Bitstream Encryption and Authentication

The device bitstream is always encrypted and authenticated to be DPA-resistant. A factory-defined default key (KLK) is used when the user does not specify a user encryption key (UEK1/UEK2), thus disallowing the use of a plaintext bitstream.

The bitstream is encrypted with the AES-CTR mode using 256-bit secret key, and then an authentication tag is added using a symmetric message authentication code (MAC) based on SHA-256. The encryption key is permuted after every ciphertext block to protect the AES encryption from DPA attack. The bitstream authentication is provided by a licensed protocol from CRI. This protocol uses SHA-256 and proprietary algorithms for checking authenticity in a way that resists differential power analysis and other side-channel attacks. Under this protocol, data is never decrypted unless it has first been authenticated. Additionally, decryption keys are hashed frequently to improve DPA resistance. DPA resistance is also included in the AES and SHA algorithms implemented in the system controller's cryptographic processor.