Side-Channel Attack Resistant ROM-Based AES S-Box

Add to your list(s) Download to your calendar using vCal

• Ken Mai, Carnegie-Mellon University
• Friday 30 July 2010, 16:00-17:00
• Room FW11, Computer Laboratory, William Gates Building.

If you have a question about this talk, please contact Sergei Skorobogatov.

One of the most popular encryption algorithms in use today is the Advanced Encryption Standard (AES). A repeated function within the algorithm that dominates the area and delay of AES implementations is the Substitution Box (S-Box) that performs a byte-wise substitution on the data based on an established code book. Most AES algorithm implementations use a large complex logic block consisting mainly of XORs to implement the S-Box. Direct implementation of the S-Box with a read-only memory (ROM) look-up table (LUT) has been eschewed due to difficulty in pipelining the structure, hence restricting the throughput. However, we present a custom ROM -based S-Box implementation that can achieve comparable throughput to logic-based implementations, yet is smaller in both area and power. Additionally, the symmetrical nature of the ROM is well suited towards maintaining power consumption un-correlated to data, which is key to defeating a common side-channel attack, differential power analysis (DPA). In comparison, DPA -resistant logic typically requires a 3—4x penalty in power, area, and performance. Our design can sustain a throughput of 6.15 Gbps while using 2x less area than a modern standard cell implementation in a 90 nm process, while significantly reducing data-dependent power consumption.

This talk is part of the sps32's list series.

This talk is included in these lists:

• Room FW11, Computer Laboratory, William Gates Building

Note that ex-directory lists are not shown.