Professional Documents
Culture Documents
SECURE IC APPLICATIONS
BACHELOR OF TECHNOLOGY
IN
ELECTRONIC AND COMMUNICATION ENGINEERING
By
1
Date: __________
CERTIFICATE
2
ACKNOWLEDGMENT
3
INDEX
ABSTRACT
1.1 INTRODUCTION
1.2 OBJECTIVE
9.1 SUMMARY
9.2 CONCLUSION
4
ABSTRACT
Every electronic device needs security, from the smallest RFID tags to the larger
hand held devices. Security is needed for financial, medical, consumer, automotive
applications and other applications. Small-embedded integrated circuits (ICs) such as smart
cards are vulnerable to the so-called side-channel attacks (SCAs). Side channel attacks are a
class of attacks that derive information from the integrated circuits, while it is in operation. The
attacker can gain information by monitoring the power consumption, execution time,
electromagnetic radiation, and other information leaked by the switching behavior of digital
on values of data and/or key show what they are doing. Simple timing or power attacks give
visual information on the circuit. This project presents a digital very large scale integrated
(VLSI) design flow to create secure power-analysis-attack-resistant ICs. The route cause for
this problem is that standard CMOS is power efficient and it will only consume dynamic
The idea is to create digital circuit styles that have a switching behavior independent of
the data or sequence of the data that they are processing. A logic style called “Wave Dynamic
Differential Logic (WDDL)” is used for the implementation of the basic logic gates which are
used in the cryptographic processors. The design flow starts from a normal design in a
hardware description language such as VHDL to the Side Channel Attack (SCA) resistant
layout.
5
Figure : WDDL: Pre-charge wave generation
6
CHAPTER 1 INTRODUCTION
AND OBJECTIVE
1.1 Introduction:
Small-embedded integrated circuits (ICs) such as smart cards are vulnerable to the so-
called side-channel attacks (SCAs). The attacker can gain information by monitoring the power
consumption, execution time, electromagnetic radiation, and other information leaked by the
project presents a digital very large scale integrated (VLSI) design flow to create secure power-
analysis-attack-resistant ICs.
The idea is to create digital circuit styles that have a switching behavior independent of
the data or sequence of the data that they are processing. A logic style called Wave Dynamic
Differential Logic (WDDL) is used for the implementation of the basic logic gates which are
used in the cryptographic processors. The design flow starts from a normal design in a
hardware description language such as VHDL to the Side Channel Attack (SCA) resistant
layout.
probing attacks, fault induction attack, timing attack, power analysis attack, electromagnetic
analysis attack, etc. One Side Channel Attack in particular, namely the Differential Power
Analysis (DPA), is of great concern. It is very effective in finding the secret key and can be
mounted quickly with off-the-shelf devices. The attack is based on the fact that logic
operations have power characteristics that depend on the input data. It relies on statistical
analysis to extract the information from the power consumption that is correlated to the secret
key. As the variations actually originate at the logic level, implementing the encryption and
decryption modules in a logic style, for which a logic gate has at all times constant power
7
consumption independently of signal transitions, removes the foundation of DPA and is an
8
CHAPTER 2 REVIEW
OF LITERATURE
A typical digital design flow for any IC is as follows: Design Entry (Specification,
verification, Backend (Floor Planning, Place and route, Layout), Tape Out to Foundry to get
the end product. All modern digital designs start with a designer writing a hardware description
VHDL program essentially describes the hardware (logic gates, Flip-Flops, counters etc), the
inter connect of the circuit blocks and the functionality. Various CAD tools are available to
regular steps in an IC design (logic design, logic synthesis, place & route,
stream out, and verifications), one can recognize two additional steps,
operations have been inserted in the back end of the flow and do not
interfere with the creative part of a design, indicated by the “logic design”
task.
9
Figure 2.1 Secure Digital Design Flow
During the cell substitution step, cells that are designed by any constant power logic style
replace the conventional CMOS gates. This ensures the security of the ICs against power
analysis attacks.
10
CHAPTER 3 HARDWARE DESCRIPTIVE
LANGUAGE (VHDL)
• Interoperability
• Technology independence
• Design reuse
• Several levels of abstraction
• Readability
• Standard language
• Widely supported
What is VHDL?
VHDL = VHSIC Hardware Description Language(VHSIC = Very High-Speed IC)
An alternative to schematics
Brief History:
• VHDL Was developed in the early 1980s for managing design problems that involved
large circuits and multiple teams of engineers.
11
• Funded by U.S. Department of Defence.
• The first publicly available version was released in 1985.
• In 1986 IEEE (Institute of Electrical and Electronics Engineers, Inc.) was presented
with a proposal to standardize the VHDL.
• In 1987 standardization => IEEE 1076-1987
• An improved version of the language was released in 1994 => IEEE standard1076-
1993.
Related Standards:
• IEEE 1076 doesn’t support simulation conditions such as unknown and high-
impedance.
• Soon after IEEE 1076-1987 was released, simulator companies began using their own,
non-standard types => VHDL was becoming a nonstandard.
• IEEE 1164 standard was developed by an IEEE.�IEEE 1164 contains definitions for a
nine-valued data type, std_logic.
• IEEE 1076.3 (Numeric or Synthesis Standard) defines data types as they relate to actual
hardware.
• Defines, e.g., two numeric types: signed and unsigned.
VHDL Environment:
12
Design Units:
Segments of VHDL code can be compiled separately and stored in a library.
Entities:
• A black box with interface definition.
• Defines the inputs/outputs of a component (define pins)
• A way to represent modularity in VHDL.
• Similar to symbol in schematic.
• Entity declaration describes entity.
E.g.:
Entity Comparator is
Port (A, B: in std_logic_vector (7 downto0) ;
EQ: out std_logic);
end Comparator;
13
Ports:
• Provide channels of communication between the component and its environment.
• Each port must have a name, direction and a type.
• An entity may have NO port declaration
Port directions:
• In: A value of a port can be read inside the component, but cannot be assigned.
Multiple reads of port are allowed.
• Out: Assignments can be made to a port, but data from a port cannot be read. Multiple
assignments are allowed.
• In out: Bi-directional, assignments can be made and data can be read. Multiple
assignments are allowed.
• Buffer: An out port with read capability. May have at most one assignment. (are not
recommended)
Architectures:
Configurations:
14
• Links entity declaration and architecture body together.
• Concept of default configuration is a bit messy in VHDL ‘87.
–Last architecture analyzed links to entity
• Can be used to change simulation behavior without re-analyzing the VHDL source.
• Complex configuration declarations are ignored in synthesis.
• Some entities can have, e.g.,gate level architecture and behavioral architecture.
• Are always optional.
Packages:
Packages contain information common to many design units.
1. Package declaration
Constant declarations
– Type and subtype declarations
– Function and procedure declarations
– Global signal declarations
– File declarations
– Component declarations
2. Package body
– Is not necessary needed
– Function bodies
– Procedure bodies
• Packages are meant for encapsuling data which can be shared globally among several design
units. These consist of declaration part and optional body part.
Package declaration can contain:
– Type and subtype declarations
– Subprograms
– Constants,
– Alias declarations,
– Global signal declarations,
– file declarations,
– Component declarations.
15
Package body consists of
– Subprogram declarations and bodies,
– Type and subtype declarations,
– Deferred constants,
– File declarations.
Libraries:
Collection of VHDL design units (database).
1. Packages:
• package declaration
• package body
2. Entities (entity declaration)
3. Architectures (architecture body)
4. Configurations (configuration declarations)
• Usually directory in UNIX file system.
• Can be also any other kind of database.
Levels of Abstraction:
VHDL supports many possible styles of design description, which differ primarily in how
closely they relate to the HW.
16
Dataflow VHDL Description:
• Circuit is described in terms of how data moves through the system.
• In the dataflow style you describe how information flows between registers in the
system.
• The combinational logic is described at a relatively high level, the placement and
operation of registers is specified quite precisely.
Concurrent Vs Sequential:
Processes:
• Basic simulation concept in VHDL.
• VHDL description can always be broken up to interconnected processes.
• Quite similar to UNIX process.
18
• Process keyword in VHDL.
• Process statement is concurrent statement.
• Statements inside process statements are sequential statements.
• Process must contain either sensitivity list or wait statement(s), but NOT both.
• Sensitivity list or wait statement(s) contains signals which wakes process up.
General Format:
Process [(sensitivity list)]
process_declarative_part
begin
process_statements;
[wait_statement];
End process;
19
CHAPTER 4 SMART
CARD OVERVIEW
This section will very briefly introduce the concept of a smart card. Basically, a smart
card is a computer embedded in a safe. It consists of a (typically, 8-bit or 32-bit) processor,
together with ROM, EEPROM, and a small amount of RAM, which is therefore capable of
performing computations. The main goal of a smart card is to allow the execution of
cryptographic operations, involving some secret parameter (the key), while not revealing this
parameter to the outside world. As opposed, the goal of the attacker is to recover this secret
parameter. This processor is embedded in a chip and connected to the outside world through
eight wires, the role, use, position of which is normalized. In addition to the input/output wires,
the parts we will be the most interested in are the following,
Smart cards are usually equipped with protection mechanisms composed of a shield (the
passivation layer), whose goal is to hide the internal behavior of the chip and possibly sensors
that react when the shield is removed, by destroying all sensitive data and preventing the card
to function properly.
20
CHAPTER 5 SIDE
CHANNEL ATTACKS
“Side channel attacks” are attacks that are based on “Side Channel Information”. Side
channel information is information that can be retrieved from the encryption device that is
neither the plaintext to be encrypted nor the cipher text resulting from the encryption process.
In the past, an encryption device was perceived as a unit that receives plaintext input
and produces cipher text output and vice-versa. Attacks were therefore based on either
knowing the cipher text (such as cipher text-only attacks), or knowing both (such as known
plaintext attacks) or on the ability to define what plaintext is to be encrypted and then seeing
the results of the encryption (known as chosen plaintext attacks). Today, it is known that
encryption devices have additional output and often additional inputs which are not the
Encryption devices produce timing information (information about the time that
operations take) that is easily measurable, radiation of various sorts, power consumption
statistics (that can be easily measured as well), and more. Often the encryption device also has
additional “unintentional” inputs such as voltage that can be modified to cause predictable
outcomes. Side channel attacks make use of some or all of this information, along with other
Side channel analysis techniques are of concern because the attacks can be mounted
quickly and can sometimes be implemented using readily available hardware costing from only
SPA attacks on smartcards typically take a few seconds per card, while DPA attacks
can take several hours. In a general, with a somewhat academic perspective, we may consider
the entire internal state of the block cipher to be all the intermediate results and values that are
never included in the output in normal operations. For example, DES has 16 rounds; we can
consider the intermediate states, state [1:15], after each round except the last as a secret internal
state. Side channels typically give information about these internal states, or about the
operations used in the transition of this internal state from one round to another. The type of
side-channel will, of course, determine what information is available to the attacker about these
states. The attacks typically work by finding some information about the internal state of the
cipher, which can be learned both by guessing part of the key and checking the value directly,
23
and additionally by some statistical property of the cipher that makes that checkable value
slightly nonrandom.
5.2.1 Simple Power Analysis attack (SPA):
Simple Power Analysis is generally based on looking at the visual representation of the
power consumption of a unit while an encryption operation is being performed. Simple Power
Analysis is a technique that involves direct interpretation of power consumption measurements
collected during cryptographic operations. SPA can yield information about a device's
operation as well as key material.
Figure: SPA monitoring from a single DES operation performed by a typical smart card. The
upper trace shows the entire encryption operation, including the initial permutation, the 16
DES rounds, and the final permutation. The lower trace is a detailed view of the second and
third rounds.
Because SPA can reveal the sequence of instructions executed, it can be used to break
cryptographic implementations in which the execution path depends on the data being
processed. For example:
DES key schedule: the DES key schedule computation involves rotating 28-bit key registers.
A conditional branch is commonly used to check the bit shifted off the end so that “1" bits can
24
be wrapped around. The resulting power consumption traces for a “1" bit and a “0" bit will
contain different SPA features if the execution paths take different branches for each.
DES permutations: DES implementations perform a variety of bit permutations. Conditional
branching in software or microcode can cause significant power consumption differences for
“0" and “1" bits.
Comparisons: String or memory comparison operations typically perform a conditional
branch when a mismatch is found. This conditional branching causes large SPA (and
sometimes timing) characteristics.
Multipliers: Modular multiplication circuits tend to leak a great deal of information about the
data they process. The leakage functions depend on the multiplier design, but are often strongly
correlated to operand values and Hamming weights.
Exponentiators: A simple modular exponentiation function scans across the exponent,
performing a squaring operation in every iteration with an additional multiplication operation
for each exponent bit that is equal to “1". The exponent can be compromised if squaring and
multiplication operations have different power consumption characteristics, take different
amounts of time, or are separated by different code. Modular exponentiation functions that
operate on two or more exponent bits at a time may have more complex leakage functions.
In addition to large-scale power variations due to the instruction sequence, there are
effects correlated to data values being manipulated. These variations tend to be smaller and are
sometimes overshadowed by measurement errors and other noise. In such cases, it is still often
possible to break the system using statistical functions tailored to the target algorithm.
To implement the DPA attack, an attacker first observes m encryption operations and captures
power traces T1::: m [1 : : : k] containing k samples each. In addition, the attacker records the
cipher text C1::: m. No knowledge of the plain text is required. DPA analysis uses power
consumption measurements to determine whether a key block guess Ks is correct. The attacker
average of the traces for which a certain intermediate value V is one and the average of the
traces for which V is zero. Thus ¢ D[j) is the average over C1:::m of the effect due to the value
of the ciphertext Ci. The selection function is thus effectively uncorrelated to what was
actually computed by the target device. If a random function is used to divide a set into two
subsets, the difference in the averages of the subsets should approach zero as the subset sizes
approach infinity.
Thus, because trace components uncorrelated to D will diminish with 1 pm, causing the
differential trace to become at (the actual trace may not be completely at, as D with Ks
incorrect may have a weak correlation to D with the correct Ks). If Ks is correct, however, the
computed value for D (Ci; b;Ks) will equal the actual value of target bit b with probability 1.
The selection function is thus correlated to the value of the bit considered. Other data values,
measurement errors, etc., that are not correlated to D approach zero. Because power
consumption is correlated to data bit values, the plot of ¢D will be °at with spikes in regions
where D is correlated to the values being processed. The correct value of Ks can thus be
identified from the spikes in its differential trace. Four values of b correspond to each S box,
providing confirmation of key block guesses. Finding all eight Ks yields the entire 48-bit round
sub key. The remaining 8 key bits can be found easily using exhaustive search or by analyzing
one additional round. Triple DES keys can be found by analyzing an outer DES operation first,
using the resulting key to decrypt the cipher text, and attacking the next DES key. DPA can use
known plaintext or known cipher text and can find encryption or decryption keys.
26
CHAPTER 6 CONSTANT POWER CONSUMING
LOGIC STYLES
dependent on the signal activity. When the output of the logic gate makes
a 0 to 1 transition, a current comes from the power supply and charges the
short circuit or leakage) is consumed from the power supply. This is the
and why power attacks are possible. The basis of a secure digital design
Current mode logic (CML), e.g., current steering logic, seems the
ideal solution. This type of logic continuously draws a current from the
supply and measures its state through the path that the current takes. A
current from the power supply independently of the input and output
be used.
consumption. When the logic gate is not processing any data, it burns the
27
current, which makes this logic style unacceptable for embedded battery-
operated devices.
Voltage mode logic (VML), e.g., static CMOS logic, only draws a current from the
supply to change state and measures its state by the amount of charge it stores on a
capacitance. A regular standard CMOS circuit will only consume power when a capacitance
gets charged and later discharged, i.e. when a gate switches state. It is the main reason that
CMOS is the style of choice for every battery operated or low power device. This is illustrated
in the figure below for simple inverter. Thus static CMOS is the preferred logic style because
Yet, two conditions must be satisfied for VML to have constant power consumption,
namely:
1) A logic gate must have exactly one switching event per signal transition.
2) The logic gate must charge a constant capacitance in that switching event.
28
Here above all the four transitions of CMOS inverter can be distinguished when
Dynamic differential logic, sometimes also referred to as dual rail with pre-charge
logic, fulfills the first condition. A differential logic family uses the true and the false
representation of the input and output signals and a dynamic logic family alternates pre-charge
and evaluation phases. As a result, since both outputs (true and false) are pre-charged to 1,
exactly one of the two output nodes evaluates to 0 to have a differential output signal in the
evaluation phase. The discharged output node is charged to 1 in the following pre-charge phase
to pre-charge both outputs to 1. In other words, every signal transition, including the events in
which the input signals remain constant, is represented with an actual switching event, in
which the logic gate charges a capacitance. All the logic families that have been introduced to
thwart the differential power analysis (DPA) by using dynamic differential logic in the
following techniques,
SABL has its main advantage that it has balanced input and output nodes and that all
internal nodes connect to an output. The output capacitances can be balanced. Systematic
methods have been developed to make sure that both branches of the differential pull down
network are balanced and that no memory effects are present in the network. Sense Amplifier
29
Sense Amplifier Based Logic
AND/NAND gate
This circuit style does require however a full custom characterization and layout. It also
suffers from a high clock load common to all dynamic logic gates.
WDDL logic can be implemented with static CMOS logic. Static CMOS
which have a reduced power signature. WDDL has many advantages. It can
flow is fully supported with accurate EDA library files that come directly
from the vendor. WDDL also results in a dynamic differential logic with only
a small load capacitance on the pre-charge control signal and with the low
30
• A major advantage of the proposed logic style is that it can be incorporated by the
complementary gates, one calculating the true output using the true
inputs, the other the false output using the false inputs. A positive gate
produces a zero output for an all zero input. The AND gate and the OR gate
referred to as a dual gate, expresses the false output of the original logic
gate using the false inputs of the original gate. The AND gate fed with true
input signals and the OR gate fed with false input signals are two dual
gates. Fig. shows the WDDL AND gate and the WDDL OR gate. In the
evaluation phase, each input signal is differential and the WDDL gate
calculates its differential output. In the pre-charge phase, the inputs to the
WDDL gate are set at 0. This puts the output of the gate at 0. A module in
individual gate. During the pre-charge phase, the input vector of the
combinatorial logic is set at all 0s. Each individual gate will eventually have
all its inputs at 0, evaluate its output to 0, and pass this 0 value to the next
gate. One could say that the pre-charge signal travels over the
start of every combinatorial logic tree, i.e., the inputs of the encryption
31
module and the outputs of the registers. They produce an all-zero output in
the pre-charge phase (clk-signal high) but let the differential signal through
CHAPTER 7
WDDL GATES
The methodology used in the project is bottom-up approach. Lower modules are
designed and later integrated to form larger modules whose further integration leads to the final
top module. As it is a fact that logic gates form lower level modules, initially logic gates
32
WDDL demands a parallel combination of two positive complementary gates one
calculating the true value and the other negative value. The logic gates like OR, AND, XOR
have been implemented. Besides, there is even implementation of Full Adder, 32-bit XOR, etc.
7.1WDDL OR gate:
The NAND and NOT gates used act as Precharge operator injecting signal ‘0’ into the
gates when ‘clk’ signal is high i.e., during the Precharge phase.
33
Figure 4.2 WDDL AND Gate
34
Figure 4.3 WDDL NAND Gate
its complementary gate i.e., AND gate as shown in the following figure.
35
Figure 4.4 WDDL NOR Gate
A B = A.B’ + A’.B
Therefore, XOR Gate is implemented in terms of AND gate and OR gate as shown
in the figure 4.4. It can also be implemented by instantiating a WDDL AND gate and WDDL
OR gate. But the number of gates involved in the latter one is greater than the former one.
Therefore, the first method of implementation is followed rather than the second one.
36
Figure 4.5 WDDL XOR gate
With the help of the above basic gates, Full adder circuit has been designed by
instantiating the above designed WDDL gates. During the implementation of the Blowfish
algorithm, a 32-bit XOR gate and 32-bit Adder circuit are required. They can be easily
37
CHAPTER 8
WDDL OR GATE
Synthesis Report:
===========================================================
* Final Report *
===========================================================
Final Results
RTL Top Level Output File Name : wddlor.ngr
Top Level Output File Name : wddlor
Output Format : NGC
Optimization Goal : Speed
Keep Hierarchy : NO
Design Statistics
# IOs :5
Cell Usage :
# BELS :2
# LUT3 :2
# IO Buffers :5
# IBUF :3
# OBUF :2
============================================================
Device utilization summary:
---------------------------
Selected Device : 3s250eft256-4
Number of Slices: 1 out of 2448 0%
Number of 4 input LUTs: 2 out of 4896 0%
Number of IOs: 5
Number of bonded IOBs: 5 out of 172 2%
Timing Summary:
---------------
Speed Grade: -4
Maximum combinational path delay: 6.236ns
38
Simulation Result:
Synthesis Result:
Synthesis Report:
============================================================
39
* Final Report *
============================================================
Final Results
RTL Top Level Output File Name : wddlgates.ngr
Top Level Output File Name : wddlgates
Output Format : NGC
Optimization Goal : Speed
Keep Hierarchy : NO
Design Statistics
# IOs :5
Cell Usage :
# BELS :2
# LUT3 :2
# IO Buffers :5
# IBUF :3
# OBUF :2
===========================================================
Device utilization summary:
---------------------------
Selected Device : 3s250etq144-4
Number of Slices: 1 out of 2448 0%
Number of 4 input LUTs: 2 out of 4896 0%
Number of IOs: 5
Number of bonded IOBs: 5 out of 108 4%
Timing Summary:
---------------
Speed Grade: -4
Maximum combinational path delay: 6.236ns
Simulation Result:
40
Synthesis Result:
41
Synthesis Report:
============================================================
* Final Report *
============================================================
Final Results
RTL Top Level Output File Name : wddlnand1.ngr
Top Level Output File Name : wddlnand1
Output Format : NGC
Optimization Goal : Speed
Keep Hierarchy : NO
Design Statistics
# IOs :5
Cell Usage :
# BELS :2
# LUT3 :2
# IO Buffers :5
# IBUF :3
# OBUF :2
============================================================
Device utilization summary:
Selected Device : 3s500efg320-4
Number of Slices: 1 out of 4656 0%
Number of 4 input LUTs: 2 out of 9312 0%
Number of IOs: 5
Number of bonded IOBs: 5 out of 232 2%
Timing Summary:
Speed Grade: -4
42
Simulation Result:
Synthesis Result:
Simulation Result:
43
Synthesis Result:
Synthesis Report:
============================================================
* Final Report *
44
===========================================================
Final Results
RTL Top Level Output File Name : wddlxorgate.ngr
Top Level Output File Name : wddlxorgate
Output Format : NGC
Optimization Goal : Speed
Keep Hierarchy : NO
Design Statistics
# IOs :5
Cell Usage :
# BELS :2
# LUT3 :2
# IO Buffers :5
# IBUF :3
# OBUF :2
============================================================
45
Synthesis Result:
46
CHAPTER 9 SUMMARY
AND CONCLUSION
9.1 Summary
Power Analysis (DPA), it is necessary to implement the design in a logic that can render
architecture for Blowfish Algorithm is designed and implemented in WDDL style. In this
implementation bottom-up approach is used. The low level entities are designed and later they
The key scheduling is online. The sub-keys generated for a particular key can be used
for the encryption of the entire data to be encrypted with that key. The sub keys are given in
Initially logic gates are implemented in WDDL and then higher modules have been
designed by instantiating the WDDL gates to form the entire module thus resulting in constant
power dissipation irrespective of any input data combination. The entire design works in two
phases namely Precharge phase and Evaluation phase. In the Precharge phase, all the signals of
the design are zeroed and during the Evaluation phase the functionality of the design is
achieved. This sort of design has been found simple and very effective in thwarting the side-
9.2 Conclusion
47
The crypto processor has been designed for the key size of 448 bits and plain text of 64 bits.
The code for the implementation has been written in VHDL. The functional verification has
been done using the Cadence (NC Launch) Simulation package and Synthesis using RTL
Compiler. The Backend of the design is done using the SOC Encounter.
According to the specifications, desired functionality has been achieved. In the output,
during the Evaluation phase, there has been same number of transitions thus resulting in
constant power dissipation. During Synthesis, it has been observed that a simple WDDL gate
comprised many conventional gates. Therefore, the area of the design has grown nearly three-
fold when compared to the design implemented in conventional CMOS logic at the cost of
Due to the constant power dissipation at the output, hacker cannot apply Differential
Power Analysis (DPA) scheme to find the secret key that is being used in the crypto-processor.
Thus security against DPA is incorporated into the IC at hardware level by implementing the
CHAPTER 10
REFERENCES
[1] Kris Tiri, Member, IEEE, and Ingrid Verbauwhede, Senior Member, IEEE “A Digital
Design Flow for Secure Integrated Circuits”, IEEE Transaction on Computer-Aided Design of
[3] Ross Anderson, Mike Bond, Jolyon Clulow and Sergei Skorobogatov “Crypto processors –
[4] Noohul Basheer Zain Ali, James M Noras “Optimal Data path Design for a Cryptographic
Processor: The Blowfish Algorithm”, Malaysian Journal of Computer Science, Vol. 14 No. 1,
[5] Dan Rinehimer, Derek Wilson “Summary of B. Schneier’s: Description of New Variable
[6] Kris Tiri and Ingrid Verbauwhede “A Dynamic and Differential CMOS Logic Style to
[8] Kris Tiri, Moonmoon Akmal and Ingrid Verbauwhede “A Dynamic and Differential Logic
Smart Cards”.
Reference books
[1] William Stallings, “Cryptography and Network Security Principles and Practices”,
[2] Samir Palnitkar, “Verilog HDL, A Guide to Digital Design and Synthesis”,
Prentice Hall.
49
[1] http://www.schneier.com/blowfish.html
[2] http://www.nist.gov/
[3] http://www.discretix.com/PDF/Introduction%20to%20Side%20Channel%20Attacks.pdf
[4] http://www.wipo.int/pctdb/en/wo.jsp?IA=WO2005081085&DISPLAY=CLAIMS
50