In recent years, some countermeasures have been proposed against differential power analysis (DPA) at the basic composition element level of logic circuits. We propose a countermeasure named random switching logic (RSL). RSL involves computation with data masking using a single logic gate and suppression of transient transitions using ENABLE signals generated independently of input data. Recently, some countermeasures that were proposed against DPA, such as MRSL and DRSL, adopted the concept of RSL. Although MRSL is based on RSL, it uses a different method to suppress the transient transitions. DRSL uses RSL to avoid the possibility of leakage caused by a difference in delays occurring in MDPL that combines dual-rail circuits with random masking. The important difference between these countermeasures and RSL is that they can vary the output transition timing depending on the input data patterns. In this paper, we focus on this feature to evaluate the DPA resistance of MRSL and DRSL. Experiments are also conducted on DPA resistance by using an FPGA to verify the evaluation results. It is confirmed that in both MRSL and DRSL, there is a possibility of leakage if a sufficient difference in delays exists in input signals.

We propose an FPGA-based high-speed search system for cryptosystems that employ a passphrase-based security scheme. We first choose PGP as an example of such cryptosystems, clear several hurdles for high throughputs and manage to develop a high-speed search system for it. As a result we achieve a throughput of 1.1 105 passphrases per second, which is 38 times the speed of the fastest software. Furthermore we can do many flexible passphrase generations in addition to a simple brute force one because we assign the passphrase generation operation to software. In fact we implement a brute force and a dictionary-based ones, and get the same maximum throughput as above in both cases. We next consider the speed of passphrase generation in order to apply our system to other cryptosystems than PGP, and implement a hardware passphrase generator to achieve higher throughputs. In the PGP case, the very heavy iteration of hashing, 1025 times in our case, lowers the total throughput linearly, and makes the figure 1.1 105 suffice. In other cases without any such iteration structure, we have to generate even more passphrases, for example 108 per second. That can easily exceed the generation speed that software can offer and thus we conclude that it is now necessary to place the passphrase generation in hardware instead of in software.

This paper considers the problem of enumerating all maximal cliques in unit disk graphs, which is a plausible setting for applications of finding similar data groups. Our primary interest is to develop a faster algorithm using the geometric structure about the metric space where the input unit disk graph is embedded. Assuming that the distance between any two vertices is available, we propose a new algorithm based on two well-known algorithms called Bron-Kerbosch and Tomita-Tanaka-Takahashi. The key idea of our algorithm is to find a good pivot quickly using geometric proximity. We validate the practical impact of our algorithm via experimental evaluations.

The encryption and the decryption of the product-sum type public key cryptosystems can be performed extremely fast. However, when the density is low, the cryptosystem should be broken by the low-density attack. In this paper, we propose a new class of the product-sum type public key cryptosystems based on the reduced bases, which is invulnerable to the low-density attack.

For the purpose of the application of odor to information technology, we have developed an odor-emitting apparatus coupled with chemical capsules made of alginic acid polymer. This apparatus consists of a chemical capsule cartridge including chemical capsules of odor ingredients, valves to control odor emission, and a temperature control unit. Different odors can be easily emitted by using the apparatus. We have developed an integrated system of vision, audio and olfactory information in which odor strength can be controlled coinciding with on-screen moving images based on analytical results from the odor scanner.

In this paper, we propose a new Delay PUF architecture trying to solve the major problem of existing Delay PUFs that it is easy to predict the relation between delay information and generated information. For that purpose, our architecture exploits glitches as a source of information generation that behave non-linearly from delay variation between gates and the characteristic of pulse propagation of each gate. We thus call it the Glitch PUF. We present two circuit structures of the Glitch PUF both of which have their own merits. We then provide the results of evaluation in which we first verify that the two Glitch PUFs exhibit the same characteristics, and second show the randomness and statistical properties of the Glitch PUF.

This paper describes a modular exponentiation processing method and circuit architecture that can exhibit the maximum performance of FPGA resources. The modular exponentiation architecture proposed by us comprises three main techniques. The first one is to improve the Montgomery multiplication algorithm in order to maximize the performance of the multiplication unit in an FPGA. The second one is to balance and improve the circuit delay. The third one is to ensure scalability of the circuit. Our architecture can perform fast operations using small-scale resources; in particular, it can complete a 512-bit modular exponentiation as fast as in 0.26 ms with the smallest Virtex-4 FPGA, XC4VF12-10SF363. In fact the number of SLICEs used is approx. 4200, which proves the compactness of our design. Moreover, the scalability of our design also allows 1024-, 1536-, and 2048-bit modular exponentiations to be processed in the same circuit.

In this paper, we propose new models for directly evaluating DPA leakage from logic information in CMOS circuits. These models are based on the transition probability for each gate, and are naturally applicable to various actual devices for simulating power analysis. Furthermore, we demonstrate the weakness of previously known hardware countermeasures for both our model and FPGA and suggest secure conditions for the hardware countermeasure.

In this paper we first demonstrate that effective selection functions in power analysis attacks change depending on circuit architectures of a block cipher. We then conclude that the most resistant architecture on its own, in the case of the loop architecture, has two data registers have separate roles: one for storing the plaintext and ciphertext, and the other for storing intermediate values. There, the pre-whitening operation is placed at the output of the former register. The architecture allows the narrowest range of selection functions and thereby has resistance against ordinary CPA. Thus, we can easily defend against attacks by ordinary CPA at the architectural level, whereas we cannot against DPA. Secondly, we propose a new technique called "self-templates" in order to raise the accuracy of evaluation of DPA-based attacks. Self-templates enable to differentiate meaningful selection functions for DPA-based attacks without any strong assumption as in the template attack. We also present the results of attacks to an AES co-processor on an ASIC and demonstrate the effectiveness of the proposed technique.

An energy-efficient nonvolatile FPGA with assuring highly-reliable backup operation using a self-terminated power-gating scheme is proposed. Since the write current is automatically cut off just after the temporal data in the flip-flop is successfully backed up in the nonvolatile device, the amount of write energy can be minimized with no write failure. Moreover, when the backup operation in a particular cluster is completed, power supply of the cluster is immediately turned off, which minimizes standby energy due to leakage current. In fact, the total amount of energy consumption during the backup operation is reduced by 66% in comparison with that of a conventional worst-case-based approach where the long time write current pulse is used for the reliable write.

A nonvolatile field-programmable gate array (NV-FPGA), where the circuit-configuration information still remains without power supply, offers a powerful solution against the standby power issue. In this paper, an NV-FPGA is proposed where the programmable logic and interconnect function blocks are described in a hardware description language and are pushed through a standard-cell-based design flow with nonvolatile flip-flops. The use of the standard-cell-based design flow makes it possible to migrate any arbitrary process technology and to perform architecture-level simulation with physical information. As a typical example, the proposed NV-FPGA is designed under 55nm CMOS/100nm magnetic tunnel junction (MTJ) technologies, and the performance of the proposed NV-FPGA is evaluated in comparison with that of a CMOS-only volatile FPGA.

A design methodology of Random Switching Logic (RSL) using CMOS standard cell libraries is proposed to counter power analysis attacks against cryptographic hardware modules. The original RSL proposed in 2004 requires a unique RSL-gate for random data masking and glitch suppression to prevent secret information leakage through power traces. In contrast, our new methodology enables to use general logic gates supported by standard cell libraries. In order to evaluate its practical performance in hardware size and speed as well as resistance against power analysis attacks, an AES circuit with the RSL technique was implemented as a cryptographic LSI using 130-nm and 90-nm CMOS standard cell library. From the results of attack experiments that used a million traces, we confirmed that the RSL-AES circuit has very high DPA and CPA resistance thanks to the contributions of both the masking function and the glitch suppressing function.

We have developed an odor-emitting apparatus for application of odor to information technology. This apparatus consists of a chemical capsule cartridge including chemical capsules of odor ingredients and valves to control odor emission using an artificial metal muscle. In this method, multiple valves can be opened using the current for a single artificial muscle because the expansion and contraction time constant for the artificial muscles is large. We have developed a new multi-valve sequence mode that uses multiple odor capsules to increase odor strength, and we have been able to increase the strength produced by a factor of two. In addition, we evaluated the change in odor strength using a mock-up of the back seat of an automobile, and all of the ten test subjects reported sensing a stronger odor.

In this paper we propose a unified coprocessor architecture that, by using a Glitch PUF and a block cipher, efficiently unifies necessary functions for secure key storage and challenge-response authentication. Based on the fact that a Glitch PUF uses a random logic for the purpose of generating glitches, the proposed architecture is designed around a block cipher circuit such that its round functions can be shared with a Glitch PUF as a random logic. As a concrete example, a circuit structure using a Glitch PUF and an AES circuit is presented, and evaluation results for its implementation on FPGA are provided. In addition, a physical random number generator using the same circuit is proposed. Evaluation results by the two major test suites for randomness, NIST SP 800-22 and Diehard, are provided, proving that the physical random number generator passes the test suites.

Artificial intelligence (AI), especially deep learning (DL), has been remarkable and applied to various industries. However, adversarial examples (AE), which add small perturbations to input data of deep neural networks (DNNs) for misclassification, are attracting attention. In this paper, we propose a novel black-box attack to craft AE using only processing time which is side-channel information of DNNs, without using training data, model architecture and parameters, substitute models or output probability. While, several existing black-box attacks use output probability, our attack exploits a relationship between the number of activated nodes and the processing time of DNNs. The perturbations for AE are decided by the differential processing time according to input data in our attack. We show experimental results in which our attack's AE increase the number of activated nodes and cause misclassification to one of the incorrect labels effectively. In addition, the experimental results highlight that our attack can evade gradient masking countermeasures which mask output probability to prevent crafting AE against several black-box attacks.

A novel driving concept, "pulse-width modulation with current uniformization," is proposed for thin-film transistor driven organic light-emitting diode displays (TFT-OLEDs). An example of this driving concept is the combination of "pulse-width modulation with a self-biased inverter" and a "time-ratio grayscale with current uniformization." Its driving operation is confirmed by circuit simulation. It is found that this driving method can compensate the characteristic deviations and degradations of both TFTs and OLEDs and immensely improve luminance uniformity. Finally, its driving operation is also confirmed by an actual pixel equivalent circuit.

In recent years, certain countermeasures against differential power analysis (DPA) at the logic level have been proposed. Recently, Popp and Mangard proposed a new countermeasure-masked dual-rail pre-charge logic (MDPL); this countermeasure combines dual-rail circuits with random masking to improve the wave dynamic differential logic (WDDL). They claimed that it could implement secure circuits using a standard CMOS cell library without special constraints for the place-and-route method because the difference between the loading capacitances of all the pairs of complementary logic gates in MDPL can be compensated for by the random masking. In this paper, we particularly focus on the signal transition of MDPL gates and evaluate the DPA-resistance of MDPL in detail. Our evaluation results reveal that when the input signals have different delay times, leakage occurs in the MDPL as well as WDDL gates, even if MDPL is effective in reducing the leakage caused by the difference in loading capacitances. Furthermore, in order to validate our evaluation, we demonstrate a problem with different input signal delays by conducting measurements for an FPGA.

The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multiplier. It is shown that how leakage from integer multiplier and long-integer multiplication algorithm can be asymmetric between two operands. The asymmetric leakage is verified with experiments on FPGA and micro-controller platforms. Moreover, we show an experimental result in which success and failure of the attack is determined by the order of operands. Therefore, designing operand order can be a cost-effective countermeasure. Meanwhile we also show a case in which a particular countermeasure becomes ineffective when the asymmetric leakage is considered. In addition to the above main contribution, an extension of the attack by Hanley et al. using the signal-processing technique of Big Mac Attack is presented.

CoPt and Co3Pt alloy thin films are prepared on MgO(111), SrTiO3(111), and Al2O3(0001) single-crystal substrates by varying the substrate temperature in a range from room temperature to 600°C by using an ultra-high vacuum radio-frequency magnetron sputtering system. The formation of metastable ordered phase and the structural thermal stability are briefly investigated. CoPt and Co3Pt films with the close-packed plane parallel to the substrate surface grow epitaxially on these oxide single-crystal substrates. CoPt epitaxial films are also formed by employing Pt, Pd, Cu, Cr, Ti, and Ru underlayers hetero-epitaxially grown on MgO(111) substrates. The crystal structure is evaluated by considering the order degree and the atomic stacking sequence of close-packed plane. Metastable ordered phases of L11, Bh, and D019 are preferentially formed in the CoPt and the Co3Pt films deposited around 300°C. Metastable ordered phase formation is influenced by the substrate temperature, the film composition, and the underlayer material. With increasing the substrate temperature up to around 300°C, the order degree increases. As the substrate temperature further increases, the order degree decreases. Annealing a disordered film at 300°C does not effectively enhance ordering. The CoPt and the Co3Pt films which include metastable ordered phases have flat surfaces and show strong perpendicular magnetic anisotropies reflecting the magnetocrystalline anisotropies of ordered crystals.

This paper proposes a new countermeasure, Random Switching Logic (RSL), against DPA (Differential Power Analysis) and Second-Order DPA at the logic level. RSL makes a signal transition uniform at each gate and suppresses the propagation of glitch to allow power consumption to be independent of predictable data. Furthermore, we implement basic logic circuits on the FPGA (Field Programmable Gate Array) by using RSL, and evaluate the effectiveness. As a result, we confirm the fact that the secure circuit can be structured against DPA and Second-Order DPA.