The IIS Chip Gallery
Acacia (2005)
Additional pictures below, click to see larger versions
by
| Application | Cryptography |
| Technology | 250 |
| Manufacturer | UMC |
| Type | Research Project |
| Package | LCC84 |
| Dimensions | 2500μm x 2500μm |
| Gates | 120 kGE |
| Voltage | 2.5 V |
| Power | 250 mW, 176MHz, 2.5V |
| Clock | 200 MHz |
This chip essentially includes three separate designs that all deal with the same subject.
Acacia: Globally-Asynchronous Locally-Synchronous AES Module
Hardware and software implementations of otherwise secure cryptographic algorithms attain physical properties that can be observed during operation. Properties, such as power consumption, electromagnetic radiation, and time required to complete the operation, can reveal information about the secret key used in the crypto-system. Attacks against cryptographic implementations that are based on observing these properties are called side-channel attacks and pose a serious threat.
There are several different categories of countermeasures that have been developed against such attacks:
Acacia combines several of these countermeasures in one chip. It relies on three independent (Locally Synchronous) modules that communicate asynchronously. More information can be obtained on the acacia homepage.
Baby: AES-Based Strong-Authentication ModuleOne of the most common applications of cryptography is to provide means for authentication. A typical example application is a Radio Frequency Identification (RFID) tag system. Such an RFID system consists of a reader terminal and multiple mobile tags. As soon as a tag is within the range of a reader, both components can communicate with each other. This allows the reader to identify the tag. Typical applications of this kind include the contactless ski lift passes used widely. In this system, the reader requires a reliable system to prove that the tag is valid. This process is called authentication and uses cryptographic modules. In principle, the reader poses the tag a challenge that can only be answered correctly if the tag possesses the same secret information as the reader. Strong authentication takes this process one step further. Both the reader and the tag authenticate each other.
Most RFID systems are passive, they operate using the energy radiated by the reader. Low power consumption is therefore of paramount importance for circuits that will be placed on the tag. In this work, an ASIC that can work as both reader and tag has been designed. The authentication module is based on a 16-bit Advanced Encryption Standard (AES) core. The module supports both simple and strong authentication protocols
Pampers: Side-Channel-Attack Resistant Strong-Authentication ModuleImplementations (in both hard and software) of otherwise secure cryptographic algorithms are vulnerable to side channel attacks. Hardware implementations using the CMOS logic are especially vulnerable to so called Differential Power Analysis (DPA) attacks. In order to protect cryptographic hardware against such DPA attacks a series of countermeasures have been developed over the years.
In this project, a set of countermeasures that can be applied using standard CMOS logic have been investigated. These countermeasures have been implemented to improve the security of the AES-based strong-authentication module that was developed as part of a separate project.
The datapath of the crypto-core has been optimized to continuously process data in order to disclose as little information on the exact state of the operation as possible. In addition, a specialized controller has been developed to introduce random operations into the dataflow.
The AES crypto-core with DPA countermeasures occupies an area of 0.58 mm2 which is approximately 65% larger than the reference implementation. The net throughput of the system is 230 Mbit/s which is around 20% lower than that of the reference circuit. However, as seen in the figure below, it shows a significantly higher resistance against traditional DPA attacks.