A GALS Pipeline DES Architecture to Increase Robustness against CPA and CEMA Attacks


  • Rafael I. Soares
  • Ney L. V. Calazans
  • Victor Lomné
  • Amine Dehbaoui
  • Philippe Maurine
  • Lionel Torres




Cryptography, Cryptography attacks, Secure cryptography, Globally Asynchronous, Locally Synchronous


Side channels attacks (SCAs) are very effective and low cost methods to extract secret information from supposedly secure cryptosystems.The traditional synchronous design flow used to create such systems favors the leakage of information, which enables attackers to draw correlations between data processes and circuit power consumption, electromagnetic radiation or other sources of leakage. By using well known analysis techniques, these correlations may allow that an attacker retrieves secret cryptographic keys. Differential Power Analysis (DPA) and Differential Electromagnetic Analysis (DEMA) are among the most cited attack types. More accurate types of attacks have been proposed, including Correlation Power Analysis (CPA) that associates power quantities with a specific power model. In recent years, several countermeasures against SCAs have been proposed. Fully asynchronous and globally asynchronous locally synchronous (GALS) design methods appear as alternatives to design tamper resistant cryptosystems. However, according to previous works they use to achieve this with significant area, throughput, latency and power penalties and are not absolutely secure. This paper proposes a new GALS pipeline architecture for the Data Encryption Standard (DES) that explores the trade-off between circuit area and robustness to SCAs. Robustness is enhanced by replicating the DES hardware structure in asynchronously communicating module instances, coupled with self-varying operating frequencies. Designs prototyped on FPGAs with the proposed technique presented promising robustness against attacks, after submitted to differential and correlation analyses. This is true for both power and electromagnetic channels. Additionally the proposed architecture displays throughput superior to previously reported results.






Special Section on Best SBCCI2010 Papers