UDC 004.94.:621.389.:53.086(045)

# QCA TECHNOLOGY FOR IMPLEMENTATION OF CRYPTOGRAPHY ENGINEERING

O. S. Melnik, Ph. D., Docent, A. D. Sverdlova

National Aviation University

Miss.bookmark@yandex.ua

Since the introduction of side-channel attacks, cryptographic devices have been highly susceptible to power and electromagnetic (EM) analysis attacks; because these attacks require only relatively inexpensive equipments. Unless adequate countermeasures are implemented, side channel attacks allow an unauthorized person to reveal the private key of a cryptographic module. Countermeasure a novel logic approach to Quantum-dot Cellular Automata (QCA). The proposed logic takes advantage of low power consumption QCA together with complicated clocking circuitsas a paradigm of nanotechnology advances in cryptography engineering.

Keywords: quantum cellular automata, majority gate, clocking zone, D-type flip-flop, shift nanoregister.

З моменту введення атак побічного каналу криптографічні пристрої були дуже сприйнятливі до живлення й електромагнітних (ЕМ) атак аналізу, оскільки ці атаки потребують лише порівняно недорогого обладнання. Якщо відповідні контрзаходи не будуть реалізовані, побічні атаки на канал дозволять сторонній особі виявити секретний ключ криптографічного модуля. Запропонована логіка використовує у своїх інтересах низьку споживану потужність ККА разом зі складними схемами синхронізації як парадигму удосконалень нанотехнологій в галузі криптографії.

**Ключові слова:** квантовий клітинний автомат, мажоритарний елемент, часова зона, D-тригер, зсувний нанорегістр.

## Introduction

Power analysis attacks were first introduced in [1]. In fact, power and EM side-channels are the most important ones for implementation of block ciphers. The power consumption as well as the EM field surrounding a cryptographic module may leak a significant amount of information about the private key. Now most of digital circuits in cryptographic modules are typically implemented in CMOS. There is a strong dependency between power consumption of circuits implemented based on this logic style and the data that is processed by the circuit. Due to the difference between capacitances in the source and drain of CMOS a transistors, when the transistor switches on and off, different amount of current flows through the transistor and leads to different amount of power consumption when the transistor processes a "0" or "1". Consequently, the power consumption as well as the EM field that is caused by the current flowing in a cryptographic circuit implemented in CMOS leak information about the private key [2]. This current is mainly caused by the charging or discharging of the capacitances of interconnected wires.

## Background

**Basics of QCA theory.** QCA devices consist of a dielectric cell  $(20 \times 20)$  nm with four quantum semiconductor dots 5 nm, located in the corners, and two mobile electrons. Their position is only

dependent on a finite set of cell-values in the vicinity of defined cell [3]. An isolated cell provides tunneling junctions with the potential barriers. They are controlled by local electric fields that are raised to prohibit electron movement and lowered to allow electron movement. Consequently, an isolated cell can have one of three states. A null state occurs when the barrier is lowered and the mobile electrons are free to localize on any dot. The other two states are polarizations that occur when the barrier is raised, and serve to minimize the energy state of the cell. The state set Q is always finite and typical  $Q = \{0,1\}$ . Probability of cell is in one of polarizationstate can be correlated with charge density of each quantum dot, and can be found with the help of formula:

$$P = \frac{(\rho_1 + \rho_2) - (\rho_2 + \rho_4)}{(\rho_1 + \rho_2) + (\rho_2 + \rho_4)} = \pm 1,$$

where  $\rho_i$  is charge density every quantum dot of cell.

Fig. 1 shows basic QCA cell, its two possible orientations and polarization of electrons.

**Majority Gateand Invertor.** Placing cells next to each other in a line and allowing them to interact we can provide flowing of a data down such wire. There are two methods of wire construction in dependence on 45 degree or 90 degree cell orientation theoretically, bun on practice it is difficult to manufactured nano-cells with different

The Boolean expression for majority function

 $f = maj(x_2, x_1, x_0) =$ 

 $= x_2, x_1 \lor x_2, x_0 \lor x_1, x_0.$ 

with inputs  $x_2, x_1$  and  $x_0$  is

orientation [4]. Different gates can be constructed with QCA to compute various logic and arithmetic functions. The basic logic gates in QCA are the majority gate (a) and invertor (b) on Fig. 2. The output cell will polarized to the majority of polarization of input cells.



Fig. 1. A single QCA cell and its two possible orientations and polarization  $(P = \pm 1)$ 



Fig. 2. Majority gate (a) and inverter (b) in QCA

By fixing the polarization of any one input of the majority gate as logic 0 or logic 1, we obtain AND gate or an OR gate respectively:

$$f_{\text{AND}} = maj(x_2, x_{1,0}) = x_2 x_1;$$
  
$$f_{\text{OR}} = maj(x_2, x_{1,1}) = x_2 \lor x_1.$$

Creation of a fixed cell can be done within manufactured process and constant signals do not need to be routed within the circuit.

By connecting a 90 degree cell in the middle of two of these 45 degree cells, both the original input signal (Output 1) and its complement (Output 2) can be obtained. Layout of such construction is shown on Fig. 3.



Fig. 3. Nanowire for simultaneous transmission of original (Output 1) and complement to it (Output 2) signals

Clocking plays a key role in controlling functionality of the QCA logic. This control is accomplished by attaching cells to clocking zones in such way that they latch in succession in the direction of desired signal flow. When potential is the electron wave functions become low. delocalized, resulting in no definite cell polarization. Raising the potential barrier decreases the tunneling rate and thus, the electron begins to localize. As the electron localizes, the cell gains a definite polarization. When the potential barrier has reached its highest point, the cell is said to be latched. Latched cells act as virtual inputs, and as a result, the actual inputs can start to feed in new values. So there is some delay in propagation across QCA cells, unlike for CMOS. In order to have active computation, signals pass through clocking zones, which represent areas where this computation is occurring. The clocking zones are physically adjusted, which means computation must proceed from one to the next in sequential order. Therefore arrive at should their signals destination simultaneously. For majority gate, its cells should be in a clocking zone separate from clocking zones of the other cells so that majority gate line up on the edges of another clocking zone.

#### Side channel attacks and countermeasures

A power consumption (e.g. theside channel) of a cryptographic module depends on many parameters. Only one of them is the private key. However, the fact that the side-channel output depends on the private key is often sufficient to reveal it. In order to exploit this dependency between the side-channel output and the private key, an attacker usually builds a model of the side channel. This model is typically not very complex. In fact, attacks conducted in practice have shown that very simple models are often sufficient to reveal the private key.

Fig. 4 depicts the principles of a side-channel attack [2]. On the left side, the figure shows the physical device that is attacked. Its side-channel output is determined by the private key, the input and the output of the device and by many other parameters. Some of them are known by the attacker, while others are not. The model of the side channel used by the attacker is shown on the right side in Fig. 4. The model may consider additional parameters besides the key, the input and the output of the module. However there is always a certain imperfectness of the model.



Fig. 4. Principles of Side Channel Attacks

Several countermeasures to power and EM attacks have been proposed so far; however, each technique may lead to design complexity, more power consumption, size and speed issues of the entire cryptographic modules. All these strategies can be categorized in two groups: namely, they either try to randomize the intermediate result or take advantage of circuits with data and power consumption independency. These techniques can be implemented in architecture, logic, and algorithm or protocol level. The OCA circuits we introduce in this work takes advantage of QCA technology with low power consumption and data independency together with complicated clocking scheme that makes it very difficult to make power consumption models for cryptographic engineering implemented in OCA logic.

### **Sequential QCA circuits**

Although we can always get similar functionality of sequential logic from a QCA wire segment spread across several clocking zones, i.e. a basic wire implements the master-slave-type data storage, based on neighboring clocking zones acting as flipflop stages, to make a more secure logic style we added an additional logic signal "clock". To describe the consequent sequential logic we introduce a QCA D-Type flip-flop in this part. The structure of a D-type latch [5] has been shown in Fig. 5.

The large area of the circuit and the limitation in the length of QCA wires are main issues when implementing and fabricating circuits in QCA technology. By taking advantage of a level to edge converter, it is possible to improve the D-type QCA flip-flop. The level to edge converter exploits the intrinsic stages of clocking and zones in QCA. The converter consists of an AND gate and an inverter. The original signal is multiplicated with its inverted delayed copy.

The result is generation of short pulses at the rising edge of the original signal.

The D-type flip-flop implemented with this technique has been shown in Fig. 6, a.



Fig. 5. Structure of a D-latch



Fig. 6. QCA D-type flip-flop (a) and simulation of waveforms (b)

Logic equation in the bulean majority bases D-type flip-flop for states  $Q_t$  and  $Q_{t-1}$  are as follows:

$$\begin{aligned} Q_t &= CD \lor \overline{C}Q_{t-1}; \\ Q_t &= maj \Big( maj \big( C, D, 0 \big), maj \big( \overline{C}, Q_{t-1}, 0 \big), 1 \Big), \end{aligned}$$

where C and D — pulse synchronization codes and cryptographic information.

The simulation results obtained with QCA Designer [4] verifies the functionality of the proposed D-typeflip-flop (Fig. 6, b).

Register is a cascade of flip-flops integrating the same controlling circuits that is used for data receiving, processing and transmitting of cryptography information.

Registers are built from synchronous flip-flopcircuit that are sequentially connected, so output signal from the previous flip-flop entries the information input of the next flip-flop. All flip-flops are managed by the general signal of synchronization. In shift registers any two-level flipflops (types RS, D, JK) can be used. But all of them work in a D-type flip-flop mode.

Serial register is used often to transform parallel type code to serial and on the contrary. Using serial code in cryptography is caused by need to transmit big amounts of binary information through the limited number of connecting lines. The big quantity of connective conductors is necessary for the parallel transfer of digits.

Transmitting cryptographic codes in a serial way, bit by bit, on the one conductor, allows reducing sizes of connecting lines.

The circuit of a serial (shift) register, that is built on D-type flip-flops, allows performing the transformation serial type cryptography code to parallelshow of Fig. 7.

<sup>©</sup> Melnik O. S., Sverdlova A. D.



Fig. 7. Serial D-type flip-flop register

## Simulation results

Logic Boolean and majority equations of serial register with the right shift state on D-type flip-flop are as follow:

$$Q_0 \to Q_1 \to Q_2 \to Q_3;$$
  

$$Q_0 = CD \lor \overline{C}D, \ (CQ_0 \lor \overline{C}Q_0) \to Q_1 \text{ and so on};$$
  

$$Q_0 = maj(maj(C, D, 0), maj(\overline{C}, D, 0), 1);$$
  

$$maj(maj(C, Q_{0,0}), maj(\overline{C}, Q_{0,0}), 1) \to 1.$$

and so on.

The states of all outputs for shift register show in Table 1.

| п | D | $O_0$ | $O_1$ | $O_2$ | $O_3$ |
|---|---|-------|-------|-------|-------|
| 0 | 0 | 0     | 0     | 0     | 0     |
| 1 | 1 | 0     | 1     | 0     | 0     |
| 2 | 0 | 1     | 0     | 1     | 0     |
| 3 | 1 | 0     | 0     | 0     | 1     |

Nanocircuit of this register is showed on Fig. 8, and is designed on a tablet field QCADesigner, as well as results of modeling of corresponding time response waveforms.

Positive pulses of logic "1" are corresponded by positive polarizations +P = 1, and negative pulses of logic "0" — by negative polarizations -P = 0 respectively.



Fig. 8. Shift register on 4 D-type flip-flops (a) and QCADesigner simulation results (b)

Table 1

The simulated layout is based in QCA cell sized 20\*20 nm, with 4 quantum dots each having a diameter of 5 nm, and the distance between the center of cells being 20 nm. The dimensions of the full multiplier design are 500 nm \* 1760 nm and total number of cells in 466.

The energy consumption of on clock period form from  $3.8 \cdot 10^{-23} j$  to  $9.8 \cdot 10^{-22} j$ .

## Conclusion

Side channel attacks seriously threaten cryptographic modules as they can be implemented with relatively inexpensive equipment's. In this work, a new approach to implementation of quantum cryptographic modules via QCA technology has been presented. Majority logic style was introduced through design of a D-type flip-flop with additional 'clock' signal as a result of nanotechnology advances in developing novel countermeasures and designing more secure cryptography shift register.

#### REFERENCES

1. *Paul C. Kocher, Joshua Jaffe, and Benjamin Jun,* "Differential Power Analysis", volume 1666 of Lecture Notes in Computer Science, pages 388-397, Springer, 1999.

2. E. Ramini, S. M. Nejad. Secure clocked QCA logic for implementation of cryptographic processors. 2009 applies Electronics, Pilsen 9–10. September, 2009

3. C. S. Lent and P. D. Tougaw, "A Device architecture for computing with quantum dots", Proc. Of the IEEE, 1997.

4. *Walus K.* QCADesiner: A CAD Tool for an Emerging Nano-Technology / K. Walus // Micronet Annual Workshop. — 2003.

5. Пакулов Н. Н. Мажоритарный принцип построения надежных узлов и устройств ЦВМ / Н. Н. Пакулов — М. : Сов. радио — 1974.

Стаття надійшла до редакції 16.01.2015