Carry-based Differential Power Analysis (CDPA) and its Application to Attacking HMAC-SHA-2
In this paper, FortifyIQ introduces Carry-based Differential Power Analysis (CDPA), a novel methodology that allows for attacking schemes involving arithmetical addition. This methodology is applied to what is believed to...
First Full-Fledged Side Channel Attack on HMAC-SHA-2
FortifyIQ presents a novel practical template attack on HMAC-SHA-2 intended primarily against its implementations in hardware. Side-channel attacks pose a threat to cryptographic algorithms. HMAC is an important use case...
RAMBAM: A New Very Compact and Efficient Protection of AES against SC and FI attacks
This is an academic paper describing a protection method for AES which is very efficient, and configurable for any application. It introduces RAMBAM, an innovative algebraic masking technique designed to...
STORM — Small Table Oriented Redundancy-based SCA Mitigation for AES
STORM effectively solves the long-standing challenge of combining high security against SCA with low gate count and high performance for AES implementations by offering a different tradeoff (memory utilization) that...
Modern devices often rely on strong cryptographic keys, yet mathematical strength alone is not enough to
Modern devices often rely on strong cryptographic keys, yet mathematical strength alone is not enough to ensure security. Attackers increasingly bypass cryptography altogether by exploiting physical leakages through side-channel methods such as Differential Power Analysis (DPA), Differential Electromagnetic Analysis (DEMA), and Fault Injection Analysis (FIA). These attacks are inexpensive to perform, difficult to defend against, and have become a serious threat to contactless smart card systems used in access control, payments, transportation, and digital identity.
This paper examines how DEMA attacks compromise smart cards in the real world and introduces a new, cost-effective protection approach that simplifies development while significantly strengthening device security.
Side-channel attacks are a pervasive threat to hardware security, particularly in cryptographic systems where they can
Side-channel attacks are a pervasive threat to hardware security, particularly in cryptographic systems where they can leak sensitive information. While some leakage can be mitigated through simple countermeasures, advanced attacks require detailed analysis and design-level protections. FortifyIQ’s Side-Channel Studio provides a comprehensive EDA solution for evaluating and strengthening hardware against side-channel attacks. Engineers can validate designs in pre-silicon simulation, on FPGA boards, and post-silicon, gaining the insight and confidence needed to meet certification requirements and ensure robust protection.
Fault Injection Attacks pose a growing threat to the security of hardware systems, particularly in cryptographic
Fault Injection Attacks pose a growing threat to the security of hardware systems, particularly in cryptographic contexts where they can lead to full key recovery. While simple FIAs can often be mitigated through detection
mechanisms, cryptographic FIAs — especially ineffective fault attacks — require deeper, design-level
countermeasures. FortifyIQ’s Fault Injection Studio addresses this challenge with a comprehensive EDA solution for evaluating and improving algorithmic protections against fault injection attacks.
We present Carry-based Differential Power Analysis (CDPA) — a new side-channel attack targeting algorithms that use arithmetic addition. Applied to HMAC-SHA-2, CDPA enables full key recovery from power traces, both in simulation and on FPGA hardware. With as few as 30K traces, secret keys can be recovered in some cases, allowing for forging the HMAC-SHA-2 signature of any message, and
Here we present RAMBAM, our patented novel concept of designing countermeasures against side-channel attacks and SIFA on AES using redundant representations of finite field elements. It enables trade-offs between gate count, maximal frequency, performance, level of robustness to first and higher-order side-channel attacks and SIFA-1. We present an analytical model that explains the leakage reduction, and a leakage assessment using
Attackers can now breach your device for just a few hundred dollars unless robust security measures are in place. Watch our webinar to learn how our solution ensures you no longer have to compromise between security and functionality.
“Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own”
