Abstract
The rapid deployment of the Internet of Things (IoT) brought some interesting topics into the spotlight, one of which is low-power design. IoT devices are usually deployed in environments where access to an electricity network is not feasible and therefore have to be supplied by a battery. Despite the limited energy budget in this setting, many relevant applications require long device runtimes. Additionally, in order to establish secure connections to other IoT devices, cryptographic primitives are required to safely transmit data. Since the devices are physically accessible, enabling adversaries to mount all sorts of physical attacks, physically secure implementations are inevitable.
In this study, we evaluate the energy consumption of cryptographic primitives on a custom 65 nm ASIC with different design architectures ranging from unrolled to serialized implementation. In each design architecture, we compare the consumed energy of different crypto cores. We also examine the energy consumption of different masking schemes up to third-order secure realizations of various block ciphers. Further, in our practical investigations, we explore the energy consumption overhead of countermeasures against fault-injection attacks under different adversary models providing the first practical results on real silicon for protected implementations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Qualcomm Product Security. Pointer Authentication on ARMv8.3 - Design and Analysis of the New Software Security Instructions. Technical report, January 2017. https://www.qualcomm.com/documents/whitepaper-pointer-authentication-armv83
Aghaie, A., Moradi, A., Rasoolzadeh, S., Shahmirzadi, A.R., Schellenberg, F., Schneider, T.: Impeccable circuits. IEEE Trans. Comput. 69(3), 361–376 (2020)
Avanzi, R.: The QARMA block cipher family. Almost MDS matrices over rings with zero divisors, nearly symmetric even-mansour constructions with non-involutory central rounds, and search heuristics for low-latency s-boxes. IACR Trans. Symmetric Cryptol. 2017(1), 4–44 (2017)
Banik, S., et al.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_17
Banik, S., Bogdanov, A., Regazzoni, F.: Exploring energy efficiency of lightweight block ciphers. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 178–194. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_10
Banik, S., Isobe, T., Liu, F., Minematsu, K., Sakamoto, K.: Orthros: a low-latency PRF. IACR Trans. Symmetric Cryptol. 2021(1), 37–77 (2021)
Batina, L., et al.: Dietary recommendations for lightweight block ciphers: power, energy and area analysis of recently developed architectures. In: Hutter, M., Schmidt, J.-M. (eds.) RFIDSec 2013. LNCS, vol. 8262, pp. 103–112. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41332-2_7
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Beierle, C., Leander, G., Moradi, A., Rasoolzadeh, S.: CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks. IACR Trans. Symmetric Cryptol. 2019(1), 5–45 (2019)
Bernstein, D.J., et al.: Gimli : a cross-platform permutation. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 299–320. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_15
Beyne, T., Dhooghe, S., Moradi, A., Shahmirzadi, A.R.: Cryptanalysis of efficient masked ciphers: applications to low latency. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(1), 679–721 (2022)
Beyne, T., Dhooghe, S., Zhang, Z.: Cryptanalysis of masked ciphers: a not so random idea. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 817–850. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_27
Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 267–284. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06734-6_17
Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_18
Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications - extended abstract. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_14
Božilov, D., et al.: PRINCEv2 - more security for (almost) no overhead. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 483–511. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_19
Caforio, A., Balli, F., Banik, S.: Energy analysis of lightweight AEAD circuits. In: Krenn, S., Shulman, H., Vaudenay, S. (eds.) CANS 2020. LNCS, vol. 12579, pp. 23–42. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65411-5_2
Can, A., Krishnaswamy, A., Turner, R.: Code pointer authentication for hardware flow control, uS Patent 9,514,305 (6 December2016)
De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04138-9_20
Cassiers, G., Grégoire, B., Levi, I., Standaert, F.: Hardware private circuits: from trivial composition to full verification. IEEE Trans. Comput. 70(10), 1677–1690 (2021)
De Cnudde, T., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with \(d+1\) shares in hardware. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 194–212. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_10
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography, Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 547–572 (2018)
Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–161 (1997). https://doi.org/10.1007/s001459900025
Groß, H., Mangard, S., Korak, T.: Domain-oriented masking: compact masked hardware implementations with arbitrary protection order. In: Theory of Implementation Security - TIS@CCS 2016, p. 3. ACM (2016)
Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_22
Kerckhof, S., Durvaux, F., Hocquet, C., Bol, D., Standaert, F.-X.: Towards green cryptography: a comparison of lightweight ciphers from the energy viewpoint. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 390–407. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_23
Knichel, D., Moradi, A.: Composable gadgets with reused fresh masks first-order probing-secure hardware circuits with only 6 fresh masks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(3), 114–140 (2022)
Knichel, D., Moradi, A.: Low-latency hardware private circuits. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, 7–11 November 2022, pp. 1799–1812. ACM (2022)
Knichel, D., Moradi, A., Müller, N., Sasdrich, P.: Automated generation of masked hardware. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(1), 589–629 (2022)
Knichel, D., Sasdrich, P., Moradi, A.: Generic hardware private circuits towards automated generation of composable secure gadgets. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(1), 323–344 (2022)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Leander, G., Moos, T., Moradi, A., Rasoolzadeh, S.: The SPEEDY family of block ciphers engineering an ultra low-latency cipher from gate level for secure processor architectures. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(4), 510–545 (2021)
Lim, C.H., Korkishko, T.: mCrypton – a lightweight block cipher for security of low-cost RFID tags and sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006). https://doi.org/10.1007/11604938_19
Malkin, T.G., Standaert, F.-X., Yung, M.: A comparative cost/security analysis of fault attack countermeasures. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 159–172. Springer, Heidelberg (2006). https://doi.org/10.1007/11889700_15
Moos, T.: Unrolled cryptography on silicon: a physical security analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 416–442 (2020)
Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006). https://doi.org/10.1007/11935308_38
Rasoolzadeh, S., Shahmirzadi, A.R., Moradi, A.: Impeccable circuits III. In: IEEE International Test Conference, ITC 2021, Anaheim, CA, USA, 10–15 October 2021, pp. 163–169. IEEE (2021)
Reparaz, O.: A note on the security of higher-order threshold implementations. IACR Cryptology ePrint Archive, vol. 2015, p. 1 (2015)
Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_37
Richter, B., Moradi, A.: Lightweight ciphers on a 65 nm ASIC A comparative study on energy consumption. In: 2020 IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2020, Limassol, Cyprus, 6–8 July 2020, pp. 530–535. IEEE (2020)
Sasdrich, P., Moradi, A., Güneysu, T.: Affine equivalence and its application to tightening threshold implementations. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 263–276. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_16
Selmane, N., Bhasin, S., Guilley, S., Graba, T., Danger, J.: WDDL is protected against setup time violation attacks. In: Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, Lausanne, Switzerland, 6 September 2009, pp. 73–83. IEEE Computer Society (2009)
Shahmirzadi, A.R., Bozilov, D., Moradi, A.: New first-order secure AES performance records. IACR Cryptology ePrint Archive, p. 37 (2021)
Shahmirzadi, A.R., Bozilov, D., Moradi, A.: New first-order secure AES performance records. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(2), 304–327 (2021)
Shahmirzadi, A.R., Moradi, A.: Re-consolidating first-order masking schemes - nullifying fresh randomness. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(1), 305–342 (2020)
Shahmirzadi, A.R., Moradi, A.: Second-order SCA security with almost no fresh randomness. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(3), 708–755 (2021)
Shahmirzadi, A.R., Rasoolzadeh, S., Moradi, A.: Impeccable circuits II. In: DAC 2020, pp. 1–6. IEEE (2020)
Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: 2004 Design, Automation and Test in Europe Conference and Exposition (DATE 2004), 16–20 February 2004, Paris, France, pp. 246–251. IEEE Computer Society (2004)
Acknowledgments
The work described in this paper has been supported in part by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy - EXC 2092 CASA - 390781972 and through the project 393207943 GreenSec, and by the European Union (EU) through the ERC project 724725 (acronym SWORD) and the Walloon Region through the FEDER project USERMedia (convention number 501907-379156).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A List of Links for Open-Source Designs
-
1.
https://github.com/Chair-for-Security-Engineering/SPEEDY: SPEEDY
- 2.
- 3.
-
4.
https://github.com/hadipourh/AES-VHDL/tree/master/AES-ENC/RTL: Unprotected round-based AES
-
5.
https://github.com/emsec/ImpeccableCircuits/tree/master/CRAFT: Unprotected round-based CRAFT and first-order secure CRAFT (CRAFT TI)
-
6.
https://github.com/Chair-for-Security-Engineering/AES_masked_BRAM: First-order Secure AES
-
7.
https://github.com/Chair-for-Security-Engineering/NullFresh: First-order secure CRAFT (CRAFT NF), First-order secure PRESENT (PRESENT NF)
-
8.
https://github.com/Chair-for-Security-Engineering/NullFresh2: First- and second-order secure KECCAK (KECCAK NF), Second-order secure PRESENT (PRESENT NF), Second-order secure SKINNY (SKINNY NF)
-
9.
https://github.com/Chair-for-Security-Engineering/AGEMA: First- and second-order secure SKINNY (SKINNY HPC2, SKINNY HPC3, SKINNY GHPC, SKINNY GHPC\(_{\texttt {LL}}\))
-
10.
https://github.com/ChairImpSec/COMAR: SKINNY COMAR
-
11.
https://github.com/emsec/ImpeccableCircuitsII: CRAFT IC II, CRAFT MV
B Additional Postlayout Details
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Rezaei Shahmirzadi, A., Moos, T., Moradi, A. (2023). Energy Consumption of Protected Cryptographic Hardware Cores. In: Kavun, E.B., Pehl, M. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2023. Lecture Notes in Computer Science, vol 13979. Springer, Cham. https://doi.org/10.1007/978-3-031-29497-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-29497-6_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-29496-9
Online ISBN: 978-3-031-29497-6
eBook Packages: Computer ScienceComputer Science (R0)