Simulated power analysis attacks on a DDPL crypto-core without routing constraints

Delay-based Dual-rail Pre-charge Logic (DDPL) is a logic style introduced with the aim of hiding power consumption in cryptographic circuits in order to prevent Power Analysis (PA) attacks. Its particular data encoding allows to make the adsorbed current constant for each data input combination, irrespective of capacitive load conditions, which allows to design a PA-resistant circuit without routing constraints. In this work we present a fair comparison between SABL, a well-known state of the art transistor level countermeasure which is sensitive to the capacitive mismatches on the complementary lines and requires a customized routing procedure, and DDPL. After having provided a power model for describing the leakage sources for the above mentioned logics, a simple cryptographic circuit has been designed for both SABL and DDPL, and a CPA attack has been mounted. Simulations results show that when capacitive load unbalances are considered, DDPL strongly outperforms SABL in terms of number of traces required for disclose the secret key.