1. Field of the Invention
The present invention relates to secure adder circuits and, in particular, to an apparatus and a method for converting a dual-rail input to a one-hot output.
2. Description of the Related Art
DE 3631992 C2 discloses a cryptography processor for performing the RSA public-key crypto system. Here, a modular exponentiation having a basis, and exponent and a module is broken down into a plurality of three-operands additions. The three operands include a module operand N, a multiplicand operand C and an intermediate-result operand Z. By appropriate shifting/weighting of the three operands before the addition, a multiplication/reduction accelerated by a multiplication-lookahead algorithm and reduction-lookahead algorithm may be performed.
FIG. 8 depicts part of the adder representing, as it were, the core of the cryptography processor shown in DE 3631992 C2. In particular, FIG. 8 shows two successive bit slices to calculate the two aggregate bits i−1 and i, to be precise from the three input operand bits Ci, Ni, Zi; Ci−1, Ni−1, Zi−1; and Ci−2, Ni−2 and Zi−2, respectively.
From the point of view of a bit plane, the three-operands addition of C, N, Z is broken down into a two-level operation. A three-bits half adder 80 is provided for performing the first stage of the operation, each three-bits half adder 80 being upstream of a two-bits full adder 81. The three-bits half adder provides two output bits xi, yi, the output bits xi, yi being fed into the downstream two-bits full adders as is depicted in FIG. 8. In particular, in each two-bits full adder of a bit slice, the less significant bit yi at the output of the three-bits half adder is combined with the highly significant bit of the three-bits half adder stage (xi−1), which is one order down, in the two-bits full adder 81 to calculate an aggregate bit 82 and a carry bit 83. The three-operands addition is thus divided into two sections. In the first section, a sum of the three bits of the operands is formed at each binary digit. The sum may take on the values of 0 to 3 (in decimal notation). Thus, the sum may be represented in a binary manner with the two bits x, y. Since the sum is formed at each digit, two new figures may be combined from the two aggregate bits.
In the second section, both figures are added by the two-bits full adder 81 in the usual manner. The circuit connection such that a two-bits full adder always obtains, as an input, two output bits from two different three-bits half adders, leads to an extension of the calculating unit by one bit.
The three-operands adder shown in FIG. 8 is problematic in that provision is made neither of a backup of the input operands C, N, Z nor of a backup of the “intermediate operands” x, y. This is problematic in so far as, in particular in the normal case where all circuits are configured in a CMOS logic, switching one bit from 0 to 1 and from 1 to 0, respectively, leads to a current pulse which starts when a bit state is switched. As is known, CMOS circuits do not consume current in the static state. In the switching state, however, they do consume current. This current consumption may be determined by a power analysis. It is therefore possible, in principle, to derive information about C, N, Z so as to draw conclusions, for example, about the secret key used in an RSA operation.
An attacker could determine, for example by capturing the current profile, whether a switchover from 0 to 1 or from 1 to 0 has occurred. In a non-secured circuit, a switchover of a bit would occur whenever a current peak may be recognized in the current profile. Therefore, an attacker may re-enact, in his/her mind, the overall switchover behavior of a calculating unit using the current profile. The attacker then would only require one single bit in a whole sequence to be able to reconstruct therefrom whether a switchover from a “1” to a “0” or vice versa has occurred.
Specific CMOS circuits additionally exhibit the property that the switchover from 0 to 1 entails a power consumption which is different from that of the switchover from 1 to 0. By comparing two different current peaks, an attacker in this case immediately sees which bits have been processed in the calculating unit.
As a countermeasure to be taken against such power analysis attacks it has been proposed to employ a so-called dual-rail technology. In principle, in the dual-rail technology, each signal path is configured in a dual manner. For example, a signal x is processed in a normal manner on a first signal path. On the second signal path integrated in the same chip, it is not the signal x that is processed, but the complementary signal x. The result is that whenever a transition occurs from, for example, 0 to 1 in the signal line, a complementary transition occurs in the other line, i.e. the second “rail”. Therefore, there are always two transitions that occur on both lines for each bit transition. This leads to the fact that for circuits wherein transitions from 0 to 1 and from 1 to 0 require a different amount of current, it is no longer possible to find out whether a transition has occurred from 0 to 1 or from 1 to 0. This is due to the fact that the current profile contains, for each circuit transition, a peak which is the superposition of the current consumption of both rails. The dual-rail technology provides a high level of security, but suffers from the disadvantage that all circuits normally have to have a double configuration and that the power consumption of the entire circuit is also double. On the other hand, the circuit is already immune, to a certain extent, to power analysis attacks.
If only dual-rail technology is employed, it is still recognizable, by means of the current profile, whether a specific bit has transitioned from 0 to 1 or from 1 to 0 or whether it has remained the same compared to the previous clock cycle. In the event of a bit transition, a power peak is actually evident. However, the power peak is not evident if a bit has remained, for example, at 1 or at 0, i.e. has not changed, from one cycle to the next. In order to fend off attacks based on this effect it has been proposed to complement the dual-rail technology by a precharge/predischarge mode. The circuit is operated alternatively in a data mode and in a preparation mode (precharge/predischarge mode). Each data cycle is preceded by a preparation cycle wherein, in the case of precharge, both rails, i.e., for example, x and x, are precharged to “1” so as to feed thereafter, in the data mode, the two rails with complimentary input signals to be processed. This leads to the fact that it is always exactly the same number of transitions that take place from a data cycle to a preparation cycle or from a preparation cycle to a data cycle. If the preparation mode is configured as a predischarge mode, in the preparation mode, all input data is not initialized to 1, as in the precharge mode, but “predischarged” to 0. Then there will be exactly the same number of transitions from a preparation cycle to a data cycle and vice versa.
As has already been explained, a three-operands adder is required for performing modular operations, e.g. addition or multiplication, for example, within the framework of cryptographic algorithms such as RSA or elliptic curves. Due to the various reasons, these operations must be performed, by the adder, in a manner which is secure against power attacks. Since cryptographic calculations require a very high amount of calculating expenditure, the adder must have a large amount of power available to it. Since, in particular in cryptography, long operands must be processed, the length of the operands in elliptic curves ranging from 100 to 200 bits and, in the field of RSA, ranging from 1024 to 2048 bits, the adder itself has a long bit length to achieve the speed requirements placed upon the calculating unit. Due to this long bit length, however, it is essential, from an economic point of view, to design the adder with as little area as possible—the bulk cost is usually accounted for by the chip area. Therefore, a calculating unit is required which has high speed, is secure and also requires a small amount of area all at once.
As has already been discussed, the three-operands adder disclosed in DE 3631992 C2 provides no security against hardware attacks. If both the three-bits half adder and the two-bits full adder were fully configured in dual-rail with precharge, this would provide a high level of security but will also mean an immense space requirement.