby ovals These variations as discussed previously can beeffectively exploited to compromise security But in case ofproposed design we do not see any clear variations betweenthe three traces In addition to the lack of these variations

in the proposed design we can also see that the waveformsare far more uniform as compared to their synchronouscounterparts

So with this increased uniformity and with high degreeof similarity between power traces for different Plaintextswe can conclude that security is improved to a considerableextent due to inherent benefits of NCL

Figure 25 shows the power trace corresponding toNULL-DATA wavefronts in the hardware implemented designFigure 26 presents the propagation delay in the hardware


Figure 16 Side-channel attack standard evaluation FPGA board(SASEBO-GII)

Figure 17 Experimental setup for power trace measurement

Plaintext 1Plaintext 2Plaintext 3Key

3243F6A8885A308d313198A2E03707343243F6A8885A308d313198A2E03707353243F6A8885A308d313198A2E03707362B7E151628AED2A6ABF7158809CF4F3C

Figure 18 Plaintexts and Key used for power trace analysis

Figure 19 Power trace of synchronous cryptosystem for Plaintext 1

Figure 20 Power trace of asynchronous cryptosystem forPlaintext 1 (DATA)


Figure 22 Power race of asynchronous cryptosystem for Plaintext 2(DATA)




DATA 1 DATA 2 DATA 3

D6

D5

D4

D3

NULL NULL NULL NULL

Figure 25 Power traces of NULL-DATA wavefronts in hardwareimplementation of proposed design

D6

D5

D4

D3

Figure 26 Propagation delay in NCL based design

implementation of the proposed design After the input isapplied output arrives after 40 ns

8 Conclusion and Future Work

A novel asynchronous design approach for the two maincomponents of AES which are the Key Expander and Roundfunction is reported and validated in this workThis researchis being used as the basis for a research project that aims totape out a silicon chip of NCL AES design which can beused to carry out more performance evaluation experimentsContrary to the existing countermeasures which do not targetthe source of SCA problem and try to find solutions inlater stages the proposed approach combines the merits of(1) NCL design paradigm for balanced switching profileand event-driven operation and (2) spatialtemporal randomdynamic voltage scaling (STRDVS) for injecting randomnoise to mitigate the source of the SCA problem which isside-channel information leakage In addition to providingpower analysis SCA resistance our approach also enhancesresistance to EMA SCAs Qualitative comparisons betweenthe proposed approach and the traditional synchronousdesign have been conducted to verify merits of the proposeddesign Both software simulation and hardware implementa-tion results validate the effectiveness and correctness of ourapproach In the future the efficacy of the proposed design

approach and its augmentation with STRDVS technique willbe evaluated by performing an actual side-channel attack likethe DPA or correlation power analysis (CPA)

Conflict of Interests

The authors declare that there is no conflict of interestsregarding the publication of this paper

References

[1] NIST Advanced Encryption Standard (AES) FIPS PUB 197National Institute of Standards and Technology 2001

[2] K Tiri and I Verbauwhede ldquoA dynamic and differential CMOSlogic style to resist power and timing attacks on security ICsrdquoACR Eprint Archive Report vol 66 p 2004 2004

[3] K Tiri and I Verbauwhede ldquoA logic level design methodologyfor a secure DPA resistant ASIC or FPGA implementationrdquoin Proceedings of the Design Automation and Test in EuropeConference and Exhibition (DATE rsquo04) vol 1 pp 246ndash251 IEEEComputer Society February 2004

[4] J Wu Y Kim and M Choi ldquoLow-power side-channel attack-resistant asynchronous S-box design for AES cryptosystemsrdquo inProceedings of the 20th Symposium on Great Lakes Symposiumon VLSI pp 459ndash464 ACM Houston Tex USA May 2010

[5] C Sui J Wu Y Shi Y Kim and M Choi ldquoRandom dynamicvoltage scaling design to enhance security of NCL S-boxrdquo inProceedings of the 54th IEEE International Midwest Symposiumon Circuits and Systems (MWSCAS rsquo11) pp 1ndash4 August 2011

[6] T Sugawara Y Hayashi N Homma et al ldquoMechanism behindinformation leakage in electromagnetic analysis of crypto-graphicmodulesrdquo in Information SecurityApplications vol 5932of Lecture Notes in Computer Science pp 66ndash78 Springer 2009

[7] P Kocher J Jaffe and B Jun ldquoDifferential power analysisrdquo inAdvances in CryptologymdashCRYPTO rsquo99 pp 388ndash397 Springer1999

[8] T S Messerges E A Dabbish and R H Sloan ldquoExaminingsmart-card security under the threat of power analysis attacksrdquoIEEE Transactions on Computers vol 51 no 5 pp 541ndash5522002

[9] P N Fahn and P K Pearson ldquoIPA a new class of power attacksrdquoinCryptographic Hardware and Embedded Systems pp 173ndash186Springer New York NY USA 1999

[10] J Zhao J Han X Zeng A Li and Y Deng ldquoDifferential poweranalysis and differential fault attack resistant AES algorithm andits VLSI implementationrdquo in Proceedings of the 9th InternationalConference on Solid-State and Integrated-Circuit Technology(ICSICT rsquo08) pp 2220ndash2223 Beijing China October 2008

[11] A Abrial J Bouvier M Renaudin P Senn and P Vivet ldquoAnew contactless smart card IC using an on-chip antenna andan asynchronous microcontrollerrdquo IEEE Journal of Solid-StateCircuits vol 36 no 7 pp 1101ndash1107 2001

[12] P Kocher ldquoDesign and validation strategies for obtainingassurance in countermeasures to power analysis and relatedattacksrdquo in NIST Physical Security Testing Workshop HonoluluHawaii USA 2005

[13] S C Smith and J Di ldquoDesigning asynchronous circuits usingNULL convention logic (NCL)rdquo Synthesis Lectures on DigitalCircuits and Systems vol 4 no 1 pp 1ndash96 2009


[14] T SMesserges E A Dabbish and R Sloan ldquoExamining smart-card security under the threat of power analysis attacksrdquo IEEETransactions on Computers vol 51 no 5 pp 541ndash552 2002

[15] S Mangard E Oswald and T Popp Power Analysis AttacksRevealing the Secrets of Smart Cards vol 31 Springer NewYorkNY USA 2007

[16] A Kak ldquoLecture Notes on Computer and Network Securityby Avinash Kakrdquo 2012 httpsengineeringpurdueedukakcompsecNewLecturesLecture8pdf

[17] S Yang W Wolf N Vijaykrishnan D N Serpanos and Y XieldquoPower attack resistant cryptosystem design a dynamic voltageand frequency switching approachrdquo inProceedings of theDesignAutomation and Test in Europe (DATE rsquo05) pp 64ndash69 IEEEMunich Germany March 2005

[18] K Baddam and M Zwolinski ldquoEvaluation of dynamic voltageand frequency scaling as a differential power analysis coun-termeasurerdquo in Proceeding of the 20th International Conferenceon VLSI Design held jointly with 6th International Confer-ence on Embedded Systems (VLSID 07) Held jointly with 6thInternational Conference on Embedded Systems pp 854ndash862Bangalore India January 2007

[19] H Geng J Wu J Liu M Choi and Y Shi ldquoUtilizing randomnoise in cryptography where is the Tofurdquo in Proceedings of the30th IEEEACM International Conference on Computer-AidedDesign (ICCAD rsquo12) pp 163ndash167 November 2012

[20] Wikipedia ldquoEntropy (information theory)rdquo 2013 httpenwikipediaorgwikiShannon entropy

[21] ldquoHardware random number generatorrdquo 2013 httpenwikipe-diaorgwikiTRNG

[22] B Sunar W J Martin and D R Stinson ldquoA provably securetrue random number generator with built-in tolerance to activeattacksrdquo IEEE Transactions on Computers vol 56 no 1 pp 109ndash119 2007

[23] P Kohlbrenner andK Gaj ldquoAn embedded true randomnumbergenerator for FPGAsrdquo in Proceedings of the ACMSIGDA 12thACM International Symposium on Field-Programmable GateArrays (FPGA rsquo04) pp 71ndash78 ACM usa February 2004

[24] V Fischer and M Drutarovsky ldquoTrue random number gener-ator embedded in reconfigurable hardwarerdquo in CryptographicHardware and Embedded SystemsmdashCHES 2002 vol 2523 ofLecture Notes in Computer Science pp 415ndash430 SpringerBerlin Germany 2003

[25] T E Tkacik ldquoA hardware random number generatorrdquo inCryptographic Hardware and Embedded SystemsmdashCHES 2002pp 450ndash453 Springer 2003

[26] M Bucci L Germani R Luzzi A Trifiletti and M Vara-nonuovo ldquoA high-speed oscillator-based truly random numbersource for cryptographic applications on a smart card ICrdquo IEEETransactions on Computers vol 52 no 4 pp 403ndash409 2003

[27] C S Petrie and J A Connelly ldquoA noise-based ic randomnumber generator for applications in Cryptographyrdquo IEEETransactions on Circuits and Systems I FundamentalTheory andApplications vol 47 no 5 pp 615ndash621 2000

[28] B Jun and P Kocher The Intel Random Number GeneratorCryptography Research Inc white paper 1999

[29] P Hellekalek ldquoGood random number generators are (not so)easy to findrdquoMathematics and Computers in Simulation vol 46no 5-6 pp 485ndash505 1998

[30] B Barak R Shaltiel and E Tromer ldquoTrue random numbergenerators secure in a changing environmentrdquo inCryptographicHardware and Embedded SystemsmdashCHES rsquo03 pp 166ndash180Springer 2003

[31] IP Cores Inc ldquoTRNG1 True Random and PseudorandomNumber Generator Corerdquo 2013 httpwwwipcorescomTrueRandom Generator TRNG IP corehtm

[32] U N I of Standards and T (NIST) Approved RandomNumber Generators for FIPS PUB 1 40-2 Security Require-ments for Cryptographic Modules httpcsrcnistgovpubli-cationsfipsfips140-2fips1402annexcpdf

[33] A Rukhin J Soto J Nechvatal et al ldquoA statistical test suitefor random and pseudorandom number generators for cryp-tographic applicationsrdquo 2013 httpcsrcnistgovpublicationsnistpubs800-22-rev1aSP800-22rev1apdf

[34] S Morioka and A Satoh ldquoAn optimized S-Box circuit archi-tecture for low power AES designrdquo in Cryptographic Hardwareand Embedded Systems-CHES 2002 vol 2523 of Lecture Notesin Computer Science pp 172ndash186 Springer 2002

[35] M Kim J Kim and Y Choi ldquoLow power circuit architecture ofAES crypto module for wireless sensor networkrdquo in Proceedingsof the World Academy of Science Engineering and Technologyvol 8 pp 146ndash150 2005

[36] F Gurkaynak GALS System Design Side Channel Attack SecureCryptographic Accelerators Hartung-Gorre 2006

[37] R C for Information Security ldquoSide-channel Attack Stan-dard Evaluation Board SASEBO-GII Specificationrdquo Septem-ber 2009 httpwwwrcisaistgojpspecialSASEBOSASEBO-GII-enhtml

International Journal of

AerospaceEngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

RoboticsJournal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Active and Passive Electronic Components

Control Scienceand Engineering

Journal of



RotatingMachinery


Hindawi Publishing Corporation httpwwwhindawicom

Journal ofEngineeringVolume 2014

Submit your manuscripts athttpwwwhindawicom

VLSI Design



Shock and Vibration


Civil EngineeringAdvances in

Acoustics and VibrationAdvances in



Electrical and Computer Engineering

Journal of

Advances inOptoElectronics


Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014

SensorsJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Chemical EngineeringInternational Journal of Antennas and

Propagation




Navigation and Observation



DistributedSensor Networks



design a NCL based subset of the AES cryptosystem Thereason for calling it a subset is that in an actual AES thetwo modules are utilized iteratively But for the cryptosystemsubset discussed in this work we utilize the twomodules onlyfor a single iteration for verification purposes

This work has multiple contributions in improving SCAresistance of cryptohardware as follows

(1) the proposed approach contributes to a uniformand reduced switching activity in cryptosystem andthereby curtail the leaked power and improve resis-tance against power analysis SCA

(2) the anticipated improved switching profile also trans-lates to uniform and reduced EM radiation side-channel information emanating from cryptosystemand boosts the resistance of cryptosystem against EMSCA [6]

(3) the proposed Key Expander and Round Functiondesigns allow easy scaling for implementing entireAES algorithm of any of the following variantsmdash128192 or 256 bits

(4) they can also be easily scaled and implemented for dif-ferent modes of AES like electronic codebook (ECB)cipher feedback (CFB) and cipher block chaining(CBC) modes

(5) both proposed designs incorporate a power efficientNCL combinational substitution box design whichprovides power benefits when compared to the con-ventional approach

(6) the proposed design can also be effectively coupledwith STRVDS (spatial temporal random dynamicvoltage scaling) technique to intentionally inject ran-dom noise for even higher SCA resistance

The rest of the paper is arranged as follows Section 2gives a background of AES NCL and vulnerabilities ofsynchronous AES which are essential in understanding theproposed design techniques Section 3 details the influence ofswitching activity on SCA Section 4 describes the proposedNCL AES Key Expander Section 5 describes the proposedNCL AES Round Function The proposed STRDVS noiseinjection technique for NCL cryptohardware is discussed inSection 6 Section 7 discusses the results which include thefunctional verification WASSO analysis hardware imple-mentation and power trace analysis for both conventionaland proposed designs This is finally followed by conclusionand future work

2 Preliminaries and Review

21 Advanced Encryption Standard The AES algorithm isa symmetric block cipher that processes data blocks of128 bits using cipher keys of three different lengths 128 192or 256 bits Its operations are performed on the State TheState is a two-dimensional array of bytes which contains thePlaintext consisting of four rows and119873119887 columns where119873119887is the block length divided by 32 Similarly the Key Scheduleis a two-dimensional array of bytes which contains the Key

At the start of the cipher operation input Plaintext iscopied to the State and input Key is copied to the KeySchedule After an initial Round Key addition the State istransformed by a Round Function implemented 119873119903 timesThis number depends on the key length119873119903 = 10 for 128 bits119873119903 = 12 for 192 bits and119873119903 = 14 for a key length of 256 bits

Figure 1 shows the two main components of AES KeyExpander and Round Function have four basic byte-orientedtransformations each which are applied to the Key Scheduleand the State respectively

22 Vulnerability of Synchronous AES Hardware DesignCryptographic algorithms including AES have been usedin many applications which require high security To sat-isfy these security requirements various publicprivate-keyalgorithms have been proposed and hardware models aredesigned for encryption and decryption processes Howeverwithout proper hardware implementation these algorithmsand models are still vulnerable to side-channel attacks [7ndash9] Differential power analysis (DPA) is one good exam-ple of side-channel attack where a series of power tracesis intentionally collected for a set of input Plaintexts (orciphertexts) and statistically analyzed to reveal the privatekey or significantly narrow down the key search space [78 10 11] The statistical nature of DPA makes it harder tocounteract since extremely small deviations in power can beaccumulated and amplified to locate power peaks and thesecret key can still be attacked Even more powerful CPA(correlation power analysis) attack has been also recentlygaining attentions [12]

Just as the power consumption of CMOS devices is data-dependent the electromagnetic radiation emanating from acryptosystem is also data-dependent This data-dependentradiation is again the origin of side-channel informationleakages The leaked side-channel information is analyzed bymeans of electromagnetic analysis (EMA) which measureselectromagnetic fields near cryptographic device [6] and usesthis data to compromise the security But if we can curtail theleakage of side-channel information we can thereby makeit difficult for the attacker to have sufficient informationto identify the segments in the power waveform and EMradiation We can secure the cryptosystem more effectivelyagainst these power analysis and EMA SCA

23 Null Convention Logic (NCL) NCL is a delay-insensitive(DI) logic design paradigm The delay insensitivity of NCLcircuits is achieved by dual-rail and quad-rail logic [13] Adual-rail signal can effectively represent four states Out ofthem the three valid states are DATA0 DATA1 and NULLThe fourth state in which both rails are asserted is consideredas an illegal state The valid data states DATA0 and DATA1correspond to Boolean logic 0 Boolean logic 1 respectivelyThe control signal NULL is used for asynchronous hand-shaking The clock-free operation is implemented via thetwo delay-insensitive registers located on either side of thecombinational circuit and the local handshaking signals

Themain benefit ofNCL is thatmore uniformpower con-sumption signature can be achieved since the signals are



ShiftRows

MixColumns


RoundFunction

output

RotateWord

SubWord

Round constant

XOR

Round Key

KeyExpander





119875dyn = 119860 sdot 119862119871 sdot 1198812

dd sdot 119891 (1)



(2)




Δ119881 = 119871eff sdot 119872 sdot119889119868

119889119905 (3)






Plaintext [128 0]

Plaintext [128 0]

Input Key [128 0]


converter

feedback to

Reset

Control unit

256

256 256256

256256

256

0

0

MUX

ldquoDual-rail

ldquoDual-rail

ldquoDual-rail

Round Key [128 0]

Input Key [128 0]

NCL AESKey

Expander


21

MUX21

Ko Ko KiKi






RSX

RSX

RSX

++++

++++

RotateWord

SubWord

XOR

Round constant

w1w0 w2 w3

w7

w9 w11w10w8

w4 w5 w6








invaff out

MUX

MUX

mul in


mul out


aff out


Din

Dout








a8

Map

ah aI

4 4

44

MM

MM MM

XOR

XOR

XOR

ah998400 aI998400

Map998400

8

aminus1

and2 and2

GF(28) inversion

andminus1

MMe


THxor0

THxor0

A1

A0

B1

B0

Z1

Z0



A1

A0

B1

B0

Z1

Z0

TH24comp

TH24comp














Plaintext [128 0]

256256

256 256

ldquoDual-rail

ldquoDual-rail

Input Key [128 0]

NCL AESKey

Expander

ldquoDual-rail

ldquoDual-rail

RoundKey [128 0]

Reset

Controlunit



Ko

Ki















50

40

30

20

10

0

minus10

525

50

475

45

425

40

375

35

325

30

0 05 10 15 20 25 30

Time (us)

0 05 10 15 20 25 30

Time (us)

(a)

(b)

V(V

)V

(V)

CLK

Output


Plaintext

CiphertextKey

3243F6A8885A308d313198A2E0370734

A49C7FF2689F352B6B5BEA43026A5049






















40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18



Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18


35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors


SNR

valu

e



12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10



SNR

ratio

Number of traces





















D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











ShiftRows

MixColumns


RoundFunction

output

RotateWord

SubWord

Round constant

XOR

Round Key

KeyExpander





119875dyn = 119860 sdot 119862119871 sdot 1198812

dd sdot 119891 (1)



(2)




Δ119881 = 119871eff sdot 119872 sdot119889119868

119889119905 (3)






Plaintext [128 0]

Plaintext [128 0]

Input Key [128 0]


converter

feedback to

Reset

Control unit

256

256 256256

256256

256

0

0

MUX

ldquoDual-rail

ldquoDual-rail

ldquoDual-rail

Round Key [128 0]

Input Key [128 0]

NCL AESKey

Expander


21

MUX21

Ko Ko KiKi






RSX

RSX

RSX

++++

++++

RotateWord

SubWord

XOR

Round constant

w1w0 w2 w3

w7

w9 w11w10w8

w4 w5 w6








invaff out

MUX

MUX

mul in


mul out


aff out


Din

Dout








a8

Map

ah aI

4 4

44

MM

MM MM

XOR

XOR

XOR

ah998400 aI998400

Map998400

8

aminus1

and2 and2

GF(28) inversion

andminus1

MMe


THxor0

THxor0

A1

A0

B1

B0

Z1

Z0



A1

A0

B1

B0

Z1

Z0

TH24comp

TH24comp














Plaintext [128 0]

256256

256 256

ldquoDual-rail

ldquoDual-rail

Input Key [128 0]

NCL AESKey

Expander

ldquoDual-rail

ldquoDual-rail

RoundKey [128 0]

Reset

Controlunit



Ko

Ki















50

40

30

20

10

0

minus10

525

50

475

45

425

40

375

35

325

30

0 05 10 15 20 25 30

Time (us)

0 05 10 15 20 25 30

Time (us)

(a)

(b)

V(V

)V

(V)

CLK

Output


Plaintext

CiphertextKey

3243F6A8885A308d313198A2E0370734

A49C7FF2689F352B6B5BEA43026A5049






















40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18



Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18


35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors


SNR

valu

e



12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10



SNR

ratio

Number of traces





















D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Plaintext [128 0]

Plaintext [128 0]

Input Key [128 0]


converter

feedback to

Reset

Control unit

256

256 256256

256256

256

0

0

MUX

ldquoDual-rail

ldquoDual-rail

ldquoDual-rail

Round Key [128 0]

Input Key [128 0]

NCL AESKey

Expander


21

MUX21

Ko Ko KiKi






RSX

RSX

RSX

++++

++++

RotateWord

SubWord

XOR

Round constant

w1w0 w2 w3

w7

w9 w11w10w8

w4 w5 w6








invaff out

MUX

MUX

mul in


mul out


aff out


Din

Dout








a8

Map

ah aI

4 4

44

MM

MM MM

XOR

XOR

XOR

ah998400 aI998400

Map998400

8

aminus1

and2 and2

GF(28) inversion

andminus1

MMe


THxor0

THxor0

A1

A0

B1

B0

Z1

Z0



A1

A0

B1

B0

Z1

Z0

TH24comp

TH24comp














Plaintext [128 0]

256256

256 256

ldquoDual-rail

ldquoDual-rail

Input Key [128 0]

NCL AESKey

Expander

ldquoDual-rail

ldquoDual-rail

RoundKey [128 0]

Reset

Controlunit



Ko

Ki















50

40

30

20

10

0

minus10

525

50

475

45

425

40

375

35

325

30

0 05 10 15 20 25 30

Time (us)

0 05 10 15 20 25 30

Time (us)

(a)

(b)

V(V

)V

(V)

CLK

Output


Plaintext

CiphertextKey

3243F6A8885A308d313198A2E0370734

A49C7FF2689F352B6B5BEA43026A5049






















40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18



Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18


35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors


SNR

valu

e



12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10



SNR

ratio

Number of traces





















D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











invaff out

MUX

MUX

mul in


mul out


aff out


Din

Dout








a8

Map

ah aI

4 4

44

MM

MM MM

XOR

XOR

XOR

ah998400 aI998400

Map998400

8

aminus1

and2 and2

GF(28) inversion

andminus1

MMe


THxor0

THxor0

A1

A0

B1

B0

Z1

Z0



A1

A0

B1

B0

Z1

Z0

TH24comp

TH24comp














Plaintext [128 0]

256256

256 256

ldquoDual-rail

ldquoDual-rail

Input Key [128 0]

NCL AESKey

Expander

ldquoDual-rail

ldquoDual-rail

RoundKey [128 0]

Reset

Controlunit



Ko

Ki















50

40

30

20

10

0

minus10

525

50

475

45

425

40

375

35

325

30

0 05 10 15 20 25 30

Time (us)

0 05 10 15 20 25 30

Time (us)

(a)

(b)

V(V

)V

(V)

CLK

Output


Plaintext

CiphertextKey

3243F6A8885A308d313198A2E0370734

A49C7FF2689F352B6B5BEA43026A5049






















40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18



Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18


35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors


SNR

valu

e



12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10



SNR

ratio

Number of traces





















D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










A1

A0

B1

B0

Z1

Z0

TH24comp

TH24comp














Plaintext [128 0]

256256

256 256

ldquoDual-rail

ldquoDual-rail

Input Key [128 0]

NCL AESKey

Expander

ldquoDual-rail

ldquoDual-rail

RoundKey [128 0]

Reset

Controlunit



Ko

Ki















50

40

30

20

10

0

minus10

525

50

475

45

425

40

375

35

325

30

0 05 10 15 20 25 30

Time (us)

0 05 10 15 20 25 30

Time (us)

(a)

(b)

V(V

)V

(V)

CLK

Output


Plaintext

CiphertextKey

3243F6A8885A308d313198A2E0370734

A49C7FF2689F352B6B5BEA43026A5049






















40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18



Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18


35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors


SNR

valu

e



12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10



SNR

ratio

Number of traces





















D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation










Plaintext [128 0]

256256

256 256

ldquoDual-rail

ldquoDual-rail

Input Key [128 0]

NCL AESKey

Expander

ldquoDual-rail

ldquoDual-rail

RoundKey [128 0]

Reset

Controlunit



Ko

Ki















50

40

30

20

10

0

minus10

525

50

475

45

425

40

375

35

325

30

0 05 10 15 20 25 30

Time (us)

0 05 10 15 20 25 30

Time (us)

(a)

(b)

V(V

)V

(V)

CLK

Output


Plaintext

CiphertextKey

3243F6A8885A308d313198A2E0370734

A49C7FF2689F352B6B5BEA43026A5049






















40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18



Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18


35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors


SNR

valu

e



12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10



SNR

ratio

Number of traces





















D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation











50

40

30

20

10

0

minus10

525

50

475

45

425

40

375

35

325

30

0 05 10 15 20 25 30

Time (us)

0 05 10 15 20 25 30

Time (us)

(a)

(b)

V(V

)V

(V)

CLK

Output


Plaintext

CiphertextKey

3243F6A8885A308d313198A2E0370734

A49C7FF2689F352B6B5BEA43026A5049






















40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18



Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18


35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors


SNR

valu

e



12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10



SNR

ratio

Number of traces





















D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation























40

35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()

Bank

1

Bank

2

Bank

3

Bank

4

Bank

11

Bank

12

Bank

13

Bank

18



Bank

s18

12

Bank

s12

13

Bank

s13

11

Bank

s11

13

Bank

s13

24

Bank

s24

18


35

30

25

20

15

10

5

0

Switc

hing

util

izat

ion

()


(b) Neighbors


SNR

valu

e



12

10

8

6

4

2

0

1 2 3 4 5 6 7 8 9 10



SNR

ratio

Number of traces





















D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation























D6

D5

D4

D3

NULL NULL NULL NULL


D6

D5

D4

D3








References









































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation




































RoboticsJournal of





Journal of



RotatingMachinery





VLSI Design



Shock and Vibration







Journal of



Volume 2014


SensorsJournal of





Propagation









research article asynchronous advanced encryption standard...

Documents