

# FPGA Assessment Methodology of Adverse X-Ray Effects on Secure Digital Circuits

**Paolo MAISTRI**  
CNRS/TIMA Laboratory  
BITFLIP 2025



- Modification non-Invasive de circuitS Intégrés par rayons X (2021-2026)



ANR-20-CE39-0012

Thanks to:

**Nasr-Eddine OULDEI TEBINA, PhD**

currently Head of Security Engineering  
@ Fortaegis Technologies (NL)



**Synchrotron source****Laboratory source**



- Faults are semi-permanent, can be removed with time and/or temperature
  - (Semi)-Persistent Fault Attacks
  - Circuit edit at the transistor level

(See previous Maingault's presentation for further details ☺ )

- Main TID radiation effects on MOS structures:
  1. Threshold Voltage Shift (NMOS  $\downarrow$ , PMOS  $\uparrow$ )
  2. Leakage Current
    - Sub-Threshold (NMOS  $\uparrow$ , PMOS  $\downarrow$ ), Static (NMOS  $\uparrow$ )
  3. Transconductance Degradation





## Is there an impact on security other than permanent faults?

- Impact of dose **before** fault occurrence [HOST24]
- Impact on **side channel** leakage [DATE24]
- Characterization of **FPGA** building blocks [TDMR25]



# Primitive Biasing



- Ring Oscillators,  
all same theoretical  
frequency
- Practically all different
  - Intra-die variations
  - Inter-die variations
- Each device unique
  - Identification
  - Key generation





**POWER OFF****POWER ON****POWER ON (frozen)**

|                | $RO_0$ | $RO_{12}$ |
|----------------|--------|-----------|
| $f_0(MHZ)$     | 13.01  | 13.01     |
| $f_{max}(MHZ)$ | 13.06  | 13.054    |
| $\Delta f$     | +0.37% | +0.32%    |

|                | $RO_0$ | $RO_{12}$ |
|----------------|--------|-----------|
| $f_0(MHZ)$     | 12.98  | 12.86     |
| $f_{max}(MHZ)$ | 13.03  | 12.94     |
| $\Delta f$     | +0.43% | +0.64%    |

|                | $RO_0$ | $RO_{12}$ |
|----------------|--------|-----------|
| $f_0(MHZ)$     | 13.58  | -         |
| $f_{max}(MHZ)$ | 13.72  | -         |
| $\Delta f$     | +1.03% | -         |

# Side Channel Leakage Amplification



### Target design and leakage paths





|        | $\Delta SNR_{MAX}$ |
|--------|--------------------|
| Byte 0 | +83.7%             |
| Byte 1 | +59.2%             |
| Byte 2 | +26.5%             |
| Byte 3 | not-applicable     |





Score



# FPGA Characterization

## Target Architecture



## Floorplan



## Interconnect





19/11/2025

## Byte-1 Combinational Irradiation



Combinational parts of the FPGA are not the main source of power consumption when compared to clocked resources

## Byte-1 Register Irradiation



Registers have a higher contribution to data-dependent leakages, suggesting that registers are a better target



### Simplified Routing Representation



T-statistics assess **overall leakage** across two groups; DPA focuses on specific **data hypotheses**, and the correlation can improve regardless of the T-test

### Welsh T-test statistic evolution



### Before, After





- X-Rays attacks can be leveraged before fault occurrence
  - Side Channel leakage amplification
  - Ring Oscillator frequency biasing
- Validated through extensive experimental campaigns on FPGA
  - Real case scenarios?
  - ASIC targets ?
- Exploitability improvements?
  - Attack granularity & strength



# Questions?