Abstract: To do research for physical information leaked by Electromagnetic（EM） radiations from Field Programmable Gate Arrays（FPGA） cipher chip during its operation, this paper analyzes the principle of direct electromagnetic emanations for Complementary Metal-Oxide-Semiconductor（CMOS） circuit, and then a near-?eld leakage model about FPGA is designed. According to this model, the technique, EM scanning, is used to tackle the problem of the localization of the spatial position of the crypto-processor, in putting an electricmagnetic near-?eld sensor above the chip. Moreover, Advanced Encryption Standard（AES） circuit is completed based on FPGA cryptosystem and Differential ElectroMagnetic Analysis（DEMA） is introduced. As a result, practical experiment has shown that an attacker can extract the secret 128-bit key using 42000 traces of AES cryptographic device under the condition of having localized the optimal leaking spots characterized by mostly data-dependent EM emissions.

Key words: cipher chip, near-field, Electromagnetic（EM） radiations, Differential ElectroMagnetic Analysis（DEMA）, Advanced Encryption Standard（AES）, Field Programmable Gate Arrays（FPGA）

摘要： 为探究现场可编程门阵列（FPGA）密码芯片运行时电磁辐射造成的涉密信息泄漏情况，研究了互补金属氧化物半导体（CMOS）电路直接电磁辐射的原理，构建了FPGA密码芯片的近场电磁辐射模型。根据这个模型，探讨了近场电磁辐射测量点的选取，采用电磁扫描的方法解决了电磁探头在FPGA表面电磁信号采集的定位问题。此外，在阐释了差分电磁分析（DEMA）攻击原理的同时，完成了高级加密标准（AES）的FPGA电路设计，针对FPGA密码系统的DEMA攻击实验表明，通过电磁扫描找到最佳测量点，在42 000个样本的条件下能成功破解AES密码电路的128 bit密钥。

关键词: 密码芯片, 近场, 电磁辐射, 差分电磁分析, 高级加密标准, 现场可编程门阵列