Embedded Files
Our target for hardware implementations was a round-based architecture. This leads to the design architecture shown below. To provide both encryption and decryption, we add a MixColumn (MC) module through the round key path and a multiplexer to decide whether the selected round key TKi or MC(TKi) should be given to the round function. To provide the round constant for decryption, we implemented the update function of each LFSR with both forward and backward functionalities, selected by the encryption/decryption (E/D) signal bit.
For the implementations we used the Synopsys Design Compiler with the IBM 130nm ASIC standard cell library and also a commercial 40nm standard cell library. The results of pure implementations together with protected implementations against either DFA or SCA (Threshold Implementation) attacks are shown in the following tables.
It is noteworthy that encryption-only CRAFT without tweak needs less than 1000GE which – to the best of our knowledge – is a record for a round-based implementation with a 64-bit state and 128-bit key.
Implementations considering a univariate DFA adversary with an [n, k, d] code, using the IBM 130nm ASIC library:
Threshold Implementations with 3 shares considering a univariate adversary with an [n, k, d] code, using the IBM 130nm ASIC library:
Implementations considering a multivariate DFA adversary with an [n, k, d] code, using the IBM 130nm ASIC library:
Threshold Implementations with 3 shares considering a multivariate DFA adversary with an [n, k, d] code, using the IBM 130nm ASIC library:
Implementations considering a univariate DFA adversary with an [n, k, d] code, using a 40nm commercial ASIC library:
Threshold Implementations with 3 shares considering a univariate DFA adversary with an [n, k, d] code, using a 40nm commercial ASIC library:
Implementations considering a multivariate DFA adversary with an [n, k, d] code, using a 40nm commercial ASIC library:
Threshold Implementations with 3 shares considering a multivariate DFA adversary with an [n, k, d] code, using a 40nm commercial ASIC library:
Google Sites
Report abuse