JP2010056730A - Encryption processor and integrated circuit - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption processor which reduces a capacity of a capacitor to be disposed, and has a resistant against DPA (Differential Power Analysis) attack. <P>SOLUTION: In the encryption processor, a monitor part MNT1 includes a function so that during a non-encryption operation in the encryption circuit 115, the first switch P1 and the second switch N1 are switched on to connect an encryption circuit 115 and a capacitor C1 to a power source line LV111 and a reference power source line LV112, and during an encryption operation in the encryption circuit 115, the first switch P1 and the second switch N1 are switched off to separate the encryption circuit 115 and the capacitor C1 from the power source line and the reference power source line and the first switch P1 and the second switch N1 are turned on so as to replenish the charge of the capacitor C1 that have decreased due to encryption operation of the encryption circuit 115 with charges of the capacitor C1. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a cryptographic processing device and an integrated circuit on which the cryptographic processing device is mounted.

  In the IC card, when data is exchanged with the host computer, encrypted data is used as exchanged data so that no problem occurs even if secret information stored in the IC card leaks in the process.

As the encryption method, common key encryption is most frequently used at present.
For example, in DES (Data Encryption Standard), an IC card owner and a host computer have the same key for data encryption. In DES, the data transmission side encrypts the data with the key and transmits the data, and the data reception side decrypts the data with the same key and takes out the message.

Even if a malicious third party eavesdrops in the course of communication, it is difficult to decrypt and extract a message unless it has a key.
A key used for encryption / decryption is stored in a nonvolatile memory such as an EEPROM in the IC card.
A configuration in which key data cannot be extracted even by the IC card owner or IC card development engineer by control that is directly transferred to the encryption engine in the IC card without going through the CPU at the time of encryption / decryption. Adopt security.

However, P. Kocher et al. Reported an attack method (DPA: Differential Power Analysis) in which the current consumption of an IC card was measured, and statistical processing was performed on it to extract the key.
In this DPA attack, it is possible to extract a key by performing an encryption operation using about 1000 different plaintexts, obtaining a current consumption waveform at that time, estimating a key, and statistically processing the current consumption. Become.

  An actual DPA attack is performed using a measurement system as shown in FIG.

In the measurement system 1 of FIG. 1, first, a voltage is supplied from an external power supply to a power supply pin PP of an LSI (IC: integrated circuit) 2 including a cryptographic operation circuit via a resistor R of about 1 to 10Ω.
Then, the operating current waveform is measured by measuring the voltage at one end of the resistor R with the digital oscilloscope 3, and this is taken into the hard disk or the like of the personal computer (personal computer) 4.
The plaintext to be cryptographically operated is cryptographically calculated by supplying a random number generated from the personal computer 4 to the system base 5 side.
After the acquisition of the predetermined number of plaintexts and the corresponding current waveforms, the personal computer 4 estimates the key and performs an encryption simulation.
Then, the current consumption waveforms are grouped based on the value of the node of interest, the difference between the average currents of each group is taken, and the validity of the estimation key is determined based on whether or not the peak current is generated.

If no peak is detected, another 6-bit key is selected and the same process is performed. If a peak is detected, the target S box is changed to obtain the next 6-bit key.
Then, if each 6-bit key is obtained for 8 Sboxes, the remaining 56-48 = 8 [bit] can be obtained with 2 ⁸ = 256 times even if all attacks are performed.

The threat of a DPA attack is that a special device is not required to attack, and once the acquisition of the current waveform is completed, it takes only about tens of hours to extract the key by statistical processing of the current waveform after estimating the key. It is a point that is not necessary.
The current waveform required for the attack is a digital oscilloscope with a resistor inserted between the external power supply and the IC (integrated circuit) power supply terminal or between the external GND (ground) and the GND terminal of the IC. It can be obtained by importing to a PC via
The acquired current waveform includes a small operating current for the calculation related to the key, and this is extracted by statistical processing.

  As a method for making it difficult to obtain a current waveform related to this cryptographic operation, for example, a method disclosed in Patent Document 1 is known.

  FIG. 2 is a diagram illustrating a configuration example of an IC adopting the method disclosed in Patent Document 1. In FIG.

  The IC 10 includes a CPU 11, a ROM 12, a RAM 13, another peripheral circuit 14, an encryption circuit 15, a capacitor C, and a switch 16.

In this configuration, a configuration is adopted in which the power supply line 17 of the encryption circuit 15 in the IC 10 is connected to another power supply line 18 including an external power supply via the switch 16.
A capacitor C is arranged between the power line 17 of the encryption part and the ground (GND) line 19. The switch 16 is turned on and the capacitor C is charged except during the cryptographic operation. When the encryption command is issued, the switch 16 is turned off and the encryption circuit 15 executes the encryption operation with the charge of the capacitor C11.
JP 2000-196484 A

  If the said structure is taken, the electric current at the time of a cryptographic calculation will be supplied from a capacitor, and acquisition of the operation current of the cryptographic calculation from a power supply terminal or a GND terminal will become difficult.

  However, for example, at least 16 clocks are required to execute the DES encryption, and an operating current of almost the same magnitude flows during this period, and a capacitor having a considerable capacity is required to hold the charge necessary for this.

  It is an object of the present invention to provide a cryptographic processing device and an integrated circuit that suppresses the capacitance of a capacitor to be arranged and is resistant to a DPA attack.

  A cryptographic processing device according to a first aspect of the present invention includes a power supply line, a reference power supply line, a power supply terminal and a cryptographic circuit that performs a cryptographic operation by receiving predetermined power at the reference power supply terminal, and the power supply terminal of the cryptographic circuit. And a capacitor connected in parallel between the reference power supply terminal, a first switch connected between the power supply line and the power supply terminal, and a connection between the reference power supply line and the reference power supply terminal And a monitor unit that monitors the voltages of the power supply terminal and the reference power supply terminal, and the monitor unit performs the first switch and the second switch during the non-cryptographic operation in the cryptographic circuit. The encryption circuit and the capacitor are connected to the power supply line and the reference power supply line by turning on the switch, and the first switch and the second switch are turned off at the time of cryptographic operation in the encryption circuit. Then, the encryption circuit and the capacitor are disconnected from the power supply line and the reference power supply line, and the charge of the capacitor reduced by performing the encryption operation of the encryption circuit with the charge of the capacitor is replenished. A function of turning on the switch and the second switch is included.

  An integrated circuit according to a second aspect of the present invention includes a power supply line, a reference power supply line, a circuit connected to the power supply line and the reference power supply line, and a predetermined power received at the power supply terminal and the reference power supply terminal. An encryption circuit that performs an operation; a capacitor connected in parallel between the power supply terminal and the reference power supply terminal of the encryption circuit; a first switch connected between the power supply line and the power supply terminal; A second switch connected between the reference power supply line and the reference power supply terminal; and a monitor unit for monitoring the voltage of the power supply terminal and the reference power supply terminal. In the non-cryptographic operation, the first switch and the second switch are turned on to connect the cryptographic circuit and the capacitor to the power supply line and the reference power supply line. The capacitor reduced by turning off the first switch and the second switch, disconnecting the encryption circuit and the capacitor from the power supply line and the reference power supply line, and performing encryption operation of the encryption circuit with the charge of the capacitor A function of turning on the first switch and the second switch so as to replenish the electric charge.

  Preferably, the monitor unit turns off the first switch and the second switch during the cryptographic operation in the cryptographic circuit, disconnects the cryptographic circuit and the capacitor from the power supply line and the reference power supply line, and As a result of the cryptographic operation of the cryptographic circuit using the charge of the capacitor, when the charge of the capacitor decreases to a predetermined value or more, the first switch and the second switch are turned on until the reduced charge is replenished.

  Preferably, the monitor unit turns on the first switch at the time of non-cryptographic computation in the cryptographic circuit, turns off the first switch at the time of cryptographic computation, and a first voltage corresponding to the power supply terminal potential and a predetermined first voltage. A first comparator that compares a first comparison reference voltage corresponding to one reference voltage and turns on the first switch while the first voltage is equal to or lower than the first comparison reference voltage; In the cryptographic circuit, the second switch is turned on during non-cryptographic computation, the second switch is turned off during cryptographic computation, and a second voltage corresponding to the reference power supply terminal potential and a predetermined second reference voltage A second comparator for comparing with a second comparison reference voltage and turning on the second switch while the second voltage is equal to or higher than the second comparison reference voltage.

  Preferably, the monitor section uses a voltage obtained by dividing a voltage difference between the voltage of the power line and the first reference voltage as the first comparison reference voltage, and the power terminal voltage as the first voltage. A voltage obtained by dividing the difference voltage between the voltage of the reference power supply line and the second reference voltage is applied to the first comparator as the second comparison reference voltage, and the reference power supply terminal voltage is set to the second comparator voltage. The voltage is given to the second comparator.

  Preferably, the monitor unit uses the first reference voltage as the first comparison reference voltage, and a first divided voltage obtained by dividing a difference voltage between the power supply terminal voltage and the reference power supply terminal voltage into a plurality of voltages. Is supplied to the first comparator as the first voltage, the second reference voltage is used as the second comparison reference voltage, and the voltage difference between the power supply terminal voltage and the reference power supply terminal voltage is divided into a plurality of voltages. The second divided voltage lower than the first divided voltage is applied to the second comparator as the second voltage.

  Preferably, the cryptographic circuit includes a calculation circuit for one round, and has a function of performing a cryptographic calculation by operating the arithmetic circuit a predetermined number of times, and the monitor unit performs from the end of the round calculation to the start of the next calculation During this period, the first switch and the second switch are turned on.

  Preferably, the capacitor is set to a capacitance value that stores a charge required for at least one round operation.

According to the present invention, at the time of non-cryptographic computation in the cryptographic circuit, the monitor unit turns on the first switch and the second switch to connect the cryptographic circuit, the capacitor, the power supply line, and the reference power supply line. As a result, the terminal potentials of the encryption circuit and the capacitor are held at the same potential as the power supply line and the reference power supply line.
At the time of cryptographic calculation in the cryptographic circuit, the monitor unit turns off the first switch and the second switch, and the cryptographic circuit, the capacitor, the power supply line, and the reference power supply line are disconnected.
In this state, the operation of the encryption circuit is performed with the charge of the capacitor. Then, the charge of the capacitor, which is reduced by performing the cryptographic operation of the encryption circuit with the charge of the capacitor, is supplemented by turning on the first switch and the second switch by the monitor unit.

  According to the present invention, it is possible to suppress the capacitance of a capacitor to be arranged low and to secure sufficient resistance against a DPA attack.

  Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.

[First Embodiment]
FIG. 3 is a diagram showing a configuration example of an LSI used in an IC card according to the first embodiment of the present invention.

The IC card (electronic device) 100 includes an LSI (integrated circuit) 110.
As shown in FIG. 3, the LSI 110 includes a CPU 111, a mask ROM 112, a RAM 113, another peripheral circuit 114, an encryption circuit 115, a first comparator COMP. P, second COMP N is integrated.
The LSI 110 further integrates a p-channel MOS (PMOS) transistor P1 as a first switch, an n-channel MOS (NMOS) transistor N1 as a second switch, resistors R1, R2, R3, R4, and a capacitor C1. .

And the comparator COMP P, COMP N, a PMOS transistor P1, an NMOS transistor N1, and resistors R1, R2, R3, and R4 constitute a monitor unit MNT1.
A circuit system is formed by the CPU 111, the mask ROM 112, the RAM 113, other peripheral circuits 114, and the like.

In the IC card 100 of this embodiment, a CPU 111, a mask ROM 112, a RAM 113, other peripheral circuits 114, and the like are connected to a power supply line LV111 and a GND line (ground line) LV112 to which a power supply voltage “Vcc” is supplied from an external power supply. Has been.
However, since the power supply terminal or ground terminal of the IC is connected to the supply line of the external power supply voltage Vcc or the external GND line via a resistor at the time of DPA attack, in this embodiment, “Vc”, “ Vs ”.

The CPU 111 controls the entire IC card 100 in accordance with a program stored in the mask ROM 112 or by accessing the RAM 113.
The CPU 111 has a function of issuing a cryptographic command to the cryptographic circuit 115 and the like.

A PMOS transistor P1 is connected to the power supply line LV111, and an NMOS transistor N1 is connected to the GND line LV112.
The power supply terminal TVcdes of the encryption circuit 115 is connected to the power supply line LV111 via the PMOS transistor P1, and the power supply terminal TVsdes is connected to the GND line LV112 via the NMOS transistor N1.
A capacitor C1 is connected in parallel with the encryption circuit 115 between the power supply terminal TVcdes and the power supply terminal TVsdes.

One terminal TVC of the capacitor connected to the power supply terminal TVcdes is a comparator COMP. It is connected to the non-inverting input terminal (+) of P. The other terminal TVS of the capacitor connected to the power supply terminal TVsdes is a comparator COMP. N non-inverting input terminal (+) is connected.
The voltage at the power supply terminal TVcdes is the first voltage as the first comparator COMP It is given to the non-inverting input terminal (+) of P. Similarly, the voltage at the power supply terminal TVsdes is set to the second voltage COMP as the second voltage. N is applied to the non-inverting input terminal (+).

First comparator COMP The inverting input terminal (−) of P is connected to the first reference voltage Vrefp of a reference voltage circuit (not shown) that maintains a constant potential difference with respect to the external power supply voltage “Vc” with resistors R1 and R2 between the voltage “Vc”. A terminal TV12 for supplying a resistance-divided voltage “Vdiv12” is connected.
The voltage “Vdiv12” is used as the first comparator COMP as the first comparison reference voltage. Given to P.
Comparator COMP The output of P is connected to the gate of the PMOS transistor P1.

Comparator COMP The inverting input terminal (−) of N has a resistance R3 and R4 between a second reference voltage Vrefn of a reference voltage circuit (not shown) that maintains a constant potential difference with respect to the external power supply voltage “Vs” and a voltage “Vs”. A terminal TV34 for supplying a voltage “Vdiv34” obtained by resistance division is connected.
The voltage “Vdiv34” is the second comparator COMP as the second comparison reference voltage. Given to N.
Comparator COMP The output of N is connected to the gate of the NMOS transistor N1.

  Here, the high voltage side of the capacitor C1 will be described.

First comparator COMP P and second comparator COMP N is a control signal CTL of opposite logic to each other P and CTL N is entered.

FIG. 4 shows the first comparator COMP of FIG. 3 is a circuit diagram illustrating a configuration example of P. FIG. FIG. 5 is a timing chart for explaining the operation of the circuit of FIG.

First comparator COMP P is composed of PMOS transistors P11 and P12 and NMOS transistors N11 to N14.

The sources of the PMOS transistors P11 and P12 are connected to the power supply potential. The drain of the PMOS transistor P11 is connected to the drain of the NMOS transistor N11, its gate, and the gate of the PMOS transistor P12.
The drain of the PMOS transistor P12 is connected to the drain of the NMOS transistor N12, and the connection point is the signal CP. It is connected to the P output terminal TOP.
The sources of the NMOS transistors N11 and N12 are connected to each other, the connection point is connected to the drain of the NMOS transistor N13, and the source of the NMOS transistor N13 is grounded.
The drain of the NMOS transistor N14 is connected to the output terminal TOP, and the source is grounded.
The gate of the NMOS transistor N11 is connected to the non-inverting input terminal (+), and the gate of the NMOS transistor N12 is connected to the inverting input terminal (−).
The gate of the NMOS transistor N13 is connected to the control signal CTL Connected to the supply line of P, the gate of the NMOS transistor N14 is connected to the control unit signal CTL. N supply lines.

First comparator COMP P includes control signals CTL having opposite logics to each other. P and CTL When N is input and it is not a cryptographic operation, the control signal CTL P is low level, control signal CTL N is set to a high level.
As a result, the output signal CP from the output terminal TOP P is output at a low level. As a result, the PMOS transistor P1 is turned ON, and the capacitor C1 is charged from the power supply terminal “Vc” of the IC.
After completion of charging, the comparator COMP The non-inverting input terminal (+) input of P becomes the same potential as the power supply terminal “Vc” of the IC and is higher than the resistance division voltage “Vdiv12” of the inverting input terminal (−).

  At the time of cryptographic computation, the control signal CTL P is high, control signal CTL N is set to a low level.
  As a result, the first comparator COMP P becomes active, but the voltage at the non-inverting input terminal (+) input is higher at this stage. For this purpose, the first comparator COMP P output signal CP P is output at a high level. As a result, the PMOS transistor P1 is cut off, and the encryption circuit 115 and the capacitor C1 are disconnected from the power supply terminal “Vc” of the IC.
  When the charge of the capacitor C1 is consumed by the cryptographic operation, the potential of the one terminal TVC of the capacitor C1 connected to the power supply terminal “TVcdes” gradually decreases.
  When the voltage falls below the input voltage “Vdiv12” of the inverting input terminal (−), the first comparator COMP P output signal CP P is inverted to low level. As a result, the PMOS transistor P1 is turned ON, the node TVC (“TVcdes”) of the capacitor C1 is connected to the external terminal “Vc” of the IC, and the capacitor C1 is charged.
  When the terminal voltage of the capacitor C1 becomes higher than the voltage “Vdiv12”, the first comparator COMP again. P output signal CP P is inverted to high level, and the power supply terminal “Vcdes” of the encryption circuit 115 and the terminal TVC of the capacitor C1 are disconnected from the power supply terminal “Vc” of the IC.
  As a result, the voltage of the node TVC (“TVcdes”) of the capacitor C1 drops again by the subsequent cryptographic operation. These operations are repeated during the cryptographic calculation period.

The cryptographic operation period ends and the control signal CTL P is low level, control signal CTL When N changes to high level, the first comparator COMP P output signal CP P is fixed at a low level.
As a result, the PMOS transistor P1 is turned ON, and the voltage of the node TVC (“Vcdes”) of the capacitor C1 is also held at the same potential as the external voltage “Vc” of the IC.
In the above operation, the current due to the “circuit operation caused by the key” subject to the DPA attack is supplied from the capacitor C1 separated from the power supply terminal of the IC, and therefore does not appear at the power supply terminal “Vc” of the IC. .
When the potential of the capacitor falls below a predetermined potential, it is charged by the power supply terminal “Vc” of the IC, but only the charging current “caused by the key” out of the charge consumed up to this point is charged. It is impossible to take it out.

  Next, the low voltage side of the capacitor C1 will be described.

FIG. 6 shows the second comparator COMP of FIG. It is a circuit diagram which shows the structural example of N. FIG. 7 is a timing chart for explaining the operation of the circuit of FIG.

Second comparator COMP N is constituted by NMOS transistors N21 and N22 and PMOS transistors P21 to P24.

The sources of the NMOS transistors N21 and N22 are connected to the ground potential. The drain of the NMOS transistor N21 is connected to the drain of the PMOS transistor P21, its gate, and the gate of the NMOS transistor N22.
The drain of the NMOS transistor N22 is connected to the drain of the PMOS transistor P22, and the connection point is the signal CP. N output terminals TON are connected.
The sources of the PMOS transistors P21 and P22 are connected to each other, the connection point is connected to the drain of the PMOS transistor P23, and the source of the PMOS transistor P23 is connected to the power supply potential.
The drain of the PMOS transistor P24 is connected to the output terminal TON, and the source is connected to the power supply potential.
The gate of the PMOS transistor P21 is connected to the non-inverting input terminal (+), and the gate of the PMOS transistor P22 is connected to the inverting input terminal (−).
The gate of the PMOS transistor P23 is connected to the control signal CTL. Connected to the N supply line, the gate of the PMOS transistor P24 is connected to the control unit signal CTL. Connected to the P supply line.

Second comparator COMP N is a control signal CTL of opposite logic to each other P and CTL When N is input and it is not a cryptographic operation, the control signal CTL P is low level, control signal CTL N is set to a high level.
As a result, the output signal CP from the output terminal TON N is output at a high level. As a result, the NMOS transistor N1 is turned ON and the power supply terminal “Vs” of the IC and the other terminal TVS of the capacitor C1 are connected to charge negative charges.
Then the second comparator COMP The N non-inverting input terminal (+) input has the same potential as the power supply terminal “Vs” of the IC and is lower than the resistance division voltage “Vdiv34” of the inverting input terminal (−).

At the time of cryptographic computation, the control signal CTL P is high, control signal CTL N is set to a low level.
As a result, the second comparator COMP N becomes active, but the voltage at the non-inverting input terminal (+) input is lower at this stage. For this reason, the second comparator COMP N output signal CP N is output at a low level. As a result, the NMOS transistor N1 is cut off, and the encryption circuit 115 and the capacitor C1 are disconnected from the power supply terminal (GND terminal) “Vs” of the IC.
When the negative charge of the capacitor C1 is consumed by the cryptographic operation, the potential of the one terminal TVS of the capacitor C1 connected to the power supply terminal “TVsdes” gradually increases.
When the voltage becomes higher than the input voltage “Vdiv34” of the inverting input terminal (−), the second comparator COMP N output signal CP N is inverted to high level. As a result, the NMOS transistor N1 is turned on, the node TVS (“TVsdes”) of the capacitor C1 is connected to the external terminal “Vs” of the IC, and the capacitor C1 is charged with negative charges.
Then, when the terminal voltage of the capacitor C1 becomes lower than the voltage “Vdiv34”, the second comparator COMP again. N output signal CP N is inverted to a low level, and the power supply terminal “Vsdes” of the encryption circuit 115 and the terminal TVS of the capacitor C1 are disconnected from the GND terminal “Vs” of the IC.
As a result, the voltage of the node TVS (“TVsdes”) of the capacitor C1 rises again by the subsequent cryptographic operation. These operations are repeated during the cryptographic calculation period.

The cryptographic operation period ends and the control signal CTL P is low level, control signal CTL When N changes to high level, the second comparator COMP N output signal CP N is fixed at a high level.
As a result, the NMOS transistor N1 is turned on, and the voltage of the node TVS (“Vsdes”) of the capacitor C1 is also held at the same potential as the external voltage “Vs” of the IC.
In the above operation, the current due to the “circuit operation caused by the key” subject to the DPA attack is supplied from the capacitor C1 separated from the power supply terminal of the IC, and therefore does not appear at the power supply terminal “Vs” of the IC. .
Then, when the potential of the capacitor rises above a predetermined potential, it is charged by the power supply terminal “Vs” of the IC, but only the discharge current “caused by the key” out of the charge consumed so far from this charging current. It is impossible to take it out.

Based on the above, the circuit operation of FIG. 3 will be described in association with the timing chart of FIG.
FIG. 8 shows a case where two DES operations are executed.

When the cryptographic operation is not executed, as described above, the control signal CTL N is high and the control signal CTL P is set to a low level.
Control signal CTL Since N is high, the first comparator COMP P output signal CP P goes low and the PMOS transistor P1 is turned on.
Control signal CTL The second comparator COMP is detected when P ″ is at a low level. N output signal CP N ″ goes high and the NMOS transistor N1 is turned on.
As a result, the power supply terminals TVcdes and TVsdes of the encryption circuit 115 and both ends TVC and TVS of the capacitor C1 are connected to the external power supplies “Vc” and “Vs” of the IC, and the capacitor is controlled to the same potential as the external power supply.

When the cryptographic operation is started, the control signal CTL P and CTL When N is inverted, the comparator COMP P output signal CP P goes high and the second comparator COMP N output signal CP N ″ goes low.
As a result, the PMOS transistor P1 and the NMOS transistor N1 are cut off.
As a result, the power supply terminals TVcdes and TVsdes of the encryption circuit 115 and both ends TVC and TVS of the capacitor C1 are disconnected from the external power supplies “Vc” and “Vs” of the IC, and the encryption circuit 115 performs an operation with the charge of the capacitor C1. The
Then, when the charge of the capacitor C1 decreases to a predetermined value or more as the calculation progresses, it is detected by the comparator, the PMOS transistor P1 and the NMOS transistor N1 are turned on, the charge is supplied from the external power source, and the cryptographic calculation is continued. .

When the cryptographic operation period ends, the control signal CTL When P is low, the control signal CTL N is switched to high level.
Thus, the power supply terminals TVcdes and TVsdes of the encryption circuit 115 and both ends TVC and TVS of the capacitor C1 are connected to the external power supplies “Vc” and “Vs” of the IC, and the capacitor C1 is charged to the same potential as the external power supply.

In the above operation, when the capacitor voltage drops with the progress of the cryptographic operation, the PMOS transistor P1 and the NMOS transistor N1 are turned on and connected to the external power supply of the IC to compensate the charge.
For this reason, the charge stored in the capacitor C1 does not have to be all the charge consumed for one cryptographic operation, and the capacitance of the capacitor can be kept low.

[Second Embodiment]
FIG. 9 is a diagram illustrating a configuration example of an LSI used in an IC card according to the second embodiment of the present invention.

The second embodiment is different from the above-described first embodiment in the following points.
In the second embodiment, a resistor string formed by resistors R5, R6, and 7 connected in parallel with the capacitor C1 is disposed.
The connection point N56 between the resistors R5 and R6 is the first comparator COMP. The connection point N67 of the resistors R6 and R7 is connected to the non-inverting input terminal (+) of P, and the second comparator COMP It is connected to the N inverting input terminal (−).
The voltage at the node N56 is used as the first divided voltage, and the first comparator COMP It is given to the non-inverting input terminal (+) of P. Similarly, the voltage at the connection point N67 becomes the second divided voltage and the second comparator COMP. N is applied to the non-inverting input terminal (+).
First comparator COMP The first reference voltage Vrefp is supplied directly to the inverting input terminal (−) of P as the first comparison reference voltage, and the second comparator COMP The second reference voltage Vrefn is directly supplied to the N non-inverting input terminal (+) as the second comparison reference voltage.

  In the first embodiment, in the control of “Vcdes”, a voltage near “Vc” is controlled by an NMOS input differential amplifier, and in the control of “Vsdes”, a voltage near “Vs” is controlled by a PMOS input differential amplifier. It is controlled by. For this reason, the operating current tends to increase.

  On the other hand, the second embodiment is characterized in that the operating current in the comparator can be kept low because the voltage to be compared is a voltage around “Vc” and “Vs”.

[Third Embodiment]
Next, a third embodiment of the present invention will be described with reference to FIG. 10, FIG. 11, FIG. 12, and FIG.

FIG. 10 is a diagram illustrating a configuration of a general DES arithmetic circuit. FIG. 11 is a diagram illustrating a configuration example of the F function unit. FIG. 12 is a diagram illustrating an example of operation timing of DES.
FIG. 13 is a diagram showing operation timing according to the third embodiment of the present invention.

10 includes an initial replacement unit [IP (Initial Permutation)] 210, a switch (SW) 220, a left register (referred to as an L register) 230, a right register (R register) 240, an F function unit 250, and an EXOR. An arithmetic unit 260, an inverse replacement unit (IP ⁻¹ ) 270, and a ciphertext output unit (Crypto) 280 are included.

The switch (SW) 220 includes an L register side switch 220L and an R register side switch 220R.
The operating contact a of the switch 220L is connected to the output of the initial replacement unit 210, the operating contact b is connected to the output of the R register 240, and the fixed contact c is connected to the input of the L register 230.
The operation contact a of the switch 220R is connected to the output of the initial replacement unit 210, the operation contact b is connected to the output of the EXOR operation unit 260, and the fixed contact c is connected to the input of the R register 240.

In the DES operation circuit 200 of FIG. 10, the switches (SW) 220L and 220R have the fixed contact c connected to the working contact “a” side at the start of the DES operation.
When the DES operation is started, the plaintext is replaced with two 32-bit data L ₀ and R ₀ after IP replacement in the initial replacement unit 210. Then, it is taken into the L register 230 and the R register 240 at the rising edge of a latch pulse (Latch Pulse) Lat as a control timing based on the control clock. In parallel with this, in the switches 220L and 220R, the connection of the fixed contact c is switched to the working contact “b” side.

With this data fetching, the outputs of the L register 230 and the R register 240 become “L ₀ ” and “R ₀ ”.
After that, based on these register stored values, a round operation is applied to which the F function unit 250 and the EXOR operation unit 260 are applied, and the result is again transmitted to the L register 230 via the switches (SW) 220L and 220R. And supplied to the input of the R register 240.

Furthermore, the next round operation is started by taking in the L register 230 and the R register 240 at the rising edge of the latch pulse Lat in the next clock cycle and updating the output.
After repeating this operation 16 clock cycles, and outputs the calculation result to the reverse replacement section (IP ^-1) 270 perform the inverse substitution conversion, and outputs it as cipher text.

As shown in FIG. 11, the F function unit 250 includes a plurality (8 in FIG. 11) of S boxes S _{1 to} S ₈ that execute nonlinear processing.
The input value F-in from the previous stage, that is, R (n-1) is expanded to 48 bits by the extension unit (EX) 251.
Furthermore, the key (48 bits) Kn and EXOR input from the key schedule part are executed, and the output is input to a plurality of S boxes S _{1 to} S ₈ for executing nonlinear transformation processing by 6 bits. In each of the S boxes S _{1 to} S ₈ , non-linear conversion processing from 6 bits to 4 bits to which a conversion table is applied is executed.
The output bits 4 × 8 = 32 bits from the S boxes S _{1 to} S ₈ are input to the replacement unit (P) 252, where the bit position is replaced, and 32 bits of F function output are generated and output.

In general, the cryptographic circuit includes a calculation circuit for one round, and performs a cryptographic operation by operating the arithmetic circuit a predetermined number of times.
In this configuration, when the stored value of the register is updated at the beginning of the round, a series of cryptographic operations are executed from there and the operation result is supplied to the input of the register.

For example, in the case of the DES encryption described above, the stored values and output values of the L register 230 and the R register 240 change at the rise of the latch pulse Lat, which is a signal taken into the L register 230 and the R register 240.
As a result, the calculation in the F function unit 250 and the EXOR calculation ahead are performed, and the calculation result is supplied to the inputs of the L register 230 and the R register 240.
Then, during this period, “calculation due to the key” is executed and the current appears as a leakage current at the power supply terminal. When the calculation is completed, power consumption in the encryption circuit 115 is not increased until the next rise of the latch pulse Lat. Absent.

Therefore, when the configurations as shown in the first and second embodiments of the present invention are applied, if the precharge operation is performed during the period from the end of the calculation to the rise of the next latch pulse Lat, round calculation is performed. The calculation can be started from the state where the precharge is completed at each start.
Here, the precharge operation refers to charging the capacitor C1 by turning on the PMOS transistor P1 and the NMOS transistor N1.
Therefore, the required capacitance of the capacitor is sufficient to supply the charge necessary for one round of calculation.

This precharge period may be set in a period from the end of the calculation when the calculation is performed under the worst operating condition of the IC to the rise of the next latch pulse Lat. On the other hand, what is required during this period is the time required to charge the electric charge consumed in each round operation, and it is sufficient that this is ensured.
For cryptographic circuits that operate at high speed, this setting must be made strictly. However, for those that operate with a low-speed clock of about a dozen MHz, such as an IC card, round calculations are often performed. It ends within a half cycle of the clock.
Therefore, in a product having such characteristics, precharge can be performed without overlapping operation operations if control is performed to perform precharge with the second half of the clock pulse.

  FIG. 13 is a timing chart in the case where the control of performing the precharge in the second half of the clock is performed after the encryption operation of each round (Round) is completed in the first half of the clock.

In this case, the electric charge consumed in the round calculation is charged in the latter half of the clock, and even if it falls below a predetermined level during the round calculation, the charge is executed by the control of the comparator. .
In the case of this configuration, the necessary capacitor capacity may be a capacity capable of storing charges necessary for one round of calculation.

If the capacity is set to a value that allows for a margin in the value that stores the charge required for one round operation, the voltage will not drop below a predetermined level while the round operation is being performed. .
The consumed electric charge is charged in the time from the end of the round calculation to the start of the next round calculation.
Therefore, if this capacity can be set, as shown in FIG. 14, the comparator and the control by it are unnecessary, and the resistor string for generating the comparison voltage is also unnecessary.

As described above, according to the present embodiment, in the common key encryption circuit 115, the capacitor C1 is arranged in parallel between the power supply and GND of the encryption circuit block.
A configuration is adopted in which the power supply terminal of the circuit block is connected to the LSI power supply line LV111 via the PMOS transistor P1, and the GND terminal is connected to the GND line LV112 of the LSI via the NMOS transistor N1.
Further, a configuration is adopted in which a circuit for monitoring the power supply terminal and the GND terminal voltage of the encryption circuit 115 is arranged, and when the voltage exceeds a predetermined voltage, the PMOS transistor P1 and the NMOS transistor N1 are turned on to supply charges.
Therefore, according to the present embodiment, the following effects can be obtained.

A DPA attack becomes impossible by performing a cryptographic operation with the charge stored in the capacity.
When the charge is reduced by the cryptographic operation, the capacitor is controlled by the monitor unit to be charged from the external power source, so that the capacity can be reduced.
If there is sufficient time from the end of each round calculation to the next clock rise, it is possible to control charging the capacitor after the round calculation ends in each round calculation period. The capacity can be kept small.

It is a figure which shows the structural example of the measurement system of a DPA attack. It is a figure which shows the structural example of IC which employ | adopted the method disclosed by patent document 1. FIG. It is a figure which shows the structural example of LSI used for the IC card based on the 1st Embodiment of this invention. High-voltage side comparator COMP of FIG. 3 is a circuit diagram illustrating a configuration example of P. FIG. 5 is a timing chart for explaining the operation of the circuit of FIG. 4. Low-voltage side comparator COMP of FIG. It is a circuit diagram which shows the structural example of N. 7 is a timing chart for explaining the operation of the circuit of FIG. 6. 4 is a timing chart for explaining the operation of the circuit of FIG. 3. It is a figure which shows the structural example of LSI used for the IC card based on the 2nd Embodiment of this invention. It is a figure which shows the structure of a DES arithmetic circuit. It is a figure which shows the structural example of F function part. It is a figure which shows the example of an operation timing of DES. It is a figure which shows the operation | movement timing which concerns on the 3rd Embodiment of this invention. It is a figure which shows the structural example of the suitable LSI corresponding to 3rd Embodiment.

Explanation of symbols

100, 100A, 100B ... IC card (electronic device), 110, 110A, 100B ... LSI, 111 ... CPU, 112 ... mask ROM, 113 ... RAM, 114 ... peripheral circuit 115, encryption circuit, C1, capacitor, MNT1, MNT1A, MNT1B, monitor unit, COMP P, COMP N... Comparator, P1... PMOS transistor, N1... NMOS transistor, R1 to R6.

Claims (14)

A power line;
A reference power line,
A cryptographic circuit that receives a predetermined power at the power supply terminal and the reference power supply terminal and performs a cryptographic operation;
A capacitor connected in parallel between the power supply terminal of the encryption circuit and the reference power supply terminal;
A first switch connected between the power line and the power terminal;
A second switch connected between the reference power supply line and the reference power supply terminal;
A monitor unit for monitoring the voltage of the power supply terminal and the reference power supply terminal;
The monitor section
At the time of non-cryptographic computation in the cryptographic circuit, the first switch and the second switch are turned on to connect the cryptographic circuit and the capacitor to the power supply line and the reference power supply line.
At the time of cryptographic computation in the cryptographic circuit, the first switch and the second switch are turned off, the cryptographic circuit and the capacitor are disconnected from the power supply line and the reference power supply line, and the cryptographic circuit is encrypted with the charge of the capacitor. A cryptographic processing device including a function of turning on the first switch and the second switch so as to replenish the electric charge of the capacitor which has been reduced by the calculation. The monitor section
At the time of cryptographic computation in the cryptographic circuit, the first switch and the second switch are turned off, the cryptographic circuit and the capacitor are disconnected from the power supply line and the reference power supply line, and the cryptographic circuit is encrypted with the charge of the capacitor. The cryptographic processing device according to claim 1, wherein when the charge of the capacitor decreases to a predetermined value or more as a result of the calculation, the first switch and the second switch are turned on until the reduced charge is replenished. The monitor section
The first switch is turned on at the time of non-cryptographic computation in the cryptographic circuit, the first switch is turned off at the time of cryptographic computation, and a first voltage according to the power supply terminal potential and a first according to a predetermined first reference voltage A first comparator that turns on the first switch while the first voltage is less than or equal to the first comparison reference voltage;
The second switch is turned on during non-cryptographic computation in the cryptographic circuit, and the second switch is turned off during cryptographic computation, and a second voltage corresponding to the reference power supply terminal potential and a second voltage corresponding to a predetermined second reference voltage are set. 3. A second comparator that compares two comparison reference voltages and turns on the second switch while the second voltage is equal to or higher than the second comparison reference voltage. Cryptographic processing device. The monitor section
A voltage obtained by dividing a voltage difference between the voltage of the power supply line and the first reference voltage is applied to the first comparator as the first comparison reference voltage, and the power supply terminal voltage is applied to the first comparator as the first voltage;
A voltage obtained by dividing a voltage difference between the voltage of the reference power supply line and the second reference voltage is used as the second comparison reference voltage, and the reference power supply terminal voltage is used as the second voltage to the second comparator. The cryptographic processing device according to claim 3. The monitor section
The first reference voltage is used as the first comparison reference voltage, and the first divided voltage obtained by dividing the voltage difference between the power supply terminal voltage and the reference power supply terminal voltage into a plurality of parts is used as the first voltage. To the comparator of
A second divided voltage lower than the first divided voltage obtained by dividing the difference voltage between the power supply terminal voltage and the reference power supply terminal voltage into a plurality of voltages using the second reference voltage as the second comparison reference voltage. The cryptographic processing apparatus according to claim 3, wherein the second voltage is supplied to the second comparator. The encryption circuit
Including a calculation circuit for one round, having a function of performing a cryptographic operation by operating the calculation circuit a predetermined number of times,
The monitor section
The cryptographic processing apparatus according to claim 1, wherein the first switch and the second switch are turned on during a period from the end of the round calculation to the start of the next calculation. The capacitor is
The cryptographic processing device according to claim 6, wherein the cryptographic processing device is set to a capacity value for storing electric charge required for at least one round operation. A power line;
A reference power line,
A circuit system connected to the power supply line and the reference power supply line;
A cryptographic circuit that receives a predetermined power at the power supply terminal and the reference power supply terminal and performs a cryptographic operation;
A capacitor connected in parallel between the power supply terminal of the encryption circuit and the reference power supply terminal;
A first switch connected between the power line and the power terminal;
A second switch connected between the reference power supply line and the reference power supply terminal;
A monitor unit for monitoring the voltage of the power supply terminal and the reference power supply terminal;
The monitor section
At the time of non-cryptographic computation in the cryptographic circuit, the first switch and the second switch are turned on to connect the cryptographic circuit and the capacitor to the power supply line and the reference power supply line.
At the time of cryptographic computation in the cryptographic circuit, the first switch and the second switch are turned off, the cryptographic circuit and the capacitor are disconnected from the power supply line and the reference power supply line, and the cryptographic circuit is encrypted with the charge of the capacitor. An integrated circuit including a function of turning on the first switch and the second switch so as to replenish the charge of the capacitor which has been reduced by the calculation. The monitor section
At the time of cryptographic computation in the cryptographic circuit, the first switch and the second switch are turned off, the cryptographic circuit and the capacitor are disconnected from the power supply line and the reference power supply line, and the cryptographic circuit is encrypted with the charge of the capacitor. The integrated circuit according to claim 8, wherein, as a result of the calculation, when the charge of the capacitor decreases to a predetermined value or more, the first switch and the second switch are turned on until the reduced charge is replenished. The monitor section
The first switch is turned on at the time of non-cryptographic computation in the cryptographic circuit, the first switch is turned off at the time of cryptographic computation, and a first voltage according to the power supply terminal potential and a first according to a predetermined first reference voltage A first comparator that turns on the first switch while the first voltage is less than or equal to the first comparison reference voltage;
The second switch is turned on during non-cryptographic computation in the cryptographic circuit, and the second switch is turned off during cryptographic computation, and a second voltage corresponding to the reference power supply terminal potential and a second voltage corresponding to a predetermined second reference voltage are set. 10. A second comparator that compares two comparison reference voltages and turns on the second switch while the second voltage is equal to or higher than the second comparison reference voltage. Integrated circuit. The monitor section
A voltage obtained by dividing a voltage difference between the voltage of the power supply line and the first reference voltage is applied to the first comparator as the first comparison reference voltage, and the power supply terminal voltage is applied to the first comparator as the first voltage;
A voltage obtained by dividing a voltage difference between the voltage of the reference power supply line and the second reference voltage is used as the second comparison reference voltage, and the reference power supply terminal voltage is used as the second voltage to the second comparator. The integrated circuit according to claim 10. The monitor section
The first reference voltage is used as the first comparison reference voltage, and the first divided voltage obtained by dividing the voltage difference between the power supply terminal voltage and the reference power supply terminal voltage into a plurality of parts is used as the first voltage. To the comparator of
A second divided voltage lower than the first divided voltage obtained by dividing the difference voltage between the power supply terminal voltage and the reference power supply terminal voltage into a plurality of voltages using the second reference voltage as the second comparison reference voltage. The integrated circuit according to claim 10, wherein the second voltage is supplied to the second comparator. The encryption circuit
Including a calculation circuit for one round, having a function of performing a cryptographic operation by operating the calculation circuit a predetermined number of times,
The monitor section
The integrated circuit according to claim 8, wherein the first switch and the second switch are turned on during a period from the end of the round operation to the start of the next operation. The capacitor is
The integrated circuit according to claim 13, wherein the integrated circuit is set to a capacitance value that stores electric charge necessary for at least one round operation.

Images