WO2021118816A1 - Share domain arrangements for masked hardware implementations - Google Patents

Share domain arrangements for masked hardware implementations Download PDF

Info

Publication number
WO2021118816A1
WO2021118816A1 PCT/US2020/062553 US2020062553W WO2021118816A1 WO 2021118816 A1 WO2021118816 A1 WO 2021118816A1 US 2020062553 W US2020062553 W US 2020062553W WO 2021118816 A1 WO2021118816 A1 WO 2021118816A1
Authority
WO
WIPO (PCT)
Prior art keywords
circuitry
power supply
mask
supply network
data representation
Prior art date
Application number
PCT/US2020/062553
Other languages
French (fr)
Inventor
Michael Hutter
Helena Handschuh
Scott C. Best
Original Assignee
Cryptography Research, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cryptography Research, Inc. filed Critical Cryptography Research, Inc.
Priority to US17/780,428 priority Critical patent/US20230016420A1/en
Publication of WO2021118816A1 publication Critical patent/WO2021118816A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • G06F21/755Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms

Definitions

  • Figure 1 is an illustration of an integrated circuit that includes multiple mask-share domains.
  • Figure 2 is a block diagram illustrating multiple mask-share domains.
  • Figure 3 is an illustration of the concept of cross-coupling between mask-share domains.
  • Figure 4A is an illustration of an integrated circuit power supply network with multiple mask-share domains.
  • Figure 4B is an illustration of an integrated circuit power supply network with multiple mask-share domains and multiple sets of power supply pads.
  • Figure 4C is an illustration of an integrated circuit power supply network with multiple mask-share domains and partially split power-supply networks.
  • Figure 5 is an illustration of power supply coupling between mask-share domains.
  • Figure 6 is an illustration of an integrated circuit with multiple power supply domains.
  • Figure 7 is an illustration of cross-coupling between mask-share domains that are in different power supply domains.
  • Figure 8 is a flowchart illustrating a method of reducing information leakage between mask-share domains.
  • Figure 9 is a flowchart illustrating a method of reducing information leakage between mask-share domains via a common power supply network.
  • Figure 10 is a block diagram of a processing system.
  • Hardware masking is a countermeasure that may be used to make power analysis attacks more difficult.
  • Masking attempts to decouple the secret and/or processed values of a cryptographic algorithm from its intermediate values.
  • One method of masking is to probabilistically split each bit of a computation into multiple “shares”. Because the values of the shares are the result of a random operation, each share bit does not yield information about the original bit. Computations may then be performed on the individual bit shares without revealing information about the original bit.
  • the circuitry i.e., transistors, gates, doped regions, metal interconnect layers, etc.
  • each mask-share domain is physically spaced from the other mask-share domains to reduce electromagnetic coupling between elements (circuitry) of different mask-share domains.
  • the mask-share domains are connected to the same power supply network. The physical distance between mask-share domains along the power supply network is selected to reduce coupling between mask-share domains that may occur via the power-supply network.
  • the mask- share domains are each connected to different on-chip power supply networks.
  • FIG. 1 is an illustration of an integrated circuit that includes multiple mask-share domains (“MSD”).
  • integrated circuit 100 includes active circuitry 105.
  • Active circuitry 105 includes at least mask-share domain A 11 la and mask-share domain B 111b.
  • Mask-share domain A 11 la is physically spaced apart from all of the circuitry of mask-share domain B 11 lb by a minimum distance of dmin 115. This spacing is done in order to reduce the (electromagnetic) coupling between nodes in mask-share domain A 11 la and nodes in mask-share domain B 111b.
  • minimum distance of dmin 115 provides benefit when mask- share domain A 11 la and mask-share domain B 11 lb are operated concurrently, such that the amount of electromagnetic cross-coupling between mask-share domain A 11 la and mask- share domain B 11 lb - cross-coupling that transfers a significant amount of statistical information between mask-share domain A 11 la and mask-share domain B 11 lb - is below a selected threshold.
  • minimum distance of d in 115 is selected to meet an information transfer goal. This goal may be, for example, the number of power-supply traces required (e.g., using differential power-analysis techniques) to reconstruct the unshared (i.e., original or unmasked) value.
  • the minimum distance of d in 115 may be ensured in a variety of ways familiar to those skilled in the art of chip design, including by manual layout and/or automated place- and-route software.
  • the minimum distance of dmin 115 may be ensured by specifying minimum distance of dmin 115 as a design rule enforced by automated place and route software and then checked by automated design rule checking software.
  • FIG. 2 is a block diagram illustrating multiple mask-share domains.
  • masked computation system 200 comprises random number generator 221, secret value 222, data representation mapping 225, mask-share domain A 240a, mask-share domain B 240b, and data representation unmapping 226.
  • Random number generator 221 is operatively coupled to data representation mapping 225.
  • Secret value 222 i.e., unmasked data representation
  • Data representation mapping 225 provides mask-share domain A 240a with an n-bit share value 250a (i.e., masked data representation.).
  • Data representation mapping 225 provides mask- share domain B 240b with an n-bit share value 250b (i.e., masked data representation.).
  • Mask-share domain A 240a provides the results 251a of a computation performed using share value 250a to data representation unmapping 226.
  • Mask-share domain B 240b provides the results 251b of a computation performed using share value 250b to data representation unmapping 226.
  • the circuitry of mask-share domain A 240a and mask-share domain B 240b are physically separated from each other on chip by a minimum distance dmin 215.
  • secret value 222 is split into multiple share values 250a through 250b. It should be understood that although Figure 2 specifically illustrates two share values 250a-250b, any integer number of share values 250a- 250b larger than 1 may be selected.
  • a common mapping is Boolean masking. In an embodiment, Boolean masking randomly splits secret value 222 into a set of share values 250a and 250b such that: (1) the shares exclusive-OR (XOR) with each other to the secret value 222; and, (2) no proper subset of share values 250a or 250b gives any non-random statistical information about secret value 222.
  • mappings are Arithmetic mapping.
  • arithmetic mapping splits a k-bit secret value 222 into share values 250a and 250b such that: (1) share values 250a and 250b arithmetically sum to secret value 222; and, (2) no proper subset of share values 250a or 250b gives any non-random statistical information about secret value 222.
  • Other mappings such as “multiplicative mapping”, “affine mapping”, etc., either alone or in combination, are contemplated.
  • results 251a and 251b of computations by mask-share domains 240a and 240b are provided to data representation unmapping 226.
  • Data representation unmapping 226 uses results 251a and 251b to output an unmasked (or unmapped) version of results 251.
  • any integer number larger than 1 can be considered.
  • Figure 3 is an illustration of the concept of cross-coupling between mask-share domains.
  • the left side of Figure 3 illustrates mask-share domain A circuitry 341a and mask- share domain B circuitry 341b.
  • the right side of Figure 3 illustrates mask-share domain A circuitry 340a and mask-share domain B circuitry 340b.
  • mask-share domain A circuitry 341a includes node ai.
  • Mask-share domain B circuitry 341b includes node a2. Because mask-share domain A circuitry and mask-share domain B circuitry are not subject to a minimum distance rule between mask-share domains, node ai of mask-share domain A may be as close to node a2 of mask-share domain B as the minimum metal-to-metal spacing (dm2m) allowed by the integrated circuit manufacturing process. This minimum spacing results in the maximum amount of parasitic capacitance between node ai and node a2 of C Pi 351 as illustrated in Figure 3.
  • dm2m minimum metal-to-metal spacing
  • mask-share domain A circuitry 340a includes node ai.
  • Mask-share domain B circuitry 340b includes node a2. Because mask-share domain A circuitry and mask-share domain B circuitry are subject to a minimum distance rule of dmin between mask-share domains, node ai of mask-share domain A circuitry 340a may only be as close to node a2 of mask-share domain B circuitry 340b as dmin. This larger spacing results in a smaller parasitic capacitance between node ai and node a2 of C P 2350 as illustrated in Figure 3.
  • FIG. 4A is an illustration of an integrated circuit power-supply network with multiple mask-share domains.
  • integrated circuit 400 includes active circuitry 405.
  • Active circuitry 405 includes at least mask-share domain A 41 la and mask-share domain B 41 lb.
  • Mask-share domain A 411a and mask-share domain B 411b are connected to power supply network 465a-465b.
  • Positive power supply network 465a receives a positive supply voltage V+ via power supply pad 431a.
  • Negative power supply network 465b receives a negative supply voltage (or ground) V- via power supply pad 43 lb.
  • the power supply pads 43 la-43 lb form a power supply pad set that is connected to power supply network 465a-465b.
  • Power supply network 465a-465b is connected to mask-share domain A 411a and mask-share domain B 411b at different locations of power supply network 465a-465b.
  • mask-share domain A 411a is shown connected closer to the negative power supply pad 43 lb than mask-share domain B 41 lb, by a distance of dpmini 415 measured along the shortest path along negative power supply network 465b.
  • mask-share domain A 411a is physically spaced apart, from all of the circuitry of mask-share domain B 41 lb by the minimum distance of dpmini 415 in order to reduce electromagnetic signal coupling between mask-share domain A 411a and mask-share domain B 411b.
  • Figure 4A there is now shown a power-supply network in common between the two share domains.
  • mask-share domain A 41 la and mask-share domain B 411b are operated concurrently, because they share a common on-chip power-supply network 465a-465b it is possible that a significant amount of statistical information can be communicated between mask-share domain A 411a and mask-share domain B 411b that exceeds a preferred threshold.
  • the minimum distance of dpmini 415 is selected to meet an information transfer goal. This goal may be, for example, the number of traces required to reconstruct an unshared (i.e., original or unmasked) value.
  • the minimum distance of dpmini 415 may be ensured in a variety of ways familiar to those skilled in the art of chip design, including by manual layout and/or automated place- and-route software.
  • the minimum distance of dpmini 415 may be ensured by specifying minimum distance of dpmini 415 as a design rule enforced by automated place and route software and then checked by automated design rule checking software.
  • FIG. 4B is an illustration of an integrated circuit power supply network with multiple mask-share domains and multiple sets of power-supply pads.
  • integrated circuit 401 includes active circuitry 406.
  • Active circuitry 406 includes at least mask-share domain A 412a and mask-share domain B 412b.
  • Mask-share domain A 412a and mask-share domain B 412b are connected to power supply network 466a-466b.
  • Positive power supply network 466a receives a positive supply voltage V+ via power-supply pad 432a and power-supply pad 433a.
  • Negative power supply network 466b receives a negative supply voltage (or ground) V- via power supply pad 432b and power-supply pad 433b.
  • power supply network 466a-466b is connected to two power-supply pad sets 432a-432b and 433a-433b.
  • Power supply network 466a-466b is connected to mask-share domain A 412a and mask-share domain B 412b at different locations of power supply network 466a-466b.
  • mask-share domain A 412a is connected to positive power supply network 466a at a distance of d P 2a 416a from power supply pad 432a when measured along the shortest path along positive power supply network 466a.
  • Mask-share domain B 412b is connected to negative power supply network 466b at a distance of d P 2b 416b from power supply pad 433b when measured along the shortest path along negative power supply network 466b.
  • Mask-share domain A 412a is connected to negative power supply network 432b at a distance of d P min2 to the connection of mask-share domain B 412b to power supply network 466b, when measured along the shortest path along negative power supply network 466b between mask-share domain A 412a and mask-share domain B 412b.
  • Mask-share domain A 412a is physically spaced apart, as measure along the shortest path of power supply network 466a-466b, from all of the circuitry of mask-share domain B 412b by the minimum distance of d P min2416c in order to reduce the signal coupling via the power supply network 466a-466b between nodes in mask-share domain A 412a and nodes in mask-share domain B 412b.
  • mask-share domain A 412a and mask-share domain B 412b are operated concurrently, because they share a common on-chip power-supply network 466a-466b it is possible that a significant amount of statistical information can be communicated between mask-share domain A 412a and mask-share domain B 412b that exceeds a preferred threshold.
  • mask-share domain A 412a and mask- share domain B 412b are both connected to power supply network 466a-466b, coupling between mask-share domain A 412a and mask-share domain B 412b via power supply network 466a-466b cannot be completely eliminated.
  • a minimum distance of d P min2 416c is selected to meet an information transfer goal.
  • This goal may be, for example, the number of power-consumption (or electromagnetic) traces required to reconstruct an unshared (i.e., original or unmasked) value.
  • the selection of d P min2416c may be based on the distance d P2a 416aalong negative power supply network 466b from mask-share domain A 412a to power supply pad 432a, the distance d P 2b 416b along positive power supply network 466b from mask-share domain B 412b to power supply pad 433b, or a combination of both.
  • the minimum distance of d P min2416c may be ensured in a variety of ways familiar to those skilled in the art of chip design, including by manual layout and/or automated place- and-route software.
  • the minimum distance of d P min2416c may be ensured by specifying minimum distance of d P min2416c as a design rule enforced by automated place and route software and then checked by automated design rule checking software.
  • FIG. 4C is an illustration of an integrated circuit power supply network with multiple mask-share domains and partially split power-supply networks.
  • integrated circuit 402 includes active circuitry 407.
  • Active circuitry 407 includes at least mask-share domain A 413a and mask-share domain B 413b.
  • Mask-share domain A 413a is connected to positive on-chip power supply network 467a and negative on-chip power supply network 467b.
  • Mask-share domain B 413b is connected to positive on-chip power supply network 467c and negative on-chip power supply network 467b.
  • mask-share domain A 413a is connected to a different positive power supply network 467a than mask-share domain B 413b - which is connected to positive power supply network 467c.
  • Positive power supply network 467a receives a positive supply voltage V+ via power-supply pad 434a.
  • Positive power supply network 467c receives the positive supply voltage V+ via power-supply pad 435a.
  • Power-supply pad 434a may be connected to power supply pad 435a external to integrated circuit 402.
  • Power-supply pad 434a may be connected to power supply pad 435a external to on-chip bypassing and/or the package of integrated circuit 402.
  • Negative power supply network 467b receives a negative supply voltage (or ground) V- via power supply pad 434b and power-supply pad 434b. Thus, negative power supply network 467b is connected to multiple negative power-supply pads 434b-435b.
  • Negative power supply network 467b is connected to mask-share domain A 413a and mask-share domain B 413b at different locations of negative power supply network 467b.
  • mask-share domain A 413a is connected to negative power supply network 467b at a distance of d P 3a 417a from power supply pad 434b when measured along the shortest path along negative power supply network 466b.
  • Mask-share domain B 413b is connected to negative power supply network 467b at a distance of d P 3b 417b from power supply pad 435b when measured along the shortest path along negative power supply network 467b.
  • Mask-share domain A 413a is connected to negative power supply network 467b at a distance of d P min3417c away from the location on negative power supply network 467b that mask-share domain B 413b is connected, when measured along the shortest path along negative power supply network 467b between mask-share domain A 413a and mask- share domain B 413b.
  • Mask-share domain A 413a is physically spaced apart, as measure along the shortest path of negative power supply network 467b, from all of the circuitry of mask-share domain B 413b by the minimum distance of d P min3417c in order to reduce the signal coupling via the negative power supply network 467b between nodes in mask-share domain A 413a and nodes in mask-share domain B 413b.
  • mask-share domain A 413a and mask-share domain B 413b are operated concurrently, because they share a common on-chip negative power-supply network 467b, it is possible that a significant amount of statistical information can be communicated between mask-share domain A 413a and mask-share domain B 413b that exceeds a preferred threshold.
  • mask-share domain A 413a and mask- share domain B 413b are both connected to negative power supply network 467b, coupling between mask-share domain A 413a and mask-share domain B 413b via negative power supply network 467b cannot be completely eliminated.
  • a minimum distance of d P min3 417c is selected to meet an information transfer goal.
  • This goal may be, for example, the number of power-supply traces required (e.g., using differential power-analysis techniques) to reconstruct the unshared (i.e., original or unmasked) value.
  • the selection of d P min3417c may be based on the distance d P3a 417aalong negative power supply network 467b from mask-share domain A 413a to power supply pad 434b, the distance d P3b 417b along negatice power supply network 467b from mask-share domain B 413b to power supply pad 435b, or a combination of both.
  • the minimum distance of d P min3 417c may be ensured in a variety of ways familiar to those skilled in the art of chip design, including by manual layout and/or automated place- and-route software.
  • the minimum distance of d P min3417c may be ensured by specifying minimum distance of d P min3417c as a design rule enforced by automated place and route software and then checked by automated design rule checking software.
  • Figure 5 is an illustration of power supply coupling between mask-share domains.
  • the left side of Figure 5 illustrates mask-share domain A circuitry 541a and mask-share domain B circuitry 541b.
  • the right side of Figure 5 illustrates mask-share domain A circuitry 540a and mask-share domain B circuitry 540b.
  • mask-share domain A circuitry 541a includes node ai.
  • Mask-share domain B circuitry 541b includes node a2. Both mask-share domain A circuitry 541a and mask-share domain B circuitry 541b are connected to power supply network 571. The connections of mask-share domain A circuitry 541a and mask-share domain B circuitry 541b to power supply network 571 are separated, as measured along power supply network 571, by d c 2c.
  • the connection of mask-share domain A 541a may be as close to the connection of mask-share domain B 541b as the integrated circuit manufacturing process allows. This minimum spacing results in a parasitic resistance of Rpi 576 between the power supplies of mask-share domain A circuitry 541a and mask-share domain B circuitry 541b, as illustrated in Figure 5.
  • mask-share domain A circuitry 540a includes node ai.
  • Mask-share domain B circuitry 540b includes node a2. Both mask-share domain A circuitry 540a and mask-share domain B circuitry 540b are connected to power supply network 570. The connections of mask-share domain A circuitry 540a and mask-share domain B circuitry 540b to power supply network 570 are separated, as measured along power supply network 570, by dpmin.
  • the connection of mask-share domain A circuitry 540a to the connection of mask-share domain B circuitry 540b may be no less than dpmin. This larger minimum distance results in a larger parasitic resistance of R P 2 575 between the power supplies of mask-share domain A circuitry 540a and mask-share domain B circuitry 540b, as illustrated in Figure 5.
  • FIG. 6 is an illustration of an integrated circuit with multiple power supply domains.
  • integrated circuit 600 includes active circuitry 605.
  • Active circuitry 605 includes at least mask-share domain A 611a and mask-share domain B 611b.
  • Mask- share domain A 611a is connected to power supply network 665a-665b.
  • Positive power supply network 665a receives a positive supply voltage V+ via power supply pad 617a.
  • Negative power supply network 665b receives a negative supply voltage (or ground) V- via power supply pad 617b.
  • Mask-share domain B 611b is connected to power supply network 666a-666b.
  • Positive power supply network 666a receives a positive supply voltage V+ via power supply pad 618a.
  • Negative power supply network 666b receives a negative supply voltage (or ground) V- via power supply pad 618b.
  • mask-share domain 611a and mask- share domain B 61 lb are connected to different on-chip power-supply domains.
  • This separation of power supply domains reduces information transfer between mask- share domain 611a and mask-share domain B 61 lb via an on-chip power supply network.
  • power supply network 665a-665b and power supply network 666a-666b may be connected to on-chip bypassing.
  • Power supply network 665a-665b and power supply network 666a-666b may be connected to different, unconnected, on-chip bypassing (not shown in Figure 6). Additionally, in Figure 6, power supply network 665a- 665b and power supply network 666a-666b are shown connected to the same number of power supply pad sets 617a-617b, 618a-618b. However, this is merely an example. Power supply network 665a-665b and power supply network 666a-666b may be connected to different numbers of power supply pad sets 617a-617b, 618a-618b.
  • mask-share domain 611a and mask-share domain B 61 lb may utilize different sets of interconnect layers internally to mask-share domain A 61 la and mask-share domain B 611b.
  • the interconnect for mask-share domain A might principally use first and second layer metal (a.k.a, “metal 1” and “metal 2”) while the interconnect for mask- share domain B might principally use the first and third metal layers (i.e., “metal 1” and “metal 3”).
  • first and third metal layers i.e., “metal 1” and “metal 3”.
  • Figure 7 is an illustration of cross-coupling between mask-share domains that are in different power supply domains.
  • mask-share domain A circuitry 740a includes node ai.
  • Mask-share domain B circuitry 740b includes node a2.
  • Mask-share domain A circuitry 740a is connected to power supply network 765.
  • Power supply network 765 is connected to an external power supply via pad 717.
  • Mask-share domain B circuitry 740b is connected to power supply network 766.
  • Power supply network 766 is connected to an external power supply via pad 718. Power supply network 765 and power supply network 766 are not connected to each other via an on-chip connection.
  • mask-share domain A circuitry 740a and mask-share domain B circuitry 740b are subject to a minimum distance rule of dmin between mask-share domains.
  • node ai of mask-share domain A circuitry 740a may only be as close to node a2 of mask-share domain B circuitry 740b as dmin. This minimum spacing results in a parasitic capacitance between node ai and node a2 of C P3 750 as illustrated in Figure 7.
  • dmin may be problematically selected such that, when mask-share domain A and mask-share domain B are operated concurrently, the amount of electromagnetic cross coupling between mask-share domain A and mask-share domain B transfers an amount of statistical information between mask-share domain A and mask-share domain B that exceeds a selected threshold.
  • minimum distance of dmin may be selected to meet an information transfer goal. This goal may be, for example, the number of power-supply traces required (e.g., using differential power-analysis techniques) to reconstruct the unshared (i.e., original or unmasked) value.
  • Figure 8 is a flowchart illustrating a method of reducing information leakage between mask-share domains. The steps illustrated in Figure 8 may be performed during the design of one or more of integrated circuit 100, masked computation system 200, masked share domain A circuitry 340a, masked share domain B circuitry 340b, integrated circuit 400, integrated circuit 401, integrated circuit 402, masked share domain A circuitry 540a, masked share domain B circuitry 540b, integrated circuit 600, masked share domain A circuitry 740a, masked share domain B circuitry 440b, and/or their components.
  • a first circuit description associated with first mask-share domain circuitry is received (802). For example, design rule checking software may receive a circuit description of masked share domain A 111a.
  • a second circuit description associated with second mask-share domain circuitry is received (804).
  • the design rule checking software may receive a circuit description of masked share domain B 111b.
  • An indicator of a minimum spacing between circuit elements of the first mask-share domain circuitry and the second mask domain circuitry is received (806).
  • the design rule checking software may receive an indicator of dmin 115.
  • a rule is applied to ensure the minimum spacing between the circuit elements of the first mask-share domain circuitry and the second mask domain circuitry (808).
  • the design rule checking software may compute the minimum distance between all of the elements of masked share domain A 11 la and all of the elements of masked share domain B 111b. If any of those computed distances is less than dmin 115, the design rule checking software may report a violation of the minimum spacing design rule.
  • Figure 9 is a flowchart illustrating a method of reducing information leakage between mask-share domains via a common power supply network. The steps illustrated in Figure 9 may be performed during the design of one or more of integrated circuit 100, masked computation system 200, masked share domain A circuitry 340a, masked share domain B circuitry 340b, integrated circuit 400, integrated circuit 401, integrated circuit 402, masked share domain A circuitry 540a, masked share domain B circuitry 540b, integrated circuit 600, masked share domain A circuitry 740a, masked share domain B circuitry 740b, and/or their components.
  • a first circuit description associated with first mask-share domain circuitry that is to receive power from a power supply network is received (902). For example, design rule checking software may receive a circuit description of masked share domain A 41 la.
  • a second circuit description associated with second mask-share domain circuitry that is to receive power from the power supply network is received (904).
  • the design rule checking software may receive a circuit description of masked share domain B 411b.
  • An indicator of a minimum distance, along the power supply network, between circuit elements of the first mask-share domain circuitry and the second mask domain circuitry is received (906).
  • the design rule checking software may receive an indicator of dpmin 415.
  • a rule is applied to ensure the minimum distance, along the power supply network, between the circuit elements of the first mask-share domain circuitry and the second mask domain circuitry (908).
  • the design rule checking software may compute the minimum distance, along power supply network 465a-465b, between all of the elements of masked share domain A 411a and all of the elements of masked share domain B 411b. If any of those computed distances is less than dpmin 415, the design rule checking software may report a violation of the minimum distance design rule.
  • the methods, systems and devices described above may be implemented in computer systems, or stored by computer systems.
  • the methods described above may also be stored on a non-transitory computer readable medium.
  • Devices, circuits, and systems described herein may be implemented using computer-aided design tools available in the art, and embodied by computer-readable files containing software descriptions of such circuits.
  • These software descriptions may be: behavioral, register transfer, logic component, transistor, and layout geometry-level descriptions. Moreover, the software descriptions may be stored on storage media or communicated by carrier waves.
  • Data formats in which such descriptions may be implemented include, but are not limited to: formats supporting behavioral languages like C, formats supporting register transfer level (RTL) languages like Verilog and VHDL, formats supporting geometry description languages (such as GDSII, GDSIII, GDSIV, CIF, and MEBES), and other suitable formats and languages.
  • RTL register transfer level
  • GDSII, GDSIII, GDSIV, CIF, and MEBES formats supporting geometry description languages
  • data transfers of such files on machine-readable media may be done electronically over the diverse media on the Internet or, for example, via email.
  • physical files may be implemented on machine-readable media such as: 4 mm magnetic tape, 8 mm magnetic tape, 3-1/2 inch floppy media, CDs, DVDs, and so on.
  • FIG 10 is a block diagram illustrating one embodiment of a processing system 1000 for including, processing, or generating, a representation of a circuit component 1020.
  • Processing system 1000 includes one or more processors 1002, a memory 1004, and one or more communications devices 1006.
  • Processors 1002, memory 1004, and communications devices 1006 communicate using any suitable type, number, and/or configuration of wired and/or wireless connections 1008.
  • Processors 1002 execute instructions of one or more processes 1012 stored in a memory 1004 to process and/or generate circuit component 1020 responsive to user inputs 1014 and parameters 1016.
  • Processes 1012 may be any suitable electronic design automation (EDA) tool or portion thereof used to design, simulate, analyze, and/or verify electronic circuitry and/or generate photomasks for electronic circuitry.
  • EDA electronic design automation
  • Representation 1020 includes data that describes all or portions ofmtegrated circuit 100, masked computation system 200, masked share domain A circuitry 340a, masked share domain B circuitry 340b, integrated circuit 400, integrated circuit 401, integrated circuit 402, masked share domain A circuitry 540a, masked share domain B circuitry 540b, integrated circuit 600, masked share domain A circuitry 740a, and/or masked share domain B circuitry 740b and their components, as shown in the Figures.
  • Representation 1020 may include one or more of behavioral, register transfer, logic component, transistor, and layout geometry-level descriptions. Moreover, representation 1020 may be stored on storage media or communicated by carrier waves. [0061] Data formats in which representation 1020 may be implemented include, but are not limited to: formats supporting behavioral languages like C, formats supporting register transfer level (RTL) languages like Verilog and VHDL, formats supporting geometry description languages (such as GDSII, GDSIII, GDSIV, CIF, and MEBES), and other suitable formats and languages. Moreover, data transfers of such files on machine-readable media may be done electronically over the diverse media on the Internet or, for example, via email
  • User inputs 1014 may comprise input parameters from a keyboard, mouse, voice recognition interface, microphone and speakers, graphical display, touch screen, or other type of user interface device. This user interface may be distributed among multiple interface devices.
  • Parameters 1016 may include specifications and/or characteristics that are input to help define representation 1020.
  • parameters 1016 may include information that defines device types (e.g., NFET, PFET, etc.), topology (e.g., block diagrams, circuit descriptions, schematics, etc.), and/or device descriptions (e.g., device properties, device dimensions, power supply voltages, simulation temperatures, simulation models, etc.).
  • Memory 1004 includes any suitable type, number, and/or configuration of non- transitory computer-readable storage media that stores processes 1012, user inputs 1014, parameters 1016, and circuit component 1020.
  • Communications devices 1006 include any suitable type, number, and/or configuration of wired and/or wireless devices that transmit information from processing system 1000 to another processing or storage system (not shown) and/or receive information from another processing or storage system (not shown). For example, communications devices 1006 may transmit circuit component 1020 to another system. Communications devices 1006 may receive processes 1012, user inputs 1014, parameters 1016, and/or circuit component 1020 and cause processes 1012, user inputs 1014, parameters 1016, and/or circuit component 1020 to be stored in memory 1004.
  • Example 1 An integrated circuit, comprising: first circuitry that implements a masked computation from a first masked data representation; second circuitry that implements the masked computation for a second masked data representation, wherein non- random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation; and, the first circuitry and the second circuitry physically separated by at least a first minimum distance.
  • Example 2 The integrated circuit of example 1, wherein the first minimum distance results, when the first circuitry and the second circuitry are operated concurrently, in a first cross-coupling, between the first circuitry and the second circuitry, that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
  • Example 3 The integrated circuit of example 1, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
  • Example 4 The integrated circuit of example 1, wherein the unmasked data representation is obtained using at least an arithmetic sum of first masked data representation and the second masked data representation.
  • Example 5 The integrated circuit of example 1, wherein the first circuitry is powered by a first power supply network on the integrated circuit, the second circuitry is powered by a second power supply network on the integrated circuit, and the first power supply network and the second power supply network are physically separated by at least a second minimum distance, the second minimum distance resulting in coupling between the first power supply network and the second power supply network that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
  • Example 6 The integrated circuit of example 1, wherein the first circuitry and the second circuitry share a power supply network on the integrated circuit.
  • Example 7 The integrated circuit of example 6, wherein a first shortest distance along the power supply network from the first circuitry to the second circuitry is a least a second minimum distance.
  • Example 8 An integrated circuit, comprising: first circuitry that implements a masked computation from a first masked data representation; second circuitry that implements the masked computation for a second masked data representation, wherein non- random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation; and, the first circuitry and the second circuitry sharing a power supply network on the integrated circuit, a first shortest distance along the power supply network from the first circuitry to the second circuitry being a least a first minimum distance.
  • Example 9 The integrated circuit of example 8, wherein the first minimum distance results, when the first circuitry and the second circuitry are operated concurrently, in a first coupling, between the first circuitry and the second circuitry via the power supply network, that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
  • Example 10 The integrated circuit of example 8, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
  • Example 11 The integrated circuit of example 8, wherein the unmasked data representation is obtained using at least an arithmetic sum of first masked data representation and the second masked data representation.
  • Example 12 The integrated circuit of example 8, wherein the power supply network is connected to a first off-chip power supply connection pad set and a second off- chip power supply connection pad set, the first off-chip power supply connection pad set being a first distance along the power supply network from the first circuitry, the second off- chip power supply connection pad set being a second distance along the power supply network from the second circuitry.
  • Example 13 The integrated circuit of example 12, wherein the first distance and the second distance are less than the first shortest distance.
  • Example 14 The integrated circuit of example 12, wherein the first off-chip power supply connection pad set is a third distance along the power supply network from second power supply and the first distance and the second distance are less than the third distance.
  • Example 15 An integrated circuit, comprising: first circuitry, powered by a first power supply network on the integrated circuit, that implements a masked computation from a first masked data representation; and, second circuitry, powered by a second power supply network on the integrated circuit, that implements the masked computation for a second masked data representation, wherein non-random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation.
  • Example 16 The integrated circuit of example 15, wherein the first circuitry and the second circuitry are physically separated by at least a first minimum distance.
  • Example 17 The integrated circuit of example 16, wherein the first power supply network is connected to a first off-chip power supply connection pad set and the second power supply network is connected a second off-chip power supply connection pad set, the first off-chip power supply connection pad set being a first distance along the first power supply network from the first circuitry, the second off-chip power supply connection pad set being a second distance along the second power supply network from the second circuitry, the first distance and the second distance being less than the first minimum distance.
  • Example 18 The integrated circuit of example 15, wherein the first power supply network and the second power supply network are physically separated by at least a first minimum distance, the first minimum distance resulting in coupling between the first power supply network and the second power supply network that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
  • Example 19 The integrated circuit of example 15, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
  • Example 20 The integrated circuit of example 15, wherein the unmasked data representation is obtained using at least an arithmetic sum of first masked data representation and the second masked data representation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Design And Manufacture Of Integrated Circuits (AREA)

Abstract

Hardware masking may be used as a countermeasure to make power analysis attacks more difficult. Masking attempts to decouple the secret and/or processed values of a cryptographic algorithm from its intermediate values. One method of masking probabilistically splits each bit of a computation into multiple shares. Mask-share domains (i.e., the wires and gates that perform a computation on a share) are physically spaced to reduce coupling between mask-share domains. The mask-share domains may be connected to the same power supply network. The physical distance between mask-share domains along the power-supply network may be selected to reduce coupling between mask-share domains that may occur via the power supply network. The mask-share domains may each be connected to different on-chip power supply networks.

Description

SHARE DOMAIN ARRANGEMENTS FOR MASKED HARDWARE
IMPLEMENTATIONS BRIEF DESCRIPTION OF THE DRAWINGS [0001] Figure 1 is an illustration of an integrated circuit that includes multiple mask-share domains.
[0002] Figure 2 is a block diagram illustrating multiple mask-share domains.
[0003] Figure 3 is an illustration of the concept of cross-coupling between mask-share domains.
[0004] Figure 4A is an illustration of an integrated circuit power supply network with multiple mask-share domains.
[0005] Figure 4B is an illustration of an integrated circuit power supply network with multiple mask-share domains and multiple sets of power supply pads.
[0006] Figure 4C is an illustration of an integrated circuit power supply network with multiple mask-share domains and partially split power-supply networks.
[0007] Figure 5 is an illustration of power supply coupling between mask-share domains.
[0008] Figure 6 is an illustration of an integrated circuit with multiple power supply domains.
[0009] Figure 7 is an illustration of cross-coupling between mask-share domains that are in different power supply domains.
[0010] Figure 8 is a flowchart illustrating a method of reducing information leakage between mask-share domains.
[0011] Figure 9 is a flowchart illustrating a method of reducing information leakage between mask-share domains via a common power supply network.
[0012] Figure 10 is a block diagram of a processing system.
DETAILED DESCRIPTION OF THE EMBODIMENTS [0013] Hardware masking is a countermeasure that may be used to make power analysis attacks more difficult. Masking attempts to decouple the secret and/or processed values of a cryptographic algorithm from its intermediate values. One method of masking is to probabilistically split each bit of a computation into multiple “shares”. Because the values of the shares are the result of a random operation, each share bit does not yield information about the original bit. Computations may then be performed on the individual bit shares without revealing information about the original bit. The circuitry (i.e., transistors, gates, doped regions, metal interconnect layers, etc.) that perform computations on individual share bits is referred to herein as a “mask-share domain”.
[0014] In an embodiment, each mask-share domain is physically spaced from the other mask-share domains to reduce electromagnetic coupling between elements (circuitry) of different mask-share domains. In another embodiment, the mask-share domains are connected to the same power supply network. The physical distance between mask-share domains along the power supply network is selected to reduce coupling between mask-share domains that may occur via the power-supply network. In another embodiment, the mask- share domains are each connected to different on-chip power supply networks.
[0015] Figure 1 is an illustration of an integrated circuit that includes multiple mask-share domains (“MSD”). In Figure 1, integrated circuit 100 includes active circuitry 105. Active circuitry 105 includes at least mask-share domain A 11 la and mask-share domain B 111b. Mask-share domain A 11 la is physically spaced apart from all of the circuitry of mask-share domain B 11 lb by a minimum distance of dmin 115. This spacing is done in order to reduce the (electromagnetic) coupling between nodes in mask-share domain A 11 la and nodes in mask-share domain B 111b.
[0016] In an embodiment, minimum distance of dmin 115 provides benefit when mask- share domain A 11 la and mask-share domain B 11 lb are operated concurrently, such that the amount of electromagnetic cross-coupling between mask-share domain A 11 la and mask- share domain B 11 lb - cross-coupling that transfers a significant amount of statistical information between mask-share domain A 11 la and mask-share domain B 11 lb - is below a selected threshold. In other words, since cross-coupling between mask-share domain A 11 la and mask-share domain B 11 lb cannot be completely eliminated, minimum distance of d in 115 is selected to meet an information transfer goal. This goal may be, for example, the number of power-supply traces required (e.g., using differential power-analysis techniques) to reconstruct the unshared (i.e., original or unmasked) value.
[0017] The minimum distance of d in 115 may be ensured in a variety of ways familiar to those skilled in the art of chip design, including by manual layout and/or automated place- and-route software. For example, in an embodiment, the minimum distance of dmin 115 may be ensured by specifying minimum distance of dmin 115 as a design rule enforced by automated place and route software and then checked by automated design rule checking software.
[0018] Figure 2 is a block diagram illustrating multiple mask-share domains. In Figure 2, masked computation system 200 comprises random number generator 221, secret value 222, data representation mapping 225, mask-share domain A 240a, mask-share domain B 240b, and data representation unmapping 226. Random number generator 221 is operatively coupled to data representation mapping 225. Secret value 222 (i.e., unmasked data representation) is operatively coupled to data representation mapping 225. Data representation mapping 225 provides mask-share domain A 240a with an n-bit share value 250a (i.e., masked data representation.). Data representation mapping 225 provides mask- share domain B 240b with an n-bit share value 250b (i.e., masked data representation.). Mask-share domain A 240a provides the results 251a of a computation performed using share value 250a to data representation unmapping 226. Mask-share domain B 240b provides the results 251b of a computation performed using share value 250b to data representation unmapping 226. The circuitry of mask-share domain A 240a and mask-share domain B 240b are physically separated from each other on chip by a minimum distance dmin 215.
[0019] Based on input from random number generator 221, secret value 222 is split into multiple share values 250a through 250b. It should be understood that although Figure 2 specifically illustrates two share values 250a-250b, any integer number of share values 250a- 250b larger than 1 may be selected. A common mapping is Boolean masking. In an embodiment, Boolean masking randomly splits secret value 222 into a set of share values 250a and 250b such that: (1) the shares exclusive-OR (XOR) with each other to the secret value 222; and, (2) no proper subset of share values 250a or 250b gives any non-random statistical information about secret value 222.
[0020] Another mapping is Arithmetic mapping. In an embodiment, arithmetic mapping splits a k-bit secret value 222 into share values 250a and 250b such that: (1) share values 250a and 250b arithmetically sum to secret value 222; and, (2) no proper subset of share values 250a or 250b gives any non-random statistical information about secret value 222. Other mappings such as “multiplicative mapping”, “affine mapping”, etc., either alone or in combination, are contemplated.
[0021] The respective results 251a and 251b of computations by mask-share domains 240a and 240b are provided to data representation unmapping 226. Data representation unmapping 226 uses results 251a and 251b to output an unmasked (or unmapped) version of results 251. Again, although the figure implies demonstrates the concept for two share values, any integer number larger than 1 can be considered.
[0022] Figure 3 is an illustration of the concept of cross-coupling between mask-share domains. The left side of Figure 3 illustrates mask-share domain A circuitry 341a and mask- share domain B circuitry 341b. The right side of Figure 3 illustrates mask-share domain A circuitry 340a and mask-share domain B circuitry 340b.
[0023] On the left side of Figure 3, mask-share domain A circuitry 341a includes node ai. Mask-share domain B circuitry 341b includes node a2. Because mask-share domain A circuitry and mask-share domain B circuitry are not subject to a minimum distance rule between mask-share domains, node ai of mask-share domain A may be as close to node a2 of mask-share domain B as the minimum metal-to-metal spacing (dm2m) allowed by the integrated circuit manufacturing process. This minimum spacing results in the maximum amount of parasitic capacitance between node ai and node a2 of CPi 351 as illustrated in Figure 3.
[0024] On the right side of Figure 3, mask-share domain A circuitry 340a includes node ai. Mask-share domain B circuitry 340b includes node a2. Because mask-share domain A circuitry and mask-share domain B circuitry are subject to a minimum distance rule of dmin between mask-share domains, node ai of mask-share domain A circuitry 340a may only be as close to node a2 of mask-share domain B circuitry 340b as dmin. This larger spacing results in a smaller parasitic capacitance between node ai and node a2 of CP2350 as illustrated in Figure 3. It should understood that since the capacitance between two conductors is inversely proportional to the distance between the conductors, when dmin is selected to be much greater than dm2m (i.e., dmin » dm2m), then parasitic capacitance CP2 is much smaller than parasitic capacitance CPi (i.e., CP2 « CPi). The smaller the coupling capacitance (CPi, CP2) between nodes ai and a2, the less information is transferred between nodes ai and a2 and therefore the less information is transferred between mask-share domain A and mask-share domain B. [0025] Figure 4A is an illustration of an integrated circuit power-supply network with multiple mask-share domains. In Figure 4A, integrated circuit 400 includes active circuitry 405. Active circuitry 405 includes at least mask-share domain A 41 la and mask-share domain B 41 lb. Mask-share domain A 411a and mask-share domain B 411b are connected to power supply network 465a-465b. Positive power supply network 465a receives a positive supply voltage V+ via power supply pad 431a. Negative power supply network 465b receives a negative supply voltage (or ground) V- via power supply pad 43 lb. Thus, the power supply pads 43 la-43 lb form a power supply pad set that is connected to power supply network 465a-465b.
[0026] Power supply network 465a-465b is connected to mask-share domain A 411a and mask-share domain B 411b at different locations of power supply network 465a-465b. In particular in Figure 4A, mask-share domain A 411a is shown connected closer to the negative power supply pad 43 lb than mask-share domain B 41 lb, by a distance of dpmini 415 measured along the shortest path along negative power supply network 465b.
[0027] As described in regards to Figure 1 and Figure 2, mask-share domain A 411a is physically spaced apart, from all of the circuitry of mask-share domain B 41 lb by the minimum distance of dpmini 415 in order to reduce electromagnetic signal coupling between mask-share domain A 411a and mask-share domain B 411b. However, in Figure 4A there is now shown a power-supply network in common between the two share domains.
[0028] In an embodiment, when mask-share domain A 41 la and mask-share domain B 411b are operated concurrently, because they share a common on-chip power-supply network 465a-465b it is possible that a significant amount of statistical information can be communicated between mask-share domain A 411a and mask-share domain B 411b that exceeds a preferred threshold. In other words, since mask-share domain A 41 la and mask- share domain B 41 lb are both connected to power supply network 465a-465b, coupling between mask-share domain A 411a and mask-share domain B 411b via power supply network 465a-465b cannot be completely eliminated. Thus, the minimum distance of dpmini 415 is selected to meet an information transfer goal. This goal may be, for example, the number of traces required to reconstruct an unshared (i.e., original or unmasked) value.
[0029] The minimum distance of dpmini 415 may be ensured in a variety of ways familiar to those skilled in the art of chip design, including by manual layout and/or automated place- and-route software. For example, in an embodiment, the minimum distance of dpmini 415 may be ensured by specifying minimum distance of dpmini 415 as a design rule enforced by automated place and route software and then checked by automated design rule checking software.
[0030] Figure 4B is an illustration of an integrated circuit power supply network with multiple mask-share domains and multiple sets of power-supply pads. In Figure 4B, integrated circuit 401 includes active circuitry 406. Active circuitry 406 includes at least mask-share domain A 412a and mask-share domain B 412b. Mask-share domain A 412a and mask-share domain B 412b are connected to power supply network 466a-466b. Positive power supply network 466a receives a positive supply voltage V+ via power-supply pad 432a and power-supply pad 433a. Negative power supply network 466b receives a negative supply voltage (or ground) V- via power supply pad 432b and power-supply pad 433b. Thus, power supply network 466a-466b is connected to two power-supply pad sets 432a-432b and 433a-433b. [0031] Power supply network 466a-466b is connected to mask-share domain A 412a and mask-share domain B 412b at different locations of power supply network 466a-466b. In particular in Figure 4B, mask-share domain A 412a is connected to positive power supply network 466a at a distance of dP2a 416a from power supply pad 432a when measured along the shortest path along positive power supply network 466a. Mask-share domain B 412b is connected to negative power supply network 466b at a distance of dP2b 416b from power supply pad 433b when measured along the shortest path along negative power supply network 466b. Mask-share domain A 412a is connected to negative power supply network 432b at a distance of dPmin2 to the connection of mask-share domain B 412b to power supply network 466b, when measured along the shortest path along negative power supply network 466b between mask-share domain A 412a and mask-share domain B 412b.
[0032] Mask-share domain A 412a is physically spaced apart, as measure along the shortest path of power supply network 466a-466b, from all of the circuitry of mask-share domain B 412b by the minimum distance of dPmin2416c in order to reduce the signal coupling via the power supply network 466a-466b between nodes in mask-share domain A 412a and nodes in mask-share domain B 412b.
[0033] In an embodiment, when mask-share domain A 412a and mask-share domain B 412b are operated concurrently, because they share a common on-chip power-supply network 466a-466b it is possible that a significant amount of statistical information can be communicated between mask-share domain A 412a and mask-share domain B 412b that exceeds a preferred threshold. In other words, since mask-share domain A 412a and mask- share domain B 412b are both connected to power supply network 466a-466b, coupling between mask-share domain A 412a and mask-share domain B 412b via power supply network 466a-466b cannot be completely eliminated. Thus, a minimum distance of dPmin2 416c is selected to meet an information transfer goal. This goal may be, for example, the number of power-consumption (or electromagnetic) traces required to reconstruct an unshared (i.e., original or unmasked) value. It should be understood that the selection of dPmin2416c may be based on the distance dP2a416aalong negative power supply network 466b from mask-share domain A 412a to power supply pad 432a, the distance dP2b 416b along positive power supply network 466b from mask-share domain B 412b to power supply pad 433b, or a combination of both.
[0034] The minimum distance of dPmin2416c may be ensured in a variety of ways familiar to those skilled in the art of chip design, including by manual layout and/or automated place- and-route software. For example, in an embodiment, the minimum distance of dPmin2416c may be ensured by specifying minimum distance of dPmin2416c as a design rule enforced by automated place and route software and then checked by automated design rule checking software.
[0035] Figure 4C is an illustration of an integrated circuit power supply network with multiple mask-share domains and partially split power-supply networks. In Figure 4C, integrated circuit 402 includes active circuitry 407. Active circuitry 407 includes at least mask-share domain A 413a and mask-share domain B 413b. Mask-share domain A 413a is connected to positive on-chip power supply network 467a and negative on-chip power supply network 467b. Mask-share domain B 413b is connected to positive on-chip power supply network 467c and negative on-chip power supply network 467b. Thus, mask-share domain A 413a is connected to a different positive power supply network 467a than mask-share domain B 413b - which is connected to positive power supply network 467c.
[0036] Positive power supply network 467a receives a positive supply voltage V+ via power-supply pad 434a. Positive power supply network 467c receives the positive supply voltage V+ via power-supply pad 435a. Power-supply pad 434a may be connected to power supply pad 435a external to integrated circuit 402. Power-supply pad 434a may be connected to power supply pad 435a external to on-chip bypassing and/or the package of integrated circuit 402.
[0037] Negative power supply network 467b receives a negative supply voltage (or ground) V- via power supply pad 434b and power-supply pad 434b. Thus, negative power supply network 467b is connected to multiple negative power-supply pads 434b-435b.
[0038] Negative power supply network 467b is connected to mask-share domain A 413a and mask-share domain B 413b at different locations of negative power supply network 467b. In particular in Figure 4C, mask-share domain A 413a is connected to negative power supply network 467b at a distance of dP3a 417a from power supply pad 434b when measured along the shortest path along negative power supply network 466b. Mask-share domain B 413b is connected to negative power supply network 467b at a distance of dP3b 417b from power supply pad 435b when measured along the shortest path along negative power supply network 467b. Mask-share domain A 413a is connected to negative power supply network 467b at a distance of dPmin3417c away from the location on negative power supply network 467b that mask-share domain B 413b is connected, when measured along the shortest path along negative power supply network 467b between mask-share domain A 413a and mask- share domain B 413b. [0039] Mask-share domain A 413a is physically spaced apart, as measure along the shortest path of negative power supply network 467b, from all of the circuitry of mask-share domain B 413b by the minimum distance of dPmin3417c in order to reduce the signal coupling via the negative power supply network 467b between nodes in mask-share domain A 413a and nodes in mask-share domain B 413b.
[0040] In an embodiment, when mask-share domain A 413a and mask-share domain B 413b are operated concurrently, because they share a common on-chip negative power-supply network 467b, it is possible that a significant amount of statistical information can be communicated between mask-share domain A 413a and mask-share domain B 413b that exceeds a preferred threshold. In other words, since mask-share domain A 413a and mask- share domain B 413b are both connected to negative power supply network 467b, coupling between mask-share domain A 413a and mask-share domain B 413b via negative power supply network 467b cannot be completely eliminated. Thus, a minimum distance of dPmin3 417c is selected to meet an information transfer goal. This goal may be, for example, the number of power-supply traces required (e.g., using differential power-analysis techniques) to reconstruct the unshared (i.e., original or unmasked) value. It should be understood that the selection of dPmin3417c may be based on the distance dP3a417aalong negative power supply network 467b from mask-share domain A 413a to power supply pad 434b, the distance dP3b417b along negatice power supply network 467b from mask-share domain B 413b to power supply pad 435b, or a combination of both.
[0041] The minimum distance of dPmin3 417c may be ensured in a variety of ways familiar to those skilled in the art of chip design, including by manual layout and/or automated place- and-route software. For example, in an embodiment, the minimum distance of dPmin3417c may be ensured by specifying minimum distance of dPmin3417c as a design rule enforced by automated place and route software and then checked by automated design rule checking software.
[0042] Figure 5 is an illustration of power supply coupling between mask-share domains. The left side of Figure 5 illustrates mask-share domain A circuitry 541a and mask-share domain B circuitry 541b. The right side of Figure 5 illustrates mask-share domain A circuitry 540a and mask-share domain B circuitry 540b.
[0043] On the left side of Figure 5, mask-share domain A circuitry 541a includes node ai. Mask-share domain B circuitry 541b includes node a2. Both mask-share domain A circuitry 541a and mask-share domain B circuitry 541b are connected to power supply network 571. The connections of mask-share domain A circuitry 541a and mask-share domain B circuitry 541b to power supply network 571 are separated, as measured along power supply network 571, by dc2c. In an embodiment, because mask-share domain A circuitry 541a and mask- share domain B circuitry 541b are not subject to a minimum distance rule between connections to power supply network 571, the connection of mask-share domain A 541a may be as close to the connection of mask-share domain B 541b as the integrated circuit manufacturing process allows. This minimum spacing results in a parasitic resistance of Rpi 576 between the power supplies of mask-share domain A circuitry 541a and mask-share domain B circuitry 541b, as illustrated in Figure 5.
[0044] On the right side of Figure 5, mask-share domain A circuitry 540a includes node ai. Mask-share domain B circuitry 540b includes node a2. Both mask-share domain A circuitry 540a and mask-share domain B circuitry 540b are connected to power supply network 570. The connections of mask-share domain A circuitry 540a and mask-share domain B circuitry 540b to power supply network 570 are separated, as measured along power supply network 570, by dpmin. In an embodiment, because mask-share domain A circuitry 540a and mask-share domain B540b circuitry are subject to a minimum distance rule between connections to power supply network 570, the connection of mask-share domain A circuitry 540a to the connection of mask-share domain B circuitry 540b may be no less than dpmin. This larger minimum distance results in a larger parasitic resistance of RP2 575 between the power supplies of mask-share domain A circuitry 540a and mask-share domain B circuitry 540b, as illustrated in Figure 5.
[0045] It should understood that since the resistance along a conductors is proportional to the distance along the conductor, when dpmin is selected to be much greater than dC2c (i.e., dpmin » dc2c), then the parasitic resistance RP2 575is much greater than the parasitic resistance Rpi 576 (i.e., RP2 » Rpi). The greater the resistance between the power supply connections of mask-share domains 540a-540b, the less information is transferred between mask-share domains 540a-540b via the power supply network 570.
[0046] Figure 6 is an illustration of an integrated circuit with multiple power supply domains. In Figure 6, integrated circuit 600 includes active circuitry 605. Active circuitry 605 includes at least mask-share domain A 611a and mask-share domain B 611b. Mask- share domain A 611a is connected to power supply network 665a-665b. Positive power supply network 665a receives a positive supply voltage V+ via power supply pad 617a. Negative power supply network 665b receives a negative supply voltage (or ground) V- via power supply pad 617b. Mask-share domain B 611b is connected to power supply network 666a-666b. Positive power supply network 666a receives a positive supply voltage V+ via power supply pad 618a. Negative power supply network 666b receives a negative supply voltage (or ground) V- via power supply pad 618b. Thus, mask-share domain 611a and mask- share domain B 61 lb are connected to different on-chip power-supply domains. This separation of power supply domains (e.g., that are supplied by different external connection power supply pad sets 617a-617b, 618a-618b) reduces information transfer between mask- share domain 611a and mask-share domain B 61 lb via an on-chip power supply network. [0047] In an embodiment, power supply network 665a-665b and power supply network 666a-666b may be connected to on-chip bypassing. Power supply network 665a-665b and power supply network 666a-666b may be connected to different, unconnected, on-chip bypassing (not shown in Figure 6). Additionally, in Figure 6, power supply network 665a- 665b and power supply network 666a-666b are shown connected to the same number of power supply pad sets 617a-617b, 618a-618b. However, this is merely an example. Power supply network 665a-665b and power supply network 666a-666b may be connected to different numbers of power supply pad sets 617a-617b, 618a-618b. Additionally, in an embodiment, mask-share domain 611a and mask-share domain B 61 lb may utilize different sets of interconnect layers internally to mask-share domain A 61 la and mask-share domain B 611b. For example, the interconnect for mask-share domain A might principally use first and second layer metal (a.k.a, “metal 1” and “metal 2”) while the interconnect for mask- share domain B might principally use the first and third metal layers (i.e., “metal 1” and “metal 3”). By using substantially different interconnect layers, the parasitic cross-coupling of signals within the two mask-share domains will be different, and the coupling between the two domains will be reduced. By the use of each of these three approaches (on-chip bypassing, different number of power-supply pads, and different metal layers), the amount of statistical information communicated between mask-share domain A and mask-share domain B can be reduced below a selected threshold.
[0048] Figure 7 is an illustration of cross-coupling between mask-share domains that are in different power supply domains. In Figure 7, mask-share domain A circuitry 740a includes node ai. Mask-share domain B circuitry 740b includes node a2. Mask-share domain A circuitry 740a is connected to power supply network 765. Power supply network 765 is connected to an external power supply via pad 717. Mask-share domain B circuitry 740b is connected to power supply network 766. Power supply network 766 is connected to an external power supply via pad 718. Power supply network 765 and power supply network 766 are not connected to each other via an on-chip connection. [0049] In an embodiment, mask-share domain A circuitry 740a and mask-share domain B circuitry 740b are subject to a minimum distance rule of dmin between mask-share domains. Thus, node ai of mask-share domain A circuitry 740a may only be as close to node a2 of mask-share domain B circuitry 740b as dmin. This minimum spacing results in a parasitic capacitance between node ai and node a2 of CP3 750 as illustrated in Figure 7. Since the capacitance between two conductors is inversely proportional to the distance between the conductors, dmin may be problematically selected such that, when mask-share domain A and mask-share domain B are operated concurrently, the amount of electromagnetic cross coupling between mask-share domain A and mask-share domain B transfers an amount of statistical information between mask-share domain A and mask-share domain B that exceeds a selected threshold. In other words, since cross-coupling between mask-share domain A and mask-share domain B cannot be completely eliminated, minimum distance of dmin may be selected to meet an information transfer goal. This goal may be, for example, the number of power-supply traces required (e.g., using differential power-analysis techniques) to reconstruct the unshared (i.e., original or unmasked) value.
[0050] Figure 8 is a flowchart illustrating a method of reducing information leakage between mask-share domains. The steps illustrated in Figure 8 may be performed during the design of one or more of integrated circuit 100, masked computation system 200, masked share domain A circuitry 340a, masked share domain B circuitry 340b, integrated circuit 400, integrated circuit 401, integrated circuit 402, masked share domain A circuitry 540a, masked share domain B circuitry 540b, integrated circuit 600, masked share domain A circuitry 740a, masked share domain B circuitry 440b, and/or their components. A first circuit description associated with first mask-share domain circuitry is received (802). For example, design rule checking software may receive a circuit description of masked share domain A 111a.
[0051] A second circuit description associated with second mask-share domain circuitry is received (804). For example, the design rule checking software may receive a circuit description of masked share domain B 111b. An indicator of a minimum spacing between circuit elements of the first mask-share domain circuitry and the second mask domain circuitry is received (806). For example, the design rule checking software may receive an indicator of dmin 115.
[0052] A rule is applied to ensure the minimum spacing between the circuit elements of the first mask-share domain circuitry and the second mask domain circuitry (808). For example, the design rule checking software may compute the minimum distance between all of the elements of masked share domain A 11 la and all of the elements of masked share domain B 111b. If any of those computed distances is less than dmin 115, the design rule checking software may report a violation of the minimum spacing design rule.
[0053] Figure 9 is a flowchart illustrating a method of reducing information leakage between mask-share domains via a common power supply network. The steps illustrated in Figure 9 may be performed during the design of one or more of integrated circuit 100, masked computation system 200, masked share domain A circuitry 340a, masked share domain B circuitry 340b, integrated circuit 400, integrated circuit 401, integrated circuit 402, masked share domain A circuitry 540a, masked share domain B circuitry 540b, integrated circuit 600, masked share domain A circuitry 740a, masked share domain B circuitry 740b, and/or their components. A first circuit description associated with first mask-share domain circuitry that is to receive power from a power supply network is received (902). For example, design rule checking software may receive a circuit description of masked share domain A 41 la.
[0054] A second circuit description associated with second mask-share domain circuitry that is to receive power from the power supply network is received (904). For example, the design rule checking software may receive a circuit description of masked share domain B 411b. An indicator of a minimum distance, along the power supply network, between circuit elements of the first mask-share domain circuitry and the second mask domain circuitry is received (906). For example, the design rule checking software may receive an indicator of dpmin 415.
[0055] A rule is applied to ensure the minimum distance, along the power supply network, between the circuit elements of the first mask-share domain circuitry and the second mask domain circuitry (908). For example, the design rule checking software may compute the minimum distance, along power supply network 465a-465b, between all of the elements of masked share domain A 411a and all of the elements of masked share domain B 411b. If any of those computed distances is less than dpmin 415, the design rule checking software may report a violation of the minimum distance design rule.
[0056] The methods, systems and devices described above may be implemented in computer systems, or stored by computer systems. The methods described above may also be stored on a non-transitory computer readable medium. Devices, circuits, and systems described herein may be implemented using computer-aided design tools available in the art, and embodied by computer-readable files containing software descriptions of such circuits. This includes, but is not limited to one or more elements of integrated circuit 100, masked computation system 200, masked share domain A circuitry 340a, masked share domain B circuitry 340b, integrated circuit 400, integrated circuit 401, integrated circuit 402, masked share domain A circuitry 540a, masked share domain B circuitry 540b, integrated circuit 600, masked share domain A circuitry 740a, and/or masked share domain B circuitry 740b, and their components. These software descriptions may be: behavioral, register transfer, logic component, transistor, and layout geometry-level descriptions. Moreover, the software descriptions may be stored on storage media or communicated by carrier waves.
[0057] Data formats in which such descriptions may be implemented include, but are not limited to: formats supporting behavioral languages like C, formats supporting register transfer level (RTL) languages like Verilog and VHDL, formats supporting geometry description languages (such as GDSII, GDSIII, GDSIV, CIF, and MEBES), and other suitable formats and languages. Moreover, data transfers of such files on machine-readable media may be done electronically over the diverse media on the Internet or, for example, via email. Note that physical files may be implemented on machine-readable media such as: 4 mm magnetic tape, 8 mm magnetic tape, 3-1/2 inch floppy media, CDs, DVDs, and so on. [0058] Figure 10 is a block diagram illustrating one embodiment of a processing system 1000 for including, processing, or generating, a representation of a circuit component 1020. Processing system 1000 includes one or more processors 1002, a memory 1004, and one or more communications devices 1006. Processors 1002, memory 1004, and communications devices 1006 communicate using any suitable type, number, and/or configuration of wired and/or wireless connections 1008.
[0059] Processors 1002 execute instructions of one or more processes 1012 stored in a memory 1004 to process and/or generate circuit component 1020 responsive to user inputs 1014 and parameters 1016. Processes 1012 may be any suitable electronic design automation (EDA) tool or portion thereof used to design, simulate, analyze, and/or verify electronic circuitry and/or generate photomasks for electronic circuitry. Representation 1020 includes data that describes all or portions ofmtegrated circuit 100, masked computation system 200, masked share domain A circuitry 340a, masked share domain B circuitry 340b, integrated circuit 400, integrated circuit 401, integrated circuit 402, masked share domain A circuitry 540a, masked share domain B circuitry 540b, integrated circuit 600, masked share domain A circuitry 740a, and/or masked share domain B circuitry 740b and their components, as shown in the Figures.
[0060] Representation 1020 may include one or more of behavioral, register transfer, logic component, transistor, and layout geometry-level descriptions. Moreover, representation 1020 may be stored on storage media or communicated by carrier waves. [0061] Data formats in which representation 1020 may be implemented include, but are not limited to: formats supporting behavioral languages like C, formats supporting register transfer level (RTL) languages like Verilog and VHDL, formats supporting geometry description languages (such as GDSII, GDSIII, GDSIV, CIF, and MEBES), and other suitable formats and languages. Moreover, data transfers of such files on machine-readable media may be done electronically over the diverse media on the Internet or, for example, via email
[0062] User inputs 1014 may comprise input parameters from a keyboard, mouse, voice recognition interface, microphone and speakers, graphical display, touch screen, or other type of user interface device. This user interface may be distributed among multiple interface devices. Parameters 1016 may include specifications and/or characteristics that are input to help define representation 1020. For example, parameters 1016 may include information that defines device types (e.g., NFET, PFET, etc.), topology (e.g., block diagrams, circuit descriptions, schematics, etc.), and/or device descriptions (e.g., device properties, device dimensions, power supply voltages, simulation temperatures, simulation models, etc.).
[0063] Memory 1004 includes any suitable type, number, and/or configuration of non- transitory computer-readable storage media that stores processes 1012, user inputs 1014, parameters 1016, and circuit component 1020.
[0064] Communications devices 1006 include any suitable type, number, and/or configuration of wired and/or wireless devices that transmit information from processing system 1000 to another processing or storage system (not shown) and/or receive information from another processing or storage system (not shown). For example, communications devices 1006 may transmit circuit component 1020 to another system. Communications devices 1006 may receive processes 1012, user inputs 1014, parameters 1016, and/or circuit component 1020 and cause processes 1012, user inputs 1014, parameters 1016, and/or circuit component 1020 to be stored in memory 1004.
[0065] Implementations discussed herein include, but are not limited to, the following examples:
[0066] Example 1 : An integrated circuit, comprising: first circuitry that implements a masked computation from a first masked data representation; second circuitry that implements the masked computation for a second masked data representation, wherein non- random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation; and, the first circuitry and the second circuitry physically separated by at least a first minimum distance.
[0067] Example 2: The integrated circuit of example 1, wherein the first minimum distance results, when the first circuitry and the second circuitry are operated concurrently, in a first cross-coupling, between the first circuitry and the second circuitry, that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
[0068] Example 3: The integrated circuit of example 1, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
[0069] Example 4: The integrated circuit of example 1, wherein the unmasked data representation is obtained using at least an arithmetic sum of first masked data representation and the second masked data representation.
[0070] Example 5: The integrated circuit of example 1, wherein the first circuitry is powered by a first power supply network on the integrated circuit, the second circuitry is powered by a second power supply network on the integrated circuit, and the first power supply network and the second power supply network are physically separated by at least a second minimum distance, the second minimum distance resulting in coupling between the first power supply network and the second power supply network that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
[0071] Example 6: The integrated circuit of example 1, wherein the first circuitry and the second circuitry share a power supply network on the integrated circuit.
[0072] Example 7: The integrated circuit of example 6, wherein a first shortest distance along the power supply network from the first circuitry to the second circuitry is a least a second minimum distance.
[0073] Example 8: An integrated circuit, comprising: first circuitry that implements a masked computation from a first masked data representation; second circuitry that implements the masked computation for a second masked data representation, wherein non- random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation; and, the first circuitry and the second circuitry sharing a power supply network on the integrated circuit, a first shortest distance along the power supply network from the first circuitry to the second circuitry being a least a first minimum distance.
[0074] Example 9: The integrated circuit of example 8, wherein the first minimum distance results, when the first circuitry and the second circuitry are operated concurrently, in a first coupling, between the first circuitry and the second circuitry via the power supply network, that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
[0075] Example 10: The integrated circuit of example 8, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
[0076] Example 11 : The integrated circuit of example 8, wherein the unmasked data representation is obtained using at least an arithmetic sum of first masked data representation and the second masked data representation.
[0077] Example 12: The integrated circuit of example 8, wherein the power supply network is connected to a first off-chip power supply connection pad set and a second off- chip power supply connection pad set, the first off-chip power supply connection pad set being a first distance along the power supply network from the first circuitry, the second off- chip power supply connection pad set being a second distance along the power supply network from the second circuitry.
[0078] Example 13: The integrated circuit of example 12, wherein the first distance and the second distance are less than the first shortest distance.
[0079] Example 14: The integrated circuit of example 12, wherein the first off-chip power supply connection pad set is a third distance along the power supply network from second power supply and the first distance and the second distance are less than the third distance.
[0080] Example 15. An integrated circuit, comprising: first circuitry, powered by a first power supply network on the integrated circuit, that implements a masked computation from a first masked data representation; and, second circuitry, powered by a second power supply network on the integrated circuit, that implements the masked computation for a second masked data representation, wherein non-random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation. [0081] Example 16: The integrated circuit of example 15, wherein the first circuitry and the second circuitry are physically separated by at least a first minimum distance.
[0082] Example 17: The integrated circuit of example 16, wherein the first power supply network is connected to a first off-chip power supply connection pad set and the second power supply network is connected a second off-chip power supply connection pad set, the first off-chip power supply connection pad set being a first distance along the first power supply network from the first circuitry, the second off-chip power supply connection pad set being a second distance along the second power supply network from the second circuitry, the first distance and the second distance being less than the first minimum distance.
[0083] Example 18: The integrated circuit of example 15, wherein the first power supply network and the second power supply network are physically separated by at least a first minimum distance, the first minimum distance resulting in coupling between the first power supply network and the second power supply network that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
[0084] Example 19: The integrated circuit of example 15, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
[0085] Example 20: The integrated circuit of example 15, wherein the unmasked data representation is obtained using at least an arithmetic sum of first masked data representation and the second masked data representation.
[0086] The foregoing description of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed, and other modifications and variations may be possible in light of the above teachings. The embodiment was chosen and described in order to best explain the principles of the invention and its practical application to thereby enable others skilled in the art to best utilize the invention in various embodiments and various modifications as are suited to the particular use contemplated. It is intended that the appended claims be construed to include other alternative embodiments of the invention except insofar as limited by the prior art.

Claims

CLAIMS What is claimed is:
1. An integrated circuit, comprising: first circuitry that implements a masked computation from a first masked data representation; second circuitry that implements the masked computation for a second masked data representation, wherein non-random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation; and, the first circuitry and the second circuitry physically separated by at least a first minimum distance.
2. The integrated circuit of claim 1, wherein the first minimum distance results, when the first circuitry and the second circuitry are operated concurrently, in a first cross-coupling, between the first circuitry and the second circuitry, that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
3. The integrated circuit of claim 1, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
4. The integrated circuit of claim 1, wherein the unmasked data representation is obtained using at least one of an arithmetic mapping, multiplicative mapping, and affine mapping.
5. The integrated circuit of claim 1, wherein the first circuitry is powered by a first power supply network on the integrated circuit, the second circuitry is powered by a second power supply network on the integrated circuit, and the first power supply network and the second power supply network are physically separated by at least a second minimum distance, the second minimum distance resulting in coupling between the first power supply network and the second power supply network that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
6. The integrated circuit of claim 1, wherein the first circuitry and the second circuitry share a power supply network on the integrated circuit.
7. The integrated circuit of claim 6, wherein a first shortest distance along the power supply network from the first circuitry to the second circuitry is a least a second minimum distance.
8. An integrated circuit, comprising: first circuitry that implements a masked computation from a first masked data representation; second circuitry that implements the masked computation for a second masked data representation, wherein non-random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation; and, the first circuitry and the second circuitry sharing a power supply network on the integrated circuit, a first shortest distance along the power supply network from the first circuitry to the second circuitry being a least a first minimum distance.
9. The integrated circuit of claim 8, wherein the first minimum distance results, when the first circuitry and the second circuitry are operated concurrently, in a first coupling, between the first circuitry and the second circuitry via the power supply network, that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
10. The integrated circuit of claim 8, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
11. The integrated circuit of claim 8, wherein the unmasked data representation is obtained using at least an arithmetic sum of first masked data representation and the second masked data representation.
12. The integrated circuit of claim 8, wherein the power supply network is connected to a first off-chip power supply connection pad set and a second off-chip power supply connection pad set, the first off-chip power supply connection pad set being a first distance along the power supply network from the first circuitry, the second off-chip power supply connection pad set being a second distance along the power supply network from the second circuitry.
13. The integrated circuit of claim 12, wherein the first distance and the second distance are less than the first shortest distance.
14. The integrated circuit of claim 12, wherein the first off-chip power supply connection pad set is a third distance along the power supply network from second power supply and the first distance and the second distance are less than the third distance.
15. An integrated circuit, comprising: first circuitry, powered by a first power supply network on the integrated circuit, that implements a masked computation from a first masked data representation; and, second circuitry, powered by a second power supply network on the integrated circuit, that implements the masked computation for a second masked data representation, wherein non-random statistical information about an unmasked data representation used to derive the first masked data representation and the second masked data representation is unavailable from a proper subset of the first masked data representation and the second masked data representation.
16. The integrated circuit of claim 15, wherein the first circuitry and the second circuitry are physically separated by at least a first minimum distance.
17. The integrated circuit of claim 16, wherein the first power supply network is connected to a first off-chip power supply connection pad set and the second power supply network is connected a second off-chip power supply connection pad set, the first off-chip power supply connection pad set being a first distance along the first power supply network from the first circuitry, the second off-chip power supply connection pad set being a second distance along the second power supply network from the second circuitry, the first distance and the second distance being less than the first minimum distance.
18. The integrated circuit of claim 15, wherein the first power supply network and the second power supply network are physically separated by at least a first minimum distance, the first minimum distance resulting in coupling between the first power supply network and the second power supply network that transfers an amount of statistical information between the first circuitry and the second circuitry that is below a selected threshold.
19. The integrated circuit of claim 15, wherein the unmasked data representation is obtained using at least a bitwise exclusive-OR of first masked data representation and the second masked data representation.
20. The integrated circuit of claim 15, wherein the unmasked data representation is obtained using at least an arithmetic sum of first masked data representation and the second masked data representation.
PCT/US2020/062553 2019-12-10 2020-11-30 Share domain arrangements for masked hardware implementations WO2021118816A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/780,428 US20230016420A1 (en) 2019-12-10 2020-11-30 Share domain arrangements for masked hardware implementations

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201962946133P 2019-12-10 2019-12-10
US62/946,133 2019-12-10

Publications (1)

Publication Number Publication Date
WO2021118816A1 true WO2021118816A1 (en) 2021-06-17

Family

ID=76330726

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2020/062553 WO2021118816A1 (en) 2019-12-10 2020-11-30 Share domain arrangements for masked hardware implementations

Country Status (2)

Country Link
US (1) US20230016420A1 (en)
WO (1) WO2021118816A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023107285A1 (en) * 2021-12-07 2023-06-15 Cryptography Research, Inc. Low-latency multi-domain masking

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110261953A1 (en) * 2008-02-25 2011-10-27 Institut Telecom-Telecom Paris Tech Method for testing cryptographic circuits, secured cryptographic circuit capable of being tested, and method for wiring such circuit
US20140006797A1 (en) * 2012-06-28 2014-01-02 Honeywell International Inc. Memory authentication with redundant encryption
US20160148680A1 (en) * 2014-11-21 2016-05-26 Panasonic intellectual property Management co., Ltd Tamper-resistant non-volatile memory device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AT502230A2 (en) * 2005-07-26 2007-02-15 Univ Graz Tech METHOD AND CIRCUIT FOR THE PERFORMANCE OF REFERENCE OPERATIONS
WO2010011399A2 (en) * 2008-05-14 2010-01-28 Arizona Board Of Regents For And On Behalf Of Arizona State University Methods and circuits for thwarting semi-invasive and non-invasive integrated circuit security attacks
US9143325B2 (en) * 2012-12-14 2015-09-22 Microsoft Technology Licensing, Llc Masking with shared random bits
DE102018113475A1 (en) * 2018-06-06 2019-12-12 Infineon Technologies Ag READY TO CALCULATE WITH MASKED DATA

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110261953A1 (en) * 2008-02-25 2011-10-27 Institut Telecom-Telecom Paris Tech Method for testing cryptographic circuits, secured cryptographic circuit capable of being tested, and method for wiring such circuit
US20140006797A1 (en) * 2012-06-28 2014-01-02 Honeywell International Inc. Memory authentication with redundant encryption
US20160148680A1 (en) * 2014-11-21 2016-05-26 Panasonic intellectual property Management co., Ltd Tamper-resistant non-volatile memory device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023107285A1 (en) * 2021-12-07 2023-06-15 Cryptography Research, Inc. Low-latency multi-domain masking

Also Published As

Publication number Publication date
US20230016420A1 (en) 2023-01-19

Similar Documents

Publication Publication Date Title
US7367003B2 (en) System and method for verifying trace lengths and trace spaces in a circuit
US11677571B2 (en) Backside security shield
US6279142B1 (en) Method of on-chip interconnect design
Chen et al. Chip-level anti-reverse engineering using transformable interconnects
US9984192B2 (en) Cell having shifted boundary and boundary-shift scheme
WO2021118816A1 (en) Share domain arrangements for masked hardware implementations
US9722643B2 (en) Enhanced echo cancellation in full-duplex communication
Song et al. Full-chip signal integrity analysis and optimization of 3-D ICs
Tsukioka et al. A fast side-channel leakage simulation technique based on IC chip power modeling
US6901570B2 (en) Method of generating optimum skew corners for a compact device model
Lin et al. Traffic-balanced routing algorithm for irregular mesh-based on-chip networks
US20020188892A1 (en) Method and apparatus for online detection and correction of faults affecting system-on-chip buses
US7917883B2 (en) Method for incorporating pattern dependent effects in circuit simulations
US10360331B2 (en) Scoped simulation for electrostatic discharge protection verification
Park et al. Scalable transformer network-based reinforcement learning method for PSIJ optimization in HBM
CN106897504B (en) Method for developing IP module to form parameterized unit
Shirmohammadi et al. DR: Overhead efficient RLC crosstalk avoidance code
Chun et al. MDSI: Signal integrity interconnect fault modeling and testing for SOCs
US6078085A (en) Semiconductor integrated circuit and layout apparatus in which guard-ring is interposed between input-output circuits
Palit et al. Crosstalk fault modeling in defective pair of interconnects
Niknahad et al. QFDR-an integration of Quadded Logic for modern FPGAs to tolerate high radiation effect rates
US12021577B1 (en) Serial communication link driver circuit with switchable shunt circuit
Monta et al. On the Unpredictability of SPICE Simulations for Side-Channel Leakage Verification of Masked Cryptographic Circuits
US20050055652A1 (en) Method for checking an IC layout
US11455455B1 (en) 3D coupling control rules for auto-routing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20898462

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20898462

Country of ref document: EP

Kind code of ref document: A1