University of Cambridge > Talks.cam > Computer Laboratory Security Group meeting presentations > Side-Channel Attack Resistant ROM-Based AES S-Box

Side-Channel Attack Resistant ROM-Based AES S-Box

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Sergei Skorobogatov.

One of the most popular encryption algorithms in use today is the Advanced Encryption Standard (AES). A repeated function within the algorithm that dominates the area and delay of AES implementations is the Substitution Box (S-Box) that performs a byte-wise substitution on the data based on an established code book. Most AES algorithm implementations use a large complex logic block consisting mainly of XORs to implement the S-Box. Direct implementation of the S-Box with a read-only memory (ROM) look-up table (LUT) has been eschewed due to difficulty in pipelining the structure, hence restricting the throughput. However, we present a custom ROM -based S-Box implementation that can achieve comparable throughput to logic-based implementations, yet is smaller in both area and power. Additionally, the symmetrical nature of the ROM is well suited towards maintaining power consumption un-correlated to data, which is key to defeating a common side-channel attack, differential power analysis (DPA). In comparison, DPA -resistant logic typically requires a 3—4x penalty in power, area, and performance. Our design can sustain a throughput of 6.15 Gbps while using 2x less area than a modern standard cell implementation in a 90 nm process, while significantly reducing data-dependent power consumption.

This talk is part of the Computer Laboratory Security Group meeting presentations series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2024 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity