A 4900-$\mu$ m<sup>2</sup> 839-Mb/s Side-Channel Attack- Resistant AES-128 in 14-nm CMOS With Heterogeneous Sboxes, Linear Masked MixColumns, and Dual-Rail Key Addition
Raghavan Kumar, Vikram Suresh, Monodeep Kar, Sudhir Satpathy, Mark Anders, Himanshu Kaul, Amit Agarwal, Steven Hsu, Gregory K. Chen, Ram Krishnamurthy, Vivek De, Sanu Mathew
Abstract
Cryptographic circuits such as advanced encryption standard (AES) are vulnerable to correlation power analysis (CPA) side-channel attacks (SCAs), where an adversary monitors chip supply current signatures or electromagnetic (EM) emissions to decipher the value of embedded keys. This article describes an all-digital, fully synthesizable SCA-resistant 16-b serial AES-128 hardware accelerator fabricated in 14-nm CMOS, occupying 4900 μm <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> . Randomized byte-order shuffling through heterogeneous Sboxes, linear masked MixColumns, and dual-rail AddRoundKey circuits enable: 1) 9.2× lower correlation between current signatures and hamming distance (HD)/hamming weight (HW) power models compared to an unprotected AES implemented in 14-nm CMOS; 2) 2.3× attenuation of a correlation ratio for correct key guesses; 3) 839-Mb/s encryption throughput with 11-mW total power consumption measured at 750 mV, 25 °C; 4) peak energy efficiency of 390 Gbps/W measured at an energy optimal point of 290 mV, 25 °C, representing an overhead of 23% over the unprotected AES engine; 5) <; 1% performance impact compared to unprotected AES; 6) >1200× improvement in minimum-traces-to-disclosure (MTD) over an unprotected AES accelerator, with no successful CPA attacks observed after 12M encryptions; and 7) >1100× improvement in test vector leakage assessment (TVLA ) metric in power and EM time- and frequency-domain analyses.