1. Field of the Invention
The present invention relates to the data storage, and, in particular, to the safe storing of data in a register.
2. Description of Prior Art
FIG. 2 shows a latch-storage cell of a register. For example, a 32-bit-latch includes 32 storage cells of the form, as is in principle represented in FIG. 2. A latch-storage cell includes a first inverter 200 and a second inverter 210, which are oppositely connected, such that the output of e.g. the upper inverter 200 is fed into the input of the lower inverter 210. Thus, as is shown in FIG. 2, both inverters are coupled by a first linking point 212a, which connects the output of an inverter to the input of the other inverter, and by a second linking point 212b, which links the input of the one inverter 200 to the output of the other inverter 210. The two oppositely coupled inverters 200, 210 are connected between a data line 214 and a line 216 for negated data, with switches 218a and 218b being provided between the data lines 214 and 216 and the respective linking points 212a, 212b. The two switches 218a and 218b are controllable by a control line 212, to close the switches 218a, 218b when the storage cell is to be read out or to be written to, and to open the switches 218a, 218b when nothing is to happen to latch-storage cell, i.e. if it is neither to be read from nor to be written to.
Both inverters 200, 210 each have supply terminals Vcc and mass terminals GND, to supply the transistors from which the inverters are built from. In principle, the inverter structure of FIG. 2 is a feedback circuit in that, if, for example, on the right side, referring to FIG. 2, a “1” is applied, on the left side, a “0” is generated, while, considering the opposite case, i.e. the case, which is designated with brackets in FIG. 2, logically opposite states are held. Charge losses within the inverters are compensated for by the supply voltage Vcc such that, if a supply voltage is applied, either the “0” or the “1” is held. In the “Hold”-condition, both switches 218a, 218b are open, such that no connection to the line data 214 or to the line non-data 216 is present.
Should the inverter be read out, for example, using the line “data” 214, a driver circuit (not shown in FIG. 2) for the line 214 is deactivated. Further, the switch 218a is closed, such that the two inverters 200, 210 so to say drive the data line 214 with their respective condition. Alternatively or simultaneously, the same may be carried out with the driver circuit for the line 216 and/or with the switch 218b for the “negative”-side of the latch-storage.
If, in contrast, data are to be written to the register cell shown in FIG. 2, a distinction is to be made between two cases. In general, when writing into a storage cell shown in FIG. 2, typically both switches 218a, 218b are closed using the control line 220. Moreover, the line drivers for the lines 214 and 216 are activated to drive the lines 214 and/or 216, while, as has been explained, when reading from the storage cell the lines are not driven, but the storage cells themselves act as line drivers.
In the first case, in which data are written into the storage cell and in which the data to be written into the storage cell are the same as are held in a storage cell, nothing will happen to the storage cell. This case is represented in the first lines of the table from FIG. 3.
In the second case, the data content is changed by a write operation to the storage cell. If, for example, on the left side of the two inverters 200, 210 from FIG. 2, there was a “0”, and a “1” is to be written into, the condition of the storage cell has to be changed. For this purpose, the left side of the two inverters is drawn into a logic “1” state via the data line 214, while the right side of the two inverters 200, 210 is drawn into the logic “0” state by the data-non-line 216, as also becomes evident from a comparison of the second and third line of FIG. 3.
If then, in a condition succeeding in time, the storage cell is again written into and the content of the storage cell is changed again, the same will happen, but with a different polarity.
As has been explained, the condition of the storage cell does not change, if the same value which has previously been in the storage cell is written into the storage cell. If, however, the value of the storage cell is changed, the conditions in the storage cell will change as well. Typically, use is made of CMOS-circuits. In CMOS-circuits, typically no current consumption takes place in a non-changing condition, while a noticeable current consumption occurs, if the CMOS-circuit has to carry out a change of condition.
If the storage cell shown in FIG. 2 is provided for storing sensitive data, for example, for storing secret keys in the RSA algorithm or any other cryptoalgorithm, an attacker, if he monitors the current consumption of the line driver circuit for driving the lines 214 and 216 from FIG. 2 or if he monitors the Vcc terminals of the inverters 200, 210, might extract the secret information already by means of the power profile and from working clock information, as to whether the condition of the storage cell had changed or not. Assuming it is not possible for the attacker to monitor one single storage cell, this might be more likely to be possible if a common supply terminal for a register with many storage cells, such as e.g. 8, 16, 32, or 64 storage cells or also, thinking of long number arithmetic-logic units for cryptographic applications, 2304 storage cells, is provided.
As has already been explained, a storage cell requires current and/or power, when it changes its condition, whereas it does not need any current, if its condition remains unchanged. Applying this consideration to a whole register with several storage cells results in the following. Assuming, for example, that a register with 16 storage cells was initialized to “0” at the beginning, and now a number is loaded into the register, which has 16 bits, with 10 bit being a “1”, and with the remaining 6 bit representing a “0”, such condition changes will occur in 10 of the 16 storage cells of this register. At the power supply terminal, therefore, a power peak with a certain height will be recognizable, which depends on how many bits have changed from “0” to “1”. In the present example, the power peak will have a height equal to ten times of a unity power peak incurring if one single storage cell has changed regarding its condition. The number of bits in a number is also referred as hamming weight (a) of the number a.
Solely on the basis of the power consumption when writing to a register, an attacker may obtain an indication of the difference of the hamming weight of the previous register content and of the hamming weight of the new register content. Thus, in order to monitor the register-writing in a usually “unpermitted” manner, an attacker has to possess the hamming weight of the first number in order to then recognize by means of a power analysis the difference of the hamming weights of successive storage values. Typically, at the beginning, registers are initialized to a 0 state, i.e. the register cell is at 0, so that the first power analysis immediately provides the hamming weight of the first number. Depending on the application, the hamming weight of a secret number is of more or less use to the attacker. Yet, especially for highly safe applications, such as SmartCards for cash cards, personal identity cards, etc., it is undesirable to have any information about secret numbers, such as the hamming weight of the secret number, leak out, since, as a result, safety risks might arise, the extent of which is not yet known.
Further, a disadvantage of the known storage cell, as is represented in FIG. 2, is the fact, as has already been explained and discussed by means of FIG. 3, that a power consumption occurs during a data change in the register cell, i.e. if the previous value in the register is overwritten by a new one, since both inverters from FIG. 2 change their condition, while, if no data change occurs in the register cell, i.e. if the same value is “written” as a new value into the register cell, no power consumption, i. e. a significantly lower power consumption occurs. An attacker is thus able to recognize whether a data change in the register cell has taken place or not. This results in a safety leakage for the register cell, which is especially disadvantageous, if the register cell is provided for storing sensitive data, such as a bit of a secret key.