Towards Evaluating DPA Countermeasures for Keccak K1012ECCAK on a Real ASIC

We present Zorro, a taped-out ASIC hosting three distinct authenticated encryption architectures based on the SpongeWrap construction. All designs target resource-constrained environments such as smart cards or embedded devices and therefore, have been protected against DPA attacks while keeping low-area as the most important design goal in mind. Each of the three architectures contains masking and hiding countermeasures. They solely differ with regard to the implemented secret-sharing scheme. While the first design is based on a 3-share threshold implementation TI, which does not fulfill the uniformity property, the other two make use of the 3-share approach with re-masking and the 4-share approach as proposed by Bilgini¾?eti¾?al. Our smallest, provable first-order DPA secure Keccak implementation requires only 14.5i¾?kGE which is less than half of the size of related work and contains both front-end and back-end design overheads. Moreover, we present first DPA results of the Zorro ASIC by comparing hiding and masking countermeasures. We were able to recover the cipherkey from a masking-secured TI implementation based on three shares with about 70i¾?000 power traces.