Security Issues in QCA Circuit Design - Power Analysis Attacks - Field-Coupled Nanocomputing: Paradigms, Progress, and Perspectives

Information Technology Reference

In-Depth Information

that have been measured while a circuit encrypts or decrypts data can be statis-

tically analysed to reveal the secret key. A large number of power measurements

are used to analyse the power consumption at a fixed moment in time. For a block

cipher under DPA, the S-boxes are the main target and they have been shown

to be vulnerable to this kind of attack in CMOS technology. In this section, the

first DPA attack results of a QCA cryptographic circuit are presented with a

proposed DPA attack procedure for QCA circuits.

4.1 DPA Attack Procedure for QCA Circuits

As discussed in Sect. 2.3 , the power consumption in basic QCA circuits depends

on the Hamming Distance (HD) of the input switching. Therefore, the power

data of QCA circuits could also be used to uncover the secret key. In a DPA

attack, the power consumption of a circuit is correlated with a hypothetical

power model that targets a key-dependent cryptographic operation. By com-

paring the hypothetical power values with the real power consumption of cryp-

togrpahic circuits by statistical tests, the key can be revealed. As the power

consumed at a fixed moment of time is used in DPA attacks, the total power

consumed by a QCA circuit during a full clock cycle is considered and simulated

in this work.

A DPA procedure for QCA circuits is proposed, which has been adapted

from the process used for CMOS-based devices. The proposed DPA procedure

consists of the following five steps:

Step 1: Choose a target key-dependent intermediate result which is gener-

ated by the cryptographic circuit. This intermediate signal should be a function

of a known non-constant data value (the plaintext or the ciphertext) and a small

part of the key. A sub-module including S-boxes is usually chosen in a block

cipher. In this work, the intermediate result under the attack is a sub-module of

the Serpent cipher with its S 0 -box:

Intermediate Result = S 0 B 0 ⊕

K 0 .

(19)

Step 2: Measure the power consumption while the cryptographic circuit is

encrypting the plaintext or decrypting the ciphertext. To perform this step in

this work, n + 1 random inputs,

B

, are applied to the QCA Serpent sub-module:

=( b 0 ,b 1 ,...,b n ) ₓ ,

B

(20)

where b i denotes the data value in the i th encryption or decryption process. For

each switching between two inputs, the power consumption,

P

, is measured by

QCAPro and stored as:

=( p 0 ,p 1 ,...,p n− 1 ) ₓ .

P

(21)

Step 3: Calculate a hypothetical intermediate value for every possible choice

of the key vector

K

. In this work, all possible keys in the key vector are rep-

resented as

=(0 , 1 , 2 ,..., 15). Each possible key element in the key vector

is referred to as a key guess . An attacker can calculate hypothetical values

K

Field-Coupled Nanocomputing: Paradigms, Progress, and Perspectives

Search WWH ::

Custom Search

Home