1. Field of the Invention
The present invention relates to a logic circuit capable of preventing a side-channel attack, and more particularly, to a clocked power logic circuit being secure against a power analysis attack.
2. Description of the Related Art
In the past, an encryption algorithm using a secret key was considered significant for security of an encryption system. Therefore, researches into security of the encryption system have been focused on protection of the secret key and the encryption algorithm from a direct attack.
However, practically, the encryption system is vulnerable to indirect attacks caused by measurement of physical values such as a plurality of input and output signals, for example signals regarding voltage or current value, and various leakage information such as electromagnetic wave radiation, power variation, and the like.
A non-invasive attack is defined as an attack that incapacitates the encryption system by measuring the physical values without depacking a chip. In particular, among non-invasive attacks, a side-channel attack incapacitates the encryption system using an input signal, an output signal, and other additional physical information.
Attacks to the encryption system may be interpreted as analyses of an operation of each module in the encryption system. Depending on the analysis method, the side-channel attacks may be classified into a timing attack, a power consumption analysis attack, and a differential electromagnetic attack. The timing attack analyzes the encryption algorithm and/or a secret key using a time difference according to operations. The power consumption analysis attack analyzes the encryption algorithm by measuring power consumed during encryption and decryption. The differential electromagnetic attack analyzes the encryption algorithm by measuring leakage of an electromagnetic wave during the operation.
Among the side-channel attacks, the power consumption analysis attack which is simply called a power analysis attack may be separated into a simple power analysis (SPA) performing simple analysis by measuring a current of a power supply during an operation, a differential power analysis (DPA) statistically analyzing a current, and a high-order DPA (HO-DPA) performing high-order analysis through combination of various DPAs.
Countermeasures against the side-channel attack includes a hiding method that equalizes or randomizes power consumption quantity to remove relationships between power consumption and data such as the secret key, and a masking method that randomizes intermediate data during an operation to remove the relationships between power consumption and data such as the secret key.
The hiding method may be achieved by a software approach and a hardware approach. The hardware approach is capable of hiding relationships between an operation type and a current value of a power supply and also capable of removing a difference in the current value caused according to patterns of input signals and output signals, thereby gradually drawing attentions.
Especially, interests are increasing in methods for achieving the hiding to prevent the power analysis attacks in unit of cell. The methods may include a dual-rail logic implementation method that always maintains an input signal and output signal of the cell as a set (1, 0), a precharge logic method that sets the output signal to 1 or 0 before input of the input signal, and a dual-rail precharge logic method that is a combination of the previous two methods.
Power consumption reduction is a critical issue in electronic systems including the encryption. A clocked power logic is a circuit developed to reduce power consumption by recovering at least a part of charges used in every operation of every clock by using a power supply Vclk having a periodic waveform rather than using a fixed voltage power supply VDD, as a power supply of an apparatus for logic operation.
In the following description, the clocked power logic will be explained, by way of example, with respect to an adiabatic logic including an efficient charge recover logic (ECRL), a positive feedback adiabatic logic (PFAL), a 2N-2N2P, and the like as logic family.