1. Field of the Invention
The present invention relates to computational units and in particular to a shift device for shifting a first place of a data word, which consists of a plurality of places, to a second place so as to obtain a shifted data word.
2. Description of the Related Art
In typical CPUs the shift operation represents an important function. Using it, multiplication or division algorithms, e.g., can be implemented. Known CPUs work with clear text data, which can be shifted or rotated by n positions to the left or right. Different shift units, e.g. barrel shifters or logarithmic shifters, are available for this purpose. In general the unit is a permutator, which brings an arbitrary bit from position i to position j.
A disadvantage of such shift devices for known CPUs is that they only operate correctly with clear text data. As a result, attack possibilities become relevant which are based on probing or on a simple power analysis (SPA) or on a differential power analysis (DPA). To improve the security in processors against such attacks, a bus encryption has already been introduced. This means that data transmitted on buses are encrypted and before being fed into the CPU are decrypted in order that the CPU can perform correct computational operations in clear text space. The result of an operation is then encrypted again and is transmitted in encrypted form over a bus either to a cache or to an external memory (external as far as the CPU is concerned).
In this way it is made impossible for an attacker to monitor data which are transported on an internal bus since, should he attempt to do so, he would receive only the encrypted data. However, if the attacker attacks the input or output of the computational unit or intermediate states in the computational unit, he can monitor clear text data since the computational unit operates in clear text space. Although the structures to be monitored are considerably smaller and less regular here than bus structures, this nevertheless represents a point of attack.