The present invention relates to a circuit arrangement and a method for processing a dual-rail signal.
Switching networks are normally designed microelectronically such that each bit of the information to be processed is physically represented by one, and only one, electrical node. A configuration such as this is also denoted as single-rail circuit technology. Such switching networks are, however, relatively insecure with regard to attacks with the aid of so-called differential current profile analysis, which is applied by unauthorized third parties when attempting to access secret information. Differential current profile analysis, which is also denoted as differential power analysis—DPA, is one of the most important methods, for example, for attacking smart cards for security applications. This involves a deliberate attack on confidential information such as passwords or cryptographic keys. For a given program or a given algorithm, smart card current profiles which are measured by means of statistical methods, and/or their charge integrals calculated over one or more clock cycles are evaluated, in which case—for a multiplicity of program runs—it is possible to draw conclusions about the information to be protected from the correlation between systematic data variation and respective charge integral.
In contrast to conventional single-rail circuit technology, in which each bit within a data path or signal path is physically represented by one, and only one, electrical node K, an implementation using dual-rail circuit technology results in each bit being represented by two nodes K and KN, each bit having a valid logic value when K corresponds to the true logic value of this bit, and KN corresponds to the negated value.
Thus, when the value “1” is intended to be transmitted, this is done by means of a “1” in the node K. At the same time, however, the value “0” is transmitted at the node KN, so that, overall, both a “1” and a “0” are thus transmitted. When the value “0” is to be transmitted, a “0” is transmitted at the node K and a “1” at the node KN. In both cases, a “1” and a “0” are thus transmitted. Assuming that the nodes K and KN are physically identical, it is now no longer possible to use differential current profile analysis to identify whether a “1” or a “0” is being transmitted as the data item. However, this is true only when a signal change actually takes place for each transmitted data item, that is to say when the information “1” and the information “0” alternate. If a number of identical data items are transmitted successively, the characteristics with regard to the capability for attacks by means of differential current profile analysis deteriorate.
In order to repulse cryptoanalytical attacks, it is known to achieve the desired invariance of the charge integrals by inserting between two respective states with valid logic values <1, 0> or <0, 1> a so-called precharge state, also referred to just as precharge, for which both K and KN are charged to the same electrical potential, that is to say they assume logically invalid values <1, 1> or <0, 0>. A state sequence for the precharge state <1, 1> would appear, for example, as follows:(1,1)→(0,1)→(1,1)→(1,0)→(1,1)→(1,0)→(1,1)→(0,1)→ . . .
In an integrated circuit, this precharge is generally produced globally and fed in a star-shaped and clock-synchronized fashion to the dual-rail circuits, which operate with precharge. In the individual dual-rail circuits, it is, of course, also possible to produce an appropriate precharge locally.
FIG. 1 shows the time profile of a signal S that is processed by means of a conventional dual-rail circuit with predischarge and is transmitted in coded fashion by means of two complementary lines S1, S2. At the start of a clock cycle X of a clock signal CLK, the two complementary lines S1, S2 are precharged in a first clock phase X1, in the so-called predischarge phase, such that they assume logic value “0”, as a result of which previously stored information is deleted. Since the data signal S to be transmitted has the logic value “0”, the line S2 is precharged to the value of a logic “1” in a second clock phase X2, the so-called evaluation phase. With the following clock phase Y, the data signal S changes from logic “0” to logic “1”. At the start of the clock cycle Y of the clock signal CLK, it is necessary in a first clock phase 1 to precharge the two complementary lines S1, S2 once again to a logic “0”. In order for the signal S to assume the logic value “1”, the line S1 is precharged in a second clock phase Y2 to the logic value “1”. An analogous procedure affects the following clock cycles, it basically being the case that at the start of each clock cycle the lines S1, S2 are precharged to logic “0” and subsequently one of the lines S1, S2 is charged to logic “1” as a function of the logic value of the signal S to be driven.
There is the disadvantage in the case of dual-rail circuit technologies with pre-discharge or pre-precharge that the power consumption is relatively high and that inflexible, customer-specific solutions are involved, since the circuit design cannot be calculated automatically, that is to say it cannot be synthesized.
Furthermore, it is not necessarily possible to achieve a desired signal output value reliably by means of a precharge of a dual-rail circuit. Propagation time differences of input signals of such a circuit can cause undesired intermediate transitions at the output of the circuit.
A circuit has, for example, the AND logic function Z=A+B, the aim being for the result Z to be equal in each case to “0” for a first signal pair A, B with the values <A=“1” and B=“0”>, as well as for a second signal pair A, B with the values <A=“0” and B=“1”>. On the basis of a propagation time difference of the signals of the second signal pair, it is possible upon a transition of the values of the first signal pair to the values of the second signal pair for a further signal pair to be set, for example, with the values <A=“1” and B=“1”> such that the result Z=“1” is set briefly at the output. This yields at the output a rising edge, a so-called hazard, that is actually precluded from occurring and causes an undesired intermediate state. The superfluous signal changes associated with these intermediate states signify in physical terms that respective electrical capacitors must unnecessarily be recharged, an increased energy turnover being required as a result. Moreover, the current profile of the circuit depends strongly on the input data respectively to be processed, and so the circuit overall is susceptible to a differential current profile analysis despite the dual-rail technology with precharge.
Further known measures for reducing the capability for attacks by means of differential current profile analysis are coded computing or secure coding. However, in this case there is a need for additional clock cycles as well as a large quantity of random numbers, something which entails a large expenditure of area in addition to a reduced operating speed.