Leakage model of a single clock cycle AES FPGA implementation

It is very interesting to hear if someone tried to run a single cycle AES implementation on an FPGA…
This is not about the pipelined implementation but about the real single cycle implementation when all 10 rounds run during one clock cycle.
I guess the main problems of such implementation are:

  1. There must be used only combinational logic.
  2. Propagation delay.

Probably, both problems are in theory resolvable. Say, by using the Kintex-7 FPGA and 1 Mhz external clock. This should be enough to have suitable propagation delay and hence to get rid of the sequential logic for storing intermediate round states.

As the main leakage of the hardware AES implementation is a Hamming distance between the cipher text (output of 10-th round) and the 9-th AES-128 round, using the suggested single clock cycle implementation will make impossible to apply the HD leakage model due to absence of the sequential logic (flip-flops to store the round states).

What leakage model can be used in this case? Is it still possible apply the CPA attack against proposed implementation?

I’m not sure! If only the final encryption result gets stored into flops, the state change from successive encryptions is independent of the key, so that approach won’t work.

While it’s theoretically possible to carry out the complete AES encryption in a single clock cycle, in practice I’ve never come across an implementation that does this. If you try it, I think you will find that the performance is worse (i.e. the maximum achievable clock frequency will go down by more than 10x, and/or size will go up, etc…). But don’t let that stop you from trying it!