1. Field of the Invention
The present invention relates generally to bus systems and circuits with a bus, respectively, more specifically to circuits with a bus with several receivers and particularly to bus systems where at least, among other things, secret data, such as amounts of money, cryptographic keys or the like are transmitted on the bus, such as it is the case, for example, with cryptocontrollers in chip cards or smart cards.
2. Description of the Related Art
One example for a possible bus system and a circuit with a bus, respectively, is shown in FIG. 6. The circuit, generally indicated by 900, comprises a transmitter circuit part 902 and three receiver circuit parts 904a, 904b and 904c. Every circuit part 902 and 904a-904c, respectively, comprises an n-bit data input. Every circuit part 902, 904a-904 is coupled to bus 906 via its data input. Particularly, the receiver circuit part 904a is connected to an n-bit terminal 908a, the receiver circuit part 904b is connected to an n-bit terminal 908b, the receiver circuit part 904c is connected to an n-bit terminal 908c and the transmitter circuit part 902 is connected to a n-bit bus terminal 908d of the bus 906. Every receiver circuit part 904a-904c comprises a logic 910a, 910b and 910c, respectively, whose n-bit data input is connected via an n-bit input register 912a, 912b and 912c, respectively, to the respective data input of the receiver circuit part 904a-904c and the bus terminal 908a-908c, respectively. Every register 912a-912c has an enable and a toggle input, respectively, which is connected to a bus control 914.
In the exemplary bus system 900 of FIG. 6, the transmitter circuit part 902 outputs a data representing signal unspecifically on the bus 906. The signal reaches every bus terminal, particularly every bus terminal 908a-908c of the receiver circuit parts 904a-904c. From there, the signal reaches the input registers 912a-912c of the individual receiver circuit parts 904a-904c unhindered, to be latched and entered there, respectively. In the next clock cycle, the bus control 914 provides that among the input registers 912a-912c only those output their register content to the subsequent logic 910a-910c, which belong to the receiver circuit part 904a, 904c, which is the addressee of the signal output by the transmitter 902 on the bus 906. Therefore, the bus control 914 transmits the enable and toggle signal, respectively, to the input register and the input registers, respectively, of the addressee and the addressee circuit parts, respectively.
A bus system as the one of FIG. 6 cannot simply be used when both non security critical and security critical data are transmitted via the bus 906. In cryptography, for example, data that can be used for a DPA (differential power analysis) attack is processed in chip cards, smart cards or the same. In DPA attacks, the fact is utilized that processing a signal in a circuit influences the current consumption of the circuit, i.e. that the current consumption correlates with the input data. In DPA attacks, several different data are fed subsequently to the circuit, such as the cryptocontroller of a chip card, which processes the same then in the same way and, for example, with the same cryptokey. The current consumption curve of the circuit is measured each time. With regard to the measurement results, the correctness of a hypothesis for secure data, such as the cryptokey for an encryption implemented by the circuit, is checked by using a statistical analysis of the current and power consumption, respectively.
In the circuit 900 of FIG. 6, it is the case that all data output on the bus 906 is definitely first stored once in the input registers 912a-912c. These latching processes show in the current and power consumption, respectively, of the circuit 900 by overlaying, for example due to the switching processes in utilized transistors from the D flip flops underlying the registers. If the circuit 900 processes a different input value fed by the attacker, the signals and data, respectively, output on the bus 906 change during the processing by the circuit 900. When no counter measures are taken in the bus system 900 of FIG. 6, a DPA attack is successful, even when the logics 910a-910c are themselves embodied DPA secure.
One possibility for warding off DPA attacks is the usage of a dual rail precharge logic and bus. In these logics, every bit is transmitted on two bit lines. The bit value 0 corresponds to a logical 1 on the one and a logical 0 on the other bit line and rail, respectively, while the bit value 0 corresponds to the inverted distribution, i.e. a logic 0 on the one and a logic 1 on the other rail. Thus, consequently, a bit change always leads to a change from logic high to logic low and vice versa. Correspondingly, registers in the dual rail logic comprise twice as many cells and flip flops, respectively, as usually, i.e. 2n cells for an n-bit value, and the bus is twice as wide, 2n-bit wide. When they latch a small n-bit value, half of all register cells have always a logic low state and the other half a logic high state. In order to take away the possibility from the attacker to ascertain which bits change between subsequent n-bit values stored in the register, a precharge is performed prior to every register entry, where all register lines are brought to a logic low or a logic high state. Consequently, in every register entry, always n register cell state changes take place.
As has already been mentioned, it is not sufficient to perform those logics DPA secure in dual rail precharge logic in the circuit 900, which subject the security critical data, which could be used for a DPA attack, to the actual operations. Rather, the data is already “processed” earlier in the input registers 912a-912c. One possibility to implement the circuit 900 DPA secure is to embody all input registers 912a-912c DPA secure in dual rail precharge logic at the input stages of the receiver circuit parts 904a-904c. One disadvantage of this solution is, however, that there is a significant overhead of area, development time and current consumption. As has already been mentioned, twice the number of register lines would have to be used for the input registers. Additionally, a precharge cycle would have to be performed prior to every register entry, i.e. prior to every data output on the bus 906, which means additional current consumption.