[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

JP2014120942A - Encryption circuit protected against side channel attack by differential logic - Google Patents

Encryption circuit protected against side channel attack by differential logic Download PDF

Info

Publication number
JP2014120942A
JP2014120942A JP2012274909A JP2012274909A JP2014120942A JP 2014120942 A JP2014120942 A JP 2014120942A JP 2012274909 A JP2012274909 A JP 2012274909A JP 2012274909 A JP2012274909 A JP 2012274909A JP 2014120942 A JP2014120942 A JP 2014120942A
Authority
JP
Japan
Prior art keywords
logic circuit
differential logic
circuit
differential
transistor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2012274909A
Other languages
Japanese (ja)
Inventor
康宏 ▲高▼橋
Yasuhiro Takahashi
Monteiro Cancio
カンシオ モンテイロ
Toshikazu Sekine
敏和 関根
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to JP2012274909A priority Critical patent/JP2014120942A/en
Publication of JP2014120942A publication Critical patent/JP2014120942A/en
Pending legal-status Critical Current

Links

Abstract

PROBLEM TO BE SOLVED: To provide a differential logic circuit for achieving power consumption flattening during logical transition, by improving the circuitry of a differential logic circuit for encryption and a control method therefor.SOLUTION: In a differential logic circuit including a flip-flop circuit consisting of a circuit interconnecting the inputs and outputs of two inverter circuits, and an input circuit of NMOS transistor, a transistor is arranged between a power supply potential and the differential logic circuit, a transistor is also arranged between a GND potential and the differential logic circuit, output of the logic circuit is set at a predetermined potential, and a transistor is arranged in order to equalize the node potential in the logic circuit.

Description

本発明は、観測攻撃から保護される暗号回路に関する。特に差分電力解析攻撃から暗号回路を保護するために適用される。
The present invention relates to a cryptographic circuit protected from observation attacks. It is especially applied to protect cryptographic circuits from differential power analysis attacks.

暗号の主な目的は、暗号化および双対演算、すなわち、復号化という手段による情報の秘匿性である。暗号化および復号化は、1990年代に提案された暗号アルゴリズムAES(Advanced Encrypton Standard)を実装する場合が多い。AESを用いた暗号回路は非接触ICカードなどに使用されており、論理回路により回路実現されている。 The main purpose of cryptography is the secrecy of information by means of encryption and dual operations, ie decryption. Encryption and decryption often implement an encryption algorithm AES (Advanced Encryption Standard) proposed in the 1990s. An encryption circuit using AES is used in a non-contact IC card or the like, and is realized by a logic circuit.

通信および情報処理のための手段のローミング能力が増すとともに、AESアルゴリズムに対する新しい攻撃が考えられるようになっている。それは、暗号回路を構成する論理回路のエネルギー消費量の時間的挙動を観測することで、暗号情報が漏えいするDPA(Differencial Power Analysis)攻撃と呼ばれるサイドチャネル攻撃である。 As the roaming capability of the means for communication and information processing increases, new attacks on the AES algorithm are considered. It is a side channel attack called a DPA (Differential Power Analysis) attack in which cryptographic information is leaked by observing the temporal behavior of the energy consumption of the logic circuit constituting the cryptographic circuit.

サイドチャネル攻撃に対しては、情報漏えいの一要因である消費電力、すなわち、データが遷移するときの変動電流を一定にすることによる秘匿と、漏えいをランダムにし予測不能するマスキングを基にした差動論理回路が非特許文献1などで提案されている。
例えば、K. Tiri, M. Akmal, and, I. Verbauwhede, “A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards,” Proc. European Conf. Solid−state Circuits, pp.403−406, Sept. 2002. For side-channel attacks, the difference is based on power consumption, which is a factor of information leakage, that is, concealment by making the current fluctuation constant when data transitions, and masking that makes leakage random and unpredictable. A dynamic logic circuit has been proposed in Non-Patent Document 1 and the like.
For example, K.K. Tiri, M.M. Akmal, and, I.I. Verbauwede, “A dynamic and differential CMOS logic with signal independent power consumption to whistle differential power analysis on smarts.” European Conf. Solid-state Circuits, pp. 403-406, Sept. 2002.

しかしながら、非特許文献1などの従来の差動論理回路は、入力遷移時の電流変動が大きく、消費電力も多いことから、DPA攻撃において電流を検知されやすく、暗号情報が漏洩しやすいという問題がある。 However, the conventional differential logic circuit such as Non-Patent Document 1 has a large current fluctuation at the time of input transition and a large amount of power consumption. Therefore, there is a problem that current is easily detected in a DPA attack and encryption information is easily leaked. is there.

これらの問題を解決するために、断熱充電の方法を用いて緩やかに充電する回路構成を実現し、最大電流の低減を行った断熱的差動論理回路がある(たとえば、非特許文献2、3)。
M. Khatir, and A. Moradi, “Secure adiabatic logic: A low−energy DPA−resistant logic style,” Cryptology ePrint Archive, Report 2008/123, 2008. D.−B. Choi. K.E. Kim, K.−S. Chung, and D.K. Kim. “Symmetric adiabatic logic circuts against differential power analysis.” ETRI Journal, vol. 32, no. 1, pp.166−168. Feb. 2010. In order to solve these problems, there is an adiabatic differential logic circuit that realizes a circuit configuration for slowly charging using an adiabatic charging method and reduces the maximum current (for example, Non-Patent Documents 2 and 3). ).
M.M. Khatir, and A.K. Moradi, “Secure adiabatic logic: A low-energy DPA-resistive logic style,” Cryptology ePrint Archive, Report 2008/123, 2008. D. -B. Choi. K. E. Kim, K.K. -S. Chung, and D.C. K. Kim. “Symmetric adiabatic logic circuits against differential power analysis.” ETRI Journal, vol. 32, no. 1, pp. 166-168. Feb. 2010.

非特許文献2、3の断熱的差動論理回路は断熱充電により、最大ピーク電流を低減しているが、入力遷移時の電流変動が依然あるために、DPA攻撃に弱いという欠点がある。           The adiabatic differential logic circuits of Non-Patent Documents 2 and 3 reduce the maximum peak current by adiabatic charging, but have a drawback that they are vulnerable to DPA attacks because there are still current fluctuations at the time of input transition.

そこで、本発明は入力遷移時の電流変動を均一化するためのMOSスイッチを節点に設け、かつ断熱的スイッチングを行うことにより、従来の断熱的差動論理回路よりも低消費電力、かつ、入力遷移時の電流変動を低減することにある。
Therefore, the present invention provides a MOS switch for equalizing current fluctuation at the time of input transition at the node and performs adiabatic switching, thereby reducing power consumption and input compared to a conventional adiabatic differential logic circuit. It is to reduce current fluctuation at the time of transition.

図1は、本発明の実施の第一態様である。この回路は、従来の差動論理回路で使用されている、MP2およびMN2からなるインバータとMP3とMN1からなるインバータで構成されるフリップフロップ回路と差動入力を制御するためのNMOSスイッチMN5およびMN6に電源を制御するためのPMOSスイッチMP1、グランド信号を制御するためのNMOSスイッチMN8、すべての節点の等価負荷容量を均一化するためのNMOSスイッチMN7からなる。この回路において、低消費電力化はEval信号により、入力信号遷移時の電流変動の均一化は、Disch信号により達成できる。 FIG. 1 is a first embodiment of the present invention. This circuit includes a flip-flop circuit composed of an inverter composed of MP2 and MN2 and an inverter composed of MP3 and MN1 and NMOS switches MN5 and MN6 for controlling differential inputs, which are used in a conventional differential logic circuit. And a PMOS switch MP1 for controlling the power supply, an NMOS switch MN8 for controlling the ground signal, and an NMOS switch MN7 for equalizing the equivalent load capacitance of all nodes. In this circuit, low power consumption can be achieved by the Eval signal, and current fluctuation at the time of input signal transition can be made uniform by the Disc signal.

回路の動作は図2に示される4つの段階に場合分けされる。 The operation of the circuit is divided into four stages as shown in FIG.

Charge sharing段階:Disch信号の周期は入力信号(Input)の周期の1/2とし、この段階時に入力遷移が終了する。このとき、電源電圧信号(Vpc)は、Lowレベルの状態とし、また、トランジスタMN5(もしくは、MN6)のゲートに印可する入力信号(In)は、ゆるやかに上昇する(もしくは下降)する状態とする。これら電圧変化であるとき、すべての節点の等価負荷容量は等しくなり、電流分布は一様となる。なお、この段階では、出力(Output)は前の状態を保持している。 Charge sharing stage: The cycle of the DISCH signal is set to ½ of the period of the input signal (Input), and the input transition is completed at this stage. At this time, the power supply voltage signal (Vpc) is in a low level state, and the input signal (In) applied to the gate of the transistor MN5 (or MN6) is gradually increased (or decreased). . When these voltage changes, the equivalent load capacities of all the nodes are equal, and the current distribution is uniform. At this stage, the output (Output) holds the previous state.

Evaluation段階:この段階では、Disch信号はすでにLow状態であることからトランジスタMP1はONし、電源Vpcの信号がフリップフロップ回路に印可される。したがって、出力は、Vpcに追従して緩やかに上昇する。 Evaluation stage: At this stage, since the Disc signal is already in the low state, the transistor MP1 is turned on, and the signal of the power supply Vpc is applied to the flip-flop circuit. Therefore, the output rises gradually following Vpc.

Hold段階:この段階の間、Eval信号は緩やかに現状しているために、トランジスタMN8によって差動論理回路がグランド信号より切り離されて、出力は前のEval状態を保持する。 Hold stage: During this stage, the Eval signal is slowly present, so that the differential logic circuit is disconnected from the ground signal by the transistor MN8, and the output maintains the previous Eval state.

Recovery段階:この段階では、Disch信号は依然としてLow状態であるので、電源Vpcが緩やかに減少していることに合わせて、出力も緩やかに減少する。 Recovery stage: At this stage, since the Disc signal is still in the low state, the output is also gradually reduced in accordance with the gentle decrease in the power supply Vpc.

この回路は、Charge sharing段階によって、全節点の等価負荷容量を均一化し、Evaluation段階、Hold段階、および、Recovery段階によって、断熱的スイッチングを実現し低消費電力化を達成している。 In this circuit, the equivalent load capacity of all nodes is made uniform by the charge sharing stage, and adiabatic switching is realized by the evaluation stage, the hold stage, and the recovery stage to achieve low power consumption.

図4は、本発明の実施の第二態様である。この回路は、第一様態と同様にMP2およびMN2からなるインバータとMP3とMN1からなるインバータで構成されるフリップフロップ回路と差動入力を制御するためのNMOSスイッチMN5およびMN6に電源を制御するためのPMOSスイッチMP1、グランド信号を制御するためのNMOSスイッチMN8、すべての節点の等価負荷容量を均一化するためのNMOSスイッチMN7からなる。さらに、Cx信号を制御するためのトランジスタMN3およびMN4を付加することにより、全節点の等価負荷容量をさらに平均化することができる。第二態様の回路の入力波形は図4とすることで図4の出力波形Outputを得ることができる。 FIG. 4 shows a second embodiment of the present invention. This circuit controls the power supply to the flip-flop circuit composed of the inverter composed of MP2 and MN2 and the inverter composed of MP3 and MN1 and the NMOS switches MN5 and MN6 for controlling the differential input as in the first embodiment. PMOS switch MP1, NMOS switch MN8 for controlling the ground signal, and NMOS switch MN7 for equalizing the equivalent load capacitance of all nodes. Further, by adding the transistors MN3 and MN4 for controlling the Cx signal, the equivalent load capacities at all nodes can be further averaged. By setting the input waveform of the circuit of the second aspect to FIG. 4, the output waveform Output of FIG. 4 can be obtained.

図5は、従来の暗号用断熱的差動論理回路群(2N−2N2P、ECRL、SAL、および、SyAL)と本発明の回路(CSSAL)のRC等価回路である。この図は、トランジスタが遷移しているときの節点の等価付加容量の分布状態を示した図であり、すべての節点において、付加容量が均一であれば電流分布も一様となり、電流変動が少ないことを意味している。図より、本発明の回路は、すべての節点において、RC回路が一様分布していることが分かる。 FIG. 5 is an RC equivalent circuit of the conventional adiabatic differential logic circuit group for encryption (2N-2N2P, ECRL, SAL, and SyAL) and the circuit of the present invention (CSSAL). This figure shows the distribution of the equivalent additional capacitance at the nodes when the transistor is transitioning. If the additional capacitance is uniform at all the nodes, the current distribution is uniform and the current fluctuation is small. It means that. From the figure, it can be seen that in the circuit of the present invention, RC circuits are uniformly distributed at all nodes.

図6は、従来の暗号用断熱的差動論理回路群と本発明の回路の電流変動の回路シミュレーションの様子を示したものである。シミュレーションに使用したプロセスは0.18μm標準CMOSプロセスである。図より、本発明の回路は、電流のピーク値が従来回路よりも低く、また、電流の変動も少ないことが分かる。
FIG. 6 shows a state of circuit simulation of current fluctuations in a conventional adiabatic differential logic circuit group for encryption and the circuit of the present invention. The process used for the simulation is a 0.18 μm standard CMOS process. From the figure, it can be seen that the circuit of the present invention has a current peak value lower than that of the conventional circuit and less fluctuation in current.

本発明は、従来の断熱的セキュア差動論理回路よりも、演算時の消費電力を遷移によらず一定にすることができる。 According to the present invention, the power consumption at the time of calculation can be made constant regardless of the transition, compared with the conventional adiabatic secure differential logic circuit.

本発明は、図1に示される回路を断熱的充放電することで、低消費電力化を達成し、かつ、回路内のノード負荷容量を均一化することにより、遷移時の消費電力変化を均一にすることにより達成できる。
The present invention achieves low power consumption by adiabatically charging and discharging the circuit shown in FIG. 1, and uniformizing the node load capacity in the circuit, thereby uniformly changing the power consumption at the time of transition. Can be achieved.

本発明は暗号用断熱的差動論理回路そのものであって、他の用途はないと考える。           The present invention is an adiabatic differential logic circuit for encryption itself, and has no other use.

本発明の第一態様である。1 is a first embodiment of the present invention. 本発明の第一態様の入出力波形の一例である。It is an example of the input-output waveform of the 1st aspect of this invention. 本発明の第二態様である。It is a 2nd aspect of this invention. 本発明の第二態様の入出力波形の一例である。It is an example of the input-output waveform of the 2nd aspect of this invention. 従来の差動論理回路と本発明の差動論理回路のRC等価回路である。It is RC equivalent circuit of the conventional differential logic circuit and the differential logic circuit of this invention. 従来の差動論理回路と本発明の差動論理回路の入力遷移時における電源電流の変化の様子である。It is a mode of the change of the power supply current at the time of input transition of the conventional differential logic circuit and the differential logic circuit of the present invention.

Claims (3)

2つインバータ回路の入出力を相互接続した回路にて構成されたフリップフロップ回路、および、NMOSトランジスタを入力回路とする差動論理回路において、
電源電位と前記差動論理回路の間にトンジスタを配置し、かつ、GND電位と前記差動論理回路の間にトランジスタを配置し、論理回路の出力を所定の電位に設定し、
論理回路内の節点電位を均一化するためにトランジスタを配置した構成である、
ことを特徴とする差動論理回路。 In a flip-flop circuit configured by a circuit in which the input and output of two inverter circuits are interconnected, and a differential logic circuit having an NMOS transistor as an input circuit,
A transistor is disposed between a power supply potential and the differential logic circuit, and a transistor is disposed between a GND potential and the differential logic circuit, and the output of the logic circuit is set to a predetermined potential.
In order to make the node potential in the logic circuit uniform, the transistor is arranged.
A differential logic circuit characterized by that. 請求項1に記載の差動論理回路において、
論理遷移時に断熱動作する、
こと特徴とする差動論理回路。 In the differential logic circuit according to claim 1,
Adiabatic operation during logical transition,
A differential logic circuit characterized by that. 請求項1に記載の差動論理回路において、
論理遷移時に全節点での等価負荷容量を均一化する、
ことを特徴とする差動論理回路。
The differential logic circuit according to claim 1,
Equalize the equivalent load capacity at all nodes at the time of logic transition,
A differential logic circuit characterized by that.
JP2012274909A 2012-12-17 2012-12-17 Encryption circuit protected against side channel attack by differential logic Pending JP2014120942A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2012274909A JP2014120942A (en) 2012-12-17 2012-12-17 Encryption circuit protected against side channel attack by differential logic

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2012274909A JP2014120942A (en) 2012-12-17 2012-12-17 Encryption circuit protected against side channel attack by differential logic

Publications (1)

Publication Number Publication Date
JP2014120942A true JP2014120942A (en) 2014-06-30

Family

ID=51175419

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2012274909A Pending JP2014120942A (en) 2012-12-17 2012-12-17 Encryption circuit protected against side channel attack by differential logic

Country Status (1)

Country Link
JP (1) JP2014120942A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109313863A (en) * 2016-06-17 2019-02-05 阿姆有限公司 Device and method for covering the power consumption of processor

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109313863A (en) * 2016-06-17 2019-02-05 阿姆有限公司 Device and method for covering the power consumption of processor
CN109313863B (en) * 2016-06-17 2022-12-06 阿姆有限公司 Apparatus and method for cloaking power consumption of processor

Similar Documents

Publication Publication Date Title
JP5875642B2 (en) A logistic mapping circuit that implements a general-purpose logic array with a highly variable circuit topology and various logic gates with constant output.
Shifman et al. An SRAM-based PUF with a capacitive digital preselection for a 1E-9 key error probability
TWI596501B (en) Secure digital logic cell and method of powering logic block of digital logic cell
CN104318181B (en) PUF circuit based on threshold deviation delay
CN107483180B (en) High-stability physical unclonable function circuit
KR102444465B1 (en) Continuously charged isolated supply network for secure logic applications
US9191001B2 (en) Transistor devices operating with switching voltages higher than a nominal voltage of the transistor
Giacomin et al. Differential power analysis mitigation technique using three-independent-gate field effect transistors
Thapliyal et al. Adiabatic computing based low-power and DPA-resistant lightweight cryptography for IoT devices
JP2014120942A (en) Encryption circuit protected against side channel attack by differential logic
CN104333362B (en) A kind of same or XOR double track precharge logical unit
CN110364210A (en) Double track based on LUT structure is pre-charged AND-NAND unit
CN103580650A (en) D flip-flop with high-swing output
CN103514937B (en) A kind of storer discharge circuit
Munusamy et al. A low power hardware implementation of S-Box for Advanced Encryption Standard
JP4435670B2 (en) Complementary pass transistor logic
Saravanan et al. Energy efficient reversible building blocks resistant to power analysis attacks
CN115473521B (en) Ultra-low power consumption strong physical unclonable function circuit structure based on novel arbiter
Katragadda Analysis of low power methods in 14T full adder
US20220302830A1 (en) High efficiency power obfuscation switched capacitor dc-dc converter architecture
Gupta et al. Efficient CVSL based full adder realizations
Lima et al. Enhancing Side Channel Attack-Resistance of the STTL Combining Multi-Vt Transistors with Capacitance and Current Paths Counterbalancing
Khatir et al. Sub-threshold charge recovery circuits
Panahifar et al. DGFinSAL: A New Low Power Adiabatic FinFET-Based Logic Family for DPA-Resistant Applications
Avital et al. Secured dual mode logic (DML) as a countermeasure against differential power analysis