So-called dual rail circuit technology, which is also referred to as complementary circuit technology, relates to a circuit arrangement design whose security aspects have been improved, in particular for data processing apparatuses. Circuits are normally designed using so-called “signal rail circuit technology”. In this case, switching networks are formed microelectronically such that each bit of the information to be processed is represented physically by one and only one electrical node. Switching networks such as these are relatively insecure when subjected to so-called differential current profile analysis, which is often used when unauthorized third parties attempt to access secret information. Differential current profile analysis, which is also referred to as differential power analysis (DPA), is one of the most important methods for attacking, for example, smart cards for security applications. Smart card current profiles measured by statistical methods and their charge integrals calculated over one or more clock cycles are evaluated for a given program or a given algorithm, in which case conclusions about the information to be protected can be drawn from the correlation between the systematic data variation and the respective charge integral, for a large number of programmed versions.
One possible way to make DPA attacks at least considerably more difficult is to interchange or to transmit data between subsystems of an integrated circuit only in an encryption form, as far as possible. One crypto system which is suitable for this purpose is so-called one-time pad encryption. Keys obtained as random sequences are linked bit-by-bit with texts to be transmitted, via an XOR gate. An XOR gate is once again used for deencryption. For the one-time pad crypto system, it is important that each key sequence is used only once for encryption and deencryption, because information relating to plain texts can otherwise be obtained by statistical methods.
This “encrypted calculation” using the single rail circuit technique requires a very large amount of circuit complexity and thus a large surface area, however, and the power consumption is in consequence increased. The dual rail circuit technique is used in order to avoid the need for encryption. From what has been stated above with regard to differential current profile analysis, it can be stated that the circuit components in an integrated circuit should ideally be designed, in order to resist DPA attacks, in such a way that they always produce the same current profile irrespective of the data to be processed. However, this is not reliably the case for the single rail implementation, because the charge integral associated with the time profile of the states of a circuit is a function of those nodes and/or electrical capacitances whose electrical charge levels are changed, that is to say it is highly dependent on the changes in the data to be processed over time.
In contrast to conventional single rail circuit technology, each bit is represented by two nodes k and kq in dual rail circuit technology, with a transmitted bit having a valid logical value when k corresponds to the true logical value b, and kq corresponds to the negated value bn=not(b).
Thus, when the aim is to transmit the value b=1, then this is done by means of a “1” in the node k. At the same time, however, the value “0” is transmitted at the node kq, so that, overall, both a “1” and a “0” are thus transmitted. When the aim is to transmit the value b=0, the value “1” is transmitted at the same time at the node kq. A “1” and a “0” are thus transmitted in both cases. Assuming that the nodes k and kq are physically equivalent, it is no longer possible to use differential current profile analysis to determine whether a “1” or a “0” has been transmitted as the data item. However, this is true only when a signal change actually takes place for each transmitted data item, that is to say the information “1” and the information “0” alternate. If a plurality of identical data items are transmitted successively, the characteristics with regard to the capability for attacks by differential current profile analysis deteriorate.
The desired invariance of the charge integrals is now achieved by inserting a so-called precharge state between two states with valid logical values (b, bn)=(1,0) or (0,1) for which both k and kq are charged to the same electrical potential, that is to say they assume logically invalid values (1,1) or (0,0). A state sequence for the precharge state (1,1) could thus appear as follows:
(1,1)→(0,1)→(1,1)→(1,0)→(1,1)→(1,0)→(1,1)→(0,1)→ . . .
For any such character sequence, it can be stated that the charge on one and only one node is changed from “1” to “0” for each transition (1,1)→(b, bn) and that the charge on one and only one node is changed from “0” to “1” for all (b, bn)→(1,1) irrespective of the logic valid value b of the state bit in question. An analogous situation applies to the state sequences with the precharge state (0,0).
This means that the charge integrals which correspond to these state sequences are independent of the sequence (b, bn) of the logically valid values, provided that care is taken to ensure that the nodes k and kq have the same electrical capacitances. The current profile of a data path implemented in this way thus does not depend on time variations in the data to be processed, and is therefore resistant to differential current profile analysis.
One example of a dual rail implementation of a circuit component is known from DE 102 02 726 A1. The integrated circuit proposed there is a register in a data path. The proposed circuit arrangement is designed consistently using dual rail technology, and thus forms a charge-neutral register.
One problem in designing circuit components using dual rail circuit technology is that the power consumption is considerably greater.