Cryptography Reference
In-Depth Information
Table 18.3 Evaluated cipher modules of version (I) LSI and their maximum path delay T d
Module name
T d (ns) a
Description
AES_TBL
7.409
Direct mapping S-Box with case syntax
AES_PPRM3
9.407
Three-stage positive prime Reed-Muller (PPRM) based
S-Box
AES_Comp_ENC_top
10.567
Encryption part of AES_Comp
AES_S
10.612
Composite field-based S-Box. Back annotated netlist is
used in order to confirm delay to FPGA
implementation
AES_Comp
13.788
Composite field-based S-Box
AES_PPRM1
15.407
One-stage positive prime Reed-Muller (PPRM)-based
S-Box
AES_SSS1
30.884
Composite field-based S-Box. Random switching logic
(RSL) is applied for side-channel countermeasure
DES
6.499
Single-DES, 64-bit key, 16 rounds
Camellia
10.612
Camellia, 128-bit block, 18 rounds
CAST128
20.263
CAST-128, 64-bit block, 128-bit key, 16 rounds
SEED
23.098
SEED, 64-bit block, 128-bit key, 16 rounds
MISTY1
23.620
MISTY1, 64-bit block, 128-bit key, eight rounds
a @25 C, 1.20 V
Table 18.4 Evaluated cipher modules of version (II) LSI and their maximum path delay T d
Module name
T d (ns) a
Description
RSA
19.486
RSA using the six kinds of modular multiplications and each has two
modes, 512-bit data and key.
Mode: CRT mode (CRT/nonCRT)
Functions: (0) Left-to-right binary method, (1) Right-to-left binary
method, (2) Left-to-right binary method with dummy
multiplication, (3) Right-to-left binary method with dummy
multiplication, (4) Montgomery powering ladder, (5)
Square-multiply exponentiation method
ECC
9.841
Elliptic curve multiplication with Montgomery powering algorithm
over GF(2 61 ), 61-bit data, 64-bit key
a @25 C, 1.20 V
18.4.1.1 Interrelation Among Number of Error Bytes, Glitch Round
and Glitch Width T g
Using the environments developed, we can investigate how the glitch affects the
number of error bytes in the encryption output with its injected round and its width
T g . The reason we target the number of bytes is that the execution of many block
ciphers involves many bytewise operations, and many theoretical fault attacks use
these bytewise operation characteristics. As an example, a glitch could be injected
into the last or penultimate round of the encryption of each module because these two
rounds are convenient for investigating the effect of injected faults and are frequently
used in theoretical fault attacks. The fault injection round can be changed by setting
the delay of the Trigger_out signal of the oscilloscope appropriately.
 
Search WWH ::




Custom Search