[aes] Also advance the masking PRNG when not used during processing #22844
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Pirmin Vogel <[email protected]>
|
I still need to run the FPGA experiments which will happen tomorrow most likely. |
This change doesn't alter the functionality or the masking employed inside AES but rather moves some PRD buffers around to facilite a subsequent change improving SCA hardening. Signed-off-by: Pirmin Vogel <[email protected]>
Signed-off-by: Pirmin Vogel <[email protected]>
Previously, we were using the unbuffered PRNG output for input data masking which is non-ideal from an SCA perspective as the PRNG output may be subject to glitches during updating. Signed-off-by: Pirmin Vogel <[email protected]>
This was referenced Apr 26, 2024
nasahlpa
approved these changes
Apr 28, 2024
| end | ||
|
|
||
| // Advance the masking PRNG based on the FSM and the shift register. | ||
| assign prng_update_o = prng_update | prd_q[0]; |
There was a problem hiding this comment.
@vogelpi please let's discuss this and L497 shortly
andreaskurth
approved these changes
Apr 29, 2024
|
Thanks for your reviews @johannheyszl, @nasahlpa and @andreaskurth . SCA results look all good but I've discussed with @johannheyszl and @nasahlpa that it's probably better to always let the PRNG advance when some processing is going on. I'll change the design accordingly. |
|
Thanks @vogelpi ! |
Advancing the masking PRNG even when it's not used during processing is beneficial from an SCA hardening perspective as it increases the noise. Signed-off-by: Pirmin Vogel <[email protected]>
The counter is not needed in this state anyway but since the PRNG reseeding may take quite a while, it's better to not update the counter to save power. Signed-off-by: Pirmin Vogel <[email protected]>
cdgori
reviewed
May 1, 2024
vogelpi
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains a couple of changes, but only two of them have functional/SCA impact:
I suggest disabling showing whitespace changes during the review as this PR contains some alignment changes to port lists.
For the other commits:
Update: As outline here the PR has been reworked such that the PRNG is not advanced randomly but unconditionally during data processing to constantly increase the noise floor.