Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES CHES - - PowerPoint PPT Presentation

• Grant. Nr.

16KIS0666 SYSKIT_HW

Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES

CHES 2018, Amsterdam

Lauren De Meyer1, Amir Moradi2, Felix Wegener2

1 imec - COSIC, KU Leuven, Belgium 2 Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany

2

Embedded Security Group

Area Optimization: ASICs vs FPGAs

ASIC

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

3

Embedded Security Group

Area Optimization: ASICs vs FPGAs

ASIC

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

FPGA (Xilinx 6/7 series)

Spartan-6 FPGA Configurable Logic Block User Guide

4

Embedded Security Group

FPGA Building Blocks (Xilinx)

▪ Slice contents:

– 4 LUT6 elements – Auxiliar MUX – (8 registers)

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

LUT 6 LUT 6 LUT 6 LUT 6

Slice

5

Embedded Security Group

FPGA Building Blocks (Xilinx)

▪ Slice contents:

– 4 LUT6 elements – Auxiliar MUX – (8 registers)

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

LUT 6 LUT 6 LUT 6 LUT 6

Slice One slice can implement any 𝔾2

8 → 𝔾2 function

6

Embedded Security Group

AES S-box Structure

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

𝑦−1 = 𝑦254 𝐻𝐺(28) 𝐵𝑦 + 𝑐

Power Map Affine Map

7

Embedded Security Group

AES S-box in FPGAs

▪ Naive Approach: one slice per coordinate: 8 slices

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

slice slice slice slice slice slice slice slice

8

Embedded Security Group

AES S-box in FPGAs

▪ Naive Approach: one slice per coordinate: 8 slices ▪ Algebraic degree 7 → no obvious improvements

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

slice slice slice slice slice slice slice slice

9

Embedded Security Group

AES S-box in FPGAs

▪ Naive Approach: one slice per coordinate: 8 slices ▪ Algebraic degree 7 → no obvious improvements ▪ Tower field doesn‘t suit LUTs

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

slice slice slice slice slice slice slice slice

• Canright. A Very Compact S-box for AES. CHES 2005

10

Embedded Security Group

AES S-box in FPGAs

▪ Naive Approach: one slice per coordinate: 8 slices ▪ Algebraic degree 7 → no obvious improvements ▪ Tower field doesn‘t suit LUTs

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

slice slice slice slice slice slice slice slice

Canright: A Very Compact S-box for AES. CHES 2005

Our Contribution: Reduction to 4 slices

11

Embedded Security Group

Rotational Symmetry of Power Maps

Inversion in 𝐻𝐺 28 : 𝑦 ↦ 𝑦254 Conversion to normal base: 𝑦 ↦ 𝜚 𝑦 Rotation: 𝑠𝑝𝑢 𝑏0, … , 𝑏𝑜−1 = (𝑏𝑜−1, 𝑏0, … , 𝑏𝑜−2)

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

12

Embedded Security Group

Rotational Symmetry of Power Maps

Inversion in 𝐻𝐺 28 : 𝑦 ↦ 𝑦254 Conversion to normal base: 𝑦 ↦ 𝜚 𝑦 Rotation: 𝑠𝑝𝑢 𝑏0, … , 𝑏𝑜−1 = (𝑏𝑜−1, 𝑏0, … , 𝑏𝑜−2) Theorem1:

Power Map: 𝐺(𝑦) = 𝑦𝑛 in 𝐻𝐺(28) Normal base: 𝑇(𝑦) = 𝜚(𝐺(𝜚−1(𝑦))) ⇒ 𝑠𝑝𝑢(𝑇 𝑦 ) = 𝑇(𝑠𝑝𝑢(𝑦))

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

1 Rijmen, Barreto, Gazzoni Filho. Rotation Symmetry in Algebraically Generated

Cryptographic Substitution Tables. Information Processing Letters 2008

13

Embedded Security Group

Rotational Symmetry: Area Reduction

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

7 LSB of S-box: S* 6 5 4 3 2 1

Idea: Create circuit for only one coordinate function (LSB)

14

Embedded Security Group

Rotational Symmetry: Area Reduction

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

6 LSB of S-box: S* 5 4 3 2 1 7

Idea: Create circuit for only one coordinate function (LSB)

15

Embedded Security Group

Rotational Symmetry: Area Reduction

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

5 LSB of S-box: S* 4 3 2 1 7 6

Idea: Create circuit for only one coordinate function (LSB)

16

Embedded Security Group

Rotational Symmetry: Area Reduction

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

LSB of S-box: S* 7 6 5 4 3 2 1

Idea: Create circuit for only one coordinate function (LSB)

17

Embedded Security Group

AES S-box: Byte-serial Circuit

▪ Transformation to (p2n) and from (n2p) normal basis ▪ Occupies 4 slices:

16LUTs / 15Regs

▪ Latency: 8 cycles

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

p2n 𝑇∗ n2p 𝑦 𝑧

8 8 8 7 1 8 8 1 R2

18

Embedded Security Group

First Design: Improve smallest FPGA-specific AES

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

19

Embedded Security Group

Former record by Sasdrich et al.1

▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Key RAM 256

Naive S-Box (8 slices)

MUX 2:1 Mix Col. & Add RndK State RAM 256 MUX 4:1 K P C

1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices. ASAP 2016

20

Embedded Security Group

Former record by Sasdrich et al.1

▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Key RAM 256

Naive S-Box (8 slices)

MUX 2:1 Mix Col. & Add RndK State RAM 256 MUX 4:1 K P C

2 slices 1 slice 2 slices 2 slices

1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices. ASAP 2016

21

Embedded Security Group

Former record by Sasdrich et al.1

▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Key RAM 256 MUX 2:1 Mix Col. & Add RndK State RAM 256 MUX 4:1 K P C

Our S-Box (4 slices) Total design: 17 slices

1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices. ASAP 2016

22

Embedded Security Group

Second Design: Port smallest AES on ASICs to FPGAs

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

23

Embedded Security Group

Bitsliding Design: Jean et al, CHES 20171

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Adapt smallest ASIC-based AES to FPGAs

1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based

primitives - applications to AES, PRESENT and SKINNY. CHES 2017

24

Embedded Security Group

Bitsliding Design: Jean et al, CHES 20171

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Adapt smallest ASIC-based AES to FPGAs

1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based

primitives - applications to AES, PRESENT and SKINNY. CHES 2017

25

Embedded Security Group

Fully-bitserial S-box

▪ Bitserial in-/output ▪ Area: 4 slices:

16 LUTs, 16 Regs

▪ Latency: 16 Cycles

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

p2n 𝑇∗ n2p 𝑦𝑗 𝑧𝑗

1 7 8 8 1 7 8 8 1 8 R1 R2

26

Embedded Security Group

Bitsliding Design: Jean et al, CHES 20171

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Adapt smallest ASIC-based AES to FPGAs

1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based

primitives - applications to AES, PRESENT and SKINNY. CHES 2017

27

Embedded Security Group

Bitsliding on an FPGA

▪ 4 LUTs as 32-bit shift registers ▪ Shiftrows: 32 cycles ▪ Mixcolumns: 32 cycles

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

1 slice 4 LUTs 2 slices 6 LUTs, 4 FF Total design: 63 LUTs

28

Embedded Security Group

Comparison

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Design # LUTs # Flipflops # Slices #Clockcyc.

• Max. Freq.

Sasdrich et al. [SG16] 84 24 21 1471 108 Mhz Our AES based on [SG16] 68 39 17 5538 109 Mhz Our AES based on [JMPS17] 63 38 19 4852 155 Mhz

[SG16] Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices. ASAP 2016 [JMPS17] Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations

• f SPN-based primitives - applications to AES, PRESENT and SKINNY. CHES 2017

29

Embedded Security Group

Third Design: Smallest First-order secure AES on FPGAs

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

30

Embedded Security Group

Masking

▪ Decomposition into cubic function1: 𝑦−1 = 𝑦254 = 𝑦26 49 ▪ Implement one coordinate of each cubic function: 𝐻∗ 𝜚(𝑦) = 𝜚(𝑦26), 𝐺∗ 𝜚(𝑦) = 𝜚(𝑦49)

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

1 Moradi. Advances in Side-channel Security. 2016

31

Embedded Security Group

Masking

▪ Decomposition into cubic function1: 𝑦−1 = 𝑦254 = 𝑦26 49 ▪ Implement one coordinate of each cubic function: 𝐻∗ 𝜚(𝑦) = 𝜚(𝑦26), 𝐺∗ 𝜚(𝑦) = 𝜚(𝑦49) ▪ Find first-order masking (CMS2): any-order: 𝑒 + 1 input sh. / 𝑒 + 1 𝑢 output sh. first-order: 2 input shares / 8 output shares

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

1 Moradi. Advances in Side-channel Security. 2016 2 Reparaz, Bilgin, Nikova, Gierlichs, Verbauwhede. Consolidating masking schemes. CRYPTO 2015

32

Embedded Security Group

Masking

▪ Decomposition into cubic function1: 𝑦−1 = 𝑦254 = 𝑦26 49 ▪ Implement one coordinate of each cubic function: 𝐻∗ 𝜚(𝑦) = 𝜚(𝑦26), 𝐺∗ 𝜚(𝑦) = 𝜚(𝑦49) ▪ Find first-order masking (CMS2): any-order: 𝑒 + 1 input sh. / 𝑒 + 1 𝑢 output sh. first-order: 2 input shares / 8 output shares

Problem: How to find CMS sharing of cubic function?

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

1 Moradi. Advances in Side-channel Security. 2016 2 Reparaz, Bilgin, Nikova, Gierlichs, Verbauwhede. Consolidating masking schemes. CRYPTO 2015

33

Embedded Security Group

Masking

▪ Decomposition into cubic function1: 𝑦−1 = 𝑦254 = 𝑦26 49 ▪ Implement one coordinate of each cubic function: 𝐻∗ 𝜚(𝑦) = 𝜚(𝑦26), 𝐺∗ 𝜚(𝑦) = 𝜚(𝑦49) ▪ Find first-order masking (CMS2): any-order: d input shares / 𝑒 + 1 𝑢 output shares first-order: 2 input shares / 8 output shares

Problem: How to find CMS sharing of cubic function?

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

1 Moradi. Advances in Side-channel Security. 2016 2 Reparaz, Bilgin, Nikova, Gierlichs, Verbauwhede. Consolidating masking schemes. CRYPTO 2015

Solution: Our Heuristic Split function 𝐻 into parts: 𝐻𝐵, 𝐻𝐶, 𝐻𝐷 2 input shares / 8 output shares each (Details in the paper)

34

Embedded Security Group

Non-complete realization of F*/G*

▪ 18 bits of randomness / cycle ▪ Dependence on only 14 bits each reduces area

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

A A A A A A A A A A A A A A A A A A

3

A A

𝑠

𝐻𝐵

𝑠

1

𝐻𝐶

𝑠

2

𝐻𝐷

𝑠

3

𝐺 ⊕ 𝐻 𝐵

𝑠

4

𝐺 ⊕ 𝐻 𝐶

𝑠

5

𝐺 ⊕ 𝐻 C 3 3 3 3 3 16

⊕ ⊕ ⊕ ⊕

A A A A

⊕ ⊕ ⊕ ⊕

⊕ ⊕

𝑡𝑓𝑚 𝑡𝑓𝑚 𝑧1 𝑧0

4 14 14 14 14 14 14 4 4 4 4 4 4 4 4 4 4 4 6 6 6 6 6 6 6 6

data flow

size: 144 LUTs, 48 Regs

35

Embedded Security Group

Two-share S-box

▪ First-order secure design ▪ Clear register to F*/G*

• n negative edge

▪ Area: 182 LUTs, 96 Reg ▪ Latency: 26 cycles

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

p2n p2n p2n

𝑮∗/ 𝑯∗

𝒚𝒋 𝒛𝒋

2 2 14 16 16 2 16

p2n n2p

14 16 16 2

𝑡𝑓𝑚 R1 R2 𝑑𝑚𝑙

CLR

16

36

Embedded Security Group

SCA Evaluation: Moments-Correlating DPA

Measurement Setup:

– Sakura-G platform – Oscilloscope: 625 MS/s – Target: 6 MHz – Additional AC amplifier

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

PRNG off, 1. order, 10 k traces

37

Embedded Security Group

SCA Evaluation: Moments-Correlating DPA

Measurement Setup:

– Sakura-G platform – Oscilloscope: 625 MS/s – Target: 6 MHz – Additional AC amplifier

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

PRNG off, 1. order, 10 k traces PRNG on, 1. order, 10 M traces PRNG on, 2. order, 10 k traces

38

Embedded Security Group

Comparison: First-order secure Designs

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Design # LUTs # FF # Slices #Cycles #Rand. Bits

• Max. Freq.

Bilgin et al. [BGN+15] 1198 611 475 246 32 127 MHz Gross et al [GMK17] 595 734 366 246 18 103 MHz Cnudde et al [CRB+16] 1191 642 553 275 54 181 MHz This work 293 124 162 6852 18 103 MHz

[BGN+15] Bilgin, Gierlichs, Nikova, Nikov, Rijmen. Trade-offs for threshold implementations illustrated on

• AES. IEEE TCAD 2015.

[GMK17] Groß, Mangard, Korak. An efficient side-channel protected AES implementation with arbitrary protection order. CT-RSA 2017 [CRB+16] De Cnudde, Reparaz, Bilgin, Nikova, Nikov, Rijmen. Masking AES with d+1 shares in hardware. CHES 2016

39

Embedded Security Group

Summary

This presentation: ▪ New size-record for FPGA-specific AES ▪ Smallest first-order secure AES on FPGA devices Further contributions in the paper: ▪ Latency optimizations for the Sasdrich et al. design ▪ New heuristic to mask Boolean functions with d + 1 Shares

CHES 2018| Amsterdam | 12.09.2018 Felix Wegener

Thanks! any questions?

Lauren De Meyer1, Amir Moradi2, Felix Wegener2

1 imec - COSIC, KU Leuven, Belgium 2 Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany

felix.wegener@rub.de