So-called dual rail circuit technology is a circuit arrangement design whose security aspects have been improved, in particular for data processing apparatuses. Circuits are normally designed using so-called single rail circuitry. In this case, switching networks are constructed microelectronically such that each bit of the information to be processed is physically represented by one, and only one, electrical node. Switching networks such as these are relatively insecure with regard to so-called differential current profile analysis, which is often used when unauthorized third parties are attempting to gain access to secret information. Differential current profile analysis, which is also referred to as differential power analysis (DPA), is one of the most important methods for attacking, by way of example, smart cards for security applications. For a given program or a given algorithm, current profiles of the smart card, measured using statistical methods, or their charge integrals calculated over one or more clock cycles are evaluated, by which means conclusions can be drawn about information to be protected—for a large number of program versions—from the correlation between systematic data variations and the respective charge integral.
One possible way to make DPA attacks at least considerably more difficult is to interchange or to transmit data between subsystems of an integrated circuit as far as possible only in an encrypted form. One crypto system which is suitable for this purpose is so-called one time pad encryption. Keys obtained from random sequences are linked bit-by-bit via an XOR logic operation with texts to be transmitted. An XOR logic operation is once again carried out for decryption. For the one time pad crypto system, it is important that each key sequence is used only once for encryption and decryption, because, otherwise, information about clear texts can be determined using statistical methods.
This “encrypted calculation” in single rail circuitry requires a very high degree of circuitry complexity and therefore occupies a large surface area, however, and in consequence consumes more power. Dual rail circuitry is used in order to avoid the requirements for encryption. From what has been stated above with regard to differential current profile analysis, it follows that the circuit components provided on an integrated circuit to resist DPA attacks should ideally be designed such that they always produce the same current profile irrespective of the data to be processed. However, this is not necessarily the case for single rail implementations, because the charge integral associated with the time profile of the states of a circuit is a function of those nodes or electrical capacitances whose charges are electrically reversed, that is to say it is highly dependent on the changes in the data to be processed over time.
In the case of dual rail circuitry, in contrast to conventional single rail circuitry, each bit is represented by two nodes k and kq, with a transmitted bit having a valid logical value when k corresponds to the true logical value b of this bit and kq corresponds to the negated value bn=not(b).
Thus, if the intention is to transmit the value b=1, then this is done by means of a “1” in the node k. However, the value “0” is transmitted at the same time at the node kq, so that both a “1” and a “0” are thus transmitted overall. If the value b=0 is to be transmitted, the value “1” is transmitted at the same time at the node kq. A “1” and a “0” are thus transmitted in both cases. Assuming physical equivalence of the nodes k and kq, it is now no longer possible to identify by means of differential current profile analysis whether a “1” or a “0” has been transmitted as the data item. However, this is true only when a signal change actually takes place for each transmitted data item, that is to say the information item “1” alternates with the information item “0”. If two or more identical data items are transmitted successively, the capability to resist attacks by differential current profile analysis deteriorates.
The desired invariance of the charge integrals is now achieved by inserting a so-called precharge state, also referred to as precharge, between in each case two states with valid logical values (b, bn)=(1,0) or (0,1), for which both k and kq are charged to the same electrical potential, that is to say assume logically invalid values (1,1) or (0,0). A state sequence for the precharge state (1,1) could thus appear as follows:
(1,1)→(0,1)→(1,1)→(1,0)→(1,1)→(1,0)→(1,1)→(0, 1)→. . .
For any given character sequence such as this, it can be stated that one, and only one, node has its charge reversed from “1” to “0” for each transition (1,1)→(b, bn), and one, and only one, node changes from “0” to “1” for all (b, bn)→(1,1), irrespective of the logically valid value b of the state bit in question. An analogous situation applies to state sequences with the precharge state (0,0).
This means that the charge integrals which correspond to these state sequences are independent of the sequence (b, bn) of the logically valid values if care is taken to ensure that the nodes k and kq have the same electrical capacitances. The current profile of a data path implemented in this way therefore does not depend on time variations of the data to be processed, and is thus resistant to differential current profile analysis.
One example of a dual rail implementation of a circuit component is known from DE 102 02 726 A1. The integrated circuit that is proposed there is a register in a data path. The proposed circuit arrangement is designed consistently with dual rail technology and thus forms a charge-neutral register.
One problem with the use of circuit components using dual rail circuit technology is that a considerably greater amount of power is consumed.