

# A formal study of two physical countermeasures against side channel attacks

PROOFS'2012

Sébastien Briais Sylvain Guilley Jean-Luc Danger

2012, September 13th



THE TRUSTED COMPUTING COMPANY 🛲

#### 1. Introduction

- 2. Combinational Circuits
- 3. Formalisation of WDDL and BCDL
- 4. Discussion
- 5. Conclusion





#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

### 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

### 4. Discussion

### 5. Conclusion

# **Physical Attacks**

Cryptographic devices need to be protected.



# **Physical Attacks**

Cryptographic devices need to be protected.

#### Side-Channel Attacks

- Passive attacks.
- Power consumption, electromagnetic radiation, computation time... may leak sensitive data.



# **Physical Attacks**

Cryptographic devices need to be protected.

#### Side-Channel Attacks

- Passive attacks.
- Power consumption, electromagnetic radiation, computation time... may leak sensitive data.

Extra logic is required in order to mask the sensitive data or to balance the leakage.

 Aims at making the device activity independent on the data being processed.



- Aims at making the device activity independent on the data being processed.
- A signal is represented by a pair of wires: T = 10, F = 01.

- Aims at making the device activity independent on the data being processed.
- A signal is represented by a pair of wires: T = 10, F = 01.
- A cycle of computation alternates two phases:
  - precharge phase: propagation of  $NULL = \{(0,0)\}$  through the combinational part of the circuit.
  - evaluation phase: the data is processed by the combinational part of the circuit.

- Aims at making the device activity independent on the data being processed.
- A signal is represented by a pair of wires: T = 10, F = 01.
- A cycle of computation alternates two phases:
  - precharge phase: propagation of  $NULL = \{(0,0)\}$  through the combinational part of the circuit.
  - evaluation phase: the data is processed by the combinational part of the circuit.

Many proposals: WDDL, STTL, DRSL, BCDL, ...

- Aims at making the device activity independent on the data being processed.
- A signal is represented by a pair of wires: T = 10, F = 01.
- A cycle of computation alternates two phases:
  - precharge phase: propagation of  $NULL = \{(0,0)\}$  through the combinational part of the circuit.
  - evaluation phase: the data is processed by the combinational part of the circuit.

Many proposals: WDDL, STTL, DRSL, BCDL, ... Possible vulnerabilities:

- Glitches
- Early evaluation

- Aims at making the device activity independent on the data being processed.
- A signal is represented by a pair of wires: T = 10, F = 01.
- A cycle of computation alternates two phases:
  - precharge phase: propagation of  $NULL = \{(0,0)\}$  through the combinational part of the circuit.
  - evaluation phase: the data is processed by the combinational part of the circuit.

Many proposals: WDDL, STTL, DRSL, BCDL, ... Possible vulnerabilities:

- Glitches
- Early evaluation





#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

### 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

#### 4. Discussion

### 5. Conclusion





#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

### 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

#### 4. Discussion

### 5. Conclusion





# Syntax

A combinational circuit is a directed acyclic graph of logical gates.

 $\begin{array}{l} \textbf{Combinational circuits} \\ \text{Let } \mathcal{G} \text{ be a set of logical gates.} \end{array}$ 



Combinational circuits

Let  $\ensuremath{\mathcal{G}}$  be a set of logical gates.

We define by induction the set of combinational circuits over  $\mathcal{G}$ :

 $P, Q ::= \mathbf{0}$ 

empty circuit

Combinational circuits

Let  ${\mathcal G}$  be a set of logical gates.

We define by induction the set of combinational circuits over  $\mathcal{G}$ :

 $P, Q ::= \mathbf{0} \mid g$ 



logical gate 
$$g \in \mathcal{G}$$

Combinational circuits

Let  $\ensuremath{\mathcal{G}}$  be a set of logical gates.

We define by induction the set of combinational circuits over  $\mathcal{G}$ :

 $P, Q ::= \mathbf{0} \mid g \mid \mathbf{I}$ 

a single wire

Combinational circuits

Let  ${\mathcal G}$  be a set of logical gates.

We define by induction the set of combinational circuits over  $\mathcal{G}$ :

 $P, Q ::= \mathbf{0} \mid g \mid \mathbf{I} \mid \mathbf{Y}$ 



a fork

Combinational circuits

Let  ${\mathcal G}$  be a set of logical gates.

We define by induction the set of combinational circuits over  $\mathcal{G}$ :

 $\textit{P},\textit{Q} ::= \mathbf{0} \mid \textit{g} \mid \mathbf{I} \mid \mathbf{Y} \mid \mathbf{X}$ 



a swap

Combinational circuits

Let  ${\mathcal G}$  be a set of logical gates.

We define by induction the set of combinational circuits over  $\mathcal{G}$ :

 $P, Q ::= \mathbf{0} \mid g \mid \mathbf{I} \mid \mathbf{Y} \mid \mathbf{X} \mid P \mid Q$ 



parallel composition

Combinational circuits

Let  ${\mathcal G}$  be a set of logical gates.

We define by induction the set of combinational circuits over  $\mathcal{G}$ :

 $P, Q ::= \mathbf{0} \mid g \mid \mathbf{I} \mid \mathbf{Y} \mid \mathbf{X} \mid P \mid Q \mid P; Q$ 



sequential composition

# Well-formedness

Circuit with *n* inputs and *m* outputs

$$\frac{\mathcal{T}(g) = (n,m)}{g: n \otimes m} g \in \mathcal{G}$$

 $\overline{\mathbf{0}: \mathbf{0} \otimes \mathbf{0}} \qquad \overline{\mathbf{I}: \mathbf{1} \otimes \mathbf{1}} \qquad \overline{\mathbf{Y}: \mathbf{1} \otimes \mathbf{2}} \qquad \overline{\mathbf{X}: \mathbf{2} \otimes \mathbf{2}}$   $\frac{P_1: n_1 \otimes m_1 \qquad P_2: n_2 \otimes m_2}{P_1 \mid P_2: n_1 + n_2 \otimes m_1 + m_2} \qquad \frac{P_1: n \otimes m \qquad P_2: m \otimes p}{P_1; P_2: n \otimes p}$ 

# Well-formedness

Circuit with *n* inputs and *m* outputs

$$\frac{\mathcal{T}(g) = (n,m)}{g: n \otimes m} g \in \mathcal{G}$$

| $\overline{0:0\otimes0}$                  | $\overline{\mathbf{I}:1\otimes 1}$ | $\overline{\mathbf{Y}}: 1 \otimes 2$ | $\overline{\mathbf{X}}: 2 \otimes 2$ |
|-------------------------------------------|------------------------------------|--------------------------------------|--------------------------------------|
| $P_1: n_1 \otimes m_1$                    | $P_2: n_2 \otimes m_2$             | $P_1: n \otimes m$                   | $P_2: m \otimes p$                   |
| $P_1   P_2 : n_1 + n_2 \otimes m_1 + m_2$ |                                    | $P_1; P_2: n \otimes p$              |                                      |

# Well-formedness

Circuit with *n* inputs and *m* outputs

$$\frac{\mathcal{T}(g) = (n,m)}{g: n \otimes m} g \in \mathcal{G}$$

 $\overline{\mathbf{0}: \mathbf{0} \otimes \mathbf{0}} \qquad \overline{\mathbf{I}: \mathbf{1} \otimes \mathbf{1}} \qquad \overline{\mathbf{Y}: \mathbf{1} \otimes \mathbf{2}} \qquad \overline{\mathbf{X}: \mathbf{2} \otimes \mathbf{2}}$   $\frac{P_1: n_1 \otimes m_1 \qquad P_2: n_2 \otimes m_2}{P_1 \mid P_2: n_1 + n_2 \otimes m_1 + m_2} \qquad \frac{P_1: n \otimes m \qquad P_2: m \otimes p}{P_1; P_2: n \otimes p}$ 

### Example: a half-adder

$$\mathcal{G} = \{AND, XOR\}$$





### Example: a half-adder

 $\mathcal{G} = \{ \mathrm{AND}, \mathrm{XOR} \}$ 



### $\mathsf{Half}:=(\mathbf{Y} \mid \mathbf{Y}); \ (\mathbf{I} \mid \mathbf{X} \mid \mathbf{I}); \ (\mathsf{AND} \mid \mathsf{XOR})$



# Example: a half-adder

 $\mathcal{G} = \{ \mathrm{AND}, \mathrm{XOR} \}$ 



#### $\mathsf{Half} := (\mathbf{Y} | \mathbf{Y}); (\mathbf{I} | \mathbf{X} | \mathbf{I}); (\mathsf{AND} | \mathsf{XOR})$

Half is a combinational circuit with 2 inputs and 2 outputs, i.e. Half :  $2\otimes 2.$ 



#### THE TRUSTED COMPUTING COMPANY 🛲

#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

#### 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

#### 4. Discussion

### 5. Conclusion

# **Preliminary definitions**

#### Alphabet, words, concatenation.

An alphabet  $\Sigma$  is a finite set of letters.

A word u over  $\Sigma$  is a finite sequence of letters  $u = u_1 \cdots u_n$  where  $u_i \in \Sigma$ .

The set of words over  $\Sigma$  is noted  $\Sigma^*$ .

The integer *n* is the length of *u* and noted |u|.

The empty word is noted  $\epsilon$  and is the unique word of length 0. The set of words of length *n* is noted  $\Sigma^n$ .

The concatenation of  $u = u_1 \cdots u_n$  and  $v = v_1 \cdots v_m$  is defined  $u \bullet v := u_1 \cdots u_n v_1 \cdots v_m$ .

# **Formal semantics**

#### C computes y on input x

The semantics of circuits is given by a relation of  $\Sigma^* \times \Sigma^*.$ 

$$\frac{x \in \Sigma^{*} \qquad \mathcal{E}(g)(x) = y \in \Sigma^{*}}{g \Vdash x \rightsquigarrow y} g \in \mathcal{G} \qquad \overline{\mathbf{0} \Vdash \epsilon \rightsquigarrow \epsilon}$$

$$\overline{\mathbf{1} \Vdash a \rightsquigarrow a} a \in \Sigma \qquad \overline{\mathbf{Y} \Vdash a \rightsquigarrow aa} a \in \Sigma \qquad \overline{\mathbf{X} \Vdash ab \rightsquigarrow ba} a, b \in \Sigma$$

$$\frac{P_{1} \Vdash x_{1} \rightsquigarrow y_{1} \qquad P_{2} \Vdash x_{2} \rightsquigarrow y_{2}}{P_{1} \mid P_{2} \Vdash x_{1} \bullet x_{2} \rightsquigarrow y_{1} \bullet y_{2}} \qquad \frac{P_{1} \Vdash x \rightsquigarrow y \qquad P_{2} \Vdash y \rightsquigarrow z}{P_{1}; P_{2} \Vdash x \rightsquigarrow z}$$

# **Formal semantics**

#### C computes y on input x

The semantics of circuits is given by a relation of  $\Sigma^* \times \Sigma^*.$ 

$$\frac{x \in \Sigma^{*} \qquad \mathcal{E}(g)(x) = y \in \Sigma^{*}}{g \Vdash x \rightsquigarrow y} g \in \mathcal{G} \qquad \overline{\mathbf{0} \Vdash \epsilon \rightsquigarrow \epsilon}$$

$$\overline{\mathbf{1} \Vdash a \rightsquigarrow a} a \in \Sigma \qquad \overline{\mathbf{Y} \Vdash a \rightsquigarrow aa} a \in \Sigma \qquad \overline{\mathbf{X} \Vdash ab \rightsquigarrow ba} a, b \in \Sigma$$

$$\frac{P_{1} \Vdash x_{1} \rightsquigarrow y_{1} \qquad P_{2} \Vdash x_{2} \rightsquigarrow y_{2}}{P_{1} \mid P_{2} \Vdash x_{1} \bullet x_{2} \rightsquigarrow y_{1} \bullet y_{2}} \qquad \frac{P_{1} \Vdash x \rightsquigarrow y \qquad P_{2} \Vdash y \rightsquigarrow z}{P_{1}; P_{2} \Vdash x \rightsquigarrow z}$$

 $\mathcal{E}(g)$  is a partial function  $\Sigma^* \rightharpoonup \Sigma^*$ , defined consistently w.r.t. the typing function.

### **Formal semantics**

#### C computes y on input x

The semantics of circuits is given by a relation of  $\Sigma^* \times \Sigma^*.$ 

$$\frac{x \in \Sigma^{*} \qquad \mathcal{E}(g)(x) = y \in \Sigma^{*}}{g \Vdash x \rightsquigarrow y} g \in \mathcal{G} \qquad \overline{\mathbf{0} \Vdash \epsilon \rightsquigarrow \epsilon}$$

$$\overline{\mathbf{1} \Vdash a \rightsquigarrow a} a \in \Sigma \qquad \overline{\mathbf{Y} \Vdash a \rightsquigarrow aa} a \in \Sigma \qquad \overline{\mathbf{X} \Vdash ab \rightsquigarrow ba} a, b \in \Sigma$$

$$\frac{P_{1} \Vdash x_{1} \rightsquigarrow y_{1} \qquad P_{2} \Vdash x_{2} \rightsquigarrow y_{2}}{P_{1} \mid P_{2} \Vdash x_{1} \bullet x_{2} \rightsquigarrow y_{1} \bullet y_{2}} \qquad \frac{P_{1} \Vdash x \rightsquigarrow y \qquad P_{2} \Vdash y \rightsquigarrow z}{P_{1}; P_{2} \Vdash x \rightsquigarrow z}$$

$$P \simeq Q \iff \forall x, y : P \Vdash x \rightsquigarrow y \iff Q \Vdash x \rightsquigarrow y$$

# Structural congruence

 $\equiv$  identifies circuits that only differ in some minor wiring details. It is the smallest congruence that satisfies the following equations:

$$(P_1 | P_2) | P_3 \equiv P_1 | (P_2 | P_3)$$

 $\bullet P | \mathbf{0} \equiv \mathbf{0} | P \equiv P$ 


## Structural congruence

 $\equiv$  identifies circuits that only differ in some minor wiring details. It is the smallest congruence that satisfies the following equations:

$$(P_1 | P_2) | P_3 \equiv P_1 | (P_2 | P_3)$$

 $\bullet P | \mathbf{0} \equiv \mathbf{0} | P \equiv P$ 

• 
$$(P_1; P_2); P_3 \equiv P_1; (P_2; P_3)$$

• If 
$$P: n \otimes m$$
 then  $I^n$ ;  $P \equiv P$ ;  $I^m \equiv P$ 

## Structural congruence

 $\equiv$  identifies circuits that only differ in some minor wiring details. It is the smallest congruence that satisfies the following equations:

$$(P_1 | P_2) | P_3 \equiv P_1 | (P_2 | P_3)$$

 $\bullet P \,|\, \mathbf{0} \equiv \mathbf{0} \,|\, P \equiv P$ 

• 
$$(P_1; P_2); P_3 \equiv P_1; (P_2; P_3)$$

• If  $P: n \otimes m$  then  $I^n$ ;  $P \equiv P$ ;  $I^m \equiv P$ 

- If 
$$P_1 : n \otimes m$$
 and  $P_2 : m \otimes p$  then  
 $(P_1; P_2) | (P_3; P_4) \equiv (P_1 | P_3); (P_2 | P_4)$ 

## Structural congruence

 $\equiv$  identifies circuits that only differ in some minor wiring details. It is the smallest congruence that satisfies the following equations:

- 
$$(P_1 | P_2) | P_3 \equiv P_1 | (P_2 | P_3)$$

 $\bullet P | \mathbf{0} \equiv \mathbf{0} | P \equiv P$ 

• 
$$(P_1; P_2); P_3 \equiv P_1; (P_2; P_3)$$

- If  $P: n \otimes m$  then  $I^n$ ;  $P \equiv P$ ;  $I^m \equiv P$
- If  $P_1 : n \otimes m$  and  $P_2 : m \otimes p$  then  $(P_1; P_2) | (P_3; P_4) \equiv (P_1 | P_3); (P_2 | P_4)$

**A** 
$$\mathbf{Y}$$
;  $(\mathbf{I} | \mathbf{Y}) \equiv \mathbf{Y}$ ;  $(\mathbf{Y} | \mathbf{I})$ 

- **A** ;  $\mathbf{X} \equiv \mathbf{I} \mid \mathbf{I}$
- **A** X;  $(Y|Y) \equiv (Y|Y)$ ; (I|X|I); (X|X); (I|X|I)

# Some results

- If  $P: n \otimes m$  and  $P: n' \otimes m'$  then n = n' and m = m'.
- If  $P \equiv Q$  then  $P: n \otimes m \iff Q: n \otimes m$ .
- If  $P \Vdash x \rightsquigarrow y$  then  $P : |x| \otimes |y|$ .
- If  $P : n \otimes m$  and  $P \Vdash x \rightsquigarrow y$  then |x| = n and |y| = m.
- If  $P : n \otimes m$  then for any x such that |x| = n there exists y such that  $P \Vdash x \rightsquigarrow y$ .
- If  $P \Vdash x \rightsquigarrow y$  and  $P \Vdash x \rightsquigarrow z$  then y = z.
- $\blacksquare \simeq$  is a congruence.
- If P and Q are ill-formed then  $P \simeq Q$ .

**\_** ≡⊆≃.



#### THE TRUSTED COMPUTING COMPANY 🛲

#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

## 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

### 4. Discussion

## 5. Conclusion



#### THE TRUSTED COMPUTING COMPANY 🛲

#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

## 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

#### 4. Discussion

## 5. Conclusion

- In the following, let  $\Sigma=\{0,1\}.$
- We pose T = 10, F = 01, N = 00 et E = 11.
  NULL = {N}, VALID = {T, F}, FAULT = {E}.



- In the following, let  $\Sigma=\{0,1\}.$
- We pose T = 10, F = 01, N = 00 et E = 11. NULL = {N}, VALID = {T, F}, FAULT = {E}.
- **–** Let  $\leq$  be the partial order defined by:



- In the following, let  $\Sigma=\{0,1\}.$
- We pose T = 10, F = 01, N = 00 et E = 11. NULL = {N}, VALID = {T, F}, FAULT = {E}.
- Let  $\leq$  be the partial order defined by:

*T F* ∕

- Let  $\sim$  be the equivalence relation on  $\Sigma^2$  whose equivalence classes are NULL, VALID and FAULT.
- We extend these definitions to words of even length.

- In the following, let  $\Sigma=\{0,1\}.$
- We pose T = 10, F = 01, N = 00 et E = 11. NULL = {N}, VALID = {T, F}, FAULT = {E}.
- Let  $\leq$  be the partial order defined by:

*T F* ∕

- Let  $\sim$  be the equivalence relation on  $\Sigma^2$  whose equivalence classes are NULL, VALID and FAULT.
- We extend these definitions to words of even length.
- For u ∈ Σ\*, we let [u] ∈ VALID\* be the corresponding word in dual-rail logic.
   example: [0110] = FTTF = 01101001

© SECURE 🚺 2012 All rights reserved | Public document, property of Secure-IC S.A.S.



#### THE TRUSTED COMPUTING COMPANY 🛲

#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

## 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

#### 4. Discussion

## 5. Conclusion











































© SECURE 🚺 2012 All rights reserved | Public document, property of Secure-IC S.A.S.

 $\llbracket P \rrbracket$  fulfils the DPL invariants.

- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .



 $\llbracket P \rrbracket$  fulfils the DPL invariants.

- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

The transformation is sound. If  $P \Vdash x \rightsquigarrow y$  then  $\llbracket P \rrbracket \Vdash [x] \rightsquigarrow [y]$ .

 $\llbracket P \rrbracket$  fulfils the DPL invariants.

- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

The transformation is sound. If  $P \Vdash x \rightsquigarrow y$  then  $\llbracket P \rrbracket \Vdash [x] \rightsquigarrow [y]$ .

$$\llbracket P \rrbracket \Vdash x \rightsquigarrow y$$

#### $\llbracket P \rrbracket$ fulfils the DPL invariants.

- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

### The transformation is sound. If $P \Vdash x \rightsquigarrow y$ then $\llbracket P \rrbracket \Vdash [x] \rightsquigarrow [y]$ .

$$\begin{bmatrix} P \end{bmatrix} \Vdash x \rightsquigarrow y \\ \leq \\ x' \end{bmatrix}$$









#### $\llbracket P \rrbracket$ fulfils the DPL invariants.

- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

## The transformation is sound. If $P \Vdash x \rightsquigarrow y$ then $\llbracket P \rrbracket \Vdash [x] \rightsquigarrow [y]$ .

$$\begin{bmatrix} P \end{bmatrix} \Vdash x \rightsquigarrow y \\ \preceq \\ x'$$

 $\llbracket P \rrbracket$  fulfils the DPL invariants.

- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

The transformation is sound. If  $P \Vdash x \rightsquigarrow y$  then  $\llbracket P \rrbracket \Vdash [x] \rightsquigarrow [y]$ .

$$\llbracket P \rrbracket \Vdash x \rightsquigarrow y \\ \preceq \\ \llbracket P \rrbracket \Vdash_{X'} \rightsquigarrow y'$$

 $\llbracket P \rrbracket$  fulfils the DPL invariants.

- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

The transformation is sound. If  $P \Vdash x \rightsquigarrow y$  then  $\llbracket P \rrbracket \Vdash [x] \rightsquigarrow [y]$ .

$$\begin{bmatrix} P \end{bmatrix} \Vdash x \rightsquigarrow y \\ \preceq \qquad \preceq \\ \begin{bmatrix} P \end{bmatrix} \Vdash_{x'} \rightsquigarrow y'$$



#### THE TRUSTED COMPUTING COMPANY 🛲

#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

## 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

#### 4. Discussion

## 5. Conclusion







© SECURE 1 2012 All rights reserved | Public document, property of Secure-IC S.A.S.



© SECURE 2012 All rights reserved | Public document, property of Secure-IC S.A.S.



© SECURE 2012 All rights reserved | Public document, property of Secure-IC S.A.S.
### **Transformation process**



© SECURE 2012 All rights reserved | Public document, property of Secure-IC S.A.S.

#### $\llbracket P \rrbracket$ fulfils the DPL invariants.

• If 
$$\llbracket g \rrbracket \Vdash 1x \rightsquigarrow y$$
 then  $y \in \text{NULL}^*$ .

- If  $\llbracket P \rrbracket \Vdash \hat{1}x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

#### $\llbracket P \rrbracket$ fulfils the DPL invariants.

• If 
$$\llbracket g \rrbracket \Vdash 1x \rightsquigarrow y$$
 then  $y \in \text{NULL}^*$ .

- If  $\llbracket P \rrbracket \Vdash \hat{1}x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

#### The transformation is sound.

If 
$$P \Vdash x \rightsquigarrow y$$
 then  $\llbracket P \rrbracket \Vdash \hat{0}[x] \rightsquigarrow [y]$ .

#### $\llbracket P \rrbracket$ fulfils the DPL invariants.

• If 
$$\llbracket g \rrbracket \Vdash 1x \rightsquigarrow y$$
 then  $y \in \text{NULL}^*$ .

- If  $\llbracket P \rrbracket \Vdash \hat{1}x \rightsquigarrow y$  and  $x \in \text{NULL}^*$  then  $y \in \text{NULL}^*$ .
- If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $x \in VALID^*$  then  $y \in VALID^*$ .

#### The transformation is sound.

If 
$$P \Vdash x \rightsquigarrow y$$
 then  $\llbracket P \rrbracket \Vdash \hat{0}[x] \rightsquigarrow [y]$ .

#### No glitches are possible.

If  $\llbracket P \rrbracket \Vdash \hat{p}x \rightsquigarrow \hat{p}y$ ,  $x \preceq x'$  and  $\llbracket P \rrbracket \Vdash \hat{p}x' \rightsquigarrow \hat{p}y'$  then  $y \preceq y'$ .

There is no early-evaluation.

If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $y \in \text{VALID}^*$  then  $x \in \text{VALID}^*$ . (provided that *P* does not contain gates with 0 outputs)



#### There is no early-evaluation.

If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $y \in VALID^*$  then  $x \in VALID^*$ . (provided that P does not contain gates with 0 outputs)

#### The transformation is complete.

If  $\llbracket P \rrbracket \Vdash \hat{0}x' \rightsquigarrow y'$  and  $y' \in \text{VALID}^*$  then there exists x, y such that x' = [x], y' = [y] and  $P \Vdash x \rightsquigarrow y$ . (provided that P does not contain gates with 0 outputs)

There is no early-evaluation.

If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $y \in VALID^*$  then  $x \in VALID^*$ . (provided that P does not contain gates with 0 outputs)

#### The transformation is complete.

If  $\llbracket P \rrbracket \Vdash \hat{0}x' \rightsquigarrow y'$  and  $y' \in \text{VALID}^*$  then there exists x, y such that x' = [x], y' = [y] and  $P \Vdash x \rightsquigarrow y$ . (provided that P does not contain gates with 0 outputs)

$$\llbracket P \rrbracket \Vdash \hat{p}x \rightsquigarrow Y$$

#### There is no early-evaluation.

If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $y \in VALID^*$  then  $x \in VALID^*$ . (provided that P does not contain gates with 0 outputs)

#### The transformation is complete.

If  $\llbracket P \rrbracket \Vdash \hat{0}x' \rightsquigarrow y'$  and  $y' \in \text{VALID}^*$  then there exists x, y such that x' = [x], y' = [y] and  $P \Vdash x \rightsquigarrow y$ . (provided that P does not contain gates with 0 outputs)

$$\begin{bmatrix} P \end{bmatrix} \Vdash \hat{p} \times \rightsquigarrow Y$$
$$\sim \\ \hat{p} \times'$$

 $\sim$  equates words which have the same amount of information, i.e. in which corresponding dual-rail signals have the same nature.



© SECURE C 2012 All rights reserved | Public document, property of Secure-IC S.A.S.

 $\sim$  equates words which have the same amount of information, i.e. in which corresponding dual-rail signals have the same nature.



© SECURE 10 2012 All rights reserved | Public document, property of Secure-IC S.A.S.

 $\sim$  equates words which have the same amount of information, i.e. in which corresponding dual-rail signals have the same nature.



© SECURE 10 2012 All rights reserved | Public document, property of Secure-IC S.A.S.

 $\sim$  equates words which have the same amount of information, i.e. in which corresponding dual-rail signals have the same nature.



© SECURE 10 2012 All rights reserved | Public document, property of Secure-IC S.A.S.

#### There is no early-evaluation.

If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $y \in VALID^*$  then  $x \in VALID^*$ . (provided that P does not contain gates with 0 outputs)

#### The transformation is complete.

If  $\llbracket P \rrbracket \Vdash \hat{0}x' \rightsquigarrow y'$  and  $y' \in \text{VALID}^*$  then there exists x, y such that x' = [x], y' = [y] and  $P \Vdash x \rightsquigarrow y$ . (provided that P does not contain gates with 0 outputs)

$$\begin{bmatrix} P \end{bmatrix} \Vdash \hat{p} x \rightsquigarrow y$$
$$\sim \\ \hat{p} x'$$

#### There is no early-evaluation.

If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $y \in VALID^*$  then  $x \in VALID^*$ . (provided that P does not contain gates with 0 outputs)

#### The transformation is complete.

If  $\llbracket P \rrbracket \Vdash \hat{0}x' \rightsquigarrow y'$  and  $y' \in \text{VALID}^*$  then there exists x, y such that x' = [x], y' = [y] and  $P \Vdash x \rightsquigarrow y$ . (provided that P does not contain gates with 0 outputs)

$$\llbracket P \rrbracket \Vdash \hat{p}x \rightsquigarrow Y \\ \sim \\ \llbracket P \rrbracket \Vdash \hat{p}x' \rightsquigarrow y'$$

#### There is no early-evaluation.

If  $\llbracket P \rrbracket \Vdash \hat{0}x \rightsquigarrow y$  and  $y \in VALID^*$  then  $x \in VALID^*$ . (provided that P does not contain gates with 0 outputs)

#### The transformation is complete.

If  $\llbracket P \rrbracket \Vdash \hat{0}x' \rightsquigarrow y'$  and  $y' \in \text{VALID}^*$  then there exists x, y such that x' = [x], y' = [y] and  $P \Vdash x \rightsquigarrow y$ . (provided that P does not contain gates with 0 outputs)

$$\begin{bmatrix} P \end{bmatrix} \Vdash \hat{p}x \rightsquigarrow \mathbf{y} \\ \sim \qquad \sim \\ \begin{bmatrix} P \end{bmatrix} \Vdash \hat{p}x' \rightsquigarrow \mathbf{y}' \end{bmatrix}$$







The AND<sub>WDDL</sub> gate suffers from early-evaluation.  $x = 0100 \notin VALID^*$  and  $y = 01 \in VALID^*$ 





The AND<sub>WDDL</sub> gate suffers from early-evaluation.  $x = 0100 \notin VALID^*$  and  $y = 01 \in VALID^*$ 

The AND<sub>WDDL</sub> gate behaves differently on equivalent inputs. x = 0100 and y = 01



The AND<sub>WDDL</sub> gate suffers from early-evaluation.  $x = 0100 \notin \text{VALID}^*$  and  $y = 01 \in \text{VALID}^*$ 

The AND<sub>WDDL</sub> gate behaves differently on equivalent inputs.  $x = 0100 \sim x' = 1000$  and  $y = 01 \nsim y' = 00$ 





#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

#### 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

#### 4. Discussion

#### 5. Conclusion









**\_** BCDL fixes WDDL by adding a synchronisation barrier.





- BCDL fixes WDDL by adding a synchronisation barrier.
- How to address the race between the synchronisation signal and the data signals? (DRSL vulnerability)



- BCDL fixes WDDL by adding a synchronisation barrier.
- How to address the race between the synchronisation signal and the data signals? (DRSL vulnerability)
- How to discriminate this circuit?



- BCDL fixes WDDL by adding a synchronisation barrier.
- How to address the race between the synchronisation signal and the data signals? (DRSL vulnerability)
- How to discriminate this circuit? Measure the activity of circuits and show that the activity of a circuit is constant on equivalent inputs, i.e.

$$x \sim x' \Rightarrow \mu_C(x) = \mu_C(x')$$





#### 1. Introduction

#### 2. Combinational Circuits

- 1. Language
- 2. Formal semantics, equivalences

#### 3. Formalisation of WDDL and BCDL

- 1. Preliminaries
- 2. WDDL
- 3. BCDL

#### 4. Discussion

#### 5. Conclusion



- We defined a calculus to describe combinational circuits.





- We defined a calculus to describe combinational circuits.
- We defined formally WDDL and BCDL securisation process.



- We defined a calculus to describe combinational circuits.
- We defined formally WDDL and BCDL securisation process.
- We proved the correctness of these two transformations.

### Summary

- We defined a calculus to describe combinational circuits.
- We defined formally WDDL and BCDL securisation process.
- We proved the correctness of these two transformations.
- Regarding security properties, we identified some necessary conditions to fulfil.



Apply the model to other dual-rail styles.



### Perspectives

- Apply the model to other dual-rail styles.
- Refine the model.



### The End

# Thank You



### Rotations

#### On words

• 
$$\overrightarrow{\epsilon} = \epsilon$$
 and, for  $a \in \Sigma, u \in \Sigma^*$ ,  $\overrightarrow{ua} = au$   
•  $\overleftarrow{\epsilon} = \epsilon$  and, for  $a \in \Sigma, u \in \Sigma^*$ ,  $\overleftarrow{au} = ua$ 



### Rotations

#### On words

• 
$$\overrightarrow{\epsilon} = \epsilon$$
 and, for  $a \in \Sigma, u \in \Sigma^*$ ,  $\overrightarrow{ua} = au$   
•  $\overleftarrow{\epsilon} = \epsilon$  and, for  $a \in \Sigma, u \in \Sigma^*$ ,  $\overleftarrow{au} = ua$ 

We define by induction on  $n \in \mathbb{N}$  the circuit  $ror_n$ :

$$ror_0 := \mathbf{0}$$
  

$$ror_1 := \mathbf{I}$$
  

$$ror_{n+2} := (\mathbf{I}^n | \mathbf{X}); (ror_{n+1} | \mathbf{I})$$

We have

$$\operatorname{ror}_{n} \Vdash x \rightsquigarrow y \iff |x| = n \land y = \overrightarrow{x}$$

© SECURE 🕡 2012 All rights reserved | Public document, property of Secure-IC S.A.S.

### Rotations

#### On words

• 
$$\overrightarrow{\epsilon} = \epsilon$$
 and, for  $a \in \Sigma, u \in \Sigma^*$ ,  $\overrightarrow{ua} = au$   
•  $\overleftarrow{\epsilon} = \epsilon$  and, for  $a \in \Sigma, u \in \Sigma^*$ ,  $\overleftarrow{au} = ua$ 

We define by induction on  $n \in \mathbb{N}$  the circuit  $rol_n$ :

$$rol_0 := \mathbf{0}$$

$$rol_1 := \mathbf{I}$$

$$rol_{n+2} := (rol_{n+1} | \mathbf{I}); (\mathbf{I}^n | \mathbf{X})$$

We have

$$\operatorname{rol}_n \Vdash x \rightsquigarrow y \iff |x| = n \land y = \overleftarrow{x}$$

© SECURE 🕡 2012 All rights reserved | Public document, property of Secure-IC S.A.S.
### Rotations

### On words

• 
$$\overrightarrow{\epsilon} = \epsilon$$
 and, for  $a \in \Sigma, u \in \Sigma^*$ ,  $\overrightarrow{ua} = au$   
•  $\overleftarrow{\epsilon} = \epsilon$  and, for  $a \in \Sigma, u \in \Sigma^*$ ,  $\overleftarrow{au} = ua$ 

We also have that:

- $\operatorname{ror}_n$ ;  $\operatorname{rol}_n \equiv \mathbf{I}^n$
- $\operatorname{rol}_n$ ;  $\operatorname{ror}_n \equiv \mathbf{I}^n$

#### On words

 $\epsilon \parallel \epsilon := \epsilon$  and for  $a, b \in \Sigma$ ,  $u, v \in \Sigma^*$ ,  $(au) \parallel (bv) := ab(u \parallel v)$ 



#### On words

 $\epsilon \parallel \epsilon := \epsilon$  and for  $a, b \in \Sigma$ ,  $u, v \in \Sigma^*$ ,  $(au) \parallel (bv) := ab(u \parallel v)$ We define by induction on  $n \in \mathbb{N}$  the circuit  $int_n$ :

$$\begin{split} & \operatorname{int}_0 := \mathbf{0} \\ & \operatorname{int}_{n+1} := (\mathbf{I} \mid \operatorname{ror}_{n+1} \mid \mathbf{I}^n) \; ; \; (\mathbf{I} \mid \mathbf{I} \mid \operatorname{int}_n) \end{split}$$

We have

$$\operatorname{int}_n \Vdash x \rightsquigarrow y \iff x = u \bullet v \land |u| = |v| = n \land y = u \parallel v$$

© SECURE C 2012 All rights reserved | Public document, property of Secure-IC S.A.S.

#### On words

 $\epsilon \parallel \epsilon := \epsilon$  and for  $a, b \in \Sigma$ ,  $u, v \in \Sigma^*$ ,  $(au) \parallel (bv) := ab(u \parallel v)$ We define by induction on  $n \in \mathbb{N}$  the circuit  $unint_n$ :

$$\begin{aligned} \text{unint}_0 &:= \mathbf{0} \\ \text{unint}_{n+1} &:= (\mathbf{I} | \mathbf{I} | \text{unint}_n) ; \ (\mathbf{I} | \text{rol}_{n+1} | \mathbf{I}^n) \end{aligned}$$

We have

$$\operatorname{unint}_{n} \Vdash x \rightsquigarrow y \iff y = u \bullet v \land |u| = |v| = n \land x = u \parallel v$$

### On words

 $\epsilon \parallel \epsilon := \epsilon$  and for  $a, b \in \Sigma$ ,  $u, v \in \Sigma^*$ ,  $(au) \parallel (bv) := ab(u \parallel v)$ We also have that:

- $\operatorname{int}_n$ ;  $\operatorname{unint}_n \equiv \mathbf{I}^{2n}$
- unint<sub>n</sub>; int<sub>n</sub>  $\equiv \mathbf{I}^{2n}$