Secure Logic Styles ECRYPT II summer school on Design and Security - - PowerPoint PPT Presentation

secure logic styles
SMART_READER_LITE
LIVE PREVIEW

Secure Logic Styles ECRYPT II summer school on Design and Security - - PowerPoint PPT Presentation

Apr 07, 2023 146 likes •389 views

Embedded Security Group Secure Logic Styles ECRYPT II summer school on Design and Security of Cryptographic Algorithms and Devices 1. June 2011 Amir Moradi Embedded Security Group Agenda Power Consumption Characteristics of CMOS Circuits

slide-1
SLIDE 1

Secure Logic Styles

ECRYPT II summer school on Design and Security of Cryptographic Algorithms and Devices

  • 1. June 2011

Amir Moradi

Embedded Security Group

slide-2
SLIDE 2

2 Embedded Security Group

Agenda

  • Power Consumption Characteristics of CMOS Circuits

– Glitches

  • Solutions in Hardware

– Logic Styles – Dual-Rail Pre-charge concept – Examples – Problems – Overheads – Gains

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-3
SLIDE 3

3 Embedded Security Group

Power Consumption Characteristics of CMOS Circuits

  • The majority of today’s hardware are built using CMOS

technology

– Complementary Metal Oxide Semiconductor – It is immune in presence of noise – It has very low static power consumption

  • The main power consumption comes from dynamic part

– The point that we get the “information leakage”

– Let’s see the details of a CMOS gate to understand its behavior when the inputs change

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-4
SLIDE 4

4 Embedded Security Group

Power Consumption of CMOS Circuits (cont’d)

  • A CMOS gate is built using two networks

– Pull-up and pull-down – Pull-up part is made by PMOS transistors

  • Which can nicely pass HIGH (logical “1”)

– Pull-down part by the NMOS transistors

  • Which can nicely pass LOW (logical “0”)

– The networks should be made in a way that at each time instance when the inputs are stable, only one network is active.

  • Then, the static power consumption will be

very low

– An example: a CMOS NAND gate

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-5
SLIDE 5

5 Embedded Security Group

Power Consumption of CMOS Circuits (cont’d)

  • Static power consumption

– The transistors (NMOS and PMOS) are not perfectly blocking and there is a leakage current flows – This issue becomes more and more relevant, the smaller the used technology is – Pull-up and pull-down networks have different leakage currents

  • Data-dependent static power
  • Dynamic power consumption

– Short circuit current: When an input of the gates switches, the pull- down and pull-down networks are both conductive for a short period of time

  • Data-dependent dynamic power if the output changes

– Charging current: Whenever the output switches, the output capacitance needs to be charged or discharged; – charging leads to a high current

  • Data-dependent dynamic power if the output changes from LOW to HIGH

[Physical-Security.org]

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-6
SLIDE 6

6 Embedded Security Group

Power Consumption of CMOS Circuits

  • A CMOS inverter:
  • There are many other

parameters which affect the power of a CMOS gate, but we ignore them here

  • Generally for PA attacks, we

take the most significant part into account

– In short, the power consumption depends

  • n the processed data

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-7
SLIDE 7

7 Embedded Security Group

Glitches

  • How about a larger circuit?
  • The power consumption of combinational circuits depends

strongly on some other points

– One is glitches – “Glitches in CMOS circuits are data dependent and have a strong impact on the dynamic power consumption” [DPABook]

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-8
SLIDE 8

8 Embedded Security Group

Solutions in Hardware

  • We need a scheme to prevent glitches

– a couple of methods in VLSI design to make glitch- free circuits – not enough to prevent data-dependency

  • e.g., number of toggles still will be different for different

input changes

  • We need a scheme to prevent glitches and make the

number of toggles fixed independent of input changes

– Dual-Rail Pre-charge (DRP) logic

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-9
SLIDE 9

9 Embedded Security Group

  • Each value (0/1) is presented by two lines
  • There are two phases: pre-charge/evaluation
  • Both lines go LOW in pre-charge phase
  • Only one line goes HIGH in evaluation phase
  • There will be no glitch
  • The number of toggles will be fixed

Dual-Rail Pre-charge (DRP) Logic

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

a1 a0

pre-charge pre-charge evaluation evaluation

To have constant power consumption, the capacitance loads of complementary signals must be the same

slide-10
SLIDE 10

10 Embedded Security Group

DRP Logic (first example, SABL)

  • Sense Amplifier Based Logic (SABL) [TAV02]
  • Constant power consumption for each gate
  • Independent Time-Of-Evaluation (TOE)

– A gate evaluates when all complimentary signals are valid

  • All gates are connected to CLK and prechared all together
  • Full-custom design tools should be used
  • Overheads

– ~double area – half speed – much more energy consumption

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-11
SLIDE 11

11 Embedded Security Group

SABL (cont’d)

  • AND/NAND n-type SABL gate:
  • CLK=0, pre-charge phase

– All signals go LOW

  • CLK-> 1, start of evaluation phase
  • q or qbar signal goes LOW when

both complementary a and b signals are valid

  • Requirements

– The same capacitance for every comp. internal signal – The same resistance for every comp. path

  • Hard to achieve…

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-12
SLIDE 12

12 Embedded Security Group

DRP Logic (second example, WDDL)

  • Wave Dynamic Differential Logic [TV04]
  • The same idea as SABL but using standard CMOS library
  • AND/NAND WDDL gate:

– much simpler than SABL – much smaller than SABL – less resistant against DPA attacks

  • WDDL flip-flop:

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-13
SLIDE 13

13 Embedded Security Group

WDDL (cont’d)

  • Why less resistance than SABL?

– Complementary capacitance loads cannot be balanced – Memory effect: charges stored in internal nodes of the gates are data-dependent – Time-Of-Evaluation is also data-dependent – Also known as early propagation effect

  • A gate evaluates the output before all complementary

signal arrived

– For example, one AND gate may make the output 0 once seeing that one input is 0

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-14
SLIDE 14

14 Embedded Security Group

Current Mode Logic

  • Instead of the voltage levels in CMOS, the current passing

through the gate defines the logical value of the gate output

  • In theory sum of the currents in a complementary circuit is

data-independent

  • Static energy consumption was a problem, solved in DyCML

(Dynamic Current Mode Logic) [AE01]

  • Like SABL needs full-custom

design flow

  • Capacitive loads also affect
  • Dedicated placement and routing

for complementary signals/transistors should be used

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-15
SLIDE 15

15 Embedded Security Group

Randomization in Gate Level

  • Each internal signal is masked by a mask bit
  • Some schemes used one mask bit per internal signal

– Very high complexity – Very high area and power overhead

  • Others used a single mask bit for whole
  • f the circuit

– Random Switching Logic

  • In combination with the DRP logic, they have made

– Dual-rail Random Switching Logic – Masked Dual-rail Precharge Logic – …

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-16
SLIDE 16

16 Embedded Security Group

RSL

  • Random Switching Logic [SSI04]
  • A NAND(NOR) RSL gate:
  • r is a random bit changing every CLK cycle
  • en signal commands the gate to evaluate
  • no duality is used

– Number of toggles is data-dependent

  • Random bit is used to change this dependency
  • Glitches are prevented if the timing of en signal for each

gate at each depth level is carefully observed

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-17
SLIDE 17

17 Embedded Security Group

DRSL

  • Dual-rail Random Switching Logic [CZ06]
  • The dual-rail version of RSL
  • AND/NAND DRSL gate:
  • provides a dedicated circuit to

handle en signal of each gate

  • prevents early propagation in evaluation phase

– but leads to information leakage in precharge phase

  • can be implemented by semi-custom design tools

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-18
SLIDE 18

18 Embedded Security Group

MDPL

  • Masked Dual-rail Precharge Logic [PM05]
  • can be seen as masked version of WDDL
  • can be implemented by standard CMOS library
  • Main block is a majority gate, the AND/NAND gate:
  • Mask signal m changes

every clock cycle and is shared between all gates

  • suffers from early propagation effect

– Practical investigation showed strong leakage

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-19
SLIDE 19

19 Embedded Security Group

iMDPL

  • Improved version of MDPL [PKZM07]

– to avoid the early propagation effect

  • An Evaluation-Precharge Detection Unit (EPDU) added to

each MDPL gate:

  • Very high area overhead
  • Practical investigations showed

– decreased leakage – dependency of the resistance on the imbalanced complimentary wires of the mask – still can be attacked

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-20
SLIDE 20

20 Embedded Security Group

More Logic Styles

  • More DRL Logics [BGLT06], [SMBY05]
  • Asynchronous Logics [KSS+05], [KST06]

– have the same problem of imbalanced capacitances

  • Charge Recovery Logics [TV042], [KM+08]

– made indeed to make low-power circuits – later their DPA-resistance was observed – a full-custom design process is required – area overhead is quite high while energy consumption gets significantly decreased

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-21
SLIDE 21

21 Embedded Security Group

Some Remarks

  • Some of the logic styles only make the circuit complex without

adding sensible resistance against DPA attacks – since mostly evaluated in simulation domain

  • Some make the attacks harder

– but the area/time/energy overheads are very high

  • preventing to be taken by the designers
  • The community somehow lost attention in this direction

– since it is believed that the gain of using such a logic style is much less than the difficulties, complexities, and overheads – also the available simulation tools are not appropriate to be used in security evaluations of logic styles

  • Motivation (PhD candidates?)

– More research in this area is required!

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-22
SLIDE 22

22 Embedded Security Group

Thanks! Any questions?

amir.moradi@rub.de

slide-23
SLIDE 23

23 Embedded Security Group

References

[DPABook] S. Mangard, E. Oswald, T. Popp. Power Analysis Attacks: Revealing the Secrets of Smart Cards, Springer 2007. [TAV02] K. Tiri, M. Akmal, I. Verbauwhede. A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption…, ESSCIRC 2002, pp. 403-406, 2002. [TV04] K. Tiri, I. Verbauwhede. A Logic Level Design Methodology for a Secure DPA …, DATE 2004, pp. 246-251, 2004. [AE01] M.W. Allam, M.I. Elmasry. Dynamic Current Mode Logic…, IEEE Journal

  • f Solid-State Circuits, 36(3), pp. 550-558, 2001.

[SSI04] D. Suzuki, M. Saeki, T. Ichikawa. Random Switching Logic: A Countermeasure against DPA…, ePrint Archive, 2004/346. [CZ06] Z. Chen, Y. Zhou. Dual-Rail Random Switching Logic: A Countermeasure to Reduce…, CHES 2006, pp. 242–254. [PM05] T. Popp, S. Mangard. Masked Dual-Rail Pre-charge Logic: DPA- Resistance…, CHES 2005, pp. 172-186. [PKZM07] T. Popp, M. Kirschbaum, T. Zefferer, S. Mangard. Evaluation of the Masked Logic Style MDPL on a Prototype Chip, CHES 2007, pp. 81–94.

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi

slide-24
SLIDE 24

24 Embedded Security Group

References

[BGLT06] M. Bucci, L. Giancane, R. Luzzi, A. Trifiletti. Three-Phase Dual-Rail Pre-Charge Logic, CHES 2006, pp. 232-241 [SMBY05] D. Sokolov, J. Murphy, A. Bystrov, A. Yakovlev. Design and Analysis of Dual-Rail Circuits for Security Applications. IEEE Tran. on Computers, 54(4),

  • pp. 449-460, 2005.

[KSS+05] K.J. Kulikowski, M. Su, A.B. Smirnov, A. Taubin, M.G. Karpovsky, D.

  • MacDonald. Delay Insensitive Encoding and Power Analysis…, ASYNC 2005,
  • pp. 116-125.

[KST06] K.J. Kulikowski, A.B. Smirnov, A. Taubin. Automated Design of Cryptographic Devices Resistant to Multiple Side-Channel Attacks, CHES 2006, pp. 399-413. [TV042] K. Tiri, I. Verbauwhede. Charge Recycling Sense Amplifier Based Logic: Securing Low Power…, ESSCIRC 2004, pp. 179-182. [KM+08] M. Khatir, A. Moradi, A. Ejlali, M.T. Manzuri, M. Salmasizadeh. A Secure and Low-Energy Logic Style using Charge Recovery Approach, ISLPED 2008, pp. 259-264.

ECRYPT II summer school | Albena | 1. June 2011 | Secure Logic Styles Amir Moradi