Shall we trust WDDL?

Abstract

Security is not only a matter of cryptographic algorithms robustness but becomes also a question of securing their implementation. P. Kocher's differential power analysis (DPA) is one of the many side-channel attacks that are more and more studied by the security community. Indeed, side-channel attacks (SCA) have proved to be very powerful on cryptographic algorithms such as DES and AES, customarily implemented in a wide variety of devices, ranging from smart-cards or ASICs to FPGAs. Among the proposed countermeasures, the dual-rail with precharge logic (DPL) aims at hiding information leaked by the circuit by making the power consumption independent of the calculation. However DPL logic could be subject to second order attacks exploiting timing difference between dual nets. In this article, we characterize by simulation, the vulnerability due to timing unbalance in the eight DES substitution boxes implemented in DPL WDDL style. The characterization results in a classification of the nodes according to their timing unbalance. Our results show that the timing unbalance is a major weakness of the WDDL logic, and that it could be used to retrieve the key using a DPA attack. This vulnerability has been experimentally observed on a full DES implementation using WDDL style for Altera Stratix EP1S25 FPGA. © 2009 Vieweg+Teubner Verlag | GWV Fachverlage GmbH, Wiesbaden.