| The security IC is the emerging vulnerability in the security of an embedded application. They are an easy target for side-channel attacks (SCAs), which aim at finding the secret key of an encryption algorithm by monitoring characteristics such as the power consumption, the execution time, the electromagnetic radiation and other information that is leaked by the switching behavior of digital CMOS gates.; This dissertation presents a comprehensive top-down automated synchronous VLSI design flow to create correct-by-construction side-channel attack resistant integrated circuits. It starts from any HDL design and does not need custom layout, iterative design processes, or complex algorithm-specific countermeasures. The 'secure digital design flow' pursues a constant power dissipation by balancing the power consumption of the logic gate. When the power dissipation of the smallest building block is constant and independent of the signal activity, no information is leaked through the power supply regardless of the algorithm, the implementation and the crypto mindedness of the digital designer.; Over the course of this research work, we have (1) introduced the requirements of a constant power consuming circuit style; (2) presented such custom and compound static CMOS circuit styles; (3) tackled the key problem of balancing the interconnect capacitances at the output of dual rail logic gates; and (4) integrated all this with minimal influence in the backend of a regular synchronous CMOS standard cell design flow.; ThumbPodII, a prototype IC implementing a high-throughput AES, controller and fingerprint processor, has been fabricated in 0.18mum CMOS with first-pass silicon success to demonstrate the secure digital design flow. Two functionally identical coprocessors have been fabricated on the same die. The first, 'secure', coprocessor is implemented using wave dynamic differential logic (WDDL) and differential routing. The second, 'insecure', coprocessor is implemented using regular standard cells and regular routing techniques.; Measurement-based experimental results show that a differential power analysis (DPA) attack on the insecure coprocessor requires only 8,000 measurements to disclose the entire 128b secret key of the Advanced Encryption Standard (AES) algorithm. The same attack on the secure coprocessor still does not disclose the entire secret key at 1,500,000 measurements. This improvement in DPA resistance of at least two orders of magnitude makes the attack de facto infeasible since the required number of measurements is larger than the lifetime of the secret key in most practical systems. |
