1. Field of the Invention
The present invention relates to an isolation circuitry and method for coupling between a power supply and processing circuitry in order to provide power to the processing circuitry whilst hiding a power consumption characteristic of that processing circuitry.
2. Description of the Prior Art
It is known to provide processing circuits which perform data processing operations using secret data which needs to be protected against unauthorised access. For example, it is known to provide processing circuits that perform encryption and decryption using particular encryption and decryption algorithms that make use of secret data such as a secret key. As a particular example, the algorithms specified by the Advanced Encryption Standard (AES) make use of a secret key to perform encryption and decryption operations. Unencrypted input data (referred to as plaintext) may be encrypted using the secret key to produce encrypted data (referred to as ciphertext), or alternatively the encrypted ciphertext may be input and then decrypted using the secret key in order to produce the corresponding unencrypted plaintext.
Often the processing circuitry used to perform such encryption and decryption operations is provided as part of an integrated circuit, one particular example of such an integrated circuit being a smart card.
For such integrated circuits, various techniques have been developed to seek to guard against unlawful attempts to access secure data within the integrated circuit via non-invasive attacks. One known technique for seeking to access such secret data is differential power analysis (DPA). Such DPA techniques seek to extract secret data such as the earlier-mentioned secret key from observation of a power consumption characteristic of the processing circuitry for various different input data. One common power consumption characteristic that may be observed is the current signature, which can be detected by coupling a circuit to the power input terminals of the integrated circuit, with the attacker then observing how the current signature changes for various different input data.
Since it is generally known what algorithms are being executed by the integrated circuit, it is possible to model the operation of the integrated circuit and thereby produce simulated current signatures for various different guesses of the secret key. Attempts can then be made to correlate the simulated current signatures for various guesses of the secret key with the actual current signatures observed in the circuit, in order to thereby seek to determine the secret key. In particular, if the correlation coefficient for one particular guessed secret key is higher than the correlation coefficients obtained for any other guesses of the secret key, then this indicates that that particular guessed secret key is the actual secret key.
US 2007/0176670, the entire contents of which are hereby incorporated by reference, discusses a number of techniques proposed at both the software level and the hardware level to seek to make differential power analysis techniques ineffective. That patent then describes a charge-pump technique for a smart card that includes a capacitor that is connected cyclically to the power source to charge the capacitor, to the processing device to power the processing device, and then to ground to discharge the capacitor. The charge-pump system can include three such capacitors so that while one of them is charging, another is powering the processing device, and the third is discharging. The described charge-pump system seeks to block attempts to discover a secret key in the processing device by de-correlating power consumption from the internal operations of the processing device.
In accordance with the charge-pump technique described in US 2007/0176670, it will be appreciated that when the capacitor is coupled to the processing device to power that processing device, the extent to which the capacitor is discharged during that powering operation will depend on the activities of the processing device, and accordingly the starting voltage level at the time the capacitor is then connected to ground will vary. The discharging of the capacitor to ground will then follow an exponential decay, and accordingly will never actually reach ground potential. At the time the discharging process is ended, the final voltage level reached will hence depend on the initial voltage at the time the discharging operation was initiated, and accordingly at the time the capacitor is reconnected to the power source to recharge the capacitor, the starting voltage will be different depending on what the initial voltage was at the start of the discharge process.
Further, at the time the capacitor is connected to the power source, that voltage level can be observed by someone performing a non-invasive attack using DPA, and accordingly any slight differences in that final voltage reached at the end of the discharge period can be observed. As a result, there is still a possibility that through DPA techniques, the secret key may be extracted, provided a sufficient number of data samples are input to the smart card.
In US 2007/0176670, the time periods used to charge the capacitor, to power the processing device using the capacitor, and to ground the capacitor, are all equal, and hence this limits the amount of time that can be spent discharging the capacitor. Accordingly, using the technique described in US 2007/0176670, if one were to increase the length of the discharge period to seek to reduce the variation in final voltage reached at the end of the discharge period, it would be necessary to increase both the charging period and the powering period, which would be undesirable. In particular, if a larger powering period is specified, it will be necessary to provide a larger capacitor, which will increase the area overhead. Further, a larger capacitor will take longer to discharge, thereby requiring a larger discharge transistor to discharge the capacitor, further increasing the area overhead. If a larger discharge transistor is not used, then this will render the increased length of discharge time less effective, due to the larger capacitor being discharged.
Alternatively, in order to support more than one discharge phase, it would be necessary to provide additional capacitors and associated switching elements. For example, if six capacitors and associating switching elements were provided, then each capacitor could pass through one charge phase, one powering phase and four discharge phases. However, such an approach would significantly increase the cost of the charge-pump circuit, both in terms of size and power consumption (due to the additional components provided).
Furthermore, it should be noted that even if the discharge period is extended by either of the above techniques, there will still be differences in the final voltage reached at the end of the discharge phase dependent on the initial voltage across the capacitor at the time the discharge phase was initiated, and accordingly such an approach does not remove the earlier-mentioned problem of providing an attacker the possibility of still employing DPA techniques to seek to ascertain the secret key.
Accordingly, it would be desirable to provide an improved technique for seeking to hide a power consumption characteristic of the processing circuitry so as to make DPA techniques ineffective.