secure logic styles
play

Secure Logic Styles ECRYPT II summer school on Design and Security - PowerPoint PPT Presentation

Embedded Security Group Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms and Devices 1. June 2011 Amir Moradi Embedded Security Group Agenda Power Consumption Characteristics of CMOS Circuits


  1. Embedded Security Group Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms and Devices 1. June 2011 Amir Moradi

  2. Embedded Security Group Agenda  Power Consumption Characteristics of CMOS Circuits – Glitches  Solutions in Hardware – Logic Styles – Dual-Rail Pre-charge concept – Examples – Problems – Overheads – Gains 2 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  3. Embedded Security Group Power Consumption Characteristics of CMOS Circuits  The majority of today’s hardware are built using CMOS technology – Complementary Metal Oxide Semiconductor – It is immune in presence of noise – It has very low static power consumption • The main power consumption comes from dynamic part – The point that we get the “information leakage” – Let’s see the details of a CMOS gate to understand its behavior when the inputs change 3 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  4. Embedded Security Group Power Consumption of CMOS Circuits (cont’d)  A CMOS gate is built using two networks – Pull-up and pull-down – Pull-up part is made by PMOS transistors • Which can nicely pass HIGH (logical “1”) – Pull-down part by the NMOS transistors • Which can nicely pass LOW (logical “0”) – The networks should be made in a way that at each time instance when the inputs are stable, only one network is active. • Then, the static power consumption will be very low – An example: a CMOS NAND gate 4 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  5. Embedded Security Group Power Consumption of CMOS Circuits (cont’d)  Static power consumption – The transistors (NMOS and PMOS) are not perfectly blocking and there is a leakage current flows – This issue becomes more and more relevant, the smaller the used technology is – Pull-up and pull-down networks have different leakage currents • Data-dependent static power  Dynamic power consumption – Short circuit current: When an input of the gates switches, the pull- down and pull-down networks are both conductive for a short period of time • Data-dependent dynamic power if the output changes – Charging current: Whenever the output switches, the output capacitance needs to be charged or discharged; – charging leads to a high current • Data-dependent dynamic power if the output changes from LOW to HIGH [Physical-Security.org] 5 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  6. Embedded Security Group Power Consumption of CMOS Circuits  A CMOS inverter:  There are many other parameters which affect the power of a CMOS gate, but we ignore them here  Generally for PA attacks, we take the most significant part into account – In short, the power consumption depends on the processed data 6 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  7. Embedded Security Group Glitches  How about a larger circuit?  The power consumption of combinational circuits depends strongly on some other points – One is glitches – “Glitches in CMOS circuits are data dependent and have a strong impact on the dynamic power consumption” [DPABook] 7 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  8. Embedded Security Group Solutions in Hardware  We need a scheme to prevent glitches – a couple of methods in VLSI design to make glitch- free circuits – not enough to prevent data-dependency • e.g., number of toggles still will be different for different input changes  We need a scheme to prevent glitches and make the number of toggles fixed independent of input changes – Dual-Rail Pre-charge (DRP) logic 8 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  9. Embedded Security Group Dual-Rail Pre-charge (DRP) Logic  Each value (0/1) is presented by two lines  There are two phases: pre-charge/evaluation  Both lines go LOW in pre-charge phase  Only one line goes HIGH in evaluation phase a 1 a 0 pre-charge evaluation pre-charge evaluation To have constant power consumption, the  There will be no glitch capacitance loads of complementary signals must  The number of toggles will be fixed be the same 9 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  10. Embedded Security Group DRP Logic (first example, SABL)  Sense Amplifier Based Logic (SABL) [TAV02]  Constant power consumption for each gate  Independent Time-Of-Evaluation (TOE) – A gate evaluates when all complimentary signals are valid  All gates are connected to CLK and prechared all together  Full-custom design tools should be used  Overheads – ~double area – half speed – much more energy consumption 10 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  11. Embedded Security Group SABL (cont’d)  AND/NAND n-type SABL gate:  CLK=0, pre-charge phase – All signals go LOW  CLK-> 1, start of evaluation phase  q or qbar signal goes LOW when both complementary a and b signals are valid  Requirements – The same capacitance for every comp. internal signal – The same resistance for every comp. path  Hard to achieve… 11 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  12. Embedded Security Group DRP Logic (second example, WDDL)  Wave Dynamic Differential Logic [TV04]  The same idea as SABL but using standard CMOS library  AND/NAND WDDL gate: – much simpler than SABL – much smaller than SABL – less resistant against DPA attacks  WDDL flip-flop: 12 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  13. Embedded Security Group WDDL (cont’d)  Why less resistance than SABL? – Complementary capacitance loads cannot be balanced – Memory effect: charges stored in internal nodes of the gates are data-dependent – Time-Of-Evaluation is also data-dependent – Also known as early propagation effect • A gate evaluates the output before all complementary signal arrived – For example, one AND gate may make the output 0 once seeing that one input is 0 13 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  14. Embedded Security Group Current Mode Logic  Instead of the voltage levels in CMOS, the current passing through the gate defines the logical value of the gate output  In theory sum of the currents in a complementary circuit is data-independent  Static energy consumption was a problem, solved in DyCML (Dynamic Current Mode Logic) [AE01]  Like SABL needs full-custom design flow  Capacitive loads also affect  Dedicated placement and routing for complementary signals/transistors should be used 14 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  15. Embedded Security Group Randomization in Gate Level  Each internal signal is masked by a mask bit  Some schemes used one mask bit per internal signal – Very high complexity – Very high area and power overhead  Others used a single mask bit for whole of the circuit – Random Switching Logic  In combination with the DRP logic, they have made – Dual-rail Random Switching Logic – Masked Dual-rail Precharge Logic – … 15 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  16. Embedded Security Group RSL  Random Switching Logic [SSI04]  A NAND(NOR) RSL gate:  r is a random bit changing every CLK cycle  en signal commands the gate to evaluate  no duality is used – Number of toggles is data-dependent • Random bit is used to change this dependency  Glitches are prevented if the timing of en signal for each gate at each depth level is carefully observed 16 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  17. Embedded Security Group DRSL  Dual-rail Random Switching Logic [CZ06]  The dual-rail version of RSL  AND/NAND DRSL gate:  provides a dedicated circuit to handle en signal of each gate  prevents early propagation in evaluation phase – but leads to information leakage in precharge phase  can be implemented by semi-custom design tools 17 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  18. Embedded Security Group MDPL  Masked Dual-rail Precharge Logic [PM05]  can be seen as masked version of WDDL  can be implemented by standard CMOS library  Main block is a majority gate, the AND/NAND gate:  Mask signal m changes every clock cycle and is shared between all gates  suffers from early propagation effect – Practical investigation showed strong leakage 18 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

  19. Embedded Security Group iMDPL  Improved version of MDPL [PKZM07] – to avoid the early propagation effect  An Evaluation-Precharge Detection Unit (EPDU) added to each MDPL gate:  Very high area overhead  Practical investigations showed – decreased leakage – dependency of the resistance on the imbalanced complimentary wires of the mask – still can be attacked 19 ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

Recommend


More recommend