Efficient and side-channel-secure block cipher implementation with custom instructions on FPGA

The security threat of side-channel analysis (SCA) attacks has created a need for SCA countermeasures. While many countermeasures have been proposed, a key challenge remains to design a countermeasure that is effective, that is easy to integrate in existing cryptographic implementations, and that has low overhead in area and performance. We present our solution in the context of an embedded design flow for FPGA. We integrate an SCA-resistant custom instruction set on a soft-core CPU. The SCA resistance is based on dual-rail precharge logic. A balanced-interleaved data format, combined with a novel memory organization, ensures that we can support both logic operations as well as lookup tables. The resulting countermeasure applies to a broad class of block ciphers. We demonstrate our results on an Altera Cyclone-II FPGA with Nios-II/s processor for a 128-bit Advanced Encryption Standard (AES) T-box implementation. We show SCA improvement of more than 400× for a system-wide electro-magnetic attack that covers both the FPGA and offchip memory (SSRAM). This comes at an overhead of 2.7× in performance and 1.15× in area. Using comparisons with related work, we demonstrate that this represents an excellent trade-off between SCA resistance, (software and hardware) design complexity, performance, and circuit area cost.