Masking at Gate Level in the Presence of Glitches [chapter]

Wieland Fischer, Berndt M. Gammel
2005 Lecture Notes in Computer Science  
It has recently been shown that logic circuits in the implementation of cryptographic algorithms, although protected by "secure" random masking schemes, leak side-channel information, which can be exploited in differential power attacks [14] . The leak is due to the fact that the mathematical models describing the gates neglected multiple switching of the outputs of the gates in a single clock cycle. This effect, however, is typical for CMOS circuits and known as glitching. Hence several
more » ... ly known masking schemes are not secure in theory or practice. Solutions for DPA secure circuits based on logic styles which do not show glitches have several disadvantages in practice. In this paper, we refine the model for the power consumption of CMOS gates taking into account the side-channel of glitches. It is shown that for a general class of gate-level masking schemes a universal set of masked gates does not exist. However, there is a family of masked gates which is theoretically secure in the presence of glitches if certain practically controllable implementation constraints are imposed. This set of gates should be suitable for automated CMOS circuit synthesis.
doi:10.1007/11545262_14 fatcat:hbv32qumpvb4zizhkpcpg6ggg4