High Speed ASIC Implementations of Leakage‐Resilient Cryptography
Robert Schilling1,2,a, Thomas Unterluggauer1,b, Stefan Mangard1,c, Frank K. Gurkaynak3,d, Michael Muehlberghuber3,e and Luca Benini3,f
1Graz University of Technology, Austria
aRobert.Schilling@iaik.tugraz.at
bThomas.Unterluggauer@iaik.tugraz.at
cRobert.Mangard@iaik.tugraz.at
2Know‐Center GmbH
3Integrated Systems Laboratory, ETH Zurich, Switzerland
dkgf@iis.ee.ethz.ch
embgh@iis.ee.ethz.ch
flbenini@iis.ee.ethz.ch
ABSTRACT
Embedded devices in the Internet‐of‐ Things require encryption functionalities to secure their communication. However, side‐channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. While state‐of‐the‐art countermeasures like masking slow down the performance and can only prevent DPA up to a certain order, leakage‐resilient schemes are designed to stay secure even in the presence of side‐channel leakage. Although several leakage‐resilient schemes have been proposed, there are no hardware implementations to demonstrate their practicality and performance on measurable silicon. In this work, we present an ASIC implementation of a multi‐core System‐on‐Chip extended with a software‐programmable accelerator for leakage‐resilient cryptography. The accelerator is deeply embedded in the shared memory architecture of the many‐core system, supports different configurations, contains a high‐throughput implementation of the 2PRG primitive based on AES‐128, offers two side‐channel protected rekeying functions, and is the first fabricated design of the side‐channel secure authenticated encryption schemeISAP. The accelerator reaches a maximum throughput of 7.49 Gbit/s and a best‐case energy effciency of 137 Gbit/s/W making this accelerator suitable for high‐speed secure IoT applications.
Keywords: ASIC, Cryptography, IoT, Leakage‐resilience, Security.