Information Technology Reference
In-Depth Information
case scenario (for attackers) should also be considered with a lower bound power
model that is related to Bennett-clocked QCA circuits. The power dissipation
under Bennett clocking can be arbitrarily low, even lower than the bit erasure
energy
k
B
Tln
(2) [
31
]. The lower bound power model proposed by Lent
et al.
[
31
] is used to study this worst case scenario.
First the best case scenario is considered. The power dependence on the
Hamming distance of inputs in QCA gates is demonstrated as a fundamental
step in the power analysis attack. As a case study, a sub-module of the Serpent
cryptographic block cipher with its 4-bit
4-bit
S
0
-box is designed in QCA.
It is verified using QCAPro, which is a fast power estimation tool for QCA
circuit design [
33
]. The power consumption of the Serpent sub-module is then
simulated in QCAPro based on the upper bound power model. A power analysis
attack procedure for QCA is proposed to reveal the secret key by statistically
comparing the simulated power consumption and all hypothetical key guesses.
The first power analysis attack results show that QCA cryptographic circuits
could be at risk of being attacked under typical quasi-adiabatic clocking. Then a
more realistic scenario is discussed for practical QCA devices. Finally, the worst
case scenario for attackers is also studied based on a Bennett-clocked QCA gate.
This chapter is organized as follows: Sect.
2
presents an overview of the upper
bound power model for QCA circuits. The power dissipation that is dependent
on the Hamming distance (HD) in basic QCA gates is also shown in this section.
The design of the Serpent sub-module with its 4-bit
×
4-bit
S
0
-box is presented
and compared with a previous design in Sect.
3
. Section
4
proposes a procedure of
performing a power analysis attack on QCA circuits using the upper bound power
model and provides a power analysis attack results of QCA circuits. A discussion
of practical scenario of QCA devices is given in Sect.
5
. The vulnerability of
Bennett-clocked QCA circuits to power analysis attack is also studied in Sect.
6
.
Section
7
concludes this chapter.
×
2 Upper Bound Power Model and Power Dependence
on Hamming Distance
The power flow of a QCA cell is shown in Fig.
2
(a), where
P
in
is the signal power
from the neigbouring cell on its left,
P
out
is the signal power transferred to the
cell on its right,
P
clock
is the energy provided by the clock and
P
diss
is the power
dissipated. The signal powers
P
in
and
P
out
are generally equal as demonstrated
in [
22
]. A considerable amount of energy is drawn into the cell from the clock as
the barriers are being raised. Most of that energy is returned to the clock as the
barriers are lowered. The difference between the powers in and out of the clock
is
P
diss
. Since
P
diss
is of interest in this research, it is not necessary to include
other parts of the cell's power flow in the simulation of power dissipation. Power
is only dissipated in a QCA cell when actual computation is performed.
AsshowninFig.
2
(b), the power dissipation of a CMOS circuit can be mea-
sured by monitoring the power supply, i.e.,
P
supply
. Similarly, since the power
Search WWH ::
Custom Search