Comparing the cost of protecting selected lightweight block ciphers against differential power analysis in low-cost FPGAs

摘要

Lightweight block ciphers are an important topic in the Internet of Things (IoT), since they provide moderate security, while requiring fewer resources than AES. Ongoing cryptographic contests and standardization efforts evaluate lightweight block ciphers on their resistance to power analysis side channel attack (SCA), and the ability to apply countermeasures. While some ciphers have been individually evaluated, a large scale comparison of resistance to side channel attack and formulation of the relative cost of implementing countermeasures is difficult, since researchers typically use varied architectures, optimization strategies, technologies, and evaluation techniques. In this research we leverage the t-test leakage detection methodology and an open-source side channel analysis suite (FOBOS) to compare FPGA implementations of AES, SIMON, SPECK, PRESENT, LED, and TWINE, using a choice of architecture targeted to optimize throughput-to-area (TP/A) ratio, for resistance to differential power analysis (DPA). We then apply an equivalent level of protection to the above ciphers using 3-share threshold implementations (TI), and verify improved resistance to DPA. We find that SIMON has the highest TP/A ratio of protected versions, followed by PRESENT, TWINE, LED, AES, and SPECK. However, PRESENT uses the least energy in terms of nJ-per-bit.