1. Field of the Invention
Example embodiments of the present invention relate generally to a logic circuit and method thereof and more particularly to a logic circuit for performing a logic operation not meeting an associative law and method thereof.
2. Description of the Related Art
Conventional methods for processing data may include a key for security. The data encoded with the key may be extracted by measuring a power dissipation occurring during an operation of a cryptography algorithm and/or timing the execution of the operation.
A leakage or exposure of data during extraction with a cryptography algorithm may be referred to as a side channel and a method for receiving the side channel may be referred to as a side channel attack. Side channel attacks may include a timing attack, a fault insertion attack, a power analysis attack, etc.
In an example, a smart card system with an installed co-processor for cryptographic processing may have a higher possibility of a side channel because the smart card system may execute a higher number of logic operations (e.g., AND, OR, XOR, etc. . . . ).
A conventional differential power analysis (DPA) may measure and analyze power dissipation in logic operations of the cryptograph algorithm, thereby extracting the data. Thus, installing a defense against DPA may increase the security for a given system.
One conventional defensive method, referred to as random masking, may include applying a cryptography algorithm after data is received and random data is included. If the received data is processed with a logical operation satisfying an associative law, data may not be extracted by a side channel attack because power dissipation during the cryptography algorithm execution may not result in the input data.
Another conventional random masking method may include applying an XOR operation to the input data and the random data as given by/a=a⊕r  (1.1)where the input data is a, the random data is r, the random mask data is /a, and an XOR operation is denoted by ⊕. It is well known that XOR operations satisfy the associative law (e.g., a⊕r=r⊕a, (a⊕r)⊕x=a⊕(r⊕x), etc. . . . ).
The data generated during the cryptography algorithm operation may be maintained in a random mask in order to apply a logical operation satisfying an associative law (e.g., an XOR operation) to the input data while remaining unreadable with conventional DPA. In this case, the data included in the random mask type may include both processed data and random data.
In another example, it may be assumed that a cryptography algorithm may apply an XOR operation to an input data ‘a’ and a key k. To prevent the DPA from extracting the input data a, random data r may be generated in order to attain the random mask data /a as given in Expression 1.1. If an XOR operation is applied to the random mask data /a and key k, the result may be given by/a⊕k=(a⊕r)⊕k  (1.2)
Thus, a result of the XOR operation (i.e., a⊕k) may be achieved without exposing data to extraction by DPA since the random data r is included within Expression 1.2. Further, the result of the XOR operation may not be exposed.
In another example, the cryptography algorithm may not include an AND operation applied to the data a and the key k1 as given by/ak=(a⊕r)k  (1.3)where  denotes an AND operation, while remaining secure from side channel attacks.
Referring to Expression 1.3, the AND operation may not satisfy the associative law, as given by/Ak≠(Ak)⊕r.  (1.4)
Thus, by conventional methods, logic operations (e.g., AND, OR, etc. . . . ) which do not satisfy the associative law may not be included in the cryptography algorithm without risking exposure to DPA.