The present invention relates to a circuit and a method for calculating a logical combination of two input operands that may particularly be used for security-relevant applications.
Circuits used for processing security-relevant data are designed, if possible, so that the data to be processed are protected against attackers attempting to obtain the security-relevant data by an analysis of the circuit. Due to SPA/DPA attacks (SPA/DPA=simple power attack/differential power attack), it is necessary for high security applications to arrange the power consumption of an integrated circuit independent of the processed data.
These problems may be solved by a dynamic dual rail circuit technology whose design, characterization and verification is, however, time consuming. Due to the precharge signals required for a precharge state between the data states, a library based on the dynamic dual rail circuit technology is not synthesizable and is not suitable for static timing analyses.
A static implementation of a circuitry for processing two dual rail signals is known. Here, the dual rail signals comprise precharge signals with precharge values between valid data values. Valid data values are characterized in that there are logic states respectively inverted with respect to each other on both individual signals of the dual rail signal. Precharge values are characterized in that there are the same logic states on the two signals of a dual rail signal. According to the patent document, the precharge values present at the inputs of the circuitry are passed to an output of the circuitry.
This principle will be explained below by means of an exemplary AND function. FIG. 14a shows a value table for an AND function. A, B are the input signals of the circuitry, and Z is the output of the circuitry. FIG. 14b shows the value table for an implementation of a known circuit for processing dual rail signals with precharge signals. In a precharge cycle, referred to as idle state in FIG. 14b, the input signals A, AN and B, BN have the same logic states, respectively, here logical 0. In this case, the output signals Z, ZN are also set to zero. Thus, if precharge values are present at both inputs of the circuitry, these precharge values are passed through to the output.
According to the value table shown in FIG. 14b, spurious impulses may occur during a transition from a calculation cycle with valid data values to a precharge cycle or during a transition from a precharge cycle to a calculation cycle. This is particularly the case if, during the transition from the calculation cycle to the precharge cycle, the precharge value is already present on one input signal, but a valid data value is still present on the other input signal. In this case, there may already be output a precharge value at the output, but also still a data value. It cannot be excluded either that, during the transition, several different data values are temporarily output at the output, before there are finally output precharge values at the output. The same problem occurs during the transition from the precharge cycle to the calculation cycle. If a valid data value is already present at one of the inputs, while a precharge value is still present at the other input, it is again not decided whether, at the output, there is already present a valid data value, alternating data values or still a precharge value. These insecurities may result in spurious impulses and offer a point of attack for the newest attack scenarios, in which an attempt is made, by a higher time resolution of the current consumption of a circuit, to detect different switching times and then to evaluate the current waveform correspondingly.