[Cryptech Tech] Alpha board block diagram v0.001

[Bernd Paysan]

Am Sonntag, 22. März 2015, 22:04:12 schrieb Павел Шатов:
> Peter, what does "totally immune" to DPA mean? All digital devices
> contain transistors. These transistors will be constantly switching as
> long as given device is operating. Current consumption will inevitably
> vary with time because of that. There's nothing you can do about it.
> Most probably in a poorly designed board with inadequate decoupling
> these changes will have higher magnitude (easier to monitor). In a
> properly designed board these changes will have smaller magnitude. In
> the latter case attackers will just buy more expensive instruments with
> better sensitivity to detect these changes.

Recent attacks have focussed on the noise emitted by the blocking capacitors 
and coils closer to the chip.  So it's even worse than what Pavel says: If you 
do good blocking, you provide a better opportunity to the noise attack.

The only thing you can do is to make sure that your chip is not leaking 
secrets through power supply variations.  A typical case for such secret 
leaking is DHE or RSA with exponentiation.  Depending on the current bit, you 
either do accumulator^2 or base*accumulator^2 for each step.  Since these are 
two different operations, they consume different power; if you have a really 
bad design, the base*something operation always produces the same pattern of 
power consumption, while the accumulator^2 will produce a different one each 
time.  So as attacker, you look for the base*something patterns.

Solution: You accept to waste some time, and do the base*accumulator^2 each 
time.  And then use a multiplexer to select whether you want accumulator^2 or 
base*accumulator^2.

Whatever implementation you do, you should waste the time to always calculate 
both products.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
net2o ID: kQusJzA;7*?t=uy at X}1GWr!+0qqp_Cn176t4(dQ*