I.M. Delgado-Lozano, E. Tena-Sánchez, J. Núñez and A. Acosta, ACM Journal on Emerging Technologies in Computing Systems, vol. 16, no. 3, 2020. Abstract - The design of near future cryptocircuits will require greater performance characteristics in order to be implemented in devices with very limited resources for secure applications. Considering the security against differential power side-channel attacks (DPA), explorations of different implementations of dual-precharge logic gates with advanced and emerging technologies, using nanometric FinFET and Tunnel FET transistors, are proposed aiming to maintain or even improve the security levels obtained by current Metal-Oxide Semiconductor Field-Effect Transistor (MOSFET) technologies and reducing the resources needed for the implementations. As case study, dual-precharge logic primitives have been designed and included in the 4-bit substitution box of PRIDE algorithm, measuring the performance and evaluating the security through simulation-based Differential Power Analysis (DPA) attacks for each implementation. Extensive electrical simulations with predictive Predictive Transistor model on scaled 16nm and 22nm MOSFET, 16nm and 20nm FinFET, and 20nm Tunnel Field Effect Transistor (TFET) demonstrate a clear evolution of security and performances with respect to current 90nm MOSFET implementations, providing FinFET as fastest solutions with a delay 3.7 times better than conventional proposals, but TFET being the best candidate for future cryptocircuits in terms of average power consumption (x0.02 times compared with conventional technologies) and security in some orders of magnitude.
I.M. Delgado Lozano, E. Tena-Sánchez, J. Núñez and A.J. Acosta, IEEE Transactions on Emerging Topics in Computing, first online, 2020. Abstract - The emergence of new devices to be used in low-power applications are expected to reach impressive performance compared to those obtained by equivalent CMOS counterparts. However, when used in lightweight security applications, these emerging paradigms are required to be reliable and safe enough during the task of protecting important and valuable data. In this work, the usage of HyperFET devices for security applications has been analyzed and new paradigms for enhancing security against Power Analysis attacks have been developed for the first time. To perform this analysis, classical dual-precharge logic primitives implemented with 14nm FinFET have been upgraded to incorporate HyperFET devices. The proposed primitives incorporating HyperFETs, as well as a 4-bit Substitution box of PRIDE algorithm as demonstrative example, have been designed and simulated using predictive models. Simulation-based Differential Power Analysis attacks demonstrate high improvements in security levels in a x25 factor at least, with negligible degradation in performance. This first approach could be easily extensible to other ciphers or crypto-circuits, where the incorporation of HyperFET devices will enhance security for most future applications.
J.M. Mora, C.J. Jiménez and M. Valencia, IEEE Transactions on Circuits and Systems II: Express Briefs, first online, 2020. Abstract - We are presenting the experimental measurements of the power consumption and the maximum frequency in an ASIC prototype of 12 versions of the Trivium cipher: one standard version and two low power versions (FPLP and MPLP) with four different radix (radix-1, radix-2, radix-8 and radix-16). It is also described the mechanism for measuring power consumption in each Trivium implemented in the ASIC prototype. The clock tree of the ciphers has been designed in such a way that the clock signal of each Trivium can be cut independently. The experimental setup uses the Agilent 93000 testing system. The results show that the higher radix versions have a lower operating frequency and that the lower radix low-power versions have a very high power reduction. However, the Trivium radix-16 versions generate 16 bit/clock cycle so the measurements conclude that the MPLP version is the one with the lowest power consumption per bit (0.69 pJ/bit at 50 MHz).
P. Saraza-Canflanca, H. Carrasco-Lopez, P. Brox, R. Castro-Lopez, E. Roca and F.V. Fernandez, Design and Technology of Integrated Systems in Nanoscale Era DTIS 2019. Abstract - The utilization of power-up values in SRAM cells for the generation of PUF responses has been widely studied. It is important that the cells used for this purpose are stable, i.e., the cells must have a strong tendency towards one of the two possible values (`0' or `1'). Some methods have been presented that aim at increasing the reliability of this type of PUFs by selecting the strongest cells among a set of them. However, they feature some drawbacks, either in terms of their practical feasibility or of their actual effectiveness selecting the strongest cells in different scenarios. In this work, the experimental results obtained for a new method to classify the cells according to their strength are presented and discussed. The technique overcomes some of the drawbacks that the previous methods present. In particular, it is experimentally demonstrated that the technique presented in this work outstands in selecting SRAM cells that are very robust against circuit degradation, which translates into the construction of reliable SRAM-based PUFs. Logic minimization and wide fan-in issues in DPL-based cryptocircuits against power analysis attacks |
E. Tena-Sánchez and A.J. Acosta, International Journal of Circuit Theory and Applications, vol. 47, no. 2, pp 238-253, 2019.
Abstract - This paper discusses the use of logic minimization techniques and wide fan-in primitives and how the design and evaluation of combinational blocks for full-custom dual-precharge-logic-based cryptocircuits affect security, power consumption, and hardware resources. Generalized procedures for obtaining optimized solutions were developed and applied to the gate-level design of substitution boxes, widely used in block ciphers, using sense-amplifier-based logic in a 90-nm technology. The security of several proposals was evaluated with simulation-based correlation power analysis attacks, using the secret key measurements to disclosure metric. The simulation results showed increased security-power-delay figures for our proposals and, surprisingly, indicated that those solutions which minimized area occupation were both the most secure and the most power-efficient.
Memory Tampering Attack on Binary GCD Based Inversion Algorithms
A.C. Aldaya, B.B. Brumley, A.J.C. Sarmiento and S. Sánchez-Solano, International Journal of Parallel Programming, vol. 47, no. 4, pp 621-640, 2019.
Abstract - In the field of cryptography engineering, implementation-based attacks are a major concern due to their proven feasibility. Fault injection is one attack vector, nowadays a major research line. In this paper, we present how a memory tampering-based fault attack can be used to severely limit the output space of binary GCD based modular inversion algorithm implementations. We frame the proposed attack in the context of ECDSA showing how this approach allows recovering the private key from only one signature, independent of the key size. We analyze two memory tampering proposals, illustrating how this technique can be adapted to different implementations. Besides its application to ECDSA, it can be extended to other cryptographic schemes and countermeasures where binary GCD based modular inversion algorithms are employed. In addition, we describe how memory tampering-based fault attacks can be used to mount a previously proposed fault attack on scenarios that were initially discarded, showing the importance of including memory tampering attacks in the frameworks for analyzing fault attacks and their countermeasures.
Floorplanning as a practical countermeasure against clock fault attack in Trivium stream cipher
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández, M. Valencia-Barrero, C. Baena and P. Parra, Design of Circuits and Integrated Systems DCIS 2018.
Abstract - The fault injection in ciphers operation is a very successful mechanism to attack them. The inclusion of elements of protection against this kind of attacks is more and more necessary. These mechanisms are usually based on introducing redundancy, which leads to a greater consumption of resources or a longer processing time. This article presents how the introduction of placement restrictions on ciphers can make it difficult to inject faults by altering the clock signal. It is therefore a countermeasure that neither increases the consumption of resources nor the processing time. This mechanism has been tested on FPGA implementations of the Trivium cipher. Several tests have been performed on a Spartan 3E device from Xilinx and the experimental measurements have been carried out with ChipScope Pro. The tests showed that an adequate floorplanning is a good countermeasure against these kind of attacks.
A comparative analysis of VLSI trusted virtual sensors
M.C. Martínez-Rodríguez, P. Brox and I. Baturone, Microprocessors and Microsystems, vol. 61, pp 108-116, 2018.
Abstract - This paper analyzes three cryptographic modules suitable for digital designs of trusted virtual sensors into integrated circuits, using 90-nm CMOS technology. One of them, based on the keyed-hash message authentication code (HMAC) standard employing a PHOTON-80/20/16 lightweight hash function, ensures integrity and authentication of the virtual measurement. The other two, based on CAESAR (the Competition for Authenticated Encryption: Security, Applicability, and Robustness) third-round candidates AEGIS-128 and ASCON-128, ensure also confidentiality. The cryptographic key required is not stored in the sensor but recovered in a configuration operation mode from non-sensitive data stored in the non-volatile memory of the sensor and from the start-up values of the sensor SRAM acting as a Physical Unclonable Function (PUF), thus ensuring that the sensor is not counterfeit. The start-up values of the SRAM are also employed in the configuration operation mode to generate the seed of the nonces that make sensor outputs different and, hence, resistant to replay attacks. The configuration operation mode is slower if using CAESAR candidates because the cryptographic key and nonce have 128 bits instead of the 60 bits of the key and 32 bits of the nonce in HMAC. Configuration takes 416.8 μs working at 50 MHz using HMAC and 426.2 μs using CAESAR candidates. In the other side, the trusted sensing mode is much faster with CAESAR candidates with similar power consumption. Trusted sensing takes 212.62 μs at 50 MHz using HMAC, 0.72 μs using ASCON, and 0.42 μs using AEGIS. AEGIS allows the fastest trusted measurements at the cost of more silicon area, 4.4 times more area than HMAC and 5.4 times more than ASCON. ASCON allows fast measurements with the smallest area occupation. The module implementing ASCON occupies 0.026 mm2 in a 90-nm CMOS technology.
Benchmarking of nanometer technologies for DPA-resilient DPL-based cryptocircuits |
E. Tena-Sánchez, I.M. Delgado-Lozano, J. Nuñez and A.J. Acosta, Design of Circuits and Integrated Systems DCIS 2018.
Abstract - The design of cryptographic circuits is requiring greater performance restrictions due to the constrained environments for IoT applications in which they are included. Focusing on the countermeasures based on dual-precharge logic styles, power, area and delay penalties are some of their major drawbacks when compared to their static CMOS single-ended counterparts. In this paper, we propose a initial study where scaled CMOS technnology and FinFET emerging technology are considered to foresee the relationship between ultra low power consumption, reduced delay, and security. As demonstration vehicle, we measure the performance and the security level achieved by different Substitution Boxes, implemented in different technologies. As main results, nanometer CMOS technologies maintains considerable security levels at reasonable power and delay figures, while FinFETs outperform CMOS in power and delay reduction, but with a non negligible degradation in security.
VLSI Design of Trusted Virtual Sensors
M.C. Martínez-Rodríguez, M.A. Prada-Delgado, P. Brox and I. Baturone, Sensors, vol. 18, no. 2, article 347, 2018.
Abstract - This work presents a Very Large Scale Integration (VLSI) design of trusted virtual sensors providing a minimum unitary cost and very good figures of size, speed and power consumption. The sensed variable is estimated by a virtual sensor based on a configurable and programmable PieceWise-Affine hyper-Rectangular (PWAR) model. An algorithm is presented to find the best values of the programmable parameters given a set of (empirical or simulated) input-output data. The VLSI design of the trusted virtual sensor uses the fast authenticated encryption algorithm, AEGIS, to ensure the integrity of the provided virtual measurement and to encrypt it, and a Physical Unclonable Function (PUF) based on a Static Random Access Memory (SRAM) to ensure the integrity of the sensor itself. Implementation results of a prototype designed in a 90-nm Complementary Metal Oxide Semiconductor (CMOS) technology show that the active silicon area of the trusted virtual sensor is 0.86 mm 2 and its power consumption when trusted sensing at 50 MHz is 7.12 mW. The maximum operation frequency is 85 MHz, which allows response times lower than 0.25 μs. As application example, the designed prototype was programmed to estimate the yaw rate in a vehicle, obtaining root mean square errors lower than 1.1%. Experimental results of the employed PUF show the robustness of the trusted sensing against aging and variations of the operation conditions, namely, temperature and power supply voltage (final value as well as ramp-up time).
Effect of temperature variation in experimental DPA and DEMA attacks
E. Tena-Sánchez and A.J. Acosta, Int. Symposium on Power and Timing Modeling, Optimization and Simulation PATMOS 2018.
Abstract - Side-Channels attacks are usually performed to measure the vulnerability of cryptocircuits against malicious attacks. The conditions in which the attacks are carried out have influence in their effectivity. In this sense, temperature variations should be considered to assess the complete vulnerability of a system, but they have not been deeply considered in the literature. For this purpose, experimental DPA and DEMA attacks are carried out over one of the widest used and studied block cipher, namely AES algorithm, implemented in a Spartan-6 FPGA. The effectivity of DPA and DEMA attacks under different temperatures: 10, 25, 50 and 70°C have been studied experimentally. The attacks have been made over the 128 bits of two randomly chosen keys. The security achieved for each attack is measured using the Measurements to Disclose (MTD) the key, which determines the minimum number of patterns needed to retrieve the secret key. From the results we can obtain interesting conclusions: DPA attack is more effective than the DEMA attack over the AES implementation on FPGA. On the other hand, we conclude that the key has influence on the MTD value, but the variability between keys is of the same magnitude as the variability between temperatures, meaning that temperature variation is not a decisive factor in the effectiveness of an attack.
Side-channel analysis of the modular inversion step in the RSA key generation algorithm
A. Cabrera Aldaya, R. Cuiman Márquez, A.J. Cabrera Sarmiento and S. Sánchez-Solano, International Journal of Circuit Theory and Applications, vol. 45, no. 2, pp 199-213, 2017.
Abstract - This paper studies the security of the RSA key generation algorithm with regard to side-channel analysis and presents a novel approach that targets the simple power analysis (SPA) vulnerabilities that may exist in an implementation of the binary extended Euclidean algorithm (BEEA). The SPA vulnerabilities described, together with the properties of the values processed by the BEEA in the context of RSA key generation, represent a serious threat for an implementation of this algorithm. It is shown that an adversary can disclose the private key employing only one power trace with a success rate of 100 % - an improvement on the 25% success rate achieved by the best side-channel analysis carried out on this algorithm. Two very different BEEA implementations are analyzed, showing how the algorithm's SPA leakages could be exploited. Also, two countermeasures are discussed that could be used to reduce those SPA leakages and prevent the recovery of the RSA private key.
Multiradix Trivium Implementations for Low-Power IoT Hardware
J.M. Mora-Gutiérrez, C.J. Jiménez-Fernández and M. Valencia-Barrero, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 25, no. 12, pp 3401-3405, 2017.
Abstract - The integration of lightweight symmetric encryption is becoming increasingly widespread in very low-power Internet of Things applications, with the rapid emergence of very low energy block and stream ciphers in portable and wireless systems. Trivium is one of the lightweight stream ciphers shortlisted for the hardware profile of the eSTREAM project. This paper describes low-power multiradix Trivium implementations based on the use of parallelization techniques to reduce dynamic power consumption. The low-power Trivium designs were implemented and characterized in TSMC 90 nm to compare area resources and power reduction. The implementation results show that our proposed designs offer dynamic power savings of 31%-45% with radix-1 and radix-2 when compared with the standard Trivium, and 15% with radix-8. There is no improvement, however, with radix-16.
Vulnerability Analysis of Trivium FPGA Implementations |
F.E. Potestad-Ordonez, C.J. Jimenez-Fernandez and M. Valencia-Barrero, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 25, no. 12, pp 3380-3389, 2017.
Abstract - Today, the large amount of information ex-changed among various devices as well as the growth of the Internet of Things (IoT) demand the development of devices that ensure secure communications, preventing malicious agents from tapping sensitive data. Indeed, information security is one of the key challenges to address within the IoT field. Due to the strong resource constraints in some IoT applications, cryptographic algorithms affording lightweight implementations have been proposed. They constitute the so-called lightweight cryptography. A prominent example is the Trivium stream cipher, one of the finalists of the eSTREAM project. Although cryptographic algorithms are certainly simpler, one of their most critical vulnerability sources in terms of hardware implementations is side channel attacks. In this paper, it is studied the vulnerability of field-programmable gate array (FPGA) implementations of Trivium stream ciphers against fault attacks. The design and implementation of a system that alters the clock signal and checks the outcome is also described. A comparison between real and simulated fault injections is carried out in order to examine their veracity. The vulnerability of different versions of the Trivium cipher and their routing dependences has been tested in two different FPGA families. The results show that all versions of the Trivium cipher are vulnerable to fault attacks, although some versions are more vulnerable than others.
Power and energy issues on lightweight cryptography
A.J. Acosta, E. Tena-Sánchez, C.J. Jiménez and J.M. Mora, Journal of Low Power Electronics, vol. 13, no. 3, pp 326-337, 2017.
Abstract - Portable devices such as smartphones, smart cards and other embedded devices require encryption technology to guarantee security. Users store private data in electronic devices on a daily basis. Cryptography exploits reliable authentication mechanisms in order to ensure data confidentiality. Typical encryption security is based on algorithms that are mathematically secure. However, these algorithms are also costly in terms of computational and energy resources. The implementation of security mechanisms on dedicated hardware has been shown as a first-order solution to meet prescribed security standards at low power consumption with limited resources. These are the guidelines of the so-called lightweight cryptography. Upcoming Internet of Thing (IoT) is extensively demanding solutions in this framework. Interestingly, physical realizations of encryption algorithms can leak side-channel information that can be used by an attacker to reveal secret keys or private data. Such physical realizations must therefore be holistically addressed. Algorithm, circuit and layout aspects are to be considered in order to achieve secure hardware against active and passive attacks. In order to address the challenges raised by the IoT, both academia and industry are these days devoting significant efforts to the implementation of secure lightweight cryptography. This paper is a survey of (i) lightweight cryptography algorithms; (ii) techniques to reduce power applied to cryptohardware implementations; (iii) vulnerability analysis of low-power techniques against sidechannel attacks; and (iv) possibilities opened to emerging technologies and devices in the "More than Moore" scenario.
SPA Vulnerabilities of the Binary Extended Euclidean Algorithm
A. Cabrera-Aldaya, A.J. Cabrera and S. Sánchez-Solano, Journal of Cryptographic Engineering, vol 7, no. 4, pp. 273–285, 2017.
Abstract - The execution flow of the binary extended Euclidean algorithm (BEEA) is heavily dependent on its inputs. Taking advantage of that fact, this work presents a novel simple power analysis (SPA) of this algorithm that reveals some exploitable power consumption-related leakages. The exposed leakages make it possible to retrieve some bits of the algorithm’s secret input without profiling the target device. The identified vulnerabilities can be exploited in many cryptographic protocols where the modular inversion operation is applied to a secret argument. In this work, the ECDSA protocol is used to exemplify how the presented SPA can be used to disclose in about 2 min all standardized private key sizes using less than 800 traces. In the context of ECDSA, a countermeasure previously proposed to mitigate a timing leakage during scalar multiplication is also analyzed, showing that, when it is improperly implemented, it enhances the proposed bit recovery method. Three countermeasures for removing SPA leakages from a BEEA implementation are also analyzed.
Embedded electronic circuits for cryptography, hardware security and true random number generation: an overview
A.J. Acosta, T. Addabbo and E. Tena-Sánchez, International Journal of Circuit Theory and Applications, vol. 45, no. 2, pp 145-169, 2017.
Abstract - We provide an overview of selected crypto-hardware devices, with a special reference to the lightweight electronic implementation of encryption/decryption schemes, hash functions, and true random number generators. In detail, we discuss the hardware implementation of the chief algorithms used in private-key cryptography, public-key cryptography, and hash functions, discussing some important security issues in electronic crypto-devices, related to side-channel attacks (SCAs), fault injection attacks, and the corresponding design countermeasures that can be taken. Finally, we present an overview about the hardware implementation of true random number generators, discussing the chief electronic sources of randomness and the types of post-processing techniques used to improve the statistical characteristics of the generated random sequences.
SPA Vulnerabilities of the Binary Extended Euclidean Algorithm
A. Cabrera-Aldaya, A.J. Cabrera and S. Sánchez-Solano, Journal of Cryptographic Engineering, vol 7, no. 4, pp. 273–285, 2017.
Abstract - The execution flow of the binary extended Euclidean algorithm (BEEA) is heavily dependent on its inputs. Taking advantage of that fact, this work presents a novel simple power analysis (SPA) of this algorithm that reveals some exploitable power consumption-related leakages. The exposed leakages make it possible to retrieve some bits of the algorithm’s secret input without profiling the target device. The identified vulnerabilities can be exploited in many cryptographic protocols where the modular inversion operation is applied to a secret argument. In this work, the ECDSA protocol is used to exemplify how the presented SPA can be used to disclose in about 2 min all standardized private key sizes using less than 800 traces. In the context of ECDSA, a countermeasure previously proposed to mitigate a timing leakage during scalar multiplication is also analyzed, showing that, when it is improperly implemented, it enhances the proposed bit recovery method. Three countermeasures for removing SPA leakages from a BEEA implementation are also analyzed.
Secure Cryptographic Hardware Implementation Issues for High-Performance Applications
E. Tena-Sánchez, A.J. Acosta and J. Nuñez, Workshop on Power and Timing Modeling, Optimization and Simulation PATMOS 2016
Abstract - In this paper the effect of high-performance techniques for high speed applications in secure cryptographic implementations is studied. The use of dual precharge logic styles with fine-grained pipelining with an overlapping three-phase clock scheme is studied, also including a correct distribution of the clock signal in the cryptographic implementation. To make this study, four different implementations of the Sbox-9 of the Kasumi algorithm have been implemented using an 90nm TSMC technology. Simulation-based DPA attacks have been carried out, showing how the proper synchronization of data signals gives better results in terms of power consumption and operating frequency, but affects negatively the security against side channel attacks, decreasing the number of input patterns needed to disclosure the secret key.
Fault Attack on FPGA Implementations of Trivium Stream Cipher
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández and M. Valencia-Barrero, IEEE International Symposium on Circuits and Systems, ISCAS 2016.
Abstract - This paper presents the development of an experimental system to introduce faults in Trivium stream ciphers implemented on FPGA. The developed system has made possible to analyze the vulnerability of these implementations against fault attacks. The developed system consists of a mechanism that injects small pulses in the clock signal, and elements that analyze if a fault has been introduced, the number of faults introduced and its position in the inner state. The results obtained demonstrate the vulnerability of these implementations against fault attacks. As far as we know, this is the first time that experimental results of fault attack over Trivium are presented.
Experimental and Timing Analysis Comparison of FPGA Trivium Implementations Against Clock Fault Injection
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández and M. Valencia-Barrero, Conference on Design of Circuits and Integrated Systems DCIS 2016.
Abstract - The security of cryptocircuits is today threatened not only by attacks on algorithms but also, and above all, by attacks on the circuit implementations themselves. These are known as side channel attacks. One variety is the Active Fault Analysis attack, that can make a circuit vulnerable by changing its behavior in a certain way. This article presents an experimental fault insertion attack on an FPGA implementation of the Trivium stream cipher. It also compares the faults introduced with the faults expected after a timing analysis. The results show that this implementation is vulnerable to such attacks, and also that it is not possible to estimate the position of the inserted faults by means of timing analysis.
Low power implementation of Trivium stream cipher
J.M. Mora-Gutiérrez, C.J. Jiménez-Fernández, E. Potestad and M. Valencia-Barrero, Workshop on Cryptographic Hardware and Embedded Systems CHES 2015 (Poster).
Abstract - Trivium is a synchronous stream cipher designed to generate up to 264 bits of key stream from an 80-bit secret key and an 80-bit initialization vector (IV). The architecture of this cipher is based on a 288-bit cyclic shift register accompanied by an array of combinational logic (AND, OR and XOR) to provide its feedback. The key stream generation consists mainly on an iterative process which updates some bits in the state register with logic operations to generate one bit of key stream.
Design and Characterization of Cryptohardware for ASIC-embedded Secure Applications to Prevent Power Analysis Attacks
E. Tena-Sánchez and A.J. Acosta, Workshop on Cryptographic Hardware and Embedded Systems CHES 2015 (Poster).
Abstract - Information leakaged by cryptosystems can be used to reveal critical information using Side Channel Attacks. Differential Power Analysis (DPA) uses the power consumption dependence on the processed data to reveal the secret key. Countermeasures against DPA.
A Methodology for Optimized Design of Secure Differential Logic Gates for DPA Resistant Circuits
E. Tena-Sánchez, J. Castro and A.J. Acosta, IEEE Journal on Emerging and Selected Topics in Circuits and Systems, vol. 4, no. 2, pp 203-215, 2014.
Abstract - Cryptocircuits can be attacked by third parties using differential power analysis (DPA), which uses power consumption dependence on data being processed to reveal critical information. To protect security devices against this issue, differential logic styles with (almost) constant power dissipation are widely used. However, to use such circuits effectively for secure applications it is necessary to eliminate any energy-secure flaw in security in the shape of memory effects that could leak information. This paper proposes a design methodology to improve pull-down logic configuration for secure differential gates by redistributing the charge stored in internal nodes and thus, removing memory effects that represent a significant threat to security. To evaluate the methodology, it was applied to the design of AND/NAND and XOR/XNOR gates in a 90 nm technology, adopting the sense amplifier based logic (SABL) style for the pull-up network. The proposed solutions leak less information than typical SABL gates, increasing security by at least two orders of magnitude and with negligible performance degradation. A simulation-based DPA attack on the Sbox9 cryptographic module used in the Kasumi algorithm, implemented with complementary metal-oxide-semiconductor, SABL and proposed gates, was performed. The results obtained illustrate that the number of measurements needed to disclose the key increased by much more than one order of magnitude when using our proposal. This paper also discusses how the effectivenness of DPA attacks is influenced by operating temperature and details how to insure energy-secure operations in the new proposals.
