Changing the Odds Against Masked Logic
Random switching logic (RSL) has been proposed as an efficient countermeasure to mitigate power analysis. The logic style equalizes the output transition probabilities using a random mask-bit. This manuscript, however, will show a successful attack against RSL. The single mask-bit can only add one bit of entropy to the information content of the overall power consumption variations and can very easily be deduced from the power consumption. Once the mask-bit is known, the a posteriori probabilities of the output transitions are not equal anymore and a power analysis can be mounted. A threshold filter suffices to remove the additional bit of information.
KeywordsPower Consumption Clock Cycle Logic Gate Output Transition Posteriori Probability
- 2.Mangard, S., Popp, T., Gammel, B.: Side-Channel Leakage of Masked CMOS Gates. In: Menezes, A.J. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)Google Scholar
- 5.Suzuki, D., Saeki, M., Ichikawa, T.: Random Switching Logic: A Countermeasure against DPA based on Transition Probability. Cryptology ePrint Archive, Report 2004/346 (2004)Google Scholar
- 8.Weste, N., Harris, D.: Principles of CMOS VLSI Design, 3rd edn. Addison-Wesley, Reading (2005)Google Scholar