The Hardware Security Paradox Solution

Makers of devices that implement a cryptographic algorithm face the following dilemma:

At the moment, most manufacturers perform in-house hardware evaluations or outsource them while bearing the costs and taking the risk of releasing devices that are vulnerable to DPA.

Manufacturers who do not have the budget for either approach often try to buy themselves out of the dilemma by purchasing readily available DPA-resistant designs from larger providers. These are sold either as certified by a recognized body or covered by some sort of a guarantee (only as good as the provider’s name). The manufacturers miss one critical point: they almost blindly trust another party’s evaluation, which may have failed to discover an existing problem. Moreover, the manufacturers themselves may lack instruments to verify providers’ claims.