Enabling Microarchitectural Randomization in Serialized AES Implementations to Mitigate Side Channel Susceptibility

Abstract

Highly serialized implementations of the AES block cipher are used in lightweight applications where low area and low power are the primary concerns. Security of these lightweight designs becomes increasingly critical on resource-constrained devices in the Internet of Things era. The AES algorithm does not have any significant known cryptanalytic weaknesses, but keys can often be extracted by attacking implementation weaknesses using side channel information leakage or fault injection. Highly serialized AES implementations compute on individual bytes/words of data in each cycle which leaves them especially sensitive to side channel key extraction because there is less overall power consumption to obscure side channel leakages. In this work, we present an efficient AES microarchitecture that randomizes sub-round operations and reduces susceptibility to power side channel attacks. The architecture we propose is compatible with, and complementary to, all existing circuit-level side channel countermeasures. We design an 8-bit AES architecture in a commercial 16nm FinFET technology and observe an order of magnitude improvement in side channel protection at a cost of 36% more area and 25% more energy per encryption. Testchip measurement shows 0.93pJ/bit energy consumption at 10MHz.