Efficient DPA-Resistance Verification Method with Smaller Number of Power Traces on AES Cryptographic Circuit

The LSI design methodology against Differential Power Analysis (DPA) is important to realize a tamper-resistant cryptographic circuit. In order to verify the DPA resistance before ASIC fabrication, the DPA verification using FPGA is commonly used. However, power traces of ASIC differ from that of FPGA, so the DPA verification on FPGA cannot guarantee the DPA resistance on ASIC. On the other hand, it takes extremely long time to collect the simulated power traces using post-layout netlists of ASIC. Hence, the DPA-resistance verification method using smaller number of power traces is demanded. In this paper, we propose Equivalent Byte Method (EBM) which synchronizes the operation on all Substitution Boxes (S-Boxes) at the attacking round by controlling the plaintexts and the keys. In EBM, the power-consumption profiles of S-Boxes are emphasized by each other, and then the DPA analysis for a correct key is easily distinguished with smaller number of traces. In order to demonstrate the effectiveness of the proposed EBM, AES circuits using DPA-resistant techniques of WDDL and MDPL are implemented on FPGA. As a result, EBM revealed DPA-leak with 1/1000 ~ 1/50 power traces required for the general statistical method.