Reducing Cost & Risk with Inspector Pre-Silicon Side Channel Analysis

Side‑channel leakage remains one of the most persistent and challenging threats to hardware security. Traditionally, design teams rely on post‑silicon side‑channel analysis, which requires fabricated chips, complex lab setups, and expert operators. While post‑silicon testing is essential, it occurs late in the development cycle, making it difficult and expensive to redesign hardware once leakage is discovered.

This webinar introduces a more efficient approach: performing side‑channel analysis before tape‑out using simulation‑based techniques. Nicole Fern, Principal Security Analyst at Keysight, explains how Inspector Pre‑Silicon enables early, actionable insight into leakage behavior across RTL and gate‑level designs. By shifting leakage detection earlier, teams reduce rework risk, compare countermeasures, and strengthen device security long before hardware is manufactured.

The session begins with a clear introduction to side channels. A side channel is an unintended physical interface that reveals information about internal device activity, such as power consumption, electromagnetic emissions, timing, light, or temperature. Although many forms exist, the webinar focuses on power‑based side channels, which are especially relevant in cryptographic implementations. Attackers with physical access can measure these signals during key‑dependent operations and apply statistical techniques to recover those keys without breaking the underlying cryptography.

Nicole covers two foundational analysis methods: Correlation Power Analysis (CPA) and Test Vector Leakage Assessment (TVLA). CPA is a key‑recovery attack that uses statistical correlation to determine which guessed key best matches observed power behavior. TVLA, by contrast, is a leakage‑detection method rather than a key‑extraction effort. It uses Welch’s t‑tests to determine whether data‑dependent leakage exists. TVLA is widely adopted in certification programs because it is fast, scalable, and easier to automate than full CPA attacks. Both techniques rely on large trace sets and statistical interpretation, and crucially, both are supported in pre‑silicon simulation environments.

The core of the webinar focuses on why pre‑silicon SCA is so valuable. Pre‑silicon analysis uses switching‑activity data (commonly VCD files) from simulation to estimate power behavior and compute leakage metrics. Unlike post‑silicon testing, pre‑silicon offers full visibility into every internal signal, enabling root‑cause analysis that is nearly impossible to perform on finished silicon. Post‑silicon testing reveals that leakage exists and identifies when it occurs. Pre‑silicon analysis reveals exactly which internal signals are causing it.

Nicole outlines the pre‑silicon workflow: simulate the design using targeted test vectors, generate switching activity, feed that activity into Inspector Pre‑Silicon, and produce global and per‑signal leakage metrics. The tool supports regression‑style testing so teams can track leakage as the design evolves through synthesis, place‑and‑route, and integration. As designs gain timing information and gate‑delay realism, leakage estimates become more accurate, making pre‑silicon testing a consistent and repeatable part of the development process.

A live demo walks through the methodology using an AES design with masking countermeasures. The team simulates 1,000 TVLA‑optimized test vectors targeting the fifth round of AES. Inspector Pre‑Silicon streams the VCD data during simulation, avoiding large file storage, and performs both global and per‑signal toggle‑based leakage analysis.

In the first scenario, the RTL design shows no leakage above standard TVLA thresholds. However, after synthesizing the design, leakage appears—a realistic outcome because synthesis tools frequently optimize away masking logic or other countermeasures. Root‑cause analysis reveals that leakage originates inside the S‑box logic. Pre‑silicon visibility enables the team to immediately identify the source rather than relying on guesswork or expensive post‑silicon probing.

After introducing synthesis constraints to preserve masking signals, the team re‑runs the analysis. Leakage is significantly reduced, confirming that the applied countermeasure was effective. This feedback loop highlights one of the major advantages of pre‑silicon analysis: fast, quantitative evaluation of design choices, enabling engineers to compare countermeasures and understand trade‑offs between leakage reduction, performance, and area.

Nicole also highlights several key applications:

• Design‑space exploration to compare countermeasures, cost, and performance trade‑offs
• Regression testing across RTL, gate‑level, and post‑layout simulations
• Efficient feedback loops for both security and design teams
• Certification readiness, as programs like OCP S.A.F.E. plan to accept pre‑silicon evidence
• Complementary workflows, where pre‑silicon insights make post‑silicon testing more targeted and efficient

Inspector Pre‑Silicon has already been applied to commercial AES implementations, masked designs, open‑source crypto cores, post‑quantum primitives, and hardware root‑of‑trust components. In multiple cases, it produced actionable results within twenty‑four hours—far faster than a typical lab campaign.

The Q&A session touches on broader applicability beyond cryptographic cores, including neural‑network accelerators, and discusses how to incorporate VHDL‑based switching activity, interpret false positives in TVLA, and handle mixed HDL environments.

The overarching message is clear: pre‑silicon side‑channel analysis provides earlier insight, deeper visibility, and a more controlled engineering path toward secure silicon. By identifying leakage sources before fabrication, teams can reduce rework costs, validate countermeasures, and build devices with stronger, more predictable security properties.