Subthreshold Circuit Designing and Implementation ...

Available online at www.sciencedirect.com

ScienceDirect Procedia Computer Science 79 (2016) 597 – 602

7th International Conference on Communication, Computing and Virtualization 2016

Subthreshold Circuit Designing and Implementation of Finite Field Multiplier for Cryptography Application Praveen Singha, Vaibhav Neemab*, Shreeniwas Daulatabadc, Ambika Prasad Shahd a,b,d

Electronics & Telecommunication Engineering Department, IET-Devi Ahilya University, Indore 452017, India c Electrical Engineering Department, Indian Institute of Technology, Bombay 400076, India

Abstract Ultra-low power has emerged as a principal theme in today’s electronics industry. The need for low power has caused a major paradigm shift where power dissipation has become as important consideration as performance and area. The sub-threshold region has made this logic an excellent choice, because power consumption is much lower due to the exponential decay of the active drain current. Along with low power consumption, security is another compelling requirement for some applications. Power analysis attack is a serious threat to devices with secret information inside. Under power analysis attack, attacker observes transmitted power of transmitter and can hack the secret information of the system. This paper presents the design and implementation of secure system under subthreshold condition, so that secure system is well cure from power analysis attack. Here in this paper we presented designing and implementation of finite field multiplier for cryptography applications. Finite field multiplier is the key component for implementing cryptographic operation. By developing standard subthreshold cell libraries of 6 elements, 4 bit digit-level finite field multiplier is implemented to operate in the subthreshold region. The power consumption of the subthreshold multiplier is 38nW, the speed of the multiplier is 250 KHz and energy per operation 0.6pJ at supply voltage 0.2V is calculated. All circuits are simulated using Tanner EDA tool at 70nm technology node. © 2016 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license © 2016 The Authors. Published by Elsevier B.V. (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-reviewunder underresponsibility responsibility Organizing Committee of ICCCV Peer-review ofof thethe Organizing Committee of ICCCV 20162016. Keywords: Power analysis attack; Subthreshold; Cryptography; Finite field multiplier

* Corresponding author. Tel.: +91-9425909092; fax: +91-731-2764385. E-mail address: [email protected]

1877-0509 © 2016 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the Organizing Committee of ICCCV 2016 doi:10.1016/j.procs.2016.03.075

598

Praveen Singh et al. / Procedia Computer Science 79 (2016) 597 – 602

1. Introduction In this era of information technology, most of the confidential data and secret information is being exchanged by electronic media. The advantage of using electronic media for transferring confidential information is that, electronic devices or components provide a high level of security, confidentiality and integrity to the data to be transmitted. However, these cryptographic electronic devices are also under the threat of an attack at the hardware level, rather than at software (algorithm) level only. These attacks are known as power analysis attack, power analysis attacks utilizing the power measurement of circuits were published in 1999 [1]. These attacks exploit the secret information of cryptographic devices by observing physical characteristics of the device, such as power consumption [1], electromagnetic radiation [2] and running time [3]. Power analysis attacks such as differential power analysis (DPA) [4, 5] and correlation power analysis (CPA) [6, 7] are an important type of side channel analysis attack. Instantaneous power consumption of a cryptographic device is recorded during its operation and subsequent analysis may reveal the secret information by exploiting the dependency of power consumption on the handled data within the device. In general the attacker does not need to know detailed information about the implementation of the cryptographic device in order to launch the attack. Hence, their capability to perform a non-invasive attack with minimum equipment and implementation knowledge has made them a serious threat for cryptographic devices. 1.1. Finite Field Multiplier A low complexity VLSI array of versatile multiplier in normal basis over GF (2 n) was proposed [8]. Three main advantages accrue from the proposed pipelined versatile multiplier. First, the finite field parameters can be changed according to the application environments. It increases the flexibility to use the same multiplier for different applications. Secondly, the structure of the multiplier can be easily extended to higher-order finite fields. Thirdly, the basic architecture of the proposed multiplier can be modified to a low-cost multiplier which is very suitable for both embedded systems and wireless devices with restricted hardware resources. Moreover, the structure of the multiplier has the properties of modularity, simplicity, regular interconnection. The proposed versatile multiplier can be efficiently used in public-key cryptosystems, such as elliptic curve cryptography; and the digital signal processing. 1.2. Subthreshold Circuit Design In the mid 1990’s, power consumption limitations especially for portable devices started a new era for VLSI Circuit designing is sub-threshold circuit design. In subthreshold circuit designing all the transistors operate in subthreshold region. Where in subthreshold region applied power supply voltage is less than the threshold voltage of the MOS transistor ensures circuit functionality. The active drain current of an MOS transistors shows exponential dependence on the gate voltage in the sub-threshold region. But in Linear or saturation region of operation the dependence of drain current of MOS transistor is linear/quadratic, also known as strong inversion. This exponential decay of drain current with the gate voltage is the key factor for ultra-low power VLSI Circuit designing because of large reduction in power consumption; however, it also degrades the performance of the circuits. Some examples of research applications of sub-threshold include RFID [9], wireless sensor networks, biomedical implantable devices [10], and others [11] [12]. Security is a compelling requirement for most applications in which sub-threshold operation is necessary. A crypto-processor is a common component in many devices. Thus it is important to secure the secret key of crypto-processors against power analysis attacks. However, side channel analysis of this logic scheme is generally an unexplored aspect. The main objective of this work is to implement finite field multiplier for cryptography application at subthreshold region of operation using 70 nm technology node. 2. Simulation Setup To avoid power attack at cryptography application we implemented the finite field multiplier at subthreshold region of operation. Before implementation of finite field multiplier we developed standard cell libraries of Inverter, 2 input NAND Gate, 3 input NAND Gate, 3 input AND Gate , 2 input XOR gate , data flip flop and 4 bit

599

Praveen Singh et al. / Procedia Computer Science 79 (2016) 597 – 602

shift register in subthreshold region, and identify the minimum energy point, aspect ratio, frequency range and operating voltage for CMOS standard cells. Along with this a ring oscillator of stage 7 is also implemented at 70 nm technology node to characterize complete architecture of multiplier. 2.1. Designing of Standard cell library This section describes the design of various digital logic cells in subthreshold region. All the logic cells are verified for their performance characteristics. One of the primary reasons to form a standard cell library is to use these cells as basic building blocks for finite field multiplier. The standard cell library is created which consists of 6 CMOS logic circuits. First, a seven-stage ring oscillator is used as a test circuit for the inverter, NAND and NOR gates. The ring oscillator test circuit is shown in Fig.1. The inverter is initially simulated for optimal sizing, i.e., the “ideal” aspect ratio (ratio of PMOS to NMOS width) at which the charging and discharging currents are equal and a symmetrical output is observed. The minimum energy point is the voltage at which the energy of the circuit is minimum and the lowest supply voltages at which the circuit can be operated are shown in table 1 and fig. 2.

Fig. 1: Ring oscillator test circuit

Simulation results for AND3 , XOR2, NAND2, NAND3 and 2X1 Multiplexer power dissipation and delay with various supply voltage rang from 0.2V to 1V are calculated. As supply voltage reduces below threshold voltage (Subthreshold region) due exponential reduction in active drain current power dissipation drastically reduces. Subthreshold leakage current Isub is given by [15]:

‫ܫ‬௦௨௕ ൌ

ௐ ௅

ߤ‫ܥ‬௢௫ ்ܸଶ ቆ݁

ೇ೒ೞ షೇ೟೓ శആೇ೏ೞ ೙ೇ೅

ቇ ቆͳ െ ݁

షೇ೏ೞ ೇ೅

ቇ

(1)

Where W and L denote the transistor width and length, μ denotes the carrier mobility, VT = kT/q is the thermal voltage at temperature T, Vth threshold voltage, Cox = oxide capacitance per unit area, η is the drain-induced barrier lowering (DIBL) coefficient and n is the slope shape factor.

Fig. 2: Effect of supply voltage variation for ring oscillator (a) on power dissipation and energy per operation (b) Delay

3. Finite Field Multiplier As mentioned in introduction part of this paper, subthreshold region of operation for MOS transistors are beneficial

600

Praveen Singh et al. / Procedia Computer Science 79 (2016) 597 – 602

in terms of power dissipation, hence if finite field multiplier is designed at subthreshold region then cryptography architecture can be protected from power analysis attack. The architecture design of finite field multiplier is shown in Fig. 3(a). The basic cells in the structure are 3-input AND gates and 2-input XOR gates, inverter, NAND, DFF and Multiplexer. We use the 3-input AND gates to compute ai bj λ(n−1) i, j in the X-Y dimension, and compute the sum of ai bj λ(n−1) i, j by a binary tree structure of 2-input XOR gates in the Z dimension. The 4 bit architecture requires sixteen 3-input AND gates and eight 2-input XOR gates, the time delay for generating one bit of the product is TAND3 + (20log2n)TXOR, where TAND3 is the time delay of a 3-input AND gate and TXOR is the time delay of a 2-input XOR gate. We can get all bits of the product by cyclically shifting the input coefficients of a and b. As the irreducible polynomial is not changed frequently as the multiplicands, we can store the elements of the matrix λ(n−1) in the registers once the irreducible polynomial has been decided.

Fig. 3: (a) Architecture design of Finite Field multiplier (b) Implementation of Finite field multiplier.

The implementation of finite field multiplier architecture is shown in Fig. 3(b). In the first 4 clock cycles, the coefficients of a and b are fed sequentially, in the following 4 clock cycles, we will get the result of the product by cyclically shifting the registers which store the original coefficients of a and b. Simulation result of finite field

601

Praveen Singh et al. / Procedia Computer Science 79 (2016) 597 – 602

multiplier is shown in Fig. 4. As shown in Fig. 4 first waveform signal is clock signal and second waveform signal is load signal as this load make transition from high to low, waveform signal 3,4,5 and 6 are 4 bit output multiplied signal received after cyclically shifting on 4 clock continuous clock event.

Fig. 4: Output waveform of Finite Field Multiplier.

4. Result and Conclusion In this paper, the architecture for finite field multiplier under subthreshold condition is implemented. As shown in Table 1 the simulation results of finite field multiplier where the range of supply voltage changing from 0.1v to 0.3v. The threshold voltage for NMOS and PMOS are 0.2V and -0.22V respectively. Under subthreshold voltage condition means power supply is less then threshold voltage, proposed multiplier is working well, energy per operation is 1.17pJ and power dissipation of multiplier is only 72.94nW. Due to very small power dissipation and energy per operation proposed multiplier architecture is well suited for cryptography application and this will resist from power analysis attack by the hackers. Table 1: Performance matrix of Ring Oscillator (RO) Test circuit and Finite Field Multiplier (FFM) Supply Voltage (Volt)

Power Dissipation (nW)

Delay (ns)

Energy per Operation (pJ )

RO

FFM

RO

FFM

RO

FFM

RO

FFM

0.1

0.1

0.39

14.21

764.23

3.49

0.30

0.23

0.2

0.15

7.46

24.90

92.36

3.11

0.69

0.40

0.3

0.16

96.35

27.33

15.08

3.07

1.45

0.44

0.4

0.17

635.52

29.85

4.02

3.04

2.56

0.48

0.5

0.18

2189.00

32.47

1.82

3.01

3.98

0.52

0.6

0.19

5020.28

35.20

1.14

2.99

5.72

0.56

0.7

0.2

9227.98

38.10

0.84

2.97

7.75

0.61

0.8

0.25

14901.60

53.95

0.68

2.93

10.14

0.86

0.9

0.3

22127.68

72.94

0.58

2.91

12.83

1.17

1

1

30980.16

1.2

0.52

2.99

16.11

3.59

As shown in Fig. 5(a), there is trade-off between power dissipation and delay for multiplier, hence as we reduce supply voltage of the multiplier defiantly power dissipation start reducing but at the same time delay of the circuit

602

Praveen Singh et al. / Procedia Computer Science 79 (2016) 597 – 602

get increases. Hence, multiplier circuit performance will be slowdown under subthreshold condition. This limitation of delay degradation can be overcome by using pipelined architecture of multiplier, where two buffers can be introduce one at input side to collect data and one at output end to provide data parallel, hence this will improve overall throughput of finite field multiplier.

Fig. 5 : Finite Field Multiplier (under subthreshold condition) (a) Power and Delay Analysis (b) Energy per operation

Fig. 5(b) shows, energy per operation for finite field multiplier where clock frequency 250 KHz has been selected. It is clear from Fig. 5(b) that as supply voltage range is over threshold voltage energy per operation will be large and at 1V supply voltage huge energy per operation is required which is approximately 3.5μJ. References 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15.

Kocher P, Jaffe J, and Jun B. Differential Power Analysis. in Proc. of 19th InternationalAdvances in Cryptology Conference – CRYPTO ’99, 1999, pp. 388–397. Gandolfi K, Mourtel C, and Olivier F. Electromagnetic analysis: concrete results. Proc. Of Cryptographic Hardware and Embedded Systems. Lecture Notes in Computer Science, vol. 2162,2001, pp. 251–261. Kocher P. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. Proc. of CRYPTO '96, vol. LNCS 1109, 1996, pp. 104-113. Akkar M L, Evan R B, Dischamp P, and Moyart D. Power analysis, what is now possible. Advances in Cryptology — ASIACRYPT, LNCS 1976, pp. 489–502, Springer-Verlag, 2000. evan R B´ and Knudsen R. Ways to enhance differential power analysis. Information Security and Cryptology, vol. LNCS 2587, pp. 327– 342, Springer-Verlag, 2002. Brier E, Clavier C, and Olivier F. Correlation power analysis with a leakage model. Cryptographic Hardware and Embedded Systems, vol. 3156 of Lecture Notes in ComputerScience, pp. 16–29, Springer-Verlag, 2004. Li H, Wu K, Peng B, Zhang Y, Zheng X, Yu F. Enhanced Correlation Power Analysis Attack on Smart Card.9th International Conference for Young Computer Scientists, 2008, pp.2143-2148. Hua Li-Chang Nian Zhang. Low Complexity Versatile Finite Multiplier in Normal Basis. BURASIP Journal on Applied Signal Processing 2002:9, 954-960 Hocquet C, Bol D, Kamel D, Legat J-D. Assessment of 65 nm subthreshold logic for smart RFID applications. Proc. FTFC, 2009. Kwong J, Ramadass Y K, Verma N, Chandrakasan A P. A 65 nm sub-Vt microcontroller with integrated SRAM and switched capacitor DCDC converter. IEEE J. of Solid-State Circuits, vol.44, no.1, pp.115-126, 2009. Bo Z, Pant S, Nazhandali L, Hanson S, Olson J, Reeves A, Minuth M, Helfand R, Austin T, Sylvester D, Blaauw D. Energy-Efficient Subthreshold Processor Design. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol.17, no.8, pp.1127-1137, 2009. Neema V, Chouhan S S, Tokekar S. Novel Circuit Technique for Reduction of Leakage Current in Series/Parallel PMOS/NMOS Transistors Stack. IETE Journal of Research, vol. 56, no. 6, 2010, pp.350-354. EEE standerd 1363-2000. IEEE standard specifications for public-key Cryptography, Jan 2000. Wang C C, Truong T K, Shao H M, Deutsch L J, Omura J K, and Reed I S. VLSI architecture for computing multiplications and inverses in GF(2m). IEEE Trans. On Computers vol.34, no. 8, pp. 709-716, 1985. H. Al-hertani, D. Al-Khalili and C. Rozon. UDSM Subthreshold Leakage Model for NMOS Transistor Stacks. Microelectronics Journals, Vol 39, no. 12, pp. 1809-1816, 2008.