Leakage Power Analysis attacks against a bit slice implementation of the Serpent block cipher

In this work the effectiveness of Leakage Power Analysis (LPA), a new class of side-channel attacks against cryptographic circuits, has been demonstrated on a case study. LPA attacks have been mounted against a bit slice implementation of the Serpent block cipher. After having measured the leakage contribution of a bit slice unit inside the processor, chosen as selection function for LPA attacks, an adequate power model has been identified. In order to consider the on-chip noise due to the static consumption of the other logics inside the processor, an estimation of the SNR has been provided according to the count of equivalent gates. The bit slice sub-block has been designed in a 65nm CMOS technology node for different logic styles, i.e. CMOS, WDDL, MDPL, and SABL. Simulations show that for each logic implementation the correct key of the algorithm has been recovered with a maximum of 50.000 measurements, demonstrating that LPA attack can be successfully carried out against a wide range of logic styles, even if they efficiently thwart standard DPA and CPA attacks. Static power is expected to become greater in downscaled technologies, and thus LPA must be considered a serious threat for the security of cryptographic VLSI circuits.