Switching circuits, e.g. a 1-of-n decoder, are normally in microelectronic form. This means that each bit of a state stored in a register connected upstream of the switching circuit is physically represented by a single value at the register output. For the “single rail” circuitry, so-called for this reason, the same also applies for all the nodes within the switching circuits and for their inputs. The logic value of a state bit or its complementary value has a single corresponding electrical node. Switching circuits produced using single-rail technology can easily be spied out, however, e.g. using “differential power analysis”.
Differential power analysis (DPA) is one of the most important methods for attacking chip cards for confidential information, such as passwords or cryptographic keys stored in the chip card. This involves using statistical methods in a prescribed program or in a prescribed algorithm to evaluate the measured current profiles or their charge integrals, calculated over one or more clock cycles, for the chip card. If the program is executed a sufficient number of times, the correlation between a systematic data variation and the respective charge integral can be used to draw conclusions about the information which is to be protected.
To make it more difficult to attack using differential power analysis, switching circuits can therefore be produced using “dual-rail” technology. In contrast to conventional single-rail logic, where each bit within a data or signal path is physically represented by a single electrical node in a switching circuit, an implementation using dual-rail logic involves each bit being represented by two nodes k and kq. The bit then has a valid logic value if k corresponds to the true logic value b of this bit and kq corresponds to the negated value bn=not (b).
The desired invariance in the charge integrals is achieved by virtue of two respective states with valid logic values (b, bn)=(1, 0) or (0, 1) having had a “precharge state” inserted between them for which both the node k and the node kq are charged to the same electrical potential. The nodes or signal lines consequently assume logically invalid values (1, 1) or (0, 0). For the precharge state (1, 1), a state sequence in a data or signal path containing the node k, kq might therefore have the following appearance:                (1, 1) (0, 1) (1, 1) (1, 0) (1, 1) (1, 0) (1, 1) (0, 1), . . .        
For any of such state sequences, it holds true that any passage from a precharge state to a logically valid value involves a single node having its charge reversed from 1 to 0, and any passage from a logically valid value to a precharge state involves a single node having its charge reversed from 0 to 1. This is irrespective of the logically valid value b of a respective state bit.
It follows from this that the charge integrals corresponding to these state sequences are independent of the sequence of the logically valid values (b, bn), provided that it is ensured that the nodes k and kq have the same electrical capacitances. The current profile for a data path implemented in this way is thus not dependent on the variation in the data to be processed over time. Differential power analysis therefore does not succeed.
The text below describes how a dual-rail implementation is produced in the prior art, with reference to FIGS. 1 to 4.
FIG. 1 shows a block diagram with a switching circuit 200, which is in the form of a 1-of-n decoder, by way of example. The switching circuit is designed using dual-rail technology, which means that the data input on the switching circuit has two input connections 201, 202, to which the dual-rail signal b<2:0>, bn<2:0> can be applied, for each bit. Inside the switching circuit 200, the input signals are called a<2:0>, an<2:0>. The data input on the switching circuit 200 is preceded by a register 100 and an inverter 110 which converts a single-rail signal into a dual-rail signal and supplies this signal to the switching circuit 200. A data input 101 on the register 100 has a single-rail signal a<2:0> applied to it. The register 100 also has a clock signal connection 103 which has a clock signal CLK applied to it.
Upon every rising clock edge, the single-rail signal applied to the data input 101 is passed to the data output 102. The signal which can be tapped off there is referred to as z<2:0>. The conversion to a dual-rail signal is made by supplying the output signal z<2:0> once to the input connection 201 on the switching circuit 200 directly and once to the input connection 202 on the switching circuit 200 via an inverter 110. The data output 102 of the register 100 is thus connected to two output lines 104, 105, one of which is connected to the switching circuit 200 directly while the other is connected thereto via the inverter 110. The dual-rail signal is thus made up of the signals b<2:0> and bn<2:0>.
In the present exemplary embodiment in FIG. 1, it is assumed that the register 100 is a 3-bit register and that the switching circuit 200 is a 3-bit decoder. The chosen bit lengths are to be regarded merely by way of example. Both the register and the switching circuit could naturally have a different bit length. By way of example, the data output of the switching circuit 200 provides an 8-bit signal z<7:0>. The switching circuit also does not have to be a 1-of-8 decoder, as chosen in the present exemplary embodiment. Instead, the switching circuit can be of any type.
The register or the three registers 100 are, as illustrated in more detail in FIG. 3, in the form of master/slave registers, by way of example. Both the master, which is shown to the left of the dash-dot line, and the slave are in the form of “data latches” connected in push-pull configuration. The master data latch comprises a C2MOS switch 150 which is connected to a feedback inverter 151, which is likewise in the form of a C2MOS switch. The slave data latch is correspondingly designed using C2MOS switches and is connected downstream of the master data latch. Since the design of such a register has been known for a long time from the prior art, a more detailed description is omitted at this point.
The design of the 1-of-8 decoder from FIG. 1 is shown in FIG. 2. This figure clearly shows that the switching circuit 200 has a total of six input connections, with two input connections 201, 202 being provided for each bit. As already described for FIG. 1, the input connection 201 has the logically valid signal a<0>, a<1>, a<2> applied to it, while the input connection 202 has the respective complementary signal an<0>, an<1>, an<2> applied to it. Since the switching circuit 200 is a 1-of-8 decoder, it has a total of eight data outputs 203, each of which provides a signal z<0>, . . . , z<7>. The circuit is implemented in a known manner using NAND gates 210 whose outputs are connected to the inputs of NOR gates 220. The signals provided at the outputs of the NAND gates 210 are referred to as bq<0>, . . . bq<3>. Said design of the decoder is known from the prior art, which means that a detailed description is omitted at this point too.
An example of the timing of the signals shown in FIGS. 1 and 3 and of the clock signal CLK is shown in FIG. 4. Besides the clock signal CLK, the signal a<2:0> applied to the data input 101 on the register 100, the dual-rail signal b<2:0>, bn<2:0> supplied to the input connections 201, 202, the signal bq<3:0> produced by the NAND gates 210 and the signal z<7:0> which can be tapped off at the data output 203 of the switching network 200 are shown.
For this example, it is now assumed that the value “100” has been written to the 3-bit register 100 in the clock cycle before the first rising clock edge shown for the signal CLK in FIG. 4, which means that the following is initially true:                b<2:0>=“100”, bn<2:0>=“011”,        bq<3:0>=“1110” and        z<7:0>=“001 0000”.        
Upon the first rising edge of the clock signal CLK, the value a<2:0>=“111” at the data input 101 is now taken into the register 100. This value is forwarded to the data output 102 of the register, so that initially the output line 104 and hence the input connection 201 have the signal b<2:0> applied to them, and the finite switching time of the inverter 110 means that the input connection 202 does not have the inverse signal thereof bn<2:0> applied to it until after that. Since the signal values are applied to the input connections 201, 202 at different times, the effect produced is that the intermediate signal bq<3:0> first changes from its initial value “1110” briefly to a logically invalid intermediate state “0000” before the stable final value “0111” is reached. This means that the data output 203 of the switching circuit 200 also briefly provides a logically invalid intermediate state: starting from a value z<7:0>=“0001 0000”, the logically invalid intermediate state “1111 0000” briefly appears before the stable final value “1000 0000” is reached.
Upon the second rising clock edge of the clock signal CLK, the value a<2:0>=“111” is now reapplied to the data inputs 101 on the registers 100. As a result, the signals b<2:0>, bn<2:0>, bq<3:0> and z<7:0> change again.
This example reveals the drawback of the circuit arrangement used in the prior art: depending on the temporal shift in the signals b, bn applied to the input connections 201, 202, the data output 203 of the switching circuit 200 can briefly pass through logically invalid intermediate states, which can lead to faults or increased circuit complexity in circuit blocks connected downstream of the switching circuit 200. In addition, the superfluous signal changes associated with these intermediate states have the physical significance that the respective electrical capacitances need to have their charges reversed unnecessarily, which requires increased energy consumption. Furthermore, the current profile for the register and for the switching circuit is greatly dependent on the respective input data a (or a, an) which are to be processed, which means that the circuit arrangement is on the whole susceptible to differential power analysis despite the use of dual-rail technology.