François Durvaux

SleepWalker: A 25-MHz 0.4-V Sub-

Integrated circuits for wireless sensor nodes (WSNs) targeting the Internet-of-Things (IoT) paradigm require ultralow-power consumption for energy-harvesting operation and low die area for low-cost nodes. As the IoT calls for the deployment of trillions of WSNs, minimizing the carbon footprint for WSN chip manufacturing further emerges as a third target in a design-for-the-environment (DfE) perspective. The SleepWalker microcontroller is a 65-nm ultralow-voltage SoC based on the MSP430 architecture capable of delivering increased speed performances at 25 MHz for only 7 μW/MHz at 0.4 V. Its sub-mm2 die area with low external component requirement ensures a low carbon footprint for chip manufacturing. SleepWalker incorporates an on-chip adaptive voltage scaling (AVS) system with DC/DC converter, clock generator, memories, sensor and communication interfaces, making it suited for WSN applications. An LP/GP process mix is fully exploited for minimizing the energy per cycle, with power gating to keep stand-by power at 1.7 μW. By incorporating a glitch-masking instruction cache, system power can be reduced by up to 52%. The AVS system ensures proper 25-MHz operation over process and temperature variations from -40 °C to +85 °C, with a peak efficiency of the DC/DC converter above 80%. Finally, a multi-Vt clock tree reduces variability-induced clock skew by 3 × to ensure robust timing closure down to 0.3 V.

\hbox{mm}^{2}

We provide a comprehensive evaluation of several lightweight block ciphers with respect to various hardware performance metrics, with a particular focus on the energy cost. This case study serves as a background for discussing general issues related to the relative nature of hardware implementations comparisons. We also use it to extract intuitive observations for new algorithm designs. Implementation results show that the most significant differences between lightweight ciphers are observed when considering both encryption and decryption architectures, and the impact of key scheduling algorithms. Yet, these differences are moderated when looking at their amplitude, and comparing them with the impact of physical parameters tuning, e.g. frequency / voltage scaling.

7-

Allowing good performances on different platforms is an important criteria for the selection of the future sha-3 standard. In this paper, we consider the compact implementations of blake, Grostl, jh, Keccak and Skein on recent fpga devices. Our results bring an interesting complement to existing analyzes, as most previous works on fpga implementations of the sha-3 candidates were optimized for high throughput applications. Following recent guidelines for the fair comparison of hardware architectures, we put forward clear trends for the selection of the future standard. First, compact fpga implementations of Keccak are less efficient than their high throughput counterparts. Second, Grostl shows interesting performances in this setting, in particular in terms of throughput over area ratio. Third, the remaining candidates are comparably suitable for compact fpga implementations, with some slight contrasts (in area cost and throughput).

\mu\hbox{W/MHz}

Leakage detection usually refers to the task of identifying data-dependent information in side-channel measurements, independent of whether this information can be exploited. Detecting Points-Of-Interest POIs in leakage traces is a complementary task that is a necessary first step in most side-channel attacks, where the adversary wants to turn this information into e.g. a key recovery. In this paper, we discuss the differences between these tasks, by investigating a popular solution to leakage detection based on a t-test, and an alternative method exploiting Pearsons correlation coefficient. We first show that the simpler t-test has better sampling complexity, and that its gain over the correlation-based test can be predicted by looking at the Signal-to-Noise Ratio SNR of the leakage partitions used in these tests. This implies that the sampling complexity of both tests relates more to their implicit leakage assumptions than to the actual statistics exploited. We also put forward that this gain comes at the cost of some intuition loss regarding the localization of the exploitable leakage samples in the traces, and their informativeness. Next, and more importantly, we highlight that our reasoning based on the SNR allows defining an improved t-test with significantly faster detection speed with approximately 5 times less measurements in our experiments, which is therefore highly relevant for evaluation laboratories. We finally conclude that whereas t-tests are the method of choice for leakage detection only, correlation-based tests exploiting larger partitions are preferable for detecting POIs. We confirm this intuition by improving automated tools for the detection of POIs in the leakage measurements of a masked implementation, in a black box manner and without key knowledge, thanks to a correlation-based leakage detection test.

Microcontroller in 65-nm LP/GP CMOS for Low-Carbon Wireless Sensor Nodes

Inserting random delays in cryptographic implementations is often used as a countermeasure against side-channel attacks. Most previous works on the topic focus on improving the statistical distribution of these delays. For example, efficient random delay generation algorithms have been proposed at CHES 2009/2010. These solutions increase security against attacks that solve the lack of synchronization between different leakage traces by integrating them. In this paper, we demonstrate that integration may not be the best tool to evaluate random delay insertions. For this purpose, we first describe different attacks exploiting pattern-recognition techniques and Hidden Markov Models. Using these tools and as a case study, we perform successful key recoveries against an implementation of the CHES 2009/2010 proposal in an Atmel microcontroller, with the same data complexity as against an unprotected implementation of the AES Rijndael. In other words, we completely cancel the countermeasure in this case. Next, we show that our cryptanalysis tools are remarkably robust to attack improved variants of the countermeasure, e.g. with additional noise or irregular dummy operations. We also exhibit that the attacks remain applicable in a non-profiled adversarial scenario. These results suggest that the use of random delays may not be effective for protecting small embedded devices against side-channel leakage. They highlight the strength of Viterbi decoding against such time-randomization countermeasures, in particular when combined with a precise description of the target implementations, using large lattices.

Towards green cryptography: a comparison of lightweight ciphers from the energy viewpoint

The vision of the Internet of Things with ambient intelligence calls for the deployment of up to a trillion connected wireless sensor nodes (WSNs). Minimizing the carbon footprint of each node is paramount from the sustainability perspective. In ultra-low-power applications, the life-cycle carbon footprint results from a complex balance between both embodied and use-phase energies [1]. The embodied energy arises mainly from CMOS chip manufacturing, and is essentially proportional to die area. Use-phase energy depends on both active and sleep-mode power, because of long stand-by periods in WSNs. In this paper, we present an ultra-low-power 25MHz microcontroller SoC that fully exploits the versatility of a 65nm CMOS process with a low-power/general-purpose (LP/GP) transistor mix (dual-core oxide) to obtain: i) 7μW/MHz active power consumption due to a 0.4V ultra-low-voltage (ULV) thin-core-oxide (GP) CPU supplied by a 78%-efficiency embedded DC/DC converter; ii) 0.66mm2 die area for low embodied energy due to a compact converter design and a dual-VDD architecture, enabling the use of the foundrys 1V high-density 6T SRAM bitcell; and, iii) 1.5μW sleep-mode power due to body-biased sleep transistors embedded into the converter and thick-core-oxide (LP) MOSFETs for retentive SRAM and always-on peripherals (AOP). Moreover, an on-chip adaptive voltage scaling (AVS) system controlling the converter ensures safe 25MHz operation at ULV for all PVT conditions. A multi-Vt clock tree is also proposed to achieve reliable timing closure with low-power SoC features. Finally, a glitch-masking instruction cache (I

Compact FPGA implementations of the five SHA-3 finalists

) is implemented to reduce the access power of the 1V program memory (PMEM).

From Improved Leakage Detection to the Detection of Points of Interests in Leakage Traces

The selection of points-of-interest in leakage traces is a frequently neglected problem in the side-channel literature. However, it can become the bottleneck of practical adversaries/evaluators as the size of the measurement traces increases, especially in the challenging context of masked implementations, where only a combination of multiple shares reveals information in higher-order statistical moments. In this paper, we describe new black box tools for efficiently dealing with this problem. The proposed techniques exploit projection pursuits and specialized local search algorithms, work with minimum memory requirements and practical time complexity. We validate them with two case-studies of unprotected and first-order masked implementations in an 8-bit device, the latter one being hard to analyze with previously known methods.

Efficient removal of random delays from embedded software implementations using hidden markov models

Side-channel attacks generally rely on the availability of good leakage models to extract sensitive information from cryptographic implementations. The recently introduced leakage certification tests aim to guarantee that this condition is fulfilled based on sound statistical arguments. They are important ingredients in the evaluation of leaking devices since they allow a good separation between engineering challenges (how to produce clean measurements) and cryptographic ones (how to exploit these measurements). In this paper, we propose an alternative leakage certification test that is significantly simpler to implement than the previous proposal from Eurocrypt 2014. This gain admittedly comes at the cost of a couple of heuristic (yet reasonable) assumptions on the leakage distribution. To confirm its relevance, we first show that it allows confirming previous results of leakage certification. We then put forward that it leads to additional and useful intuitions regarding the information losses caused by incorrect assumptions in leakage modeling.

A 25MHz 7μW/MHz ultra-low-voltage microcontroller SoC in 65nm LP/GP CMOS for low-carbon wireless sensor nodes

The use of Soft Physical Hash (SPH) functions has been recently introduced as a flexible and efficient way to detect Intellectual Property (IP) cores in microelectronic systems. Previous works have mainly investigated software IP to validate this approach. In this paper, we extend it towards the practically important case of FPGA designs. Based on experiments, we put forward that SPH functions-based detection is a promising and low-cost solution for preventing anti-counterfeiting, as it does not require any a-priori modification of the design flow. In particular, we illustrate its performances with stand-alone FPGA designs, re-synthetized FPGA designs, and in the context of parasitic IPs running in parallel.