Performance and Security Evaluation of S-Box Using Current-Pass Optimized Symmetric Pass Gate Adiabatic Logic

Secure adiabatic logics are identified as the optimal solution for cryptographic modules. We previously proposed an adiabatic logic called Current-Pass Optimized Symmetric Pass Gate Adiabatic Logic (CPO-SPGAL). The proposed CPO-SPGAL realizes a flat current waveform by considering the current path compared with conventional adiabatic logics. In this paper, to confirm more details about countermeasure against power analysis attacks, we compare S-box circuits based on the conventional and proposed adiabatic logics which are implemented using 0.18 μ\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\upmu $$\end{document}m standard CMOS. From the SPICE simulation for correlation power analysis (CPA), 409,600 power consumption traces are obtained, and the hamming distance/weight are calculated. The simulation results show that the proposed S-box is more resistant to CPA attacks than the existing adiabatic S-boxes.


Introduction
A new era of Internet of Things (IoT) has arrived and much information is transmitted through various cryptographic devices. In cryptographic devices, there are cases requiring countermeasures at the cell/gate-level design that are resilient to power analysis attacks (PAA). In the past 2 decades, numerous designs of PAA resistant logic (e.g., SABL [1] and TDPL [2]) have been presented. In addition, adiabatic switching-based energy-efficient PAA-resistant logics have been proposed [3][4][5][6][7]. In particular, our previously proposed adiabatic logic called Current-Pass Optimized Symmetric Pass Gate Adiabatic Logic (CPO-SPGAL) is a cryptographic logic gate which has the characteristic of low power and high security [7]. This paper presents an extended version of "Current-Pass Optimized Symmetric Pass Gate Adiabatic Logics" [7]. Herein, we evaluate the performance and security a S-box circuit using our previously proposed adiabatic logic, CPO-SPGAL. The proposed circuit logic focuses on the current pass through the input section and optimizes the pass by dummy input transitions, as shown in Figs. 1 and 2, at the time of cryptographic processing. As a result, the proposed circuit is successful in reducing the current fluctuation and improving the security against power analysis attacks. For more details about mechanism of the dummy pass section, Sect. 4 will be described.
The rest of this paper is organized as follows. Section 2 briefly describes a basic theory of adiabatic switching. Section 3 shows the conventional adiabatic logic, SPGAL, and its logical function. Section 4 describes the proposed logic, CPO-SPGAL, and in Section 5, the S-box circuit design for advanced encryption standard (AES) is described. Section 6 shows the simulation results compared with the conventional adiabatic logics. Finally, in Sect. 7, the conclusions are drawn.

Basic Theory of Adiabatic Switching
Adiabatic switching [8] is a circuit design technique that reduces the energy consumption of the transistor using periodic (e.g., trapezoidal wave) power supply. In addition, as the energy stored in the load capacitor is returned to the power supply, the adiabatic logic reduces the energy lost compared to the conventional static CMOS logic; hence, this logic is suitable for low power consumption IoT devices and encryption logic circuits. Figure 3 shows the RC model of the conventional CMOS, where R is the equivalent resistance of the PMOS pull-up (or NMOS pull-down) network and C is the load capacitance. In the conventional CMOS logic, the dissipated energy in R is given by: On the other hand, the energy dissipation in the channel resistance R of the adiabatic logic (shown in Fig. 4) is as: where is the time period of the power supply. To compare the E CMOS and E Adia , if is a long time, the energy of adiabatic logic is approximately equal to "0." Thus, to achieve low power designs, adiabatic logic is one of the noted technologies. (2)

SPGAL
This section briefly describes the SPGAL proposed in [6]. Figure 5 shows the inverter/buffer circuit using SPGAL. The timing chart of the buffer is depicted in Fig. 6. This logic family uses a 4-phase timing, that is wait/discharge (T1),  To explain the functionality of SPGAL inverter/buffer, we assume that all the nodes are at ground (GND) level. T1 (Wait phase) At T1, VCLK is at GND. Input A slowly increases from 0 to Vdd. In general, for NMOS to be turned on, Vgs must be greater than Vtn, where Vgs is the voltage across the gate and the source of the NMOS and Vtn is the threshold voltage of the NMOS. When the input A is greater than Vtn, the transistor M3 is turned on. Since the source and drain of M3 is at GND, there is no current flow through the transistor. In this phase, discharge signal causes the transistors M5 and M6 to be turned on thereby discharging the charges stored (from the previous cycle) in the load capacitor to ground. All other transistors are off in this phase.
T2 (Evaluate phase) At T2, input A is at Vdd. The discharge signal and A are at GND. VCLK slowly increases from 0 to Vdd slowly charges the output load capacitor. At any instant of time, the potential of the clock VCLK will be greater than the potential of the output node in this phase. Hence, the voltage at the output node will always follow the clock VCLK in this phase which makes the OUT node to act as the source and the clock to act as the drain of the M3 transistor. For M1, the clock VCLK acts as the source and the OUT node acts as the drain of the transistor.
T3 (Hold phase) At T3, the clock VCLK is at Vdd. The transistor M3 is turned off without non-adiabatic loss by slowly decreasing the inputs from Vdd to GND. The output in this phase will be same as that in T2.
T4 (Recovery phase) At T4, the clock VCLK slowly decreases from Vdd to GND. The charge stored in the output load capacitor is slowly recovered back to the clock through M1. When the output voltage is reduced to Vtp, M1 is turned off and the output voltage will stay at Vtp at the end of this phase. Charge stored in the output node at the end of the first cycle (T1-T4) is discharged to the ground in the next phase of the clock (T5 = T1) through M5 or M6 transistor using the discharge signal. Resetting the output node to zero reduces the correlation between the current supplied and the data evaluated.
The disadvantage of the SPGAL logic is that the multiinput logic (e.g., AND/NAND) has source current fluctuation when input transition changes. Let us explain the individual processes in more detail. Figures 7 and 8 show the circuit configuration of SPGAL AND/NAND and the current pass model for various input transitions, respectively. From these figures, we found that SPGAL has a different current pass depending on the input transitions. For example,   Figure 9 shows the proposed SPGAL based adiabatic logic, called as the current pass optimized SPGAL (CPO-SPGAL). This logic family uses 4-phase timing as with SPGAL. In the proposed circuit, the dummy pass section (which is constructed using cascode-connected MOS transistors) is added to the existing SPGAL's input function block. To add the dummy transistors, the proposed logic has a current pass that is independent of the input data, as shown in Fig. 10. Figure 11 depicts the conventional and proposed supply current waveforms for various input transitions. The proposed circuit consumes uniform current irrespective of the input data being processed, when compared to the conventional circuit. Also, in Fig. 11, at 80 ns (or 160, 240, 320, ...), we can find that leakage current is appeared as small peak waveform. Compared with the conventional, leakage current of the proposed becomes uniform waveform.

S-Box Circuit Design for AES
To compare the performance of the conventional circuit and the proposed circuit, we simulated the S-box circuit, as shown in Fig. 12 [9]. Three sub-components of the conventional composite field S-box circuit were converted into the PPRM form: the pre-inversion section, the inversion section, and the post-inversion section, as depicted top side of in Fig. 12. In the adiabatic S-box circuit, we apply three power clock supplies for each section, which completely avoid the glitch current, consume uniform transitional energy, and ensure significant energy reduction in our comparative results. The bottom side of Fig. 12 shows multi-stage PPRM  The S-box circuit is a substitution table circuit that converts input data according to a certain rule into an output. This conversion is called SubBytes conversion of Advanced Encryption Standard (AES). The processing in AES is divided into four blocks: AddRoundKey, SubBytes, Shift-Rows, and MixColumns, as shown in Fig. 13. In hardware AES, SubBytes conversion is the more complex.
This S-box circuit is designed and simulated in SPICE, such that the results are from the forward annotation simulation. Figure 14 shows a DUT S-box circuit. To evaluate index (see, Sect. 6.2), we measure the current, voltage, and power waveforms through SPICE. To evaluate CPA resistance (see, Sect. 6.4), their obtained hamming weight power consumption is calculated using Visual Basic for applications on Excel for the post-processing.

Conventional Adiabatic Logics: CSSAL and SQAL
To evaluate the adiabatic logic performance compared with the different designs, we briefly describe the conventional adiabatic logics: charge-sharing symmetric adiabatic logic (CSSAL) [3] and DPA-secured quasi-adiabatic logic (SQAL) [4]. All results are evaluated in a SPICE simulation with 0.18-μ m, 1.8-V standard CMOS process technology. The widths and the lengths of the transistors are 0.6 μ m and 0:18 μ m, respectively, for both the PMOS and NMOS transistors. Figure 15 shows a CSSAL inverter/buffer circuit. The logic operation of CSSAL is described in the right side of Fig. 15 that at A(=In), Eval, Discharge ≥ Vt of the MOS transistor in the charge-sharing phase, all internal nodes are discharged to ground level before evaluation. This load balancing is the reason why CSSAL has uniform energy dissipation for all possible input transitions. Therefore, CSSAL logic's supply current transition has the same peak values and is able to consume uniformly low power for various input transitions. Figure 16 shows an SQAL inverter/buffer circuit. The SQAL has a same circuit topology like the CSSAL. By optimally controlling discharge signal, SQAL has also uniform energy dissipation for all possible input transitions. However, as the output gate consists of two cross-coupled PMOS

Evaluation Index of Cryptographic Logic Circuit
The resistance of the cryptographic logic gate is evaluated using the following index [2]: where E is the standard deviation of energy consumption, Ē is the average energy consumption, NED is the normalized energy deviation, and NSD E is the normalized standard deviation of energy. The NED shows the difference between the maximum value and the minimum value of energy consumption for all possible input transitions. NSD E shows the variation of energy consumption based on input transition. In this paper, we also introduce the following current indicators and evaluate resistance with regard to both energy and current. The current index is as follows: where I is the standard deviation of the peak current, Ī is the average peak current, NCD is the normalized current deviation, and NSD I is the normalized standard deviation of the peak current. NCD indicates the difference between the maximum value and the minimum value of the peak current for all possible input transitions. NSD I represents the peak current fluctuation based on the input transition. Therefore, it can be stated that the smaller the values are, the smaller the current variation becomes. Table 1 summarizes the comparison of simulation and calculation results of 12.5 MHz operating S-box circuit for 256 cyclical energy data samples. Comparing the conventional and proposed S-box, to add the dummy transistor in input section, the average current and energy of the proposed circuit are increased compared with the SQAL and SPGAL. On the other hand, current and energy fluctuations of the proposed can be reduced as shown %NSD I , %NSD E . Hence, the proposed CPO-SPGAL-based S-box is more secure than the existing adiabatic S-boxes. Figure 17 shows the comparison between the conventional and proposed energy dissipation of the S-Box. Upon adding the dummy transistor, the number of transistors of the proposed S-box increases; hence, the energy dissipation at low-frequency operation increases. On the other hand, at high-frequency operation region, the proposed Sbox has the lowest energy dissipation; hence, the proposed adiabatic logic is suitable for 100 MHz order operated IoT devices.

Correlation Power Analysis (CPA) Attack
Secret data in the devices will be revealed by power analysis attacks, such as Simple Power Analysis (SPA), Differential Power Analysis (DPA), and Correlation Power Analysis   . 17 Comparison of energy dissipation of S-box circuit (CPA). Especially, CPA attack is a powerful analysis, requiring fewer number of power consumption measurements needed to recover the secret key than differential power analysis [10]. In a CPA attack, we calculate the Pearson correlation coefficient between the modeled and actual power consumption. The correlation between the Hamming distance and the power consumption is calculated by the following equation [11]: where D is the number of the power consumption traces, h d,i is the Hamming distance value with key k i , m d,j is the power consumption at time j, h i is the mean value of h d,i , and m j is the mean value of m d,j .
For CPA, we set the key as (33) 10 , and prepare 2048 random plain-texts, and therefore, we obtain 2048 power consumption traces in one round simulation. In this SPICE simulation for CPA, 200 round experimentals are set; hence, 409,600 ( = 2048 texts × 200 round ) power consumption traces are obtained. Finally, the hamming distance/weight is calculated using Visual Basic on Excel for key-guess. Figures 18, 19, and 20 show the correlation coefficient values of the hypothetical key guesses for the successful CPA attack in the conventional S-box circuits. From the simulation results, we found that the correlation coefficient value is at the peak for key guess as (33) 10 . On the other hand, Figure 21 shows the non-successful CPA attack performed on the 8-bit S-box circuit implemented using the proposed CPO-SPGAL gates. The correlation coefficient value is maximum for key guess as (81) 10 . Hence, against CPA attack, the proposed CPO-SPGAL-based S-box is also more secure than the existing adiabatic S-boxes. Because, to control current pass in input section, the proposed circuit consumes uniform current irrespective of the input data being processed when compared to the conventional circuit.

Conclusion
This paper has been presented a secure S-box using our previously proposed Current-Pass Optimized Symmetric Pass Gate Adiabatic Logic (CPO-SGPAL). The security of CPO-SPGAL against CPA attacks was validated by implementing a S-box circuit and performing CPA attacks through SPICE simulations. As CPO-SPGAL is energy-efficient and secure against CPA attacks, the cryptographic circuits based on it can be employed in IoT-based portable electronic devices that can be used in fields with restricted power budget and where security is a major concern.
Compliance with ethical standards

Conflict of interest
The authors declare that they have no conflict of interest.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creat iveco mmons .org/licen ses/by/4.0/.