An in-chip countermeasure against static side-channel analysis attacks, built for deployment in FPGAs.
Static side-channel analysis exploits leakage of circuit state elements while their stored values are not changing. Typically, inducing such a state requires directly stopping the circuit input clock, however it can also be stopped indirectly by undervolting the target system or relying on clock-gating. This countermeasure serves to monitor the clock signal and upon detecting a stop condition, immediately wipe sensitive register contents in a secure manner.
These designs are artefacts of research that has been published in two papers:
Original: On Borrowed Time – Preventing Static Side-Channel Analysis, in NDSS '25 - print available here.
Follow-up: Chypnosis: Undervolting-based Static Side-channel Attacks to appear in IEEE SP '26 - preprint here
! The original countermeasure design, pre-September 2025 revision, is not secure against undervolting attacks !
Shortly after Borrowed Time's original publication, it was found that undervolting could stop a target's clock while also inhibiting the countermeasure's ability to securely wipe registers. In a follow-up work, Chypnosis, a revised countermeasure design is put forth that works against undervolting attacks and provides ample protection.
This repo contains design files for two cryptographic systems that are implemented directly in hardware, each of which is equipped with the Borrowed Time countermeasure. Each instance is designed for implementation on a specific target IC since the countermeasure operates based on the physical properties of the underlying technology.
AES128- no other countermeasures - deployment on Xilinx Kintex-7 (XC7K160T-1FBG676C)SKINNY-128-128- first-order masking protection - deployment on Xilinx Spartan-6 (XC6SLX75-2CSG484C)
Porting these designs to other targets requires some additional engineering, namely to ensure the delay-chain circuits are correctly tuned.
See original On Borrowed Time paper for more information.
These applications are based on open third-party cores:
AEScore found hereSKINNYcore from uclcrypto/aead_modes_leveled_hwTriviumPRNG core from uclcrypto/randomness_for_hardware_masking
Original source:
- (
AEScore) Copyright (C) 2012, 2013 AIST - (
SKINNYcore) Copyright Corentin Verhamme and UCLouvain, 2022
Modified source - Copyright 2024 by Robbie Dumitru, Ruhr University Bochum, and The University of Adelaide, 2024
These applications can be freely modified, used, and distributed as long as the attributions to both the original author and author of modifications (and their employers) are not removed.
- ARC Discovery Early Career Researcher Award number DE200101577
- ARC Discovery Project number DP210102670
- Defence Science and Technology Group (DSTG), Australia under Agreement ID10620
- Draper Scholars Program
- Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany's Excellence Strategy - EXC 2092 CASA - 390781972
- NSF (National Science Foundation) Grants CNS-2150123 and CNS-2338069
- Research and Development (R&D) grant from the Massachusetts Technology Collaborative