EM and Power SCA-Resilient AES-256 Through >350x Current-Domain Signature Attenuation and Local Lower Metal Routing

Mathematically secure cryptographic algorithms, when implemented on a physical substrate, leak critical side-channel information, leading to power and electromagnetic (EM) analysis attacks. Circuit-level protections involve switched capacitor, buck converter, or series low-dropout (LDO) regulator-based implementations, each of which suffers from significant power, area, or performance tradeoffs and has only achieved a minimum traces to disclosure (MTD) of 10M till date. Utilizing an in-depth white-box model, this work, for the first time, focuses on signature suppression in the current domain, which provides an At t enuat ion2 enhancement in MTD, leading to orders of magnitude improvement in both power and EM side-channel analysis (SCA) immunities. Using a combination of current-domain signature attenuation (CDSA) along with local lower level metal routing, the critical correlated information in the crypto current is significantly suppressed before it reaches the supply pin. Especially, to prevent the EM leakage from its source (metal layers carrying the correlated crypto current acting as antennas), this work embraces lower level metal routing of the CDSA embedding the crypto-IP so that the signature becomes highly suppressed before it passes through the higher metal layers (which radiates significantly) to connect to the external pin. The 65-nm CMOS test chip contains both protected and unprotected parallel AES-256 implementations, running at a clock frequency of 50 MHz. Test vector leakage assessment (TVLA) on the protected CDSA-AES, demonstrated with on-chip measurements for the first time, shows that the higher level metal layers leak significantly more compared with the lower level metal routing. Correlational power and EM analysis (CPA/CEMA) attacks on the unprotected implementation were able to extract the secret key within 8k and 12k traces, respectively, while the protected CDSA-AES could not be broken even after 1B encryptions for both power and EM SCA, evaluated both in the time and frequency domains, showing an improvement of 100x over the prior state-of-the-art countermeasures with comparable power and area overheads.

Automated summary

Mathematically secure cryptographic algorithms exhibit power and electromagnetic analysis attacks when implemented physically, and circuit-level protections suffer from tradeoffs. This study introduces a new method of signature suppression in the current domain that significantly enhances immunities to power and EM side-channel analysis. By combining current-domain signature attenuation with local lower level metal routing, crucial correlated information leakage is suppressed, providing a significant improvement in security. The test results demonstrate that higher level metal layers leak significantly more compared to lower level metal routing, showcasing the effectiveness of the proposed method.