# ??? Representations of Numbers and Electrical Activity

Arnaud TISSERAND

CNRS, Lab-STICC

NAC 2024 Paris

# $\frac{2}{23}$

#### Topics:

- Computer arithmetic: representations of numbers and algorithms
- Crypto: asymmetric (RSA, (H)ECC, lattice based PQC), hash functions, symmetric ciphers, homomorphic encryption
- Observation and perturbation attacks
- Secure implementations:
  - hardware: accelerators and secure processors (ASIC, FPGA)
  - software: microcontrollers, embedded processors, high-end multicores

 $\frac{3}{23}$ 

Power consumption:

- Static power due to leakage(s)
- Dynamic power due to transitions
  - useful/logical transitions due to state switching  $(0 \rightarrow 1 \text{ and } 1 \rightarrow 0)$

parasitic transitions due to timings imperfections (skew, glitches, ...)



In this talk, we only deal with logical activity

General principle:

- 1. Measure/observe external physical parameter(s) on a running device
- 2. Deduce internal (secret) informations

Examples:

...

- Timings
- Power consumption
- Electromagnetic radiation
- Temperature
- Number of cache misses

Attacks are always improving (strong statistics, deep learning, ...)

#### Secure Hardware Accelerator for ECC Example





PhD Thesis Danuta Pamula 2012: https://theses.hal.science/tel-00767537



## RISC-V CV32E40P core from OpenHW Group (documentation)



HDL code(s), complete software toolchain, numerous libraries and works



#### Operation to be executed: $r \leftarrow x + y$



- AS: ALU status and internal pipeline
- Internal status: pipeline management, bypasses, memory hierarchy, branch predictor, monitoring, etc

 $\frac{8}{23}$ 

- Very (over?) simplified 32-bit processor
- Register file (RF): 32 registers, 2 read ports (rs1, rs2) and 1 write port (rd) active at each instruction
- Arithmetic and logic unit (ALU)
- Basic instruction set (e.g., R1 <- R2 + R3)</p>
- Simulation: only logical transitions (no glitch), 1-cycle instructions
- Only (rs1, rs2, rd) are observable (not other signals!)
- Start with random data in registers (crypto context)











Traces for 10 sets of initial (random) values in the registers:





Average trace:



















R1 <- OxFFFFFFFF NOP R2 <- R2 + R3 R2 <- R2 + R4 R2 <- R2 + R1 R2 <- R2 + R5

R2 <- R2 + R6



- RO <- 0 R1 <- 1 NOP NOP
- loop: R2 <- R2 + R3 R2 <- R2 + R4 R0 <- R0 + R1 JMP loop

- // index
  // +1 for loop index incr.
- // acc. random
  // acc. random
  // i <- i + 1</pre>



#### Code: Using the Same Register Twice





NOP

loop: R2 <- R2 + R3 R2 <- R2 + R4 R2 <- R2 + R10 R2 <- R2 + R10 JMP loop // acc. random
// acc. random
// acc. random
// acc. same random



 $\frac{18}{23}$ 

#### Assumptions:

- ▶ **b** is a bit (i.e.  $b \in \{0, 1\}$ , logical or mathematical value)
- electrical states for a wire:  $V_{\text{DD}}$  (logical 1) or GND (logical 0)







#### Precharge style:



Other encodings:

- different states for odd/even cycles
- many other solutions

Often lead to important overheads (silicon area in operators & registers)



$$X = \sum_{i=0}^{n-1} x_i \beta^i \quad \text{with} \quad x_i \in \mathcal{D}$$

• Carry-save (CS): 
$$\beta = 2$$
,  $\mathcal{D}_{CS} = \{0, 1, 2\}$ 

- Borrow-save (BS):  $\beta = 2$ ,  $\mathcal{D}_{BS} = \{-1, 0, 1\}$
- ► Avizienis:  $\beta > 2$ ,  $\mathcal{D}_{\alpha} = \{-\alpha, \dots, -1, 0, 1, \dots, \alpha\}$  with  $2\alpha + 1 > \beta$

Other solutions

Question: how to select  $\beta$ ,  $\alpha$ , and all digits encodings?

I tested numerous solutions, up to now the interest is limited!

- activity variations are reduced but not enough
- leads to silicon overheads

Tested encodings for Carry-Save  $(eta=2,\,\mathcal{D}_{ ext{CS}}=\{0,1,2\})$ 

- 2 bits with same weight w=1 w=1
- one bit for each digit
   d=0
   d=1
   d=2

odd/even cycles and bits of same weight
 w=1,e
 w=1,o
 w=1,o

odd/even cycles and one bit for each digits

d=0,e d=1,e d=2,e d=0,o d=1,o d=2,o

- 2 bits of same weight and one bit for logical inversion w=1 w=1 inv
- other (silly?) encodings

- Redundant number systems (CS, BS, Avizienis, variants, other ideas?) help to reduce activity variations, but this is not sufficient
- Low-level encoding of digits is important
- Value 0 (as a digit and as a number) is tricky to manage w.r.t. activity variations
- RNS and variants have potential
- Combine with other arithmetic level solutions (e.g. GF(P) with Montgomery domain δP, δ small and add random multiples of P)
- Instructions and control flow are very important for SCA but operands also participate to side-channel leakage
- Do not overestimate "constant-time" protection
- Compilers (and CAD tools) optimizations can remove some protection "tricks"



- Number systems impact electrical activity and lead to side-channel leakage
- Still need more work:
  - RNS and variants
  - randomization
  - models for links between arithmetic properties and electrical properties
  - selection/design of appropriate algorithms/implementations
  - take into account parasitic transitions (tricky)
  - "calibration" of library components from implementationS resultS

Countermeasures against observation and perturbation attacks

## Thank you! Questions?

arnaud.tisserand@cnrs.fr / https://www.arnaud-tisserand.fr