This paper presents an FPGA tech-mapping algorithm dedicated to security applications. The objective is to implement—on a full-custom asynchronous FPGA—secured functions that need to be robust against side-channel attacks (SCAs). The paper briefly describes the architecture of this FPGA that has been designed and prototyped in CMOS 65?nm to target various styles of asynchronous logic including 2-phase and 4-phase communication protocols and 1-of-n data encoding. This programmable architecture is designed to be electrically balanced in order to fit the security requirements. It allows fair comparisons between different styles of asynchronous implementations. In order to illustrate the FPGA flexibility and security, a case study has been implemented in 2-phase and 4-phase Quasi-Delay-Insensitive (QDI) logic. 1. Introduction During the last decade, FPGA manufacturers have successfully reached a high level of performance in their designs. Nowadays, FPGAs are not only used as fast prototyping tools, but they also become active players as components in embedded systems [1]. Moreover, the increasing attractiveness of embedded systems has made them part of our everyday life, especially when it comes to security applications, where cryptographic algorithms and countermeasures need to be updated or changed in some cases, for instance in homeland security, e-banking, and pay-tv. Thus, it becomes very important to guarantee a high level of flexibility and security for these FPGAs, in order to make them robust against different forms of attacks which aim to illegally retrieve secret information hidden in cryptographic systems. Unlike cryptography that protects confidentiality, integrity, or secure authentication, the cryptanalysis is about the challenge to retrieve hidden information. There are no known mathematical cryptanalysis methods which can decrypt standard cryptographic algorithms like AES in a reasonable amount of time and space, assuming that the cryptanalyst has access to both plain text and encrypted messages. However, such algorithms are implemented with some physical processes that leak information. An access to this physical information makes the job of the cryptanalyst much easier. These kinds of leakage from physical processes are commonly known as side-channel leakage. Physical cryptanalysis has been demonstrated to be effective against various standard algorithms and on various platforms in recent times (FPGAs, ASICs, etc.). Researchers have shown that side-channel attacks can be mounted on standard cryptographic algorithms like DES [2], AES [3]
References
[1]
S. Wong, S. Vassiliadis, and S. Cotofana, “Futur directions of (Programmable and Reconfigurable) embedded processors,” in Proceedings of the Workshop on Systems, Architectures, Modeling and Simulation, Embedded Processor Design Challenges (SAMOS '02), 2002.
[2]
P. Kocher, J. Jaffe, and B. Jun, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” in Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO ’96), vol. 1109 of Lecture Notes in Computer Science, pp. 104–113, Springer, Santa Barbara, Calif, USA, 1996.
[3]
S. B. ?rs, F. Gürkaynak, E. Oswald, and B. Preneel, “Power-analysis attack on an ASIC AES implementation,” in Proceedings of the International Conference on Information Technology: Coding Computing (ITCC '04), pp. 546–552, Washington, DC, USA, April 2004.
[4]
P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99), vol. 1666 of Lecture Notes in Computer Science, pp. 388–397, Springer, 1999.
[5]
C. Rechberger and E. Oswald, “Practical Template Attacks,” in Proceedings of the 5th International Workshop on Information Security Applications (WISA '04), vol. 3325 of Lecture Notes in Computer Science, pp. 443–457, Springer, Jeju Island, Korea, August 2004.
[6]
D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi, “The EM side-channel(s),” in Proceedings of the 4th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '02), vol. 2523 of Lecture Notes in Computer Science, pp. 29–45, Springer, Redwood Shores, Calif, USA, 2002.
[7]
M. Ward, “EMV card payments—an update,” Information Security Technical Report, vol. 11, no. 2, pp. 89–92, 2006.
[8]
F. Bouesse, G. Sicard, and M. Renaudin, “Path swapping method to improve DPA resistance of QDI asynchronous circuits,” in Proceedings of the 8th International Workshop on Cryptographic Hardware and Embedded Systems (CHES '06), vol. 4249 of LNCS, pp. 384–398, Springer, Yokohama, Japan, October 2006.
[9]
T. Wollinger and C. Paar, “How Secure are FPGAs in cryptographic applications?” in 13th International Conference on Field Programmable Logic and Applications (FPL '03), vol. 2778 of Lecture Notes in Computer Science, pp. 91–100, Lisbon, Portugal, September 2003.
[10]
A. J. Martin, A. Lines, R. Manohar, et al., “The design of an asynchronous MIPS R3000 microprocessor,” in Proceedings of the 17th Conference on Advanced Research in VLSI (ARVLSI ’97), pp. 164–181, Ann Arbor, Mich, USA, September 1997.
[11]
A. J. Martin, M. Nystrom, K. Papadantonakis, et al., “The Lutonium: a sub-nanojoule asynchronous 8051 microcontroller,” in Proceedings of the 9th International Symposium on Asynchronous Circuits and Systems (ASYNC '03), pp. 14–23, Vancouver, Canada, May 2003.
[12]
J. D. Garside, W. J. Bainbridge, A. Bardsley A, et al., “AMULET3i—an asynchronous syste-on-chip,” in Proceedings of the 6th International Symposium on Advanced Research in Asynchronous Circuits and Systems (ASYNC '00), pp. 162–175, Eilat, Israel, April 2000.
[13]
R. Konishi, H. Ito, H. Nakada et al., “PCA-1: a fully asynchronous, self-reconfigurable LSI,” in Proceedings of the 7th International Symposium on Asynchronous Circuits and Systems (ASYNC '01), pp. 54–61, March 2010.
[14]
J. Teifel and R. Manohar, “An asynchronous dataflow FPGA architecture,” IEEE Transactions on Computers, vol. 53, no. 11, pp. 1376–1392, 2004.
[15]
K. Maheswaran and V. Akella, “PGA-STC: programmable gate array for implementing self-timed circuits,” International Journal of Electronics, vol. 84, no. 3, pp. 255–267, 1998.
[16]
J. Teifel and R. Manohar, “Highly pipelined asynchronous FPGAs,” in Proceedings of the 12th ACM International Symposium on Field-Programmable Gate Arrays (FPGA '04), pp. 133–142, Monterey, Calif, USA, February 2004.
[17]
S. Hauck, G. Boriello, and C. Ebeling, “Montage: an FPGA for synchronous and asynchronous circuits,” in Proceedings of the 2nd International Workshop on Field-Programmable Logic and Applications, Vienna, Ausrtia, August 1992.
[18]
B. Gao, A globally asynchronous locally synchronous configurable array architecture for algorithlm embeddings [Ph.D. thesis], University of Edinburgh, 1996.
[19]
R. Payne, Self timed field programmable gate array architectures [Ph.D. thesis], University of Edinburgh, 1997.
[20]
http://www.achronix.com/.
[21]
T. Beyrouthy, A. Razafindraibe, L. Fesquet et al., “A novel asynchronous e-FPGA architecture for security applications,” in Proceedings of the International Conference on Field Programmable Technology (ICFPT '07), pp. 369–372, Kokurakita, Japan, December 2007.
[22]
S. Chaudhuri, S. Guilley, P. Hoogovost et al., “Physical Design of FPGA Interconnect to prevent Information Leakage,” in Proceedings of the 4th International Workshop on Reconfigurable Computing: Architectures, Tools and Applications (ARC '08), Lecture Notes in Computer Science, pp. 87–98, 2008.
[23]
P. C. Kocher, J. Jaffe, and B. Jun, “Diferential power analysis,” in Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '99), M. Wiener, Ed., vol. 1666 of Lecture Notes in Computer Science, pp. 388–397, Springer, Santa Barbara, Calif, USA, 1999.
[24]
J. Quisquater and D. Samyde, “ElectroMagnetic Analysis (EMA): measures and counter-measures for smard cards,” in Proceedings of the International Conference on Research in Smart Cards (E-smart’01), vol. 2140 of Lecture Notes in Computer Science, pp. 200–210, 2001.
[25]
R. J. Anderson and M. G. Kuhn:, “Low cost attacks on tamper resistant devices,” in Proceedings of the 5th International Workshop on Security Protocols, B. Christianson, B. Crispo, M. Lomas, and M. Roe, Eds., vol. 1361 of Lecture Notes in Computer Science, pp. 125–136, Springer, Paris, France, April 1997.
[26]
S. Moore, R. Anderson, P. Cunningham, R. Mullins, and G. Taylor, “Improving smart card security using self-timed circuits,” in Proceedings of the 8th IEEE International Symposium on Asynchronous Circuits and Systems (ASYNC '02), pp. 211–218, IEEE, 2002.
[27]
Y. Monnet, M. Renaudin, and R. Leveugle, “Designing resistant circuits against malicious faults injection using asynchronous logic,” IEEE Transactions on Computers, vol. 55, no. 9, pp. 1104–1115, 2006.
[28]
L. Fesquet and M. Renaudin, “A programmable logic architecture for prototyping clockless circuits,” in Proceedings of the International Conference on Field Programmable Logic and Applications (FPL '05), pp. 293–298, Tampere, Finland, August 2005.
[29]
N. Huot, H. Dubreuil, L. Fesquet, and M. Renaudin, “FPGA architecture for multi-style asynchronous logic,” in Proceedings of the Design, Automation and Test in Europe (DATE '05), pp. 32–35, Munich, Germany, March 2005.
[30]
L. Fesquet, B. Folco, M. Steiner, and M. Renaudin:, “State-holding in look-up tables: aopplication to asynchronous logic,” in Proceedings of the IFIP International Conference on Very Large Scale Integration (VLSI-SoC '06), pp. 12–17, Nice, France, November 2006.
[31]
D. Solokov, J. Murphy, A. Bystrov, and A. Yakovlev, “Improving the Security of dual rail circuits,” in Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, Mass, USA, August 2004.
[32]
FIPS 46-3, “Data Encryption Standard (DES),” Specifies the Use of Triple DES, October 1999.
[33]
C. Canovas and J. Clédière, “What do S-boxes say in fifferential side channel attacks?” Tech. Rep. 311, CEA-LETI, 2005.
