On the Ability of AES Sboxes to Secure Against

1
On the Ability of AES S-boxes to Secure Against
Correlation Power Analysis
Zheng-lin Liu, Xu Guo, Yi-cheng Chen, Yu Han,
and Xue-cheng Zou
Dept. of Electronic Sci. Tech., Huazhong Univ.
of Sci. Tech. Wuhan, Hubei, 430074, China
2
Outline

• Introduction
• Correlation Power Analysis Attacks
• CPA Attacks on AES
• CPA on S-boxes
• Conclusion and Extended Discussion
• Acknowledgements

3
?Introduction

• Ways to against the power analysis

• Using special circuit architectures, such as
  Differential Cascade Voltage Switch Logic
  (DCVSL), Wave Dynamic Digital Logic (WDDL),
  Random Switching Logic (RSL), and self-timed
  dual-rail technology, etc.
• randomization of the intermediate results that
  occur during AES encryptions/decryptions

4
?Introduction

• Drawbacks
• Normally, hardware countermeasures lead to a
  significant increase of area and power
  consumption.

5
?Introduction

• Objectives
• In comparison with most of the S-box designs
  which merely consider cost metrics, our work
  focuses on exploiting the internal
  characteristics of S-boxes to resist CPA attack
  without any added logic.

6
Outline

• Introduction
• Correlation Power Analysis Attacks
• CPA Attack on AES
• CPA on S-boxes
• Conclusion and Extended Discussion
• Acknowledgements

7
? Correlation Power Analysis Attacks

• Theoretical Background

Hamming distance model
We only consider partial key guess, and the
corresponding partial plaintexts. And reference
state is assumed to be 0.
According to the above equation, if the partial
key guess is correct, the highest correlation
coefficient can be achieved.
8
? Correlation Power Analysis Attacks

• Experimental Environment

9
? Correlation Power Analysis Attacks

• Simplified Block Diagram of AES

10
Outline

• Introduction
• Correlation Power Analysis Attacks
• CPA Attack on AES
• CPA on S-boxes
• Conclusion and Extended Discussion
• Acknowledgements

11
? CPA Attack on AES with Different S-boxes

• Simulation-based Attacks (1)

Both of the results illustrate that the
highest correlation occurs at 156. This value
corresponds to 0x9C which are the correct 8 MSBs
of the key.

12
? CPA Attack on AES with Different S-boxes

• Simulation-based Attacks (2)

• Look at the differences
• The corresponding correlation coefficients
• of the peak points in the two graphs are
• quite different

• The interval of correlation factors between
• the peak and the second highest point
• also varies greatly

13
Outline

• Introduction
• Correlation Power Analysis Attacks
• CPA Attack on AES
• CPA on S-boxes
• Conclusion and Extended Discussion
• Acknowledgements

14
? CPA on S-boxes

• CPA resistant properties of S-boxes

It is clear that if we assume the total AES
power is well adapted to the hamming distance
model, we should firstly guarantee the model is
also suitable for the power consumption of its
components.
Generally, the SubBytes operations consume
much of the total power consumption in AES
encryption operations (46 for GF(24) based AES
according to our experimental results).
15
? CPA on S-boxes

• Power consumption of the AES

Power consumption of each AES component (UMC
0.25µm 1.8v CMOS standard cell)
16
? CPA on S-boxes

• Different strategies for the S-Box

- Construct circuits directly from the
truth-table of the S-box. (LUT) - Implement
multiplicative inverse and affine transform with
combinatorial circuits using direct relationship
between input and output values of the S-box.
(SOP, DSE) - Implement the S-box with
combinatorial logic using its arithmetic
properties. (GF, PPRM)
17
? CPA on S-boxes

• Comparison of correlation coefficients of
  various S-boxes

We have implemented all solutions mentioned
above, all of which just consists of
combinatorial logic.
18
? CPA on S-boxes

• The relation of Cp, ?C and fc

Pratio the power ratio of S-boxes in the
AES ?sbox the correlation coefficient between
power traces and hamming distance of S-boxes.
19
? CPA on S-boxes

• The relation between Cs and Pg

We tried to find a relation between glitch
power ratios of S-boxes, Pg, and Cs, the
correlation coefficient between the total power
and hamming distance of S-boxes.
20
Outline

• Introduction
• Correlation Power Analysis Attacks
• CPA Attack on AES
• CPA on S-boxes
• Conclusion and Extended Discussion
• Acknowledgements

21
? Conclusions and Extended Discussion

• Contributions

Exploit the internal characteristics of
S-boxes to resist CPA attack without any added
logic. According to the results of the
simulated attacks the security levels of
different S-boxes vary greatly, which can
directly affect the ability of the AES to secure
against CPA attack.

22
? Conclusions and Extended Discussion

• Extended discussion (1)

By utilizing the different security
properties of S-boxes a novel masking scheme
called Inhomogeneous S-boxes is proposed.
23
? Conclusions and Extended Discussion

• Extended discussion (2)

The inhomogeneous S-boxes are expected to
have different power consumption and logic delay
due to the different S-box structures.
Comparison of various S-box implementations (UMC
0.25µm 1.8v CMOS standard cell, 1 gateNAND2XL)
24
? Conclusions and Extended Discussion

• Preliminary experimental results of
  Inhomogeneous S-boxes

The peak corresponding to the correct key guess

The peak corresponding to the correct key is
masked successfully!
25
Outline

• Introduction
• Correlation Power Analysis Attacks
• CPA Attack on AES
• CPA on S-boxes
• Conclusion and Extended Discussion
• Acknowledgements

26
? Acknowledgements
The research described in this paper has been
supported by the High Technology Research and
Development Program of China (863) under grant
2006AA01Z226, and the Scientific Research
Foundation of Huazhong University of Sci. Tech.
under grant 2006Z011B.
27
Thank you !
Q A