JP2010062635A - Encryption processing apparatus and integrated circuit - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption processing apparatus that eliminates the need for logic measures for DPA measures causing an increase in circuit scale and an increase in consumption current, and an integrated circuit. <P>SOLUTION: The encryption processing apparatus includes: a power supply line LV111; a reference power supply line LV112; an encryption circuit 112 which receives predetermined power at a power supply terminal and a reference power supply terminal and performs an encryption operation; and a monitor unit MNT1 which supplies a current to a clearance between the power supply terminal and the reference power supply terminal, after an encryption operation instruction is issued and before the encryption operation is started, to detect the fact that a resistance is connected to at least the one terminal between the power supply terminal and the reference power supply terminal. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a cryptographic processing device and an integrated circuit on which the cryptographic processing device is mounted.

  In the IC card, when data is exchanged with the host computer, encrypted data is used as exchanged data so that no problem occurs even if secret information stored in the IC card leaks in the process.

As the encryption method, common key encryption is most frequently used at present.
For example, in DES (Data Encryption Standard), an IC card owner and a host computer have the same key for data encryption. In DES, the data transmission side encrypts the data with the key and transmits the data, and the data reception side decrypts the data with the same key and takes out the message.

Even if a malicious third party eavesdrops in the course of communication, it is difficult to decrypt and extract a message unless it has a key.
A key used for encryption / decryption is stored in a nonvolatile memory such as an EEPROM in the IC card.
A configuration in which key data cannot be extracted even by the IC card owner or IC card development engineer by control that is directly transferred to the encryption engine in the IC card without going through the CPU at the time of encryption / decryption. Adopt security.

However, P. Kocher et al. Reported an attack method (DPA: Differential Power Analysis) in which the current consumption of an IC card was measured, and statistical processing was performed on it to extract the key.
In this DPA attack, it is possible to extract a key by performing an encryption operation using about 1000 different plaintexts, obtaining a current consumption waveform at that time, estimating a key, and statistically processing the current consumption. Become.

  An actual DPA attack is performed using a measurement system as shown in FIG.

In the measurement system 1 of FIG. 1, first, a voltage is supplied from an external power supply to a power supply pin PP of an LSI (IC: integrated circuit) 2 including a cryptographic operation circuit via a resistor R of about 1 to 10Ω.
Then, the operating current waveform is measured by measuring the voltage at one end of the resistor R with the digital oscilloscope 3, and this is taken into the hard disk or the like of the personal computer (personal computer) 4.
The plaintext to be cryptographically operated is generated using a random number circuit or the like generated from the personal computer 4 and supplied to the system base 5 side for cryptographic calculation.
After the acquisition of the predetermined number of plaintexts and the current waveform corresponding to the predetermined number of plaintexts, the personal computer 4 performs a simulation of encryption by estimating a key using a plurality of plaintexts.
Then, the current consumption waveforms are grouped based on the value of the node of interest, the difference between the average currents of each group is taken, and the validity of the estimation key is determined based on whether or not the peak current is generated.

If no peak is detected, another 6-bit key is selected and the same process is performed. If a peak is detected, the target S box (Sbox) is changed to obtain the next 6-bit key.
Then, if each 6-bit key is obtained for 8 Sboxes, the remaining 56-48 = 8 [bit] can be obtained 2 ⁸ = 256 times even if all attacks are performed.

The threat of a DPA attack is that a special device is not required to attack, and once the acquisition of the current waveform is completed, it takes only about tens of hours to extract the key by statistical processing of the current waveform after estimating the key. It is a point that is not necessary.
In the attack, a resistance for current measurement is inserted on the power supply side or the ground GND side. Other than that, it is the same as the processing of a command from a normal CPU, and there is no way to detect that the cryptographic circuit is attacked. .

As a method for coping with this DPA attack, it is generally performed to include a method for suppressing the generation of current due to the key to be attacked or making the statistical processing of current consumption difficult.
There are roughly the following three types of DPA countermeasures, and one or more of these countermeasures are taken.
<1> Logic measures
<2> Timing measures,
<3> Current countermeasures.

  Among these, the logic measure <1> is most resistant to DPA attacks. Usually, the logic countermeasure <1> is supplementarily combined with the timing countermeasure <2> and the current countermeasure <3> as the DPA countermeasure.

As the logic countermeasure <1>, there are (a) a method of disturbing with a random number and (b) a method of arranging circuits performing complementary operations in parallel.
As an example of the method (a) for disturbing with a random number, for example, a technique disclosed in Patent Document 1 is known.
In this technique, an F function input unit generates a value (positive) and an inverted value (negative) as they are, and selects a value to be input to the extension function using a random number.

As an example of a method (b) for arranging circuits that perform complementary operations in parallel, for example, a technique disclosed in Patent Document 2 is known.
In this technique, 1-bit data is developed into 2-bit numerical values having the same Hamming weight. And the transition of the data by the calculation is performed by providing two phases of the working phase and the dormant phase, and by controlling the transition to the post-computation data after transitioning to a state that is neither “0” nor “1”. The change current associated with the transition of the operation value cannot be detected.

Specifically, for example, the cryptographic operation is executed with data “0” as “01” and data “1” as “10”. When the data changes due to the round calculation, for example, the data transitions to “00” at one end and then transitions to the data after the calculation.
That is, it is as follows.

“0” → “0” transition: “01” → “00” → “01”,
“0” → “1” transition: “01” → “00” → “10”,
“1” → “0” transition: “10” → “00” → “01”,
Transition from “1” to “1”: “10” → “00” → “10”.

As described above, since only 1 bit changes in every transition, it is difficult to extract the key from the change current.
JP 2002-31826 A JP 2004-347975 A

In the configuration disclosed in Patent Document 1, two types of Sbox, normal data (positive) and inverted data (negative), are prepared, and which one is selected by a random number is determined.
In this method, even if the estimated 6-bit key is correct, half of each of the two groups is inverted by a random number, and as a result, no peak signal appears even if the difference in average current is taken.
However, in this system, it is necessary to arrange two Sboxes and operate them simultaneously. For this reason, the circuit scale and current consumption increase, and if a higher-level DPA attack is performed, the number of plaintexts required for statistical processing and the number of current consumption waveforms to be acquired increase, but the key can be taken out. It becomes.

Further, in the technique disclosed in Patent Document 2, since it is necessary to process all arithmetic processes with 2 bits, the circuit scale and current consumption are doubled or more.
In the first place, the measurement of the current waveform for the DPA attack is performed by simply adding a resistance of several ohms between the external power supply and the power supply terminal of the IC, so that it is difficult to detect the addition of resistance when viewed from the IC. Under these circumstances, various measures are taken so that it is difficult to obtain a key even if a DPA attack occurs.

  An object of the present invention is to provide an encryption processing apparatus and an integrated circuit that do not require a logical countermeasure for a DPA countermeasure that causes an increase in circuit scale and an increase in current consumption.

  A cryptographic processing device according to a first aspect of the present invention includes a power supply line, a reference power supply line, a cryptographic circuit that receives a predetermined power from the power supply terminal and the reference power supply terminal, performs cryptographic computation, A monitor unit that detects that a resistor is connected to at least one of the power supply terminal and the reference power supply terminal by causing a current to flow between the power supply terminal and the reference power supply terminal before entering the operation;

  An integrated circuit according to a second aspect of the present invention receives predetermined power from a power supply line, a reference power supply line, a circuit system connected to the power supply line and the reference power supply line, and a power supply terminal and a reference power supply terminal. A cryptographic circuit that performs cryptographic operations, and after issuing a cryptographic operation command and before entering a cryptographic operation, a current is passed between the power supply terminal and the reference power supply terminal, and a resistor is connected to at least one of the power supply terminal and the reference power supply terminal. And a monitor unit for detecting this.

  Preferably, the monitor unit includes a current source, a first switch connected in series with the current source between the power supply terminal and the reference power supply terminal, and controlled to be turned on / off by a control signal, and the power supply terminal. A reference voltage generation circuit for generating a reference voltage connected between the reference power supply terminals, a plurality of resistors connected in series for generating a divided voltage, and the plurality of series resistors between the power supply terminal and the reference power supply terminal And a second switch that is controlled to be turned on and off by a control signal, and a comparator that compares the reference voltage by the reference voltage generation circuit with the divided voltage by the series resistor.

  Preferably, after the cryptographic operation instruction is issued, the monitor unit controls the second switch to be turned on by a control signal and supplies the divided voltage to the comparator, and the first switch is turned on by the control signal. A current is passed between the power supply terminal and the reference power supply terminal, and the comparator compares the reference voltage with the divided voltage in a state where the current flows, and at least one of the power supply terminal and the reference power supply terminal The voltage difference when a resistor is connected to is detected.

  Preferably, the monitor unit includes a current source, a first switch connected in series with the current source between the power supply terminal and the reference power supply terminal, and controlled to be turned on / off by a control signal, and the power supply terminal. An oscillation circuit that is supplied with a drive voltage from the reference power supply terminal and receives a control signal to oscillate, a counter that counts the output of the oscillation circuit, a register that can hold the counter value, and a count value of the counter And a comparator for comparing the count value held in the register.

  Preferably, the monitor unit includes a capacitor and a second switch connected in series between the reference power supply terminal and the oscillation path of the oscillation circuit, and the first and second switches are turned off. In this state, the oscillation circuit is operated by the control signal, the output of the oscillation circuit is counted by the counter, and then held in the register, and the output of the oscillation circuit is turned on with the first and second switches turned on. The counter counts again, and the comparator compares the recount value with the count value of the register to detect a change in frequency.

  Preferably, the monitor unit includes a capacitor and a second switch connected in series between the reference power supply terminal and the oscillation path of the oscillation circuit, and turns on the second switch, With the switch turned off, the oscillation circuit is operated by the control signal and the output of the oscillation circuit is counted by the counter and then held in the register, the second switch is turned off, and the first switch is turned on. In this state, the output of the oscillation circuit is counted again by the counter, and the comparator compares the recount value with the count value of the register to detect a change in frequency.

According to the present invention, when the cryptographic operation instruction is issued, the monitor unit causes a current to flow between the power supply terminal and the reference power supply terminal before entering the cryptographic operation.
For example, when a resistor is connected to at least one of the power supply terminal and the reference power supply terminal, a change in voltage or frequency appears, and the presence or absence of this change is monitored by the monitor unit.

  According to the present invention, it is possible to eliminate the need for a logical measure for a DPA measure that causes an increase in circuit scale and an increase in current consumption.

  Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings.

In the present embodiment, a configuration is provided that detects a resistance addition during current measurement for a DPA attack and eliminates the need for a logical countermeasure for a DPA countermeasure that causes an increase in circuit scale and an increase in current consumption. Is realized.
Specifically, in the present embodiment, a monitor unit that detects that a resistor is added to the power supply terminal and the GND terminal of the IC is mounted, and when the addition of the resistor is detected, it is reset to make the DPA attack difficult.

  As a resistance detection method, in the present embodiment, a voltage detection method or a frequency detection method is adopted in which a current close to the current consumption specification is passed for a certain period after a cryptographic operation command is issued and before the cryptographic operation is entered.

  In the voltage detection method, when a resistor is added, a large current flows to cause a voltage drop of the power supply line and a voltage rise of the GND line, and this is a resistance division voltage arranged between the power supply of the IC and GND. And comparison with the resistance division voltage of the reference voltage.

  In the frequency detection method, when a resistor is added, the potential difference between the power supply and the GND is reduced by flowing a large current. When the oscillation circuit is arranged, when the potential difference between the power source and GND changes, the oscillation frequency also changes, and the presence of the resistor is detected by comparing the oscillation frequency before and after flowing a large current.

  Hereinafter, a case where a voltage detection method and a frequency detection method are employed for an LSI (integrated circuit) according to an embodiment of the present invention will be described as an example.

[First Embodiment]
FIG. 2 is a diagram illustrating a configuration example of an LSI used in the IC card according to the first embodiment of the present invention.

The IC card (electronic device) 100 includes an LSI (integrated circuit) 110.
As shown in FIG. 2, the LSI 110 has a CPU 111, an encryption circuit 112, another peripheral circuit 113, a comparator 114, a reference voltage generation circuit (BGR1) 115, and a constant current source 116 integrated therein.
The LSI 110 further integrates an n-channel MOS (NMOS) transistor N1 as a first switch, an NMOS transistor N2 as a second switch, a resistor R1 and a variable resistor R2 connected in series.

  The comparator 114, the reference voltage generation circuit 115, the constant current source 116, the resistors R1 and R2, and the transistors N1 and N2 constitute a monitor unit MNT1.

The CPU 111 controls the entire IC card 100 in accordance with a program stored in a mask ROM (not shown) or by accessing the RAM.
The CPU 111 has a function of issuing a cryptographic command to the cryptographic circuit 112.

  In the IC card 100 of this embodiment, the CPU 111, the encryption circuit 112, the peripheral circuit 113, and the reference voltage generation circuit 115 are connected to the power supply line LV111 and the GND line (ground line) LV112 to which the power supply voltage “Vcc” is supplied from the external power supply. The constant current source 116 and the like are connected.

As shown in FIG. 2, the current waveform for the DPA attack is acquired from the power supply terminal end of the IC by inserting a resistor between the external power supply and the power supply terminal of the IC. There are two methods for obtaining from the GND terminal end of the IC by inserting a resistor between the GND terminal and the GND terminal.
For this reason, the voltages of the external power supply and the power supply terminal of the IC card, and the external GND and the GND terminal of the IC do not necessarily match.
In the following description, these voltages are expressed as Vcc, Vd and GND, Vs, respectively.

In the monitor unit MNT1, a constant current source 116 that supplies a current of “I _L ” and an NMOS transistor N1 that is on / off controlled by a control signal CHK1 are arranged in series between the power supply line LV111 and the GND line LV112. Yes.
In parallel with this, a resistor string of a fixed resistor R1 and a variable resistor R2 connected in series, and an NMOS transistor N2 that is on / off controlled by a control signal CHK2 are connected in series between the power supply line LV111 and the GND line LV112. ing.
Further, a node ND1 is formed by a connection point of the resistor string of the fixed resistor R1 and the variable resistor R2. The node voltage of this node ND1 is assumed to be Vdiv.

The output Vref of the reference voltage generation circuit 115 that always outputs a constant voltage to the GND terminal (Vs) of the IC card 100 is input to the “+” terminal of the comparator 114, and the resistance division voltage Vdiv is the comparator. 114 is input to the “−” terminal.
In this embodiment, when the following relationship is detected when the comparator 114 becomes active, a reset request is made.

[Equation 1]
“−” Terminal voltage V (−) <“+” terminal voltage V (+) (1)

  FIG. 3 is a diagram illustrating a configuration example of the variable resistor R2 in the monitor unit of the present embodiment.

As shown in FIG. 3, the variable resistor R2 is configured by connecting a resistor R20 having a certain resistance value and a plurality of resistors R21 to R2n having a resistance value smaller than the resistor R20 in series. .
The resistors R21 to R2n having small resistance values have gates connected to the register Reg. 1-Reg. NMOS transistors N21 to N2n connected to the output of n are arranged in parallel.
The NMOS transistors N21 to N2n are connected to the register Reg. 1-Reg. ON / OFF is controlled by a set value to n.
In the variable resistor R2, the NMOS transistors N21 to N2n are connected to the register Reg. 1-Reg. A configuration is adopted in which the resistance value can be changed by enabling or short-circuiting the resistors R21 to R2n having a smaller value by performing on / off control depending on the set value to n.

  This register Reg. 1-Reg. The value of n is the resistance value of the variable resistor R2 when the constant current source 116 is inactive and only the reference voltage generation circuit 115 and the comparator 114 are active during the initialization operation immediately after the IC power is turned on. Is set to be

  That is, among the resistance value RV2 of the variable resistor R2 that satisfies the following equation (2), the resistor Reg. 1-Reg. The value of n is set.

[Equation 2]
{RV2 / (RV1 + RV2)} · (Vd−Vs) + Vs> Vref + Vs (2)

  Here, RV1 indicates the resistance value of the resistor R1, and RV2 indicates the resistance value of the variable resistor R2.

  Next, the circuit operation of this configuration will be described with reference to FIGS.

FIG. 4 is a diagram illustrating a case where a resistor is inserted on the power supply terminal side with respect to the circuit of FIG.
5A shows a signal waveform when no resistor is inserted on the power supply terminal side in the circuit of FIG. 2, and FIG. 5B shows a signal waveform inserted on the power supply terminal side in the circuit of FIG. It is a figure which shows the signal waveform in a case.
FIG. 6 is a diagram showing a case where a resistor is inserted on the GND terminal side in the circuit of FIG.
FIG. 7 is a diagram showing signal waveforms when a resistor is inserted on the GND terminal side in the circuit of FIG.

<When no resistance is added to both terminals>
When no resistance is added to the power supply terminal side and the GND terminal side, Vd = Vcc and Vs = GND, and the above equation (2) is as follows.

[Equation 3]
{RV2 / (RV1 + RV2)} · Vcc> Vref (3)

During normal operation, the control signals CHK1 and CHK2 are set to a low level, and the constant current source 116 and the comparator 114 are held in an off state (inactive state).
When a cryptographic operation instruction is issued from the CPU 111 to the cryptographic circuit 112, the control signal CHK2 is set to a high level before the cryptographic operation is started, thereby turning on the transistor N2 and activating the resistance strings of the resistors R1 and R2. It becomes. As a result, the divided voltage Vdiv is supplied to the comparator 114.
At this time, since no external resistor is added, there is no change in the potentials of the power supply terminal and the GND terminal of the IC.
In this state, the control signal CHK1 is set to the high level, whereby the transistor N1 is turned on, and the current of the current value “I _L ” flows to the constant current source 116, but the voltage changes of “Vd” and “Vs” do not occur. Absent.
For this reason, as shown in FIG. 5A, both input voltages of the comparator 114 are not changed, and the reset signal RST is not issued.

<When the resistor “Rd” is inserted between the external power supply and the IC power supply terminal>
As shown in FIG. 4, when a resistor “Rd” is inserted between the external power supply and the power supply terminal of the IC, Vs = GND, and the above equation (2) is as follows.

[Equation 4]
{RV2 / (RV1 + RV2)} · Vd> Vref (4)

When a cryptographic operation instruction is issued from the CPU 111 to the cryptographic circuit 112, the control signal CHK2 is set to a high level before the cryptographic operation is started, thereby turning on the transistor N2 and activating the resistor strings of the resistors R1 and R2. . As a result, the divided voltage Vdiv is supplied to the comparator 114.
Next, the control signal CHK1 is set to a high level, whereby the transistor N1 is turned on, and a current having a current value “I _L ” flows through the constant current source 116.
At this time, the voltage at the GND terminal of the IC does not change, but the voltage at the power terminal of the IC decreases from Vd to (Vd−Rd · I _L ).
Accordingly, the resistance division voltage Vdiv of the resistance connection node ND1 serving as the “−” input of the comparator 114 is as follows.

[Equation 5]
Vdiv = {RV2 / (RV1 + RV2)} · (Vd−Rd · I _L ) (5)

On the other hand, since there is no change in the voltage on the GND side of the IC, there is no change in the reference voltage Vref serving as the “+” input of the comparator 114.
Therefore, as shown in FIG. 5B, if the value of the above equation (5) is smaller than the voltage “Vref”, the above equation (1) is satisfied, and the reset signal RST is generated from the comparator 114. .
When the minimum value of the assumed external resistance “Rd” is 1Ω, the resistance values “RV1” and “RV2” of the resistors R1 and R2 and the reference voltage value “so that the output of the comparator 114 is inverted under the condition. If Vref ”is set, the reset signal RST is surely issued.
Thereby, the current waveform measurement for the DPA attack can be made impossible.

<When resistance “Rs” is added to the GND terminal>
As shown in FIG. 6, when a resistor “Rs” is added to the GND terminal side, Vd = Vcc, and the above equation (2) becomes as follows.

[Equation 6]
{RV2 / (RV1 + RV2)}. (Vcc-Vs) + Vs> Vref + Vs (6)

When a cryptographic operation instruction is issued from the CPU 111 to the cryptographic circuit 112, the control signal CHK2 is set to a high level before the cryptographic operation is started, thereby turning on the transistor N2 and activating the resistor strings of the resistors R1 and R2. . As a result, the divided voltage Vdiv is supplied to the comparator 114.
Next, the control signal CHK1 is set to a high level, whereby the transistor N1 is turned on, and a current having a current value “I _L ” flows through the constant current source 116.
At this time, the voltage at the power supply terminal of the IC does not change, but the voltage at the GND terminal of the IC increases from Vs to Vs + Rs · I _L.
Accordingly, the resistance division voltage “Vdiv” of the resistance connection node ND1 that is the “−” input of the comparator 114 is as follows.

[Equation 7]
Vdiv = {RV2 / (RV1 + RV2)}
(Vcc−Vs−Rs · I _L ) + Vs + Rs · I _L (7)

  On the other hand, the “+” input voltage V (+) of the comparator is as follows.

[Equation 8]
V (+) = Vref + Vs + Rs · I _L (8)

When the expressions (7) and (8) are compared, since “Vs + Rs · I _L ” is a value included in both expressions, the component does not affect the comparison result.
Therefore, when the value of the term other than “Vs + Rs · I _L ” shown below becomes smaller than the value of the reference voltage “Vref”, the comparator 114 issues a reset signal RST.

[Equation 9]
{RV2 / (RV1 + RV2) } · (Vcc-Vs-Rs · I L) ·· (9)

  Here, Vs is Vs = Rs · Iope when the operating current of the resistor string, the comparator, and the reference voltage generation circuit 115 is Iope.

  On the other hand, when the resistor “Rd” is added to the power supply terminal side, the terminal voltage “Vd” of the IC is a voltage (Vcc−Rd · Iope) dropped from the external voltage Vcc by Rd · Iope and is externally attached. If the same resistance value “Rd” is applied to either of the two resistance values, the result is as follows.

[Equation 10]
Vcc−Vs = Vcc−Rs · Iope = Vd (10)

Equation (9) matches equation (5).
As a result, when the external resistors have the same value, it is possible to detect in the same manner when the resistor is attached to the GND terminal side using the resistance string and the set value of the reference voltage when attached to the power supply terminal side.

  As described above, with the circuit configuration of FIG. 2, in the current measurement with the resistance added to the power supply terminal side and the GND terminal side, in both cases, the presence of the resistance is detected and a reset is performed to avoid the DPA attack.

  Next, a case where the frequency detection method is adopted for the LSI (integrated circuit) according to the embodiment of the present invention will be described as an example.

[Second Embodiment]
FIG. 8 is a diagram illustrating a configuration example of an LSI used in an IC card according to the second embodiment of the present invention.
FIG. 9 is a diagram showing a case where a resistor is inserted on the power supply terminal side with respect to the circuit of FIG.
FIG. 10 is a diagram showing a case where a resistor is inserted on the GND terminal side in the circuit of FIG.

The monitor unit MNT2 of the IC card 100A of the second embodiment has the following configuration instead of the comparison control between the reference voltage and the resistance division voltage.
The monitor unit MNT2 includes an oscillation circuit 121 including a NAND gate NA1 and an even number of inverters INV1 to INVn, a capacitor C1, an inverter INV11 connected to the output of the oscillation circuit 121, a counter 122, a register 123, and a comparator 124. It is configured.

The oscillation circuit 121 includes a NAND gate NA1 and an even number of inverters INV1 to INVn.
When the input of a certain element changes, the output of the oscillation circuit 121 changes accordingly. When this change propagates and makes a round and returns, the logic is inverted. Is a circuit that outputs a clock signal by repeating the above.
When attention is paid to a certain element, the output also changes due to the change of the input. At this time, the change propagates by charging or discharging the next gate.
When the power supply voltage of the oscillation circuit 121 changes, the charge / discharge current of the gate also changes, and as a result, the oscillation frequency also changes. When the power supply voltage decreases, the operating current of the circuit element also decreases, and the oscillation frequency increases or decreases.
Using this, the frequency detection method detects the presence or absence of an external resistor.

  Next, the operation of the monitor unit MNT2 that employs the frequency detection method will be described with reference to FIGS.

FIG. 11 shows signal waveforms when a resistor is inserted or not inserted on the power supply terminal side in the circuit of FIG. 8 and when the oscillation frequency of the oscillation circuit 121 increases when the power supply voltage decreases. FIG.
FIG. 12 shows signal waveforms when a resistor is inserted or not inserted on the power supply terminal side in the circuit of FIG. 8 and when the oscillation frequency of the oscillation circuit 121 decreases when the power supply voltage decreases. FIG.

<When the oscillation frequency of the oscillation circuit 121 increases as the power supply voltage decreases>
When a cryptographic operation instruction is issued from the CPU 111, the control signal OSC of the oscillation circuit 121 is set to a high level, and thereby the oscillation circuit 121 enters an operating state.
As shown in FIG. 11, in the period t1, the control signals CHK1 and CHK2 are held at a low level, the constant current source 116 is held off, and the capacitor C1 is disconnected from the oscillation circuit 121. Oscillates.
A pulse is output from the oscillation circuit 121, and the pulse output of the oscillation circuit 121 is counted by the counter 122.

Next, the count result of the counter 122 is moved to the register 123.
In the next period t 2, the control signals CHK 1 and CHK 2 are switched to the high level, the constant current source 116 is turned on, the constant current “I _L ” flows, and the capacitor C 1 is connected to the oscillation circuit 121. The oscillation circuit 121 performs an oscillation operation only for the time.
A pulse is output from the oscillation circuit 121, and the pulse output of the oscillation circuit 121 is counted by the counter 122.
After the count period ends, the control signal OSC is switched to a low level, and the operation of the oscillation circuit 121 is stopped. Thereby, the counter value of the latter half is held in the counter 122.
In this state, the comparator 124 compares the frequency when the constant current source 116 held in Counter is operated with the frequency when the constant current source 116 stored in the register 123 is not operated. .
If the difference is greater than or equal to a predetermined difference as a result of the comparison by the comparator 124, it is determined that the frequency is decreased due to the resistance insertion, and a reset signal RST is generated to perform resetting.

  In this determination, the number of clocks counted even with the same voltage varies. In the determination, it is necessary to perform control for resetting when a difference equal to or larger than the variation at the same voltage is detected.

When resistance is not added to both terminals, the oscillation frequency is reliably reduced by the amount of addition of the capacitor C1.
On the other hand, when a resistor is added, the oscillation frequency increases due to a voltage drop. The addition of the capacitor C1 also works to reduce the oscillation frequency. However, if the capacitance value of the capacitor C1 is set so that the increase in the oscillation frequency due to the voltage drop is superior, the frequency is increased.
In this case, frequency increase occurs only in the case of resistance insertion, and resistance insertion can be detected.

<When the oscillation frequency of the oscillation circuit 121 decreases when the power supply voltage decreases>
In this case, the difference from the case where the oscillation frequency of the oscillation circuit 121 increases when the power supply voltage decreases as described above is that the control signal CHK2 is set to the high level during the oscillation operation of the oscillation circuit 121, as shown in FIG. Is in the period t1.

In this case, in the period t1, the constant current source 116 is off and the oscillation circuit 121 is operated with the capacitor C1 connected to the oscillation circuit 121.
In the period t2, the constant current source is on, and the oscillation circuit 121 is operated in a state where the capacitor C1 is disconnected from the oscillation circuit 121.

When no resistor is added, the oscillation frequency is surely increased by the amount that the capacitor C1 is disconnected.
When a resistor is added, the oscillation frequency decreases due to a voltage drop.
Although the effect of increasing the oscillation frequency works by disconnecting the capacitor C1 from the oscillation circuit 121, if the capacitance value of the capacitor C1 is set so that the decrease of the oscillation frequency due to the voltage drop is better, the frequency decreases.
In this case, frequency reduction occurs only in the case of resistance insertion, and resistance insertion can be detected.

  Here, the reason why the capacitor C1 can be connected to the oscillation circuit 121 will be described with reference to FIG.

Basically, when no resistance is added to both terminals, the voltage supplied to the IC is almost unchanged at Vcc regardless of whether or not the constant current “I _L ” is passed. Therefore, only a count difference of an error level is not detected, and the reset signal RST is not issued.
As shown in FIG. 9, when the resistor “Rd” is inserted on the power supply terminal side, when a constant current “I _L ” is passed, the voltage at the power supply terminal of the IC drops to Vcc−Rd · I _L. As a result, the voltage supplied to the oscillation circuit 121 also decreases by Rd · I _L , and the oscillation frequency also decreases. Therefore, the reset signal RST is issued by comparing the count values.
As shown in FIG. 10, when a resistor “Rs” is inserted on the GND terminal side, when a constant current “I _L ” is passed, the voltage at the GND terminal of the IC increases by Rs · I _L. As a result, the voltage supplied to the oscillation circuit 121 also decreases by Rs · I _L , and the oscillation frequency also decreases. Therefore, the reset signal RST is issued by comparing the count values.

However, since the oscillation circuit consumes a relatively large amount of current, the operating current fluctuates the power supply voltage, resulting in an influence on the oscillation frequency.
Strictly speaking, in the case of normal use without a resistor, the base power supply terminal, GND terminal to IC power supply terminal, and GND terminal are connected by the wiring of the printed circuit board, and the wiring resistance is kept small. There are still several tens of mΩ.
If a constant current is passed in this state, a voltage drop occurs although it is small, which affects (highens) the oscillation frequency.
As described above, even if the resistor is not inserted and the voltage of the oscillation circuit is not changed, even if the oscillation circuit is operated under the same conditions, the oscillation frequency varies within a certain range. The oscillation frequency may be slightly higher.
Therefore, configuring with a margin within a certain range of the oscillation frequency increases the monitoring accuracy. In this embodiment, the capacitor C1 is configured to be connectable to the oscillation circuit 121 based on this.

As described above, according to this embodiment, the monitor units MNT1 and MNT2 that detect the presence / absence of an external resistor in a circuit are mounted, and control is performed to apply a reset when an external resistor is detected. The following effects can be obtained.
The concept of DPA countermeasures by detecting a DPA attack and applying a reset has never existed, and a DPA attack can be avoided even without a logical countermeasure that causes an increase in circuit and current consumption.

It is a figure which shows the structural example of the measurement system of a DPA attack. It is a figure which shows the structural example of LSI used for the IC card based on the 1st Embodiment of this invention. It is a figure which shows the structural example of the variable resistance in the monitor part of this embodiment. It is a figure which shows the case where resistance is inserted in the power supply terminal side with respect to the circuit of FIG. FIG. 3 is a diagram showing signal waveforms when a resistor is not inserted on the power supply terminal side and when it is inserted in the circuit of FIG. 2. It is a figure which shows the case where resistance is inserted in the GND terminal side in the circuit of FIG. It is a figure which shows a signal waveform when resistance is inserted in the GND terminal side in the circuit of FIG. It is a figure which shows the structural example of LSI used for the IC card based on the 2nd Embodiment of this invention. It is a figure which shows the case where resistance is inserted in the power supply terminal side with respect to the circuit of FIG. FIG. 9 is a diagram illustrating a case where a resistor is inserted on the GND terminal side in the circuit of FIG. 8. FIG. 9 is a diagram illustrating signal waveforms when a resistor is inserted on the power supply terminal side in the circuit of FIG. 8 and when a resistor is not inserted, and when the oscillation frequency of the oscillation circuit increases when the power supply voltage decreases. FIG. 9 is a diagram showing signal waveforms when a resistor is inserted on the power supply terminal side in the circuit of FIG. 8 and when a resistor is not inserted, and when the oscillation frequency of the oscillation circuit decreases when the power supply voltage decreases. It is a figure for demonstrating the reason which made it the structure which can connect a capacitor to an oscillation circuit.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 100,100A ... IC card (electronic device), 110 ... LSI, 111 ... CPU, 112 ... Cryptographic circuit, 113 ... Other peripheral circuits, 114 ... Comparator, 115. ..Reference voltage generation circuit (BGR1), 116... Current source, N1... NMOS transistor as a first switch, N2... NMOS transistor as a second switch, MNT1, MNT2. 121... Oscillator circuit, C1... Capacitor, 122... Counter, 123.

Claims (12)

A power line;
A reference power line,
A cryptographic circuit that receives a predetermined power at the power supply terminal and the reference power supply terminal and performs a cryptographic operation;
A monitor unit for detecting that a resistor is connected to at least one of the power supply terminal and the reference power supply terminal by passing a current between the power supply terminal and the reference power supply terminal before issuing a cryptographic operation after issuing the cryptographic operation instruction; A cryptographic processing apparatus. The monitor section
A current source;
A first switch connected in series with the current source between the power supply terminal and the reference power supply terminal and controlled to be turned on and off by a control signal;
A reference voltage generating circuit connected between the power supply terminal and the reference power supply terminal and generating a reference voltage;
A plurality of resistors connected in series to generate a divided voltage;
A second switch connected in series with the plurality of series resistors between the power supply terminal and the reference power supply terminal and controlled to be turned on and off by a control signal;
The encryption processing apparatus according to claim 1, further comprising: a comparator that compares a reference voltage generated by the reference voltage generation circuit with a divided voltage generated by the series resistor. The monitor section
After issuing the cryptographic operation command, the second switch is controlled to be turned on by a control signal to supply a divided voltage to the comparator,
The first switch is controlled to be turned on by a control signal to pass a current between the power supply terminal and the reference power supply terminal,
The comparator compares a divided voltage in a state where a current flows and the reference voltage, and detects a voltage difference when a resistor is connected to at least one of the power supply terminal and the reference power supply terminal. Cryptographic processing equipment. The monitor section
A current source;
A first switch connected in series with the current source between the power supply terminal and the reference power supply terminal and controlled to be turned on and off by a control signal;
An oscillation circuit which is supplied with a driving voltage by the power supply terminal and the reference power supply terminal and performs an oscillation operation in response to a control signal;
A counter for counting the output of the oscillation circuit;
A register capable of holding the counter value;
The encryption processing apparatus according to claim 1, further comprising: a comparator that compares the count value of the counter with the count value held in the register. The monitor section
A capacitor and a second switch connected in series between the reference power supply terminal and the oscillation path of the oscillation circuit;
With the first and second switches turned off, the oscillation circuit is operated by the control signal and the output of the oscillation circuit is counted by the counter and then held in the register.
With the first and second switches turned on, the output of the oscillation circuit is counted again by the counter,
The cryptographic processing device according to claim 4, wherein the comparator compares the recount value with a count value of the register to detect a change in frequency. The monitor section
A capacitor and a second switch connected in series between the reference power supply terminal and the oscillation path of the oscillation circuit;
With the second switch turned on and the first switch turned off, the oscillation circuit is operated by the control signal, the output of the oscillation circuit is counted by the counter, and then held in the register,
With the second switch turned off and the first switch turned on, the output of the oscillation circuit is counted again by the counter,
The cryptographic processing device according to claim 4, wherein the comparator compares the recount value with a count value of the register to detect a change in frequency. A power line;
A reference power line,
A circuit system connected to the power supply line and the reference power supply line;
A cryptographic circuit that receives a predetermined power at the power supply terminal and the reference power supply terminal and performs a cryptographic operation;
A monitor unit for detecting that a resistor is connected to at least one of the power supply terminal and the reference power supply terminal by passing a current between the power supply terminal and the reference power supply terminal before issuing a cryptographic operation after issuing the cryptographic operation instruction; An integrated circuit. The monitor section
A current source;
A first switch connected in series with the current source between the power supply terminal and the reference power supply terminal and controlled to be turned on and off by a control signal;
A reference voltage generating circuit connected between the power supply terminal and the reference power supply terminal and generating a reference voltage;
A plurality of resistors connected in series to generate a divided voltage;
A second switch connected in series with the plurality of series resistors between the power supply terminal and the reference power supply terminal and controlled to be turned on and off by a control signal;
The integrated circuit according to claim 7, further comprising: a comparator that compares a reference voltage generated by the reference voltage generation circuit with a divided voltage generated by the series resistor. The monitor section
After issuing the cryptographic operation command, the second switch is controlled to be turned on by a control signal to supply a divided voltage to the comparator,
The first switch is controlled to be turned on by a control signal to pass a current between the power supply terminal and the reference power supply terminal,
9. The comparator compares a divided voltage in a state in which a current flows and the reference voltage, and detects a voltage difference when a resistor is connected to at least one of the power supply terminal and the reference power supply terminal. Integrated circuit. The monitor section
A current source;
A first switch connected in series with the current source between the power supply terminal and the reference power supply terminal and controlled to be turned on and off by a control signal;
An oscillation circuit which is supplied with a driving voltage by the power supply terminal and the reference power supply terminal and performs an oscillation operation in response to a control signal;
A counter for counting the output of the oscillation circuit;
A register capable of holding the counter value;
The integrated circuit according to claim 7, further comprising: a comparator that compares the count value of the counter with the count value held in the register. The monitor section
A capacitor and a second switch connected in series between the reference power supply terminal and the oscillation path of the oscillation circuit;
With the first and second switches turned off, the oscillation circuit is operated by the control signal and the output of the oscillation circuit is counted by the counter and then held in the register.
With the first and second switches turned on, the output of the oscillation circuit is counted again by the counter,
The integrated circuit according to claim 10, wherein the comparator compares the recount value with a count value of the register to detect a change in frequency. The monitor section
A capacitor and a second switch connected in series between the reference power supply terminal and the oscillation path of the oscillation circuit;
With the second switch turned on and the first switch turned off, the oscillation circuit is operated by the control signal, the output of the oscillation circuit is counted by the counter, and then held in the register,
With the second switch turned off and the first switch turned on, the output of the oscillation circuit is counted again by the counter,
The integrated circuit according to claim 10, wherein the comparator compares the recount value with a count value of the register to detect a change in frequency.

Images