Delay insensitive encoding and power analysis: a balancing act [cryptographic hardware protection]

Unprotected cryptographic hardware is vulnerable to a side-channel attack known as differential power analysis (DPA). This attack exploits data-dependent power consumption of a computation to determine the secret key. Dual-rail asynchronous circuits have been regarded as a potential countermeasure to this attack. In this paper, we evaluate the security of asynchronous dual-rail circuits against DPA. Our results show that, unless special precautions are taken, asynchronous circuits are not inherently more DPA resistant than their synchronous dual-rail counterparts. We show that the use of -spaced or return-to-zero (RTZ) protocols, used to provide delay-insensitive encoding for asynchronous circuits, can make a DPA attack easier. We present an overview of balancing dynamic implementations of dual-rail fine-grained asynchronous gates that offer a solution for the DPA weakness. We demonstrate the use of asynchronous balanced cells that use RTZ which are not only secure against DPA but also deliver high performance with low design effort through automated pipelining.