Renaud Pacalet

Differential Power Analysis Model and Some Results

CMOS gates consume different amounts of power whether their output has a falling or a rising edge. Therefore the overall power consumption of a CMOS circuit leaks information about the activity of every single gate. This explains why, using differential power analysis (DPA), one can infer the value of specific nodes within a chip by monitoring its global power consumption only.

Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks

Logic styles with constant power consumption are promising solutions to counteract side-channel attacks on sensitive cryptographic devices. Recently, one vulnerability has been identified in a standard-cell-based power-constant logic called WDDL. Another logic, nicknamed SecLib, is considered and does not present the flaw of WDDL. In this paper, we evaluate the security level of WDDL and SecLib. The methodology consists in embedding in a dedicated circuit one unprotected DES coprocessor along with two others, implemented in WDDL and in SecLib. One essential part of this paper is to describe the conception of the cryptographic ASIC, devised to foster side-channel cryptanalyses, in a view to model the strongest possible attacker. The same analyses are carried out successively on the three DES modules. We conclude that, provided that the back-end of the WDDL module is carefully designed, its vulnerability cannot be exploited by the state-of-the-art attacks. Similarly, the SecLib DES module resists all assaults. However, using a principal component analysis, we show that WDDL is more vulnerable than SecLib. The statistical dispersion of WDDL, which reflects the correlation between the secrets and the power dissipation, is proved to be an order of magnitude higher than that of SecLib.

Evaluation of Power Constant Dual-Rail Logics Countermeasures against DPA with Design Time Security Metrics

Cryptographic circuits are nowadays subject to attacks that no longer focus on the algorithm but rather on its physical implementation. Attacks exploiting information leaked by the hardware implementation are called side-channel attacks (SCAs). Among these attacks, the differential power analysis (DPA) established by Paul Kocher et al. in 1998 represents a serious threat for CMOS VLSI implementations. Different countermeasures that aim at reducing the information leaked by the power consumption have been published. Some of these countermeasures use sophisticated back-end-level constraints to increase their strength. As suggested by some preliminary works (e.g., by Li from Cambridge University), the prediction of the actual security level of such countermeasures remains an open research area. This paper tackles this issue on the example of the AES SubBytes primitive. Thirteen implementations of SubBytes, in unprotected, WDDL, and SecLib logic styles with various back-end-level arrangements are studied. Based on simulation and experimental results, we observe that static evaluations on extracted netlists are not relevant to classify variants of a countermeasure. Instead, we conclude that the fine-grained timing behavior is the main reason for security weaknesses. In this respect, we prove that SecLib, immune to early-evaluation problems, is much more resistant against DPA than WDDL.

A UML-based Environment for System Design Space Exploration

The increasing complexity of System-on-Chip (SoC) and time-to-market constraints raise new methodological issues. To address these issues, this paper introduces a UML-based SoC modeling approach mixing simulation and formal verification techniques. A UML profile called DIPLODOCUS has been specified. Transformation rules were defined for generating from UML models either a SystemC model or a formal specification given in LOTOS. Thus, relying on SystemC or LOTOS tools the profile allows fast simulation or formal verification techniques to be used over the UML modeling. A toolkit supporting this profile has been implemented. The overall approach is experimented for the design of a telecommunication system.

Flexible Baseband Architectures for Future Wireless Systems

The mobile communication systems today, have different radio spectrum, radio access technologies, and protocol stacks depending on the network being utilized. This gives rise to need of a flexible hardware platform that is capable of supporting all the different standards in the entire wireless communication frequency range. We present a generic baseband prototype architecture for SDR applications, subdivided into a high level control module and a digital signal processing engine. The DSP engine is composition of highly configurable processing blocks, each dedicated to specific algorithms based on the analysis of different standards. We also present the internal architecture, simulation results and use cases for different air-interfaces of two processing blocks as case studies.

Evaluation of ASIPs Design with LISATek

This paper evaluates an ASIP design methodology based on the extension of an existing instruction set and architecture described with LISA 2.0 language. The objective is to accelerate the ASIPs design process by using partially predefined, configurable RISC-like embedded processor cores that can be quickly tuned to given applications by means of ISE (Instruction Set Extension) techniques. A case study demonstrates the methodological approach for the JPEG algorithm.

Dynamic Power Management on LDPC Decoders

This paper presents a dynamic power management strategy for the iterative decoding of low-density parity-check (LDPC) codes. We propose an online algorithm for adjusting the operation of a power manageable decoder. Decision making is based upon the monitoring of a convergence metric independent from the message computation kernel. Furthermore we analyze the feasibility of a VLSI implementation for such algorithm. Up to 54% savings in energy were achieved with a relatively low loss on error-correcting performance.

Open Platform for Prototyping of Advanced Software Defined Radio and Cognitive Radio Techniques

This paper presents the ANR project IDROMel, which aims at developing reconfigurable SDR (Software Defined Radio) and Cognitive Radio (CR) equipments. IDROMel is a 3 years project that started in 2005 and finishes in 2009. The main objective of IDROMel is to define, develop and validate a powerful SDR and CR platform combining very last technology progresses. The platform includes software parts (reconfigurable protocol stacks) and hardware parts (a base band board and a Radio Frequency Front end, RF). Both parts are presented in this paper.)

Energy efficiency of SISO algorithms for turbo-decoding message-passing LDPC decoders

The decoding of LDPC codes using the turbo-decoding message-passing strategy is considered. This strategy can be used with different SISO message computation kernels. We analyze the suitability for VLSI implementation of various message computation algorithms in terms of implementation area, energy consumption and error-correcting performance. As one of the computation kernels, we introduce the recent Self-Corrected Min-Sum algorithm and show the advantages it brings from an energy efficiency perspective. We present comparisons among the studied kernels implemented in a 65nm CMOS process and use a test case from the codes defined in IEEE 802.11n to show differences in energy efficiency.

Fast Simulation Techniques for Design Space Exploration

This paper addresses an open-source UML based toolkit - named TTool - for performing efficient system-level design space exploration of Systems-On-Chip. Main modeling, verification and simulation capabilities of TTool are first presented, and exemplified by an MPEG2 application. Then, an innovative simulation strategy to significantly reduce simulation time is introduced. The basic idea is to take benefit from high level descriptions of applications by processing transactions spanning potentially hundreds of clock cycles as a whole. When a need for inter task synchronization arises, transactions may be split into smaller chunks. The simulation engine is therefore predictive and supports backward execution thanks to transaction truncation. Thus, simulation granularity adapts automatically to application requirements. Emphasis is more particularly put on procedures taking place under the hood after having pushed the TTool simulation button. Finally, the new simulation strategy is assessed and compared to an earlier cycle-based version of the simulation engine.