A semiconductor device for performing security functions such as cipher is performed a tamper resistance evaluation for evaluating whether or not secret information, such as an encryption key, is leaked based on a power consumption in a circuit.
Conventionally, as methods for the tamper resistance evaluation, there have been methods for evaluating whether or not secret information is leaked by measuring a power consumption by using a real device, and methods for evaluating whether or not secret information is leaked by performing a simulation of a logic circuit to calculate a power consumption at a designing stage of a semiconductor device.
As the methods by simulation among the aforementioned methods, there are methods for detecting a leakage of information by calculating the power consumption based on a specific bit or a hamming weight in an intermediate variable appears (or expected to appears) in a process of an encryption processing by a simulation with a software, and methods for detecting a leakage of information by calculating the power consumption by performing a detailed simulation of a circuit with a circuit simulator (Refer to a non-patent literature 1 for examples of both the methods).
Calculation of a power consumption by a logic simulation is performed in the following manner. A typical semiconductor device now being used is a CMOS, and most of its power consumption is made by a switching power P for discharging and charging a load. Therefore, a power consumption in a circuit can be described as a value of adding the products of a change value f per unit time for each signal, load capacitance C and a square of voltage V, as described in a formula (1).P=ΣfCV2  (1)
Here, f is a value derived from a logic simulation, and V is a fixed value. Besides, C is calculated based on a net list describing a connection of a circuit and a library. When calculating the power consumption by a logic simulation, it takes much time in calculating the load capacitance C.    Non-patent literature 1: “TECHNICAL REPORT OF IEICE”, IT2003-60, ISEC2003-100, WBS2003-178 (March, 2004)