[Cryptography] Is LMDPL method against DPA attacks patented?

[sebastien riou]

>
>
> Date: Wed, 3 Jan 2018 15:37:07 +0300
> From: Digital Designer <digitaldesigner.mr at gmail.com>
>
> There are mainly two methods against DPA attacks. First one is algorithmic
> masking that includes changes in crypto algorithms. For example new S-Box
> design in AES. The other one is gate level masking. Are these methods have
> licensed or patented? Is there any other company than Rambus that designs
> DPA resistant AES IP Cores?
>
>
Hi,

Many companies design DPA resistant AES cores: NXP, Infineon, Samsung, ST,
and many more.
Few companies sell DPA resistant AES cores as standalone IPs, just visit
https://www.design-reuse.com/
Beware:
- soft IPs (IPs delivered as RTL) are NOT a desirable delivery, you are
much better off if you get a synthesized netlist generated by the provider.
The best is to get a hard macro.
- typically you need side channel protection all the way from key storage
to the AES. So a secure AES is not enough...
Finally some companies sell entire "secure element" IP: something which
manage and protect the secret keys, compute AES and optionally other crypto
algorithms. If that's of interest you can contact web-contact at tiempo-
secure.com (disclosure: I am working there).

If you think about making "gate level masking" yourself, consider the
following:
- Merely using random bits in an AES is usually enough for CRI (Rambus) to
call and say that you potentially infringe several of their zillion patents.
- It is a huge effort if you are targeting ASIC, you are almost certainly
better off buying an IP.
- If you target an FPGA, you will probably succeed... after many iterations
and learning the details of the FPGA fabric inside out. Definitly a fun
project!

Best regards,
Sebastien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180104/65a0e93c/attachment.html>