Design Article
Defending against side-channel attacks - Part 3
Gilbert Goodwill, Cryptography Research, Inc.
10/3/2012 5:52 AM EDT
4.4 Example t-test results
This section discusses t-tests performed on two different AES implementations, one of which failed the t-tests while the other passed. The tests were run on a SASEBO FPGA test board developed by AIST for side-channel testing [6]. The SASEBO test platform is shown in Figure 17 below.
The first set of t-tests was performed on an implementation of AES-128 containing no side-channel countermeasures. The tests were performed on 60,000 traces collected over 50 minutes. Round 4 was selected by tester, and the threshold for failure was selected to be |t| > 4.5. (The value 4.5 corresponds roughly to 99.999 percent confidence.) The worst case values for each of the round 4 tests are shown in Figure 18 below. As can be seen in the table, the implementation failed all the tests except for the S-box and Round Output bit tests. Hence, this implementation would be graded as failing the t-tests.
The second set of t-tests was performed on an implementation of AES-256 containing a masked S-box countermeasure. The tests were performed on 216,000 traces collected over 3 hours. Round 7 was selected by tester, and the threshold for failure was selected to be |T| > 4.5. The worst case values for each of the round 7 tests are shown in Figure 19 below. As can be seen in the table, the implementation passed all the tests performed, and hence would be graded as passing the t-tests.
This section discusses t-tests performed on two different AES implementations, one of which failed the t-tests while the other passed. The tests were run on a SASEBO FPGA test board developed by AIST for side-channel testing [6]. The SASEBO test platform is shown in Figure 17 below.
Figure 17: SASEBO FPGA test platform
The first set of t-tests was performed on an implementation of AES-128 containing no side-channel countermeasures. The tests were performed on 60,000 traces collected over 50 minutes. Round 4 was selected by tester, and the threshold for failure was selected to be |t| > 4.5. (The value 4.5 corresponds roughly to 99.999 percent confidence.) The worst case values for each of the round 4 tests are shown in Figure 18 below. As can be seen in the table, the implementation failed all the tests except for the S-box and Round Output bit tests. Hence, this implementation would be graded as failing the t-tests.
Figure 18: t-test results for AES-128 implementation without countermeasures
The second set of t-tests was performed on an implementation of AES-256 containing a masked S-box countermeasure. The tests were performed on 216,000 traces collected over 3 hours. Round 7 was selected by tester, and the threshold for failure was selected to be |T| > 4.5. The worst case values for each of the round 7 tests are shown in Figure 19 below. As can be seen in the table, the implementation passed all the tests performed, and hence would be graded as passing the t-tests.
Figure 19: t-test results for AES-256 implementation with S-box masking countermeasure
|
|
|
|
|
Navigate to related information