Cryptography Reference
In-Depth Information
Table 18.2
Summary of cryptographic LSIs
Version no.
Process rule (nm)
LSI version
Year
Supported cryptography
(I)
130
GAIA
2008
ISO/IEC 18,033 block ciphers, RSA
(II)
130
MASH
2009
ISO/IEC 18,033 block ciphers, RSA (six
kinds of implementation), ECC
(III)
90
CHAR
2009
ISO/IEC 18,033 block ciphers, RSA (six
kinds of implementation), ECC
18.3.2 Target Cryptographic LSI
A prototype ASIC called the 'Standard Cryptographic LSI' is available for studying
side-channel analysis [340]. This cryptographic LSI is manufactured using a Taiwan
Semiconductor Manufacturing 130 nm or 90 nm CMOS processor and packaged in a
160-pin QFP. This LSI is designed for side-channel analysis and its IP core, which is
written in Verilog HDL, is publicly available. The fact that the IP core is open is very
useful because we can inspect the source code and use this information to study how
the implementation style affects the results of the fault injection. Three kinds of LSIs
have been developed, version (I), version (II), and version (III). Table
18.2
shows
the summary of the three kinds of LSIs. We can place all three kinds of LSIs on the
SASEBO-R board. In this study, we evaluate the block cipher modules implemented
on version (I) LSI and public cryptography implemented on version (II) LSI for
the experiments. The evaluated ciphers for version (I) or version (II) LSI and their
maximum path delay
T
d
, written in the specification of the cryptographic LSI [341],
are given in Tables
18.3
or
18.4
. All modules implemented on the LSI are directly
driven by an external clock supplied via a clock pin, a buffer, and a clock control
circuit.
18.4 Results of Fault Injection Experiments
This section shows the experimental results that can be obtained using the experi-
mental environment of the fault injection developed.
18.4.1 Experimental Results for Block Ciphers
This subsection presents the interrelation between the fault injection and the clock
glitch width for block ciphers.
