WO2020008229A1 - Circuit and method for protecting asynchronous circuits - Google Patents

Circuit and method for protecting asynchronous circuits Download PDF

Info

Publication number
WO2020008229A1
WO2020008229A1 PCT/IB2018/001147 IB2018001147W WO2020008229A1 WO 2020008229 A1 WO2020008229 A1 WO 2020008229A1 IB 2018001147 W IB2018001147 W IB 2018001147W WO 2020008229 A1 WO2020008229 A1 WO 2020008229A1
Authority
WO
WIPO (PCT)
Prior art keywords
circuit
asynchronous
asynchronous circuit
tokens
fault detection
Prior art date
Application number
PCT/IB2018/001147
Other languages
French (fr)
Inventor
Laurent FESQUET
Abdelkarim CHERKAOUI
Grégoire Gimenez
Raphael FRISCH
Original Assignee
Dolphin Integration
Institut Polytechnique De Grenoble
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dolphin Integration, Institut Polytechnique De Grenoble filed Critical Dolphin Integration
Priority to PCT/IB2018/001147 priority Critical patent/WO2020008229A1/en
Publication of WO2020008229A1 publication Critical patent/WO2020008229A1/en

Links

Classifications

    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03KPULSE TECHNIQUE
    • H03K19/00Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits
    • H03K19/003Modifications for increasing the reliability for protection
    • H03K19/0033Radiation hardening
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03KPULSE TECHNIQUE
    • H03K23/00Pulse counters comprising counting chains; Frequency dividers comprising counting chains
    • H03K23/004Counters counting in a non-natural counting order, e.g. random counters

Definitions

  • the present disclosure relates generally to the field of asynchronous circuits, and in particular to a circuit and method for protecting such circuits from faults.
  • Asynchronous circuits are circuits that are locally synchronized, rather than being globally synchronized by a global signal.
  • asynchronous circuits such as asynchronous pipelines or the like involve a propagation of asynchronous edges representing data events and control events, the control events often being referred to as tokens.
  • the tokens and/or data in an asynchronous circuit may be corrupted by physical phenomena, such as radiation provoking single event upsets (SEU) and/or intentionally in order to inject faults by someone wishing to modify the circuit operations for fraudulent purposes.
  • SEU radiation provoking single event upsets
  • a fault detection circuit comprising: sampling elements configured to sample signals present at a plurality of nodes of an asynchronous circuit; a logic circuit configured to determine a number of tokens in the asynchronous circuit based on the sampled signals; and a comparator configured to compare the determined number of tokens with a reference value, a fault being detected based on said comparison.
  • the asynchronous circuit consists of a plurality of stages, each stage being configured to process one token at a time, a corresponding one of the sampling elements being configured to sample the signal present at an output node of each stage of the asynchronous circuit .
  • one or more of said nodes is an output of a logic circuit having its inputs coupled to a pair of input control and/or data lines, or to a pair of output control and/or data lines, of one or more stages.
  • each sampling element comprises at least a memorizing element, such as a flip-flop, latch, C-element, etc., each memorizing element having a data input coupled to a corresponding one of the plurality of nodes of the asynchronous circuit.
  • a memorizing element such as a flip-flop, latch, C-element, etc.
  • the logic circuit comprises a plurality of logic gates configured to detect differences in the logic states between adjacent ones of the plurality of nodes.
  • the asynchronous circuit forms a closed loop.
  • a true random number generator comprising: a self-timed ring implemented by a closed loop asynchronous circuit; and the above fault detection circuit.
  • a secure asynchronous circuit comprising: an open-loop asynchronous circuit; an input circuit configured to detect tokens entering the asynchronous circuit; an output circuit configured to detect tokens exiting the asynchronous circuit; and the above fault detection circuit.
  • the secure asynchronous circuit further comprises a reference value generation circuit for generating the reference value based on the number of tokens detected by the input and output circuits.
  • the reference value generation circuit is an up/down counter configured to increment a count value when a token entering the asynchronous circuit is detected and to decrement the count value when a token exiting the asynchronous circuit is detected.
  • a method of protecting an asynchronous circuit from faults comprising: sampling signals present at a plurality of nodes of the asynchronous circuit; determining, by a logic circuit, a number of tokens in the asynchronous circuit based on the sampled signals; and comparing the determined number of tokens with a reference value, a fault being detected based on said comparison.
  • Figure 1 schematically illustrates an asynchronous circuit and a fault detection circuit according to an example embodiment of the present disclosure
  • FIG. 2A Figure 2A schematically illustrates an asynchronous half-buffer according to an example embodiment
  • FIG. 2B Figure 2B represents 4-phase encoding according to an example embodiment
  • Figure 2C represents 2-phase encoding according to an example embodiment
  • FIG. 3 Figure 3 schematically illustrates a logic circuit of Figure 1 in more detail according to an example embodiment
  • FIG. 4 Figure 4 schematically illustrates a self- timed ring based true random number generator according to an example embodiment of the present disclosure
  • Figure 5 is a graph representing operation of the circuit of Figure 4 according to example embodiment
  • FIG. 6 Figure 6 schematically illustrates an open- loop asynchronous circuit and a fault detection circuit according to a further example embodiment of the present disclosure.
  • Figure 7 is a flow diagram representing operations in a method of fault detection in an asynchronous circuit according to an example embodiment of the present disclosure .
  • asynchronous circuit a circuit in which the timing of events is not linked to a common clock signal
  • Figure 1 schematically illustrates an asynchronous circuit 100 and a fault detection circuit 102 according to an example embodiment of the present disclosure.
  • the asynchronous circuit for example comprises stages 104 coupled in series, each stage processing one token at the time.
  • the propagation of control and data signals in asynchronous circuits may involve a handshake protocol in which each stage cannot accept a new data or control event until a current data event has been processed and sent to a subsequent stage.
  • a stage waits for an acknowledgement signal from the subsequent stage before accepting a new data event by asserting its own acknowledgement signal. In other cases, it may be possible for a stage to accept new data before it has received the acknowledgement signal from the subsequent stage .
  • Input, output and intermediate nodes nl to n(L+l) at the inputs and outputs of each of the stages 104 of the asynchronous circuit 100 are for example coupled to the fault detection circuit 102.
  • the number L+l of nodes will depend on the number of stages L in the asynchronous circuit.
  • both the input and output of the asynchronous circuit are treated as nodes coupled to the fault detection circuit 102.
  • only one of the input and output is for example treated as such a node, and thus there are L nodes rather than L+l.
  • the fault detection circuit 102 for example comprise a sampling circuit for sampling the signals at the nodes nl to n(L+l) .
  • this sampling circuit is formed of sampling elements SE_1 to SE_L+1 each implemented by a flip-flop.
  • Each node nl to n(L+l) of the asynchronous circuit 100 is for example associated with a dedicated flip- flop.
  • a different type of sampling circuit could be used, such as latches or a sample and hold circuit based on a capacitance.
  • the flip-flops SE_1 to SE_L+1 are for example D-type flip-flops, and capture the node tokens based on a common sampling signal SAMPLE.
  • this sampling signal SAMPLE is provided by an external unit or by one or more of the nodes nl to n(L+l) of the asynchronous circuit.
  • the sampling signal SAMPLE could also be generated by a combination of the signals at a plurality of the nodes nl to n(L+l), the signals for example being combined by an XOR tree.
  • the flip-flops SE_1 to SE_L+1 have their data inputs D coupled to the corresponding nodes nl to n(L+l), and their data outputs Q, which respectively provide samples si to s(L+l), coupled to a logic circuit (LOGIC) 110.
  • the circuit 110 for example generates a number N' representing the number of tokens present in the asynchronous circuit 100 based on the signals sampled by the sampling circuit.
  • the number N' is compared by a comparator 112 to a reference value N. In the case that these values do not match, this for example is interpreted as an indication of a fault injected, or otherwise occurring, in the asynchronous circuit 100.
  • An alert signal ALERT is for example generated upon every fault detection, in other words whenever N' is not equal to N.
  • an ALERT signal could be generated when the difference between N' and N is greater than a threshold, the threshold for example being set at 2 or a higher value.
  • the nodes nl to n(L+l) of the asynchronous circuit may correspond directly to nodes on the lines between the stages, or may involve a logic function applied to more than one of the lines (in some implementation/protocol, internal point can also be used and combined with the inputs /outputs of the stage) , as will now be described in more detail with reference to Figures 2A to 2C. Indeed, the nodes are for example selected or generated such that the signals at these nodes transition at each new token.
  • Figure 2A schematically illustrates a half-buffer 200 formed of a pair of C-elements 202, 204.
  • a half-buffer for example forms part of each stage of the asynchronous circuit 100 of Figure 1, and controls the progression of data through the circuit.
  • the C-element 202 has one of its inputs coupled to a data input line 206 receiving an input data signal 1.0, and its other input coupled to a data input line 208 receiving a data input signal 1.1.
  • the other inputs of the C-elements 202 and 204 are coupled to an acknowledgement line 210 receiving an acknowledgement signal 0_ack.
  • the outputs of the C-elements 202, 204 are coupled to output data lines 212 and 214 respectively, the line 212 providing an output data signal 0.0, and the line 214 providing an output data signal 0.1.
  • the lines 212 and 214 are also coupled to respective inputs of a two-input NOR gate 216, which provides at its output an acknowledgement signal I_ack on an acknowledgement line 218.
  • Each C-element 202, 204 for example has an operation defined by the following truth table, where the input signals are referenced A and B, and the output signal is referenced
  • a data bit is transmitted on the input data lines 206, 208 and on the output data lines 212, 214 using a 4-phase protocol according to which : - logic states "01" on the lines 1.0 and 1.1 respectively or on the lines 0.0 and O.l respectively for example transmits a logical "1" bit;
  • Figure 2B represents the 4-phase encoding implemented in Figure 2A, in which, in an idle state, both data lines are at a low state, and one or the other data line is brought to a high state to transmit either a "0" or a "1" bit. Two high states is a forbidden state. If a stage i is based on this protocol, the input node ni for example corresponds to a logic OR applied to the data input lines, and the output node n(i+l) of the stage for example corresponds to a logic OR applied to the data output lines.
  • Figure 2C represents 2-phase encoding in which a "0" bit is transmitted by maintaining a first of the data lines at a low state, and toggling the second data line between high and low states on each data event.
  • a "1" bit is transmitted by maintaining the first data line at a high state, and toggling the second data line between high and low states on each data event.
  • the input node ni for example corresponds to a logic XOR applied to the data input lines
  • the output node n(i+l) of the stage for example corresponds to a logic XOR applied to the data output lines.
  • Figure 3 schematically illustrates the logic circuit
  • the samples si to s(L+l) generated by the sampling elements SE_1 to SE_L+1 are provided in pairs to L+l XOR gates 302.
  • each ith XOR gate for i from 1 to L+l, performs the exclusive OR operation on the samples s(i-l) and si.
  • the XOR gates 302 detect the presence of transitions, i.e. tokens, between on the (i-l)th sample and the ith sample.
  • the outputs of the XOR gates 302 are coupled to a hash code generation circuit (HASH CODE GEN) 304, which for example generates a fixed length code N' representing the number of detected tokens.
  • the hash code is a Hamming weight, although other algorithms could be applied.
  • Figure 4 schematically illustrates a self-timed ring (STR) based true random number generator (STRNG) 400 according to an example embodiment of the present disclosure.
  • STR self-timed ring
  • STRNG true random number generator
  • the generator 400 for example comprises a self-timed ring 402 formed by an asynchronous circuit comprising stages SI to SL.
  • each ith stage for i from 1 to L, is for example implemented by a C-element having an input Fi, an inverted input Ri and an output Ci .
  • each ith stage Si for example has its output coupled to the input F(i+1) of the stage S(i+1) and to the inverted input R(i-l) of the stage S(i-l), where the stage S(i-l) for the first stage SI is the stage SL, and the stage S(i+1) for the Lth stage is the stage SI.
  • the number L of stages is for example equal to an integer equal to or greater than 3.
  • Random values are extracted from the self-timed ring by an entropy extractor 404.
  • the circuit 404 is configured to sample the outputs Cl to CL of the stages SI to SL using respective sampling elements SE_0' to SE_L' .
  • the sampling elements SE_0' to SE_L' each for example correspond to a flip- flop clocked by a sampling signal SAMPLE' , which for example indicates each time a random value is to be extracted.
  • the sampled signals at the outputs of the sampling elements SE_1' to SE_L' are combined, for example using an XOR tree 406, to generate a random output signal OUTPUT for example corresponding to a single bit stream.
  • Figure 5 is a graph representing an example of the operation of the circuit of Figure 4, based on events at nodes C(j-l), Cj and Cj+1 re-indexed to correspond to three consecutive events around a significant edge of the sampling signal SAMPLE' . Shaded regions in Figure 5 around the edge of the signal SAMPLE' and around each event represent the range of jitter variations, which have a normal distribution. Thus, when the jitter variations are larger than the mean phase difference Df between consecutive events, the signal Cj is sampled in its uncertainty zone, implying the generation of a random value.
  • the fault detection circuit 102 of Figure 1 can be used in conjunction with the embodiment of Figure 4, for example by treating the inputs FI to FL as the nodes nl to nL of the asynchronous circuit to be sampled by the fault detection circuit 102.
  • the sampling elements SE_1 to SE_L of the fault detection circuit 102 and the sampling elements SE_1' to SE_L' of the entropy extractor 404 could be implemented by a same set of flip-flops or latches, and thus the number tokens can for example be verified upon each random value extraction.
  • Figures 4 and 5 correspond to a case of a closed- loop system in which the number of tokens circulating in the loop is initially defined and then remains fixed during operation.
  • the number of tokens is for example chosen in order to respect a certain minimum occupancy, as described in more detail in the above-referenced publication by G. Gimenez et al .
  • the reference number N is for example fixed.
  • the correct behavior of the generator of Figure 4 is dependent on the number of tokens circulating in the self-timed ring. Thanks to the fault detection circuit described herein, the number of tokens can for example be verified at regular intervals.
  • the number of tokens in the asynchronous circuit at a given time may vary based on the number of tokens entering and exiting the circuit.
  • Figure 6 schematically illustrates a secure asynchronous circuit 600 comprising the asynchronous circuit 100, which in this example is an open-loop circuit, and the fault detection circuit 102, according to a further example embodiment of the present disclosure.
  • an input circuit (IN DETECT) 602 is provided for detecting the number of tokens entering the asynchronous circuit 100. Furthermore, an output circuit (OUT DETECT) 604 is provided for detecting the number of tokens exiting the asynchronous circuit 100. With respect to the detection circuit 102 of Figure 1, the detection circuit 102 of Figure 6 additionally comprises circuitry for determining the reference value N based on the tokens entering and exiting the asynchronous circuit.
  • this circuitry comprises an up/down counter (UP/DN COUNTER) 606, which increments a count value each time a token is detected by the circuit 602 as entering the asynchronous circuit 100, and which decrements the count value each time a token is detected by the circuit 604 as exiting the asynchronous circuit 100.
  • UP/DN COUNTER up/down counter
  • this count value may directly provide the reference value N representing the number of tokens in the asynchronous circuit 100, if for example the number of tokens in this circuit 100 is initially zero.
  • the value of N could be calculated differently, for example as the sum of the initial value of N' detected in the circuit 100 and the count value generated by the up/down counter 606.
  • the values of N' and N may additionally be condensed by a hash algorithm or the like, as described above in relation with Figure 1.
  • the output count value generated by the up/down counter 606 is sampled by a flip-flop 608 based on the same signal SAMPLE used to sample the nodes of the asynchronous circuit 100.
  • Figure 7 is a flow diagram representing operations in a method of fault detection in an asynchronous circuit according to an example embodiment of the present disclosure.
  • the number of tokens N' in an asynchronous circuit is determined. As described above with reference to Figures 1 and 3, this is for example achieved by sampling the signal at a node between each stage of the asynchronous circuit. In some embodiments, tokens are then detected using XOR gates or other logic gates to compare the signals at adjacent nodes in order to detect transitions that occur between the nodes.
  • operations 702 and 703 may be implemented in parallel with operation 701.
  • Operations 702 and 703 respectively involve monitoring the number of tokens entering and exiting the asynchronous circuit.
  • these operations are for example performed when the asynchronous circuit is not a closed loop, but rather an open loop in which the rate that tokens enter the circuit may vary with respect to the rate that tokens exit the circuit, leading to a natural variation in the number of tokens in the circuit.
  • the determined number of tokens N' is compared with a reference value N.
  • this reference value N may be fixed.
  • this reference value N may be based on the number of input and output tokens determined in operations 702 and 703.
  • the values N' and N could be binary values directly equal to the number of tokens, or they could be condensed values, for example generated using a hash algorithm.
  • an operation 705 it is determined whether N' is equal to N. If so, the method for example returns to operation 701, and is repeated at a next significant edge of the sampling signal SAMPLE. Alternatively, if the values N' and N do not match, an alert can for example be generated in an operation 706 before the method returns to operation 701. It will be apparent to those skilled in the art that the comparison performed by the comparator 112 could be implemented by a logic circuit, or by software code executed by a computer processor.
  • An advantage of the embodiments described herein is that an asynchronous circuit can be protected from faults caused by fault injection, SEUs, etc., in a simple and effective manner. Furthermore, an advantage of the embodiment of Figure 6 is that it permits the method to be applied to open-loop circuits in which the number of tokens expected in the circuit varies.
  • each stage of the asynchronous circuit comprises a half-buffer
  • other types of buffering circuits could be used.
  • the logic circuit 110 may comprise XOR gates as represented in Figure 3, or could be implemented using different types of logic circuitry. The implementation of the logic circuit 110 will depend on the class of asynchronous circuit and the particular protocols that are employed.
  • the asynchronous circuit 100 could be split into two or more sub-circuits, each of which can be monitored independently by the fault detection circuit described herein. One or more of these sub circuits could also not be monitored at all.

Abstract

The present disclosure relates to a fault detection circuit comprising: sampling elements (SE_1 to SE_L) configured to sample signals present at a plurality of nodes (n1 to nL) of an asynchronous circuit (100); a logic circuit (110) configured to determine a number of tokens (Ν' ) in the asynchronous circuit based on the sampled signals; and a comparator (112) configured to compare the determined number of tokens with a reference value (N), a fault being detected based on said comparison.

Description

Description
CIRCUIT AND METHOD FOR PROTECTING ASYNCHRONOUS CIRCUITS
[0001] Field
[0002] The present disclosure relates generally to the field of asynchronous circuits, and in particular to a circuit and method for protecting such circuits from faults.
[0003] Background
[0004] Asynchronous circuits are circuits that are locally synchronized, rather than being globally synchronized by a global signal. Generally, asynchronous circuits such as asynchronous pipelines or the like involve a propagation of asynchronous edges representing data events and control events, the control events often being referred to as tokens.
[0005] The tokens and/or data in an asynchronous circuit may be corrupted by physical phenomena, such as radiation provoking single event upsets (SEU) and/or intentionally in order to inject faults by someone wishing to modify the circuit operations for fraudulent purposes.
[0006] The duplication of circuits in order to introduce redundancy provides one counter-measure against potential data/token corruption. However, such a counter-measure has significant cost in terms of chip area and power consumption.
[0007] Summary
[0008] The embodiments described herein aim to at least partially address one or more problems in the prior art.
[0009] According to one aspect, there is provided a fault detection circuit comprising: sampling elements configured to sample signals present at a plurality of nodes of an asynchronous circuit; a logic circuit configured to determine a number of tokens in the asynchronous circuit based on the sampled signals; and a comparator configured to compare the determined number of tokens with a reference value, a fault being detected based on said comparison.
[0010] According to one embodiment, the asynchronous circuit consists of a plurality of stages, each stage being configured to process one token at a time, a corresponding one of the sampling elements being configured to sample the signal present at an output node of each stage of the asynchronous circuit .
[0011] According to one embodiment, one or more of said nodes is an output of a logic circuit having its inputs coupled to a pair of input control and/or data lines, or to a pair of output control and/or data lines, of one or more stages.
[0012] According to one embodiment, each sampling element comprises at least a memorizing element, such as a flip-flop, latch, C-element, etc., each memorizing element having a data input coupled to a corresponding one of the plurality of nodes of the asynchronous circuit.
[0013] According to one embodiment, the logic circuit comprises a plurality of logic gates configured to detect differences in the logic states between adjacent ones of the plurality of nodes.
[0014] According to one embodiment, the asynchronous circuit forms a closed loop.
[0015] According to a further aspect, there is provided a true random number generator comprising: a self-timed ring implemented by a closed loop asynchronous circuit; and the above fault detection circuit.
[0016] According to a further aspect, there is provided a secure asynchronous circuit comprising: an open-loop asynchronous circuit; an input circuit configured to detect tokens entering the asynchronous circuit; an output circuit configured to detect tokens exiting the asynchronous circuit; and the above fault detection circuit.
[0017] According to one embodiment, the secure asynchronous circuit further comprises a reference value generation circuit for generating the reference value based on the number of tokens detected by the input and output circuits.
[0018] According to one embodiment, the reference value generation circuit is an up/down counter configured to increment a count value when a token entering the asynchronous circuit is detected and to decrement the count value when a token exiting the asynchronous circuit is detected.
[0019] According to a further aspect, there is provided a method of protecting an asynchronous circuit from faults, the method comprising: sampling signals present at a plurality of nodes of the asynchronous circuit; determining, by a logic circuit, a number of tokens in the asynchronous circuit based on the sampled signals; and comparing the determined number of tokens with a reference value, a fault being detected based on said comparison.
[0020] Brief disclosure of the drawings
[0021] The foregoing features and advantages, as well as others, will be described in detail in the following description of specific embodiments given by way of illustration and not limitation with reference to the accompanying drawings, in which:
[0022] [Fig. 1] Figure 1 schematically illustrates an asynchronous circuit and a fault detection circuit according to an example embodiment of the present disclosure;
[0023] [Fig. 2A] Figure 2A schematically illustrates an asynchronous half-buffer according to an example embodiment; [0024] [Fig. 2B] Figure 2B represents 4-phase encoding according to an example embodiment;
[0025] [Fig. 2C] Figure 2C represents 2-phase encoding according to an example embodiment;
[0026] [Fig. 3] Figure 3 schematically illustrates a logic circuit of Figure 1 in more detail according to an example embodiment ;
[0027] [Fig. 4] Figure 4 schematically illustrates a self- timed ring based true random number generator according to an example embodiment of the present disclosure;
[0028] [Fig. 5] Figure 5 is a graph representing operation of the circuit of Figure 4 according to example embodiment;
[0029] [Fig. 6] Figure 6 schematically illustrates an open- loop asynchronous circuit and a fault detection circuit according to a further example embodiment of the present disclosure; and
[0030] [Fig. 7] Figure 7 is a flow diagram representing operations in a method of fault detection in an asynchronous circuit according to an example embodiment of the present disclosure .
[0031] Detailed disclosure
[0032] Like features have been designated by like references in the various figures. In particular, the structural and/or functional features that are common among the various embodiments may have the same references and may dispose identical structural, dimensional and material properties.
[0033] Unless indicated otherwise, when reference is made to two elements connected together, this signifies a direct connection without any intermediate elements other than conductors, and when reference is made to two elements linked or coupled together, this signifies that these two elements can be connected or they can be linked or coupled via one or more other elements.
[0034] Throughout the present disclosure, the following terms are assumed to have the following definitions:
[0035] asynchronous circuit - a circuit in which the timing of events is not linked to a common clock signal;
[0036] token - a state transition of a data signal or control signal that propagates through an asynchronous circuit; and
[0037] stage - an asynchronous circuit block that can contain one token at a time.
[0038] Figure 1 schematically illustrates an asynchronous circuit 100 and a fault detection circuit 102 according to an example embodiment of the present disclosure.
[0039] The asynchronous circuit for example comprises stages 104 coupled in series, each stage processing one token at the time. In particular, as known by those skilled in the art, the propagation of control and data signals in asynchronous circuits may involve a handshake protocol in which each stage cannot accept a new data or control event until a current data event has been processed and sent to a subsequent stage. In some cases, a stage waits for an acknowledgement signal from the subsequent stage before accepting a new data event by asserting its own acknowledgement signal. In other cases, it may be possible for a stage to accept new data before it has received the acknowledgement signal from the subsequent stage .
[0040] While in the example of Figure 1 the stages of the asynchronous circuit 100 are coupled in series, it will be apparent to those skilled in the art that one or more stages could alternatively or additionally be coupled in parallel with each other, for example using non-linear asynchronous components such as fork and join. [0041] Input, output and intermediate nodes nl to n(L+l) at the inputs and outputs of each of the stages 104 of the asynchronous circuit 100 are for example coupled to the fault detection circuit 102. The number L+l of nodes will depend on the number of stages L in the asynchronous circuit. In the example of Figure 1, both the input and output of the asynchronous circuit are treated as nodes coupled to the fault detection circuit 102. In alternative embodiments, for example in the case of a closed-loop asynchronous circuit discussed in more detail below, only one of the input and output is for example treated as such a node, and thus there are L nodes rather than L+l.
[0042] The fault detection circuit 102 for example comprise a sampling circuit for sampling the signals at the nodes nl to n(L+l) . In the example of Figure 1, this sampling circuit is formed of sampling elements SE_1 to SE_L+1 each implemented by a flip-flop. Each node nl to n(L+l) of the asynchronous circuit 100 is for example associated with a dedicated flip- flop. In alternative embodiments, a different type of sampling circuit could be used, such as latches or a sample and hold circuit based on a capacitance.
[0043] The flip-flops SE_1 to SE_L+1 are for example D-type flip-flops, and capture the node tokens based on a common sampling signal SAMPLE. In some embodiments, this sampling signal SAMPLE is provided by an external unit or by one or more of the nodes nl to n(L+l) of the asynchronous circuit. The sampling signal SAMPLE could also be generated by a combination of the signals at a plurality of the nodes nl to n(L+l), the signals for example being combined by an XOR tree.
[0044] The flip-flops SE_1 to SE_L+1 have their data inputs D coupled to the corresponding nodes nl to n(L+l), and their data outputs Q, which respectively provide samples si to s(L+l), coupled to a logic circuit (LOGIC) 110. The circuit 110 for example generates a number N' representing the number of tokens present in the asynchronous circuit 100 based on the signals sampled by the sampling circuit. The number N' is compared by a comparator 112 to a reference value N. In the case that these values do not match, this for example is interpreted as an indication of a fault injected, or otherwise occurring, in the asynchronous circuit 100. Indeed, a fault will cause a state transition at a node of the asynchronous circuit, and will thus either add a token, or remove a token, from the circuit. An alert signal ALERT is for example generated upon every fault detection, in other words whenever N' is not equal to N. Alternatively or additionally, an ALERT signal could be generated when the difference between N' and N is greater than a threshold, the threshold for example being set at 2 or a higher value.
[0045] The nodes nl to n(L+l) of the asynchronous circuit may correspond directly to nodes on the lines between the stages, or may involve a logic function applied to more than one of the lines (in some implementation/protocol, internal point can also be used and combined with the inputs /outputs of the stage) , as will now be described in more detail with reference to Figures 2A to 2C. Indeed, the nodes are for example selected or generated such that the signals at these nodes transition at each new token.
[0046] Figure 2A schematically illustrates a half-buffer 200 formed of a pair of C-elements 202, 204. Such a half-buffer for example forms part of each stage of the asynchronous circuit 100 of Figure 1, and controls the progression of data through the circuit.
[0047] The C-element 202 has one of its inputs coupled to a data input line 206 receiving an input data signal 1.0, and its other input coupled to a data input line 208 receiving a data input signal 1.1. The other inputs of the C-elements 202 and 204 are coupled to an acknowledgement line 210 receiving an acknowledgement signal 0_ack. The outputs of the C-elements 202, 204 are coupled to output data lines 212 and 214 respectively, the line 212 providing an output data signal 0.0, and the line 214 providing an output data signal 0.1. The lines 212 and 214 are also coupled to respective inputs of a two-input NOR gate 216, which provides at its output an acknowledgement signal I_ack on an acknowledgement line 218.
[0048] Each C-element 202, 204 for example has an operation defined by the following truth table, where the input signals are referenced A and B, and the output signal is referenced
Z :
[0049] [Tableaux 1]
Figure imgf000010_0001
[0050] In other words, when the values of the input signals A and B are at the same logic level, the output signal Z is set to this logic level. When the values of the input signals A and B are at different logic levels from each other, the circuit is in a standby state in which the output signal Z remains unchanged.
[0051] Referring again to Figure 2A, a data bit is transmitted on the input data lines 206, 208 and on the output data lines 212, 214 using a 4-phase protocol according to which : - logic states "01" on the lines 1.0 and 1.1 respectively or on the lines 0.0 and O.l respectively for example transmits a logical "1" bit;
- logic states "10" on the lines 1.0 and 1.1 respectively or on the lines 0.0 and O.l respectively for example transmits a logical "0" bit;
- logic states "00" on the lines 1.0 and 1.1 or on the lines 0.0 and O.l for example indicates an idle state in which no data is transmitted; and
- logic states "11" on the lines 1.0 and 1.1 or on the lines 0.0 and O.l is for example a forbidden state.
[0052] The nodes of the stage 200 that form part of the nodes nl to n(L+l) may correspond to the data input lines 206 and 208 combined by an OR gate (not illustrated in Figure 2A) , and to the data output lines 212 and 214 combined by an OR gate (also not illustrated in Figure 2A) , or to the acknowledgement input and output lines 210, 218 directly.
[0053] In other embodiments, different protocols can be implemented for transmitting data events on two data lines, as will now be described with reference to Figures 2B and 2C.
[0054] Figure 2B represents the 4-phase encoding implemented in Figure 2A, in which, in an idle state, both data lines are at a low state, and one or the other data line is brought to a high state to transmit either a "0" or a "1" bit. Two high states is a forbidden state. If a stage i is based on this protocol, the input node ni for example corresponds to a logic OR applied to the data input lines, and the output node n(i+l) of the stage for example corresponds to a logic OR applied to the data output lines.
[0055] Figure 2C represents 2-phase encoding in which a "0" bit is transmitted by maintaining a first of the data lines at a low state, and toggling the second data line between high and low states on each data event. A "1" bit is transmitted by maintaining the first data line at a high state, and toggling the second data line between high and low states on each data event. If a stage I is based on this protocol, the input node ni for example corresponds to a logic XOR applied to the data input lines, and the output node n(i+l) of the stage for example corresponds to a logic XOR applied to the data output lines.
[0056] Figure 3 schematically illustrates the logic circuit
110 according to an example embodiment. In the example of Figure 3, the samples si to s(L+l) generated by the sampling elements SE_1 to SE_L+1 are provided in pairs to L+l XOR gates 302. In particular, each ith XOR gate, for i from 1 to L+l, performs the exclusive OR operation on the samples s(i-l) and si. Thus the XOR gates 302 detect the presence of transitions, i.e. tokens, between on the (i-l)th sample and the ith sample. The outputs of the XOR gates 302 are coupled to a hash code generation circuit (HASH CODE GEN) 304, which for example generates a fixed length code N' representing the number of detected tokens. In some embodiments, the hash code is a Hamming weight, although other algorithms could be applied.
[0057] Rather than using XOR gates 302 to detect tokens held in each stage, other logic functions could be used, depending on the protocol. For example, in the case of the 4-phase protocol, an AND gate with one inverted input could be used, as will be understood by those skilled in the art.
[0058] Figure 4 schematically illustrates a self-timed ring (STR) based true random number generator (STRNG) 400 according to an example embodiment of the present disclosure. Such a circuit is for example described in more detail in the French patent published as FR 2 986 679, and in the publication entitled "Self-timed Ring based True Random Number Generator: threat model and countermeasures", G. Gimenez et al . , 2017 IEEE 2nd International Verification and Security Workshop (IVSW), the contents of these documents being hereby incorporated by reference to the extent permitted by the law.
[0059] The generator 400 for example comprises a self-timed ring 402 formed by an asynchronous circuit comprising stages SI to SL. As represented for the first stage SI of the ring, each ith stage, for i from 1 to L, is for example implemented by a C-element having an input Fi, an inverted input Ri and an output Ci . Furthermore, each ith stage Si for example has its output coupled to the input F(i+1) of the stage S(i+1) and to the inverted input R(i-l) of the stage S(i-l), where the stage S(i-l) for the first stage SI is the stage SL, and the stage S(i+1) for the Lth stage is the stage SI. The number L of stages is for example equal to an integer equal to or greater than 3.
[0060] Random values are extracted from the self-timed ring by an entropy extractor 404. The circuit 404 is configured to sample the outputs Cl to CL of the stages SI to SL using respective sampling elements SE_0' to SE_L' . The sampling elements SE_0' to SE_L' each for example correspond to a flip- flop clocked by a sampling signal SAMPLE' , which for example indicates each time a random value is to be extracted. The sampled signals at the outputs of the sampling elements SE_1' to SE_L' are combined, for example using an XOR tree 406, to generate a random output signal OUTPUT for example corresponding to a single bit stream.
[0061] Figure 5 is a graph representing an example of the operation of the circuit of Figure 4, based on events at nodes C(j-l), Cj and Cj+1 re-indexed to correspond to three consecutive events around a significant edge of the sampling signal SAMPLE' . Shaded regions in Figure 5 around the edge of the signal SAMPLE' and around each event represent the range of jitter variations, which have a normal distribution. Thus, when the jitter variations are larger than the mean phase difference Df between consecutive events, the signal Cj is sampled in its uncertainty zone, implying the generation of a random value.
[0062] The fault detection circuit 102 of Figure 1 can be used in conjunction with the embodiment of Figure 4, for example by treating the inputs FI to FL as the nodes nl to nL of the asynchronous circuit to be sampled by the fault detection circuit 102. In some cases, the sampling elements SE_1 to SE_L of the fault detection circuit 102 and the sampling elements SE_1' to SE_L' of the entropy extractor 404 could be implemented by a same set of flip-flops or latches, and thus the number tokens can for example be verified upon each random value extraction.
[0063] Thus Figures 4 and 5 correspond to a case of a closed- loop system in which the number of tokens circulating in the loop is initially defined and then remains fixed during operation. In the case of the self-timed ring of Figure 4, the number of tokens is for example chosen in order to respect a certain minimum occupancy, as described in more detail in the above-referenced publication by G. Gimenez et al . Thus the reference number N is for example fixed. Furthermore, it should be noted that the correct behavior of the generator of Figure 4 is dependent on the number of tokens circulating in the self-timed ring. Thanks to the fault detection circuit described herein, the number of tokens can for example be verified at regular intervals.
[0064] In the case of open-loop asynchronous circuits, the number of tokens in the asynchronous circuit at a given time may vary based on the number of tokens entering and exiting the circuit.
[0065] Figure 6 schematically illustrates a secure asynchronous circuit 600 comprising the asynchronous circuit 100, which in this example is an open-loop circuit, and the fault detection circuit 102, according to a further example embodiment of the present disclosure.
[0066] In the embodiment of Figure 6, an input circuit (IN DETECT) 602 is provided for detecting the number of tokens entering the asynchronous circuit 100. Furthermore, an output circuit (OUT DETECT) 604 is provided for detecting the number of tokens exiting the asynchronous circuit 100. With respect to the detection circuit 102 of Figure 1, the detection circuit 102 of Figure 6 additionally comprises circuitry for determining the reference value N based on the tokens entering and exiting the asynchronous circuit. For example, this circuitry comprises an up/down counter (UP/DN COUNTER) 606, which increments a count value each time a token is detected by the circuit 602 as entering the asynchronous circuit 100, and which decrements the count value each time a token is detected by the circuit 604 as exiting the asynchronous circuit 100.
[0067] As shown in example of Figure 6, this count value may directly provide the reference value N representing the number of tokens in the asynchronous circuit 100, if for example the number of tokens in this circuit 100 is initially zero. Alternatively, the value of N could be calculated differently, for example as the sum of the initial value of N' detected in the circuit 100 and the count value generated by the up/down counter 606. Of course, the values of N' and N may additionally be condensed by a hash algorithm or the like, as described above in relation with Figure 1.
[0068] In some embodiments, the output count value generated by the up/down counter 606 is sampled by a flip-flop 608 based on the same signal SAMPLE used to sample the nodes of the asynchronous circuit 100. [0069] Figure 7 is a flow diagram representing operations in a method of fault detection in an asynchronous circuit according to an example embodiment of the present disclosure.
[0070] In an operation 701, the number of tokens N' in an asynchronous circuit is determined. As described above with reference to Figures 1 and 3, this is for example achieved by sampling the signal at a node between each stage of the asynchronous circuit. In some embodiments, tokens are then detected using XOR gates or other logic gates to compare the signals at adjacent nodes in order to detect transitions that occur between the nodes.
[0071] Depending on the type of asynchronous circuit, operations 702 and 703 may be implemented in parallel with operation 701. Operations 702 and 703 respectively involve monitoring the number of tokens entering and exiting the asynchronous circuit. As described in relation with Figure 6 above, these operations are for example performed when the asynchronous circuit is not a closed loop, but rather an open loop in which the rate that tokens enter the circuit may vary with respect to the rate that tokens exit the circuit, leading to a natural variation in the number of tokens in the circuit.
[0072] Following operation 701, the determined number of tokens N' is compared with a reference value N. In a closed- loop circuit, this reference value N may be fixed. In an open- loop circuit, this reference value N may be based on the number of input and output tokens determined in operations 702 and 703. In either case, the values N' and N could be binary values directly equal to the number of tokens, or they could be condensed values, for example generated using a hash algorithm.
[0073] In an operation 705, it is determined whether N' is equal to N. If so, the method for example returns to operation 701, and is repeated at a next significant edge of the sampling signal SAMPLE. Alternatively, if the values N' and N do not match, an alert can for example be generated in an operation 706 before the method returns to operation 701. It will be apparent to those skilled in the art that the comparison performed by the comparator 112 could be implemented by a logic circuit, or by software code executed by a computer processor.
[0074] An advantage of the embodiments described herein is that an asynchronous circuit can be protected from faults caused by fault injection, SEUs, etc., in a simple and effective manner. Furthermore, an advantage of the embodiment of Figure 6 is that it permits the method to be applied to open-loop circuits in which the number of tokens expected in the circuit varies.
[0075] Various embodiments and variants have been described.
Those skilled in the art will understand that certain features of these embodiments can be combined and other variants will readily occur to those skilled in the art. In particular, while in the example embodiments each stage of the asynchronous circuit comprises a half-buffer, in alternative embodiments other types of buffering circuits could be used. In addition, the logic circuit 110 may comprise XOR gates as represented in Figure 3, or could be implemented using different types of logic circuitry. The implementation of the logic circuit 110 will depend on the class of asynchronous circuit and the particular protocols that are employed.
[0076] Furthermore, in some embodiments, the asynchronous circuit 100 could be split into two or more sub-circuits, each of which can be monitored independently by the fault detection circuit described herein. One or more of these sub circuits could also not be monitored at all.

Claims

Claims
|1. A fault detection circuit comprising:
sampling elements (SE_1 to SE_L+1) configured to sample signals present at a plurality of nodes (nl to nL) of an asynchronous circuit (100);
a logic circuit (110) configured to determine a number of tokens (N' ) in the asynchronous circuit based on the sampled signals; and
a comparator (112) configured to compare the determined number of tokens with a reference value (N) , a fault being detected based on said comparison.
2. The fault detection circuit of claim 1, wherein the asynchronous circuit (100) consists of a plurality of stages (104), each stage being configured to process one token at a time, a corresponding one of the sampling elements being configured to sample the signal present at an output node of each stage of the asynchronous circuit.
3. The fault detection circuit of claim 2, wherein one or more of said nodes is an output of a logic circuit having its inputs coupled to a pair of input control and/or data lines, or to a pair of output control and/or data lines, of one or more stages .
4. The fault detection circuit of any of claims 1 to 3, wherein each sampling element (SE_1 to SE_L) comprises a memorizing element, such as a flip-flop, latch or C-element, each memorizing element having a data input coupled to a corresponding one of the plurality of nodes of the asynchronous circuit .
5. The fault detection circuit of any of claims 1 to 4, wherein the logic circuit (110) comprises a plurality of logic gates (302) configured to detect differences in the logic states between adjacent ones of the plurality of nodes (nl to nL) .
6. The fault detection circuit of any of claims 1 to 5, wherein the asynchronous circuit forms a closed loop.
7. A true random number generator comprising:
a self-timed ring implemented by a closed loop asynchronous circuit; and
the fault detection circuit of claim 6.
8. A secure asynchronous circuit (600) comprising:
an open-loop asynchronous circuit (100);
an input circuit (602) configured to detect tokens entering the asynchronous circuit (100);
an output circuit (604) configured to detect tokens exiting the asynchronous circuit (100); and
the fault detection circuit of any of claims 1 to 4.
9. The secure asynchronous circuit of claim 8, further comprising a reference value generation circuit for generating the reference value (N) based on the number of tokens detected by the input and output circuits (602, 604) .
10. The secure asynchronous circuit of claim 9, wherein the reference value generation circuit is an up/down counter (606) configured to increment a count value when a token entering the asynchronous circuit is detected and to decrement the count value when a token exiting the asynchronous circuit is detected.
11. A method of protecting an asynchronous circuit from faults, the method comprising:
sampling signals present at a plurality of nodes (nl to nL) of the asynchronous circuit (100);
determining, by a logic circuit (110), a number of tokens (N' ) in the asynchronous circuit based on the sampled signals; and comparing the determined number of tokens with a reference value (N) , a fault being detected based on said comparison.
PCT/IB2018/001147 2018-07-03 2018-07-03 Circuit and method for protecting asynchronous circuits WO2020008229A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2018/001147 WO2020008229A1 (en) 2018-07-03 2018-07-03 Circuit and method for protecting asynchronous circuits

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2018/001147 WO2020008229A1 (en) 2018-07-03 2018-07-03 Circuit and method for protecting asynchronous circuits

Publications (1)

Publication Number Publication Date
WO2020008229A1 true WO2020008229A1 (en) 2020-01-09

Family

ID=63965705

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/001147 WO2020008229A1 (en) 2018-07-03 2018-07-03 Circuit and method for protecting asynchronous circuits

Country Status (1)

Country Link
WO (1) WO2020008229A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003069485A2 (en) * 2002-02-12 2003-08-21 Fulcrum Microsystems, Inc. Techniques for facilitating conversion between asynchronous and synchronous domains
US7900078B1 (en) * 2009-09-14 2011-03-01 Achronix Semiconductor Corporation Asynchronous conversion circuitry apparatus, systems, and methods
FR2986679A1 (en) 2012-02-06 2013-08-09 Inst Polytechnique Grenoble True random number generator for use in digital electronic circuit e.g. field programmable gate array, has sampling unit sampling signals delivered on outputs of preceding stage of oscillator with specific integer values

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003069485A2 (en) * 2002-02-12 2003-08-21 Fulcrum Microsystems, Inc. Techniques for facilitating conversion between asynchronous and synchronous domains
US7900078B1 (en) * 2009-09-14 2011-03-01 Achronix Semiconductor Corporation Asynchronous conversion circuitry apparatus, systems, and methods
FR2986679A1 (en) 2012-02-06 2013-08-09 Inst Polytechnique Grenoble True random number generator for use in digital electronic circuit e.g. field programmable gate array, has sampling unit sampling signals delivered on outputs of preceding stage of oscillator with specific integer values

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
G. GIMENEZ ET AL.: "Self-timed Ring based True Random Number Generator: threat model and countermeasures", IEEE 2ND INTERNATIONAL VERIFICATION AND SECURITY WORKSHOP (IVSW, 2017

Similar Documents

Publication Publication Date Title
US8185812B2 (en) Single event upset error detection within an integrated circuit
US10013581B2 (en) Detection of fault injection attacks
US8466727B2 (en) Protection against fault injections of an electronic circuit with flip-flops
Drozd et al. Checkability of the digital components in safety-critical systems: problems and solutions
Beer et al. Metastability in better-than-worst-case designs
CN112507396B (en) Electronic device and method for checking data sampling integrity by using gating clock
US11321457B2 (en) Data-sampling integrity check by sampling using flip-flops with relative delay
CN113901447A (en) Voltage glitch detection in integrated circuits
US6985581B1 (en) Method and apparatus to verify circuit operating conditions
EP3502869B1 (en) Interference detecting ring oscillators
Zashcholkin et al. The detection method of probable areas of hardware trojans location in fpga-based components of safety-critical systems
WO2020008229A1 (en) Circuit and method for protecting asynchronous circuits
Zhang et al. A digital and lightweight delay-based detector against fault injection attacks
US11757450B2 (en) Random-number generator and random-number generating method
Luo et al. Faulty clock detection for crypto circuits against differential fault analysis attack
US9665421B2 (en) Safe secure bit storage with validation
US11636227B2 (en) Protection against fault attacks by duplication
US5559453A (en) Interlocked restore circuit
Lechner et al. A robust asynchronous interfacing scheme with four-phase dual-rail coding
Köylü et al. Exploiting PUF Variation to Detect Fault Injection Attacks
US8762764B2 (en) Method to detect clock tampering
Panhofer et al. Fault tolerant four-state logic by using self-healing cells
EP4002089A1 (en) Protection against fault attacks by duplication
US20230008476A1 (en) Error detection and correction method and circuit
US8073042B1 (en) Recursive range controller

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18792991

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18792991

Country of ref document: EP

Kind code of ref document: A1