Power Analysis on FPGA

ECE 5520: Secure Hardware Design
Spring 2010

Instructor: Patrick Schaumont
Prerequisites: ECE 4514 (or equivalent).
Students need an understanding of contemporary digital design using a hardware description language.

Syllabus (from Spring 2009 offering)

Summary: Design and implementation of secure hardware at multiple levels of abstraction, covering cryptographic hardware primitives, cryptographic modules, and trusted platforms. Reverse engineering of cryptographic modules using passive attacks, active attacks, and cryptanalytic techniques. Countermeasures against reverse engineering. The course uses case studies and literature surveys to reflect on the state-of-the-art in secure hardware implementation. Cryptography theory is covered on an as-needed basis.

Useful background material:
This course is based in part on the following references.

Online References:

Questions? Contact the instructor at schaum@vt.edu

Lecture 1 Introduction [Slides]
  • Course Desription
  • Course Requirements
  • The Clipper Chip
  • Modular Arithmetic
Lecture 2
A Brief Overview of Cryptography [Slides]
  • Security Services
  • Symmetric-Key Algorithms: Stream and Block Ciphers
  • Asymmetric-Key Algorithms: Factorization, Discrete-Log, Elliptic-Curve
  • Hash Algorithms
  • Key Length Requirements
Lecture 3 Random Number Generators (Principles of Design) [Slides]
  • Standard requirements for RNG
  • Classification of RNG: Deterministic and Non-deterministic
  • Design of Deterministic RNG
  • Design of Non-deterministic RNG: Entropy, Compression Function, Sources of Entropy
Lecture 4 Random Number Generators (Testing and Examples) [Slides]
  • Tests on Random Number Generator
    • Probability density function
    • Hypothesis test = statistic + significance
    • Example statistic: Freq test, Runs test
    • Test Suites: DIEHARD, NIST
  • Random Number generator Design
    • DRNG: LCG, RSA
    • Hybrid DRNG: Tkacik
    • TRNG: Epstein, Tokunaga, Ring Oscillator
Lecture 5 Prime Field Arithmetic: Part 1: Add, Subtract, Multiply [Slides]
  • Prime Field
  • Goal: modular exp: RSA, Diffie Helman
  • Modulo m addition
    • Normal, base B
  • Modulo m subtraction
    • Normal, base B
  • Modular multiplication
    • Digit expansion, OSF, PSF
    • Squaring
    • Modular Reduction w restoring/non-restoring division
    • Interleaved mult/reduction
Lecture 6 Prime Field Arithmetic Part 2: Montgomery Multiplication & Exponentiation [Slides]
  • Montgomery Multiplication
    • Montgomery Reduction
    • Montgomery Product
  • Hardware Implementation
    • Bit-serial montgomery multitplier in hardware
    • Finding the Modular Inverse in hardware
  • Exponentiation
    • MSB-First
    • LSB-First
    • Montgomery
  • NIST Primes
Lecture 7 Binary Field Arithmetic [Slides]
  • Binary Fields, Polynomial Basis
  • Primitive Polynomial
  • Addition
  • Reduction
  • Multiplication
    • Bit-serial design, MSB first
    • Bit-serial design, LSB first
    • Digit-serial design
    • Optimizations
    • Montgomery
Lecture 8 Hash Functions [Slides]
  • Hash Functions
    • Security Properties
    • Classification
    • Compression Function
  • Applications
    • Hash Application
    • Block Cipher based Hash and HMAC
  • Implementation Aspects
    • Padding
    • MD5
    • Whirlpool
Lecture 9 Block Ciphers - Overview [Slides]
  • Block Cipher Principle
    • True Block Cipher
    • Attack Complexity
  • Block Cipher Structure
    • SP Network, Feistel Network
    • Key Schedule
  • Hardware Implementations
    • Low-footprint - Example
    • High-throughput - Pipelining
  • Comparing Block Cipher Implementations
Lecture 10 Block Ciphers - AES [Slides]
  • The Advanced Encryption Standard
    • History
  • AES Algorithm
    • AES Round Definition
    • Subbytes, ShiftRows, MixColumn
    • Key Schedule
  • AES Implementation
    • SBox, MixColumn Modules
    • 1 cycle/round Encryption/Decryption Design
    • Compact Implementations
Lecture 11 Block Ciphers - Modes of Operation [Slides]
  • Mode of Operation (MOO)
    • Why MOO ?
    • History
  • Modes for Confidentiality
    • Cipher Block Chaining (CBC)
    • Cipher Feedback (CFB)
    • Output Feedback (OFB)
    • Counter (CTR)
  • Modes for Authentication
    • CBC-MAC
  • Modes for Authenticated Encryption
    • CBC-MAC with Counter (CCM)
  • Concluding Remarks
Lecture 12 Elliptic Curve Cryptography Part 1: The Point Multiplication [Slides]
  • Background
  • Elliptic Curves
  • EC Group Structure
  • Addition and Doubling of Points
  • Point Coordinate Systems
    • Affine and Projective
  • The Point Multiplication
    • Right-to-left, left-to-right, NAF
    • Double-add-always, Montgomery
Lecture 13 Elliptic Curve Cryptography Part 2: Implementation Strategy [Slides]
  • Montgomery Scalar Multiplication using Lopez-Dahab Coordinates
  • Standard Micro-coded Datapaths:
    • Allocation
    • Scheduling
    • Binding
  • ECC Speed Records in FPGA
Lecture 14 Basics of Side-channel Analysis [Slides]
  • Logical vs Physical Attacks
    • Classification
  • Timing
  • Power Consumption
    • Sources
    • Models (HW & HD)
  • Taking and Using measurements
    • Single-point models
    • Multi-variate models
Lecture 15 Advanced Side-channel Analysis [Slides]
  • Review: Simple Power Analysis
    • Averaging
    • Confidence Interval
  • Differential Power Analysis
    • Correlation
    • DPA on AES
    • Power Models: Hamming Weight, Hamming Distance
Lecture 16 Fault Attacks [Slides]
  • Types of Faults
  • Fault Models
  • Fault Attacks on Symmetric-Key Algorithms
    • CDES: DFA
    • CAES: Bit/Byte Forcing, Bit Flipping, Random-byte Attack
  • Fault Attacks on Public-Key Algorithms
    • CRSA: Safe-error Attack
    • ECC
  • Fault Countermeasures
Lecture 17 Side Channel Countermeasures: Hiding [Slides]
  • SPA, DPA
    • Signal to Noise Ratio (SNR)
    • Countermeasures: Hiding and Masking
  • Hiding
    • Types of hiding
    • Constant-power-dissipation logic: WDDL
    • Building Complementary Circuits
  • Implementation Issues
    • ASIC
    • FPGA
Lecture 18 Side Channel Countermeasures: Masking [Slides]
  • SCA Countermeasures: Hiding and Masking
    • Masking Concepts
  • Masking Operation
  • Masked Functions
  • Secret Sharing
  • Perfect masking
    • Masked Logic Styles
  • Random Switching Logic
  • Masked Dual Rail Precharge Logic
Lecture 19 Secure Processors [Slides]
  • Secure Processors
    • IBM 4758
    • AEGIS
    • Trustzone
  • The Future
  • Qu'ils mangent de la brioche!

Valid HTML 4.0 Transitional