21st Century Cryptography: Correct-by-Construction Cryptographic Accelerators with Side-Channel Resistance
Funded by DARPA and in partnership with the University of Southern California and Portland State University, Galois’s 21st Century Cryptography (21CC) project continues the correct-by-construction circuit synthesis work started in GULPHAAC and explores novel techniques to mitigate power side channels in high assurance, high performance cryptographic accelerators.
Today, almost no cryptography deployed in the world has formal assurance: no one is certain that it is correct or secure! In the 21CC project, Galois is extending our circuit synthesis capabilities to generate high-assurance, correct-by-construction cryptographic circuits from Cryptol specifications. From a single Cryptol specification we synthesize not just a single instance of a cryptographic circuit, but an entire product line, with variations based on cryptographic parameters (e.g., key size), performance characteristics, pipeline depth, and synchronous vs. asynchronous implementation. This enables us to make tradeoffs among power, performance, area, and security (PPAS), and thus to pick the “right” circuit for any given application.
While correctness is critical to hardware cryptographic security, side channel resistance—the ability to defend against attacks that target physical aspects of the circuit (power, electromagnetic radiation, etc.) rather than logical aspects—is also extremely important. 21CC is exploring novel methods of resisting power side channel attacks, combining Galois’s power-invariant asynchronous circuit designs with multiple randomly-varying power supply voltages to decrease the signal-to-noise ratio observable by attackers.
For more information, see the presentation by Dan Zimmerman and William Koven at DARPA ERI Summit 2019.
This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR0011-19-C-0070. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA). Distribution Statement “A” (Approved for Public Release, Distribution Unlimited)