Hybrid masking using intra-masking dual-rail memory on LUT for SCA-Resistant AES implementation on FPGA (abstract only)

In current countermeasure design trends against Different Power Analysis (DPA), security at gate level is required in addition to the security algorithm. Several Dual-rail pre-charge logics (DPL) have been proposed to achieve this goal. Designs using ASIC can attain this goal owing to its backend design restrictions on placement and routing. However, implementing these designs on Field Programmable Gate Array (FPGA) without information leakage is still a problem because of the difficulty involved in the restrictions on placement and routing on FPGA. This paper describes our novel Hybrid Masking implementations using Intra-Masking Dual-rail Memory (IMDRM) approach for Side-channel-resistant AES. The hybrid masking scheme includes an additive mask and a multiplicative mask. The additive masking scheme utilizes a dual-rail memory, in which all unsafe nodes, such as unmasking and masking, the dual-rail memory and buses are packed into a single LUT. This makes them balanced and independent of the placement and routing tools. The multiplicative masking scheme is then applied over the additive masked values. It removes the joint-leakage, which is caused by the joint processing of the masks and the masked values inside the dual-rail memory. The design is independent of the cryptographic algorithm and persistent with SCA attacks even after 1,000,000 traces. It also occupied smaller hardware size than most other advanced SCA resistant implementations such as the Wave Dynamic Differential Logic, the Masked Dual-Rail Pre-charge Logic, and the Intra-Masking Dual-Rail Memory.