1. Field of Invention
The present invention relates to smoothing current consumption in digital logic modules and more particularly to reshaping current in processors in order to make current analysis more difficult.
2. Prior Art
FIG. 1 is schematic illustrating a prior art simplified microcontroller. A microcontroller generally includes a microprocessor, memory, a peripheral module that provides communication, for example, Universal Asynchronous Receiver/Transmitter (UART), SPI, and USB, and an interrupt controller. Microcontroller 100 includes microprocessor 102 coupled to memory 104. Address decoder 106 receives and decodes addresses from microprocessor 102 for memory 104 and peripherals 108. Address decoder 106 and peripherals 108 receive addresses on address bus 110 while address decoder 106 transmits select information on memory select 112 and peripheral select 114. Data is transmitted between microprocessor 102, memory 104, and peripherals 108 on data bus 116. A read or a write signal is transmitted between microprocessor 102 and memory 104 and peripherals 108 on read/write signal 117. Microcontroller 100 receives clock signal 118 and reset signal 120. Input 122 includes, for example, timer triggers and UART input data while output 124 includes, for example, UART transmitter output data. Interrupt controller 126 collects and processes interrupt signals from peripherals 108 along an interrupt line (not shown).
Peripherals 108 may be functional logic, for example UART, crypto-processing, digital signal processing (DSP), and digital filtering.
FIG. 2 illustrates one example of a peripheral, a crypto-processor. With a crypto-processor, if a buffer of data must be ciphered or deciphered, software divides the buffer into several parts. Each part represents data able to be processed during a processing time period. As soon as the part is input to the crypto-processor and/or a start signal is applied, the peripheral begins to process the part. After a period of clock cycles the processing period ends and the crypto-processor provides a ciphered/deciphered part that can be read back by the software. When the data processing is finished, the non-processing time period begins and an interrupt signal may be asserted to inform the microprocessor that the part is ready for reading and crypto-processor is ready to cipher/decipher a new part. Once the new part is input to the crypto-processor and/or a start signal is applied, the non-processing time period ends and a new processing time period begins. The software continues reading and writing parts up to the end of the data buffer.
As the algorithm used by the crypto-processor is executed, current consumption due to digital cell switching increases when the processing starts and decreases when processing ends. The current increases due to operation of the combinatorial (for example AND, OR, INVERT, MUX, and XOR) and sequential (D flip flops, or DFFs) cells in the digital module that execute the algorithm. During a non-processing time period, typically the only toggling is on the clock pins of DFFs. This value, together with a static leakage current, is not significant compared to the current consumed when processing is active.
User interface module 200 processes system data, for example address, data, read/write, and select signals, in order to generate commands and data for algorithm module 202. Algorithm module 202 performs cipher/decipher according to control command, data and a cipher/decipher key provided by user interface module 200. Counter 108 receives a start signal from user interface 200 and organizes the data path into algorithm module 202.
A crypto algorithm may be represented as a basic combinatorial function concatenated several times to obtain the result. For example, a basic combinatorial function is implemented once and connected to storing means (DFFs or others). A multiplexer is required to select the input of the algorithm function (data input or intermediate result) depending on a counter module n value (n being the number of iteration to perform to obtain the result, 16 for example in the Data Encryption Standard (DES)). The Triple Data Encryption Standard (TDES) uses three, 16 iteration periods.
Counter 204 receives a start signal on start line 206. The start signal triggers a first-cycle signal from counter 204 to multiplexer 208 in algorithm module 202. Multiplexer 208 receives first-cycle signal and selects input from in-data line 210. Input data then goes to combinatorial circuit 212, which, in combination with a key and a cipher, manipulates the input data. Combinatorial circuit 212 begins processing upon receipt of the first-cycle signal and the input data, thus beginning the processing period. Combinatorial circuit 212 transmits the manipulated input data to multiplexer 213. During processing time period, multiplexer 213 receives processing period signal from counter 204 and therefore selects data from combinatorial circuit 212. Multiplexer 213 transmits the manipulated input data to DFF 214, which then sends the manipulated data to output 216, multiplexers 208 and 213. For subsequent iterations, no first-cycle signal is transmitted to multiplexer 208, so multiplexer 208 selects the manipulated input data from DFFs 214 and sends it to combinatorial circuit 214, which again manipulates the input data. Counter 204 keeps track of each iteration and counts down until the last iteration. At the last iteration, counter 204 sends a last-cycle signal to combinatorial circuit 212, indicating the end of the processing time period. Processing period signal from counter 108 triggers multiplexer 213 to select input from DFF 214 rather than combinatorial circuit 212. DFF 214 receives recycled data, which at this point in the cycle is desired output data. An interrupt signal is sent from counter 204 indicating that data available at output 216 is a desired output, so user interface module 200 retrieves the output data from output 216 on the appropriate clock cycle.
At the end of processing time period counter 204 is reset and waits for a new sequence to be started. FIG. 3 is a graph illustrating a timing diagram and a current waveform representing activation of combinatorial circuit 212 during the processing period.
When a buffer of data is processed, current consumption can be seen as a series of pulses. The low level period of this waveform represents the current consumption of the clock tree and the clock pin of the DFFs of the peripheral module. The high level period represents combinational circuit 212 switching current. By synchronizing external digital analyzer equipment on the rising edge of the pulses, it is possible to store a digital representation of the current. This model can be processed to extract the “key” value of the algorithm without destroying the integrated circuit with an intrusive attack (processing the model is often referred to as a non-intrusive attack). It is based on the difference in current consumption when different data are processed.
FIG. 3 illustrates clock signal 300 and input data 305. Input data 305 is available on input data line 210 (FIG. 2) and represents part of the divided buffer of input data. Start signal 310 is transmitted along start line 206 and triggers the beginning of processing time period 315. Counter 204 counts down, in this case from 15 to zero for DES, with interval value 320. First-cycle signal 325 transmits from counter 204 in conjunction with the first count on interval counter 320. Last-cycle signal 330 transmits from counter 204 in conjunction with the last count on interval counter 320, and signals the end of processing time period 315 and the beginning of non-processing time period 335. Combinatorial circuit 212 is driven with input data during processing time period 315, drawing more current than during non-processing time period 335.
If a clock period is used to schedule the different steps of data processing, processing time period 315 may be detected or observed by non-intrusive methods like current consumption shape analysis. Each time data is processed the current increases to an active range of current, and then decreases to an inactive range of current during non-processing time period 335. Consequently, it is possible to determine data processed inside an integrated circuit.
What is needed is a system and method of making the analysis of current consumption more difficult.