Correlation power analysis using bit-level biased activity plaintexts against AES cores with countermeasures

Advanced encryption standard (AES) cores suffer from information leakage through power supply currents, even with the wave dynamic differential logic (WDDL) known as one of the most tolerable countermeasure design styles against side channel attacks (SCA). The set of plaintexts having bit-level biased activities are produced with a known secret key and used for diagnosing the vulnerability of AES cores in their development phases. The CPA with biased plaintexts revealed 128-bit secret keys with less than 4,000 traces from the WDDL AES core both by the measurements and simulations of power supply currents. The core was physically structured by using a 65-nm CMOS standard cell library and assembled on a test vehicle of “SPACES explorer” having an on-board 1-ohm resistor for measuring power supply currents. The derived knowledge should be useful in driving the design of AES cores to be much less prone to information leakage through power supply current and electromagnetic measurements.