The wave dynamic differential logic (WDDL) has been identified as a promising countermeasure to increase the robustness of cryptographic devices against differential power attacks (DPA). However, to guarantee the effectiveness of WDDL technique, the routing in both the direct and complementary paths must be balanced. This paper tackles the problem of unbalance of dual-rail signals in WDDL design. We describe placement techniques suitable for tree-based and mesh-based FPGAs and quantify the gain they confer. Then, we introduce a timing-balance-driven routing algorithm which is architecture independent. Our placement and routing techniques proved to be very promising. In fact, they achieve a gain of 95%, 93%, and 85% in delay balance in tree-based, simple mesh, and cluster-based mesh architectures, respectively. To reduce further the switch and delay unbalance in Mesh architecture, we propose a differential pair routing algorithm that is specific to cluster-based mesh architecture. It achieves perfectly balanced routed signals in terms of wire length and switch number. 1. Introduction FPGAs are an attractive platform for cryptographic applications due to their low cost compared to full custom ASIC design and their short time to market period. In addition, their reprogrammability allows upgrading easily the cryptographic algorithm. However, unprotected hardware implementations are vulnerable to side channel attacks (SCA). It has been shown that differential power analysis (DPA) attack [1] is very powerful. DPA is capable of revealing the secret key by measuring power consumption leaked by a cryptographic device. During the last years, many countermeasures have been proposed to protect cryptographic devices against SCA. They fall into two main categories: the masking logic and the hiding logic. The principle of masking logic is to randomize the power consumption by using a random mask and thus decorrelate the intermediate data from the circuit power consumption. This technique was introduced first at algorithmic level [2] and then at gate level [3]. It has been shown that this technique can be broken by attacks based on probability density function (PDF) [4] or glitches [5]. To overcome glitch problem, masked dual rail precharge logic (MDPL) [6] has been proposed. It merges masking with dual rail dynamic logic. However, MDPL shows a high area overhead [7]. On the other side, the principle of hiding logic consists in consuming the same amount of power consumption regardless of data inputs. This is achieved by using differential logic (signals are encoded as
References
[1]
P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99), vol. 1666 of Lecture Notes in Computer Science, pp. 388–397, 1999.
[2]
E. Oswald, S. Mangard, N. Pramstaller, and V. Rijmen, “A side-channel analysis resistant description of the AES S-box,” in Proceedings of the 12th International Workshop on Fast Software Encryption (FSE '05), vol. 3557 of Lecture Notes in Computer Science, pp. 413–423, Springer, Paris, France, February 2005.
[3]
D. Suzuki, M. Saeki, and T. Ichikawa, “Random switching logic: a countermeasure against DPA based on transition probability,” 2004, http://eprint.iacr.org/2004/346.
[4]
K. Tiri and P. Schaumont, “Changing the odds against masked logic,” in Proceedings of the 13th Annual Workshop on Selected Areas in Cryptography, vol. 4356 of Lecture Notes in Computer Science, pp. 134–146, Montreal, Canada, 2006.
[5]
S. Mangard, N. Pramstaller, and E. Oswald, “Successfully attacking masked AES hardware implementations,” in Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '05), vol. 3659 of Lecture Notes in Computer Science, pp. 157–171, Springer, Edinburgh, UK, September 2005.
[6]
T. Popp and S. Mangard, “Masked dual-rail pre-charge logic: DPA-resistance without routing constraints,” in Proceedings of the 7th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '05), vol. 3659 of Lecture Notes in Computer Science, pp. 172–186, Springer, September 2005.
[7]
T. Popp and S. Mangard, “Implementation aspects of the DPA-resistant logic style MDPL,” in Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS '06), pp. 2913–2916, IEEE Computer Society, Island of Kos, Greece, May 2006.
[8]
K. Tiri, M. Akmal, and I. Verbauwhede, “A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards,” in Proceedings of the IEEE 28th European Solid State Circuit Conference (ESSCIRC '02), May 2002.
[9]
K. Tiri and I. Verbauwhede, “A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation,” in Proceedings of the Design, Automation and Test in Europe Conference and Exhibition (DATE '04), pp. 246–251, February 2004.
[10]
A. Razajindraibe, M. Robert, and P. Maurine, “Improvement of dual rail logic as a countermeasure against DPA,” in Proceedings of the IFIP International Conference on Very Large Scale Integration (VLSI-SoC '07), pp. 270–275, Atlanta, Ga, USA, October 2007.
[11]
K. Tiri and I. Verbauwhede, “Prototype IC with WDDL and differential routing DPA resistance assessment,” in Cryptographic Hardware and Embedded Systems—CHES 2005, vol. 3659 of Lecture Notes in Computer Science, pp. 354–365, Springer, Heidelberg, Germany.
[12]
P. Yu and P. Schaumont, “Secure FPGA circuits using controlled placement and routing,” in Proceedings of the 5th International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS '07), pp. 45–50, Salzburg, Austria, October 2007.
[13]
R. P. McEvoy, C. C. Murphy, W. P. Marnane, and M. Tunstall, “Isolated wddl: a hiding countermeasure for differential power analysis on FPGAs,” ACM Transactions on Reconfigurable Technology and Systems, vol. 2, no. 1, pp. 1–23, 2009.
[14]
K. Baddam and M. Zwolinski, “Divided backend duplication methodology for balanced dual rail routing,” in Cryptographic Hardware and Embedded Systems—CHES 2008, vol. 5154 of Lecture Notes in Computer Science, pp. 396–410, Springer.
[15]
S. Guilley, S. Chaudhuri, L. Sauvage et al., “Place-and-route impact on the security of DPL designs in FPGAs,” in Proceedings of the IEEE International Workshop on Hardware Oriented Security and Trust (HOST '08), pp. 26–32, IEEE, Anaheim, Calif, USA, June 2008.
[16]
S. Bhasin, S. Guilley, Y. Souissi, T. Graba, and J. Danger, “Efficient dual-rail implementations in FPGA using block RAMs,” in Proceedings of the International Conference on Reconfigurable Computing and FPGAs (ReConFig '11), pp. 261–267, December 2011.
[17]
T. Popp, M. Kirschbaum, T. Zefferer, and S. Mangard, “Evaluation of the masked logic style MDPL on a prototype chip,” in Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems, vol. 4727 of Lecture Notes in Computer Science, pp. 81–94, Springer, Vienna, Austria, September 2007.
[18]
C. Zhimin and Z. Yujie, “Dual-rail random switching logic: a countermeasure to reduce side channel leakage,” in Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems, vol. 4, Springer, Berlin, Germany.
[19]
S. Guilley, F. Flament, R. Pacalet, P. Hoogvorst, and Y. Mathieu, “Security evaluation of a balanced quasi-delay insensitive library,” in Proceedings of the Design of Circuits and Integrated Systems (DCIS '08), Session 5D-Reliable and Secure Architectures, p. 6, IEEE, Grenoble, France, November 2008.
[20]
S. Bhasin, J. Danger, F. Flament et al., “Combined SCA and DFA countermeasures integrable in a FPGA design flow,” in Proceedings of the International Conference on ReConFigurable Computing and FPGAs (ReConFig '09), pp. 213–218, IEEE Computer SocietyQuintana Roo, Quintana Roo, Mexico, December 2009.
[21]
M. Nassar, S. Bhasin, J. Danger, G. Duc, and S. Guilley, “BCDL: a high speed balanced DPL for FPGA with global precharge and no early evaluation,” in Proceedings of the Design, Automation and Test in Europe (DATE '10), pp. 849–854, IEEE Computer SocietyDresden, Dresden, Germany, March 2010.
[22]
Z. Marrakchi, H. Mrabet, E. Amouri, and H. Mehrez, “Efficient tree topology for FPGA interconnect network,” in Proceedings of the 18th ACM Great Lakes Symposium on VLSI (GLSVLSI '08), pp. 321–326, Orlando, Fla, USA, March 2008.
[23]
V. Betz, A. Marquardt, and J. Rose, Architecture and CAD for Deepsubmicron Fpgas, Kluer Academic Publishers, 1999.
[24]
G. Lemieux, E. Lee, M. Tom, and A. Yu, “Directional and single-driver wires in FPGA interconnect,” in Proceedings of the IEEE International Conference on Field-Programmable Technology (FPT '04), pp. 41–48, Brisbane, Australia, December 2004.
[25]
W. C. Elmore, “The transient response of damped linear networks with particular regard to wideband amplifiers,” Journal of Applied Physics, vol. 19, no. 1, pp. 55–63, 1948.
[26]
J. P. Uyemura, Introduction to VLSI Circuits and Systems, John Wiley and Sons, 2001.
[27]
NIST/ITL/CSD, “Data Encryption Standard, FIPS PUB 46-3,” 1999, http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf.
[28]
ALTERA, Benchmark Designs for the Quartus University Interface Program (QUIP), Version 1. 0, ALTERA, 2005.
[29]
L. McMurchie and C. Ebeling, “PathFinder: a negotiation-based performance-driven router for FPGAs,” in Proceedings of the ACM 3rd International Symposium on Field-Programmable Gate Arrays (FPGA '95), pp. 111–117, February 1995.
[30]
G. Karypis and V. Kumar, “Multilevel k-way hypergraph partitioning,” in Proceedings of the 36th Annual ACM/IEEE Design Automation Conference (DAC '99), M. J. Irwin, Ed., pp. 343–348, ACM, New York, NY, USA, 1999.
[31]
D. A. Papa and I. L. Markov, “Hypergraph partitioning and clustering,” Tech. Rep., University of Michigan, EECS Department.
[32]
K. Tiri and I. Verbauwhede, “A digital design flow for secure integrated circuits,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 25, no. 7, pp. 1197–1208, 2006.
