Abstract

Differential power analysis (DPA) implies measuring the supply current of a cipher-circuit in an attempt to uncover part of a cipher-key. Cryptographic security gets compromised if the current waveforms so obtained correlate with those from a hypothetical power model of the circuit. Such correlations can be minimized by masking datapath operations with random bits in a reversible way. We analyze such countermeasures and discuss how they perform and how well they lend themselves to being incorporated into dedicated hardware implementations of the advanced encryption standard (AES) block cipher. Our favorite masking scheme entails a performance penalty of some 40-50%. We also present a VLSI design that can serve for practical experiments with DPA.