Minimizing the Costs of Side-Channel Analysis Resistance Evaluations in Early Design Steps

Evaluating the side-channel analysis (SCA) resistance of an implementation is often a challenging task for a chip designer. Reducing the time required for evaluation allows faster redesign cycles and lowers consequently also product costs. In this work we present several ways to speed up the evaluation of implementations of symmetric cryptographic primitives according to their resistance against SCA attacks. We cover the recording of the traces, the preprocessing steps as well as mitigation techniques for implemented countermeasures. The focus in this work is put on constrained devices, e.g., for radio-frequency identification applications, so only a subset of common countermeasures is covered. In a practical example we show how to speed up the SCA resistance evaluation of an application-specific integrated circuit (ASIC) chip for near-field communication (NFC) applications. The chip has the Advanced Encryption Standard (AES) with two countermeasures implemented: the random insertion of dummy rounds and shuffling. During our evaluation we found ways to mitigate the impact of both countermeasures. Our mitigation techniques show the importance of practically performing SCA attacks on prototypes in order to identify small leakages which might be used to enhance an attack. Altogether we are able to decrease the number of required traces for revealing the secret AES key from more than 3.1*10^6 to less than 20000 which corresponds to a reduction of the evaluation time from 16 days to less than 3 hours.