DPA Resistant Cores

Rambus DPA Resistant Hardware Cores prevent against the leakage of secret cryptographic key material through attacks when integrated into an SoC. These superior performance cores are easy to integrate into SoCs and FPGAs, providing robust side-channel resistance across different security and performance levels. Many cores are validated to FIPS 140-2 CAVP.

QSE-IP-86 DPAFast Quantum Safe Engine for ML-KEM
(CRYSTALS-Dilithium) with DPA
PKE-IP-85-DPA(-FIA)Fast Public Key Engine with DPA or with DPA and FIA
AES-AE-16-DPA(-FIA)AES Authenticated Encryption Accelerator, 16 Sbox, DPA or DPA and FIA
AES-AE-32-DPA(-FIA)AES Authenticated Encryption Accelerator, 32 Sbox, DPA or DPA and FIA. CC EAL4+ certified.
ICE-338-AES-DPAAES Inline Cipher Engine, DPA
ICE-338-SM4-DPASM4 Inline Cipher Engine, DPA
HMAC-SHA-256-DPAHMAC SHA-2 engine, 224 & 256 Mode, DPA
HMAC-SHA-256-512-DPAHMAC SHA-2 engine, 224, 256, 384 & 512 Mode, DPA

How DPA Resistant Cores works

The DPA Resistant Hardware cores offer chipmakers an easy-to-integrate technology-independent soft-macro security solution with built-in side-channel resistance for cryptographic functions across a wide array of devices.

These high-performance cores provide a higher level of protection than standard security cores, while improving time-to-market, as all the cores are validated DPA countermeasures. It is highly flexible for integration with standard cipher modes such as Cipher Block Chaining (CBC), Counter (CTR) and Authenticated Encryption mode / Galois Counter (GCM) modes. The fast AES core performs AES encryption with DPA protection using only 2 clock cycles per AES round, outperforming any existing solution.

DPA Resistance Diagram

Additionally, the DPA Countermeasure hardware cores offer both encryption and decryption functions with key size options of 128- and 256-bits for AES and 4096 bits for RSA, with 8192 support when using a larger memory.

Our secure cores implement DPA countermeasures such as LUT-Masked Dual-rail with Pre-charge Logic (LMDPL) gate level masking and other schemes, delivering the highest level of security while meeting silicon area, performance and power budget targets. These countermeasures are portable to any FPGA or ASIC technologies.

The DPA-resistant family of cores are extensively validated using the Test Vector Leakage Assessment (TVLA) methodology and reveal no leakage beyond 100 million traces. The core is protected against univariate first- and second-order side-channel attacks beyond 1 billion operations.

For Anti-Tamper Cryptographic Cores for government applications, please go here.

Introduction to Side-Channel Attacks eBook

Introduction to Side-Channel Attacks

Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.

Solution Offerings

Protecting Electronic Systems eBook thumbnail

Protecting Electronic Systems from Side-Channel Attacks

Side-channel attacks comprise a wide range of techniques including Differential Power Analysis, Simple Power Analysis, Simple Electromagnetic Analysis, Differential Electromagnetic Analysis, Correlation Power Analysis and Correlation Electromagnetic Analysis. An effective layer of side-channel countermeasures should therefore be implemented via hardware (DPA resistant cores), software (DPA resistant libraries) or both. After layered countermeasures have been implemented, systems should be carefully evaluated to confirm the cessation of sensitive side-channel leakage.


Security Icon

DPA Countermeasures

DPA Countermeasures are fundamental techniques for protecting against Differential Power Analysis (DPA) and related side-channel attacks. Consisting of a broad range of software, hardware, and protocol techniques, DPA Countermeasures include reducing leakage, introducing amplitude and temporal noise, balancing hardware and software, incorporating randomness, and implementing protocol level countermeasures.

Rambus logo