An AES chip with DPA resistance using hardware-based random order execution  

作　　者：俞波 李翔宇 陈聪 孙义和 乌力吉 张向民 

机构地区：[1]Tsinghua National Laboratory for Information Science and Technology,Institute of Microelectronics,Tsinghua University

出　　处：《Journal of Semiconductors》2012年第6期101-108,共8页半导体学报（英文版）

基　　金：supported by the National Natural Science Foundation of China(No.61006021);the Beijing Natural Science Foundation(No. 4112029)

摘　　要：This paper presents an AES（advanced encryption standard） chip that combats differential power analysis （DPA） side-channel attack through hardware-based random order execution.Both decryption and encryption procedures of an AES are implemented on the chip.A fine-grained dataflow architecture is proposed,which dynamically exploits intrinsic byte-level independence in the algorithm.A novel circuit called an HMF（Hold-MatchFetch） unit is proposed for random control,which randomly sets execution orders for concurrent operations.The AES chip was manufactured in SMIC 0.18μm technology.The average energy for encrypting one group of plain texts（128 bits secrete keys） is 19 nJ.The core area is 0.43 mm^2.A sophisticated experimental setup was built to test the DPA resistance.Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack.Compared with the corresponding fixed order execution,the hardware based random order execution is improved by at least 21 times the DPA resistance.This paper presents an AES（advanced encryption standard） chip that combats differential power analysis （DPA） side-channel attack through hardware-based random order execution.Both decryption and encryption procedures of an AES are implemented on the chip.A fine-grained dataflow architecture is proposed,which dynamically exploits intrinsic byte-level independence in the algorithm.A novel circuit called an HMF（Hold-MatchFetch） unit is proposed for random control,which randomly sets execution orders for concurrent operations.The AES chip was manufactured in SMIC 0.18μm technology.The average energy for encrypting one group of plain texts（128 bits secrete keys） is 19 nJ.The core area is 0.43 mm^2.A sophisticated experimental setup was built to test the DPA resistance.Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack.Compared with the corresponding fixed order execution,the hardware based random order execution is improved by at least 21 times the DPA resistance.

关 键 词：differential power analysis advanced encryption standard dataflow asynchronous design 

分 类 号：TN405[电子电信—微电子学与固体电子学]