Design of secure circuits resistant to side channel attacks for lightweight cryptography

Abstract

Side channel attacks (SCA) have been found to be effective for breaching the security of lightweight cryptographic systems to extract the cryptographic secrets using signals and associated information gathered from side channels, predominantly power and timing. Since their discovery, they have been a major threat to many lightweight cryptographic devices including smart card, internet-of-things (IoT) devices and mobile phones. Many of the contemporary devices, such as smart cards and IoTs, often rely on lightweight ciphers for encrypting and decrypting data. Accordingly, various design and implementation level countermeasures which are broadly categorised as hiding and masking have been proposed to address side channel attacks. In this thesis, we develop novel countermeasures for SCAs through circuits designed to minimise data dependent variations in power and timing by way of hiding and masking and additionally using non-linear pseudo random bits for additional security. Our key contribution is the use of Binary Decision Diagram (BDD) based path balancing in conjunction with dual rail circuits with pre-charging (DRPC) to create circuits to implement ciphers that are resistant to power, timing and early propagation effect (EPE) based attacks. This path balanced DP-BDD technique has been successfully applied to masking to create circuits that have all the benefits of the underlying scheme with the additional benefit of offering resistance to EM attacks. Multibit masking has been proposed, using a separate mask bit per output function. The use of a fixed mask bit is also unsafe, this has been remedied in our masking scheme with the use of a non-linear feedback shift register (NLFSR) to generate uncorrelated mask bits dynamically. The basic path balanced DRPC-BDD leads to the creation of relatively large circuits on account of the dual rail scheme. This problem has been addressed by creating BDDs for multi-output functions with BDD node sharing to implement the cipher S-boxes leading to significant reduction in the number of BDD nodes and the associated number of transistors. Next, variations of the circuit with partial capacitive decoupling of the power supply to further obfuscate the operation of the circuit was considered. Two decoupling schemes were developed and evaluated: pass transistor configuration and push-pull configuration. Both the schemes successfully obfuscated the circuit operation, obscuring the distinction of the pre-charge phase from the evaluation phase, adding another layer of security. Finally, we explore the partial capacitive decoupling of the power supply to further obfuscate the correlation between the power supply line current and the operation of the circuit through two circuit configurations. Desired results have been obtained for this scheme as well. Overall, a novel DRPC-BDD approach towards circuit design with path balancing has been developed and further optimised and modified with partial capacitive decoupling. The developed methods have been evaluated through extensive experimentation for various implementations of the ciphers S-boxes, for 4, 8, 16, 32 and 64 bits using industry standard CAD tools and technology libraries.