Verimap

VeriMap is a design kit for converting a single-rail RTL netlists into a dual-rail circuits resistant to DPA attacks. The main features of the toolkit are:

• The VeriMap tool preserves the industry design flow and interfaces to standard CAD tools (Cadence).
• Generated circuits are hazard free and resistant to DPA attacks.
• Support for two architectures: self-timed dual-rail or clocked dual-rail.
• Generated circuits preserve all DFT features incorporated at the logic synthesis stage.
• Support for negative logic optimisation to reduce the size of the circuit and shorten the critical path.
• Support for the alternating spacer protocol to resist DPA attacks by making the power consumption data-independent.

Download and installation

The latest release of the tool can be found on VeriMap homepage:

• Linux binaries
• Conversion libraries for AMS 0.35μm csx technology (version 3.3)
• Conversion libraries for AMS 0.35μm c35b4 technology (version 3.5)
• Source code
• Benchmarks

The compilation of VeriMap tool from source is performed by the following command:

  $ make

This will compile a binary called verimap. In order to start using the tool put this binary into a directory, which is referenced from the PATH environment variable (e.g. /usr/local/bin/). This can be done by running the following command as root:

  $ make install

If you already have an executable of the VeriMap tool, then just copy it into a directory which is referenced from your PATH environment variable.

Changes and ToDo list

Changes in VeriMap version 1.1 comparing to version 1.0:

• The speed of hierarchy calculation is improved significantly
• Minor modifications to the conversion librarys for AMS 0.35μm csx technology (version 3.3)
• Added conversion libraries for AMS 0.35μm c35b4 technology (version 3.5)

ToDo list:

• Automate (or simplify) the process of transformation rules library generation.
• Improve the power consumption by applying clock gating and data guarding.
• Decrease the size of the resultant circuits by selective dual-railing and more sophisticated completion detection.
• Fabricate a demonstrator and try an actual DPA attack.
• Improve the computation speed.
• Add support for AMS 0.35μm c35b4 technology (version 3.5).

Usage of the toolkit

The VeriMap design kit converts single-rail RTL netlists into dual-rail circuits which are resistant to Differential Power Analysis (DPA) attacks. VeriMap design kit successfully interfaces to the Cadence CAD tools. It takes as input a structural Verilog netlist file, created by Cadence Ambit (or another logic synthesis tool), and converts it into dual-rail netlist. The resulting netlist can then be processed by Cadence or other EDA tools. All Design For Testability (DFT) features incorporated at the logic synthesis stage are preserved.

The VeriMap design flow (see the figure) consists of the following parts: a library of gate prototypes; a library of transformation rules; a library of gate attributes; a software tool called verimap. The design kit is supplied with a set of libraries for AMS 0.35μm technology. After some modification these libraries can be used for other technologies. Their formats are described in the following sections.

Library of gate prototypes

The library of gate prototypes is a set of Verilog files containing three types of gates:

• single-rail gates;
• manually designed converters and controllers;
• manually designed dual-rail gates.

The definitions of all single-rail gates which are instantiated in the circuit under conversion have to be in the library. These definitions are used by VeriMap to determine which connections of the gate are inputs and which are outputs. The implementation of these gates is not important and can be skipped.

The converters between single-rail and dual-rail domains, go-controller and spacer-controller are also defined in this library. This gates cannot be produced automatically by the tool and must be created manually for each design technology.

The library can also contain implementations of some dual-rail gates. The predefined dual-rail gates are used when the automatic conversion of a single-rail gate into dual-rail is impossible or gives a poor result. Typical examples for such gates are multiplexers, flip-flops and latches.

Library of transformation rules

The library of rules for gate transformation defines how to convert a single-rail gate into a dual-rail one. If a predefined dual-rail implementation of a gate is found in the library of gate prototypes, then the tool uses it. Otherwise a dual-rail implementation is built automatically using these rules. Each line of this library defines one rule. A rule consist of the following space-separated fields:

• single_rail - the name of a single-rail gate to which the rule applies;
• dual_rail - the name of a corresponding dual-rail gate (usually it is the same as single_rail);
• direct_positive - the name of a positive gate which implements the function of the single-rail gate;
• complementary_positive - the name of a positive gate which implements the function complementary to the single-rail gate;
• direct_negative - the name of a negative gate which implements the function of the single-rail gate;
• complementary_negative - the name of a negative gate which implements the function complementary to the single_rail gate;
• interface_polarity - a sequence of characters defining in a position code which ports of the single-rail gate are inputs (encoded by small characters) and which are outputs (encoded by capital letters). The characters also encode how the gate inputs and outputs are converted:
  • p - a direct (positive) input;
  • n - an inverted (negative) input, its rails should be crossed;
  • P - a direct (positive) output, its rails should be crossed when the gate is converted into a negative dual-rail logic;
  • N - an inverted (negative) output, its rails should be crossed when the gate is converted into a positive dual-rail logic;
  • d - a data input, which should be converted into dual-rail (by default)
  • s - a control input, which is not converted and stays single-rail (e.g., clock and reset inputs)
  • D - a data output, which should be converted into dual-rail (by default)
  • S - a control output, which is not converted and stays single-rail (e.g., output of a controller generating local clock or reset signals)
  • r - a dual-rail implementation of the gate requires an additional reset signal;
  • c - a dual-rail implementation of the gate requires an additional clock signal.
• flags - is a string of four characters answering the following sequence of questions (y for yes, n for no):
  1. Is this rule for a flip-flop or a latch?
  2. Does a dual-rail gate obtained by this rule have early propagation?
  3. Should the positive gates listed in direct_positive and complementary_positive be taken into account when optimising for size and speed?
  4. Should the negative gates listed in direct_negative and complementary_negative be taken into account when optimising for size and speed?

Library of gate parameters

The negative gate optimisation usually improves the size and speed of a dual-rail circuit. However, for a negative gate with high output drive it is not true, because such a gate consists of a positive gate and a strong inverter attached to the output. A library of gate attributes, is useful in such a case. For each single-rail gate it helps to chose the optimal dual-rail gate between its negative-logic and positive-logic implementations. If this library is missing, then the negative-logic dual-rail implementation is preferred.

The library consists of two sections. The first section lists the names of attributes, which are associated with each library gate. The second section assigns the values of these attributes to the gates.

VeriMap software tool

The main function of the tool is conversion of a single-rail RTL netlist into a dual-rail netlist of either of two architectures: self-timed and clocked. It is done in four stages. Firstly, a single-rail circuit is converted into positive logic dual-rail. Secondly, the positive dual-rail gates are replaced by negative dual-rail gates and the spacer polarity inverters are inserted. This is the negative gate optimisation [1]. Then, the completion signal is generated (asynchronous design only) [2]. Finally, a wrapper module connecting the dual-rail circuit to the single-rail environment is added (optional).

Using the standard dual-rail protocol with a single spacer has certain balancing problems due to the asymmetry between logic gates within a dual-rail gate. We addressed and solved these problems in [3] by using a new protocol with two spacers alternating in time leading to all gates switching within every clock cycle. The tool supports the alternating spacer protocol.

Apart from generating netlists, VeriMap tool reports statistics for the original and resultant circuits: estimated area of combinational logic and flip-flops, number of negative gates and transistors, number of wires.

The tool also generates a behavioural Verilog file assisting the power analysis of the original and resultant circuits. Being included into simulation testbench these Verilog counts the number of switching events in each wire of the circuits.

The detail list of VeriMap command line parameters and their meaning follows.

USAGE: 
  verimap [OPTIONS] [INPUT_FILE_NAMES] 
FILE OPTIONS: 
  -o,  --output OUTPUT_FILE_NAME   - Verilog netlist output file [STDOUT] 
  -i,  --include INC_FILE_NAMES    - Verilog include files [STDIN] 
  -l,  --library LIB_FILE_NAME     - Verilog library output [] 
  -g,  --generate GEN_FILE_NAME    - Verilog generated modules [STDOUT] 
  -r,  --rules RULES_FILE_NAMES    - rules for gate transformation files [] 
  -p,  --params PARAMS_FILE_NAMES  - parameters of modules input files [] 
  -a,  --assignments ASSIGN_FILE_NAMES  - assignments input files [] 
  -cn, --completion-nets NET_FILE_NAMES - completion nets input files [] 
    *_FILE_NAMES is a coma separated list of files for reading 
TRANSFORMATION OPTIONS: 
  -tl, --transformation-level[TL]  - transformation level (TL=[0],1,2,3) 
       0 = no circuit transformation, the netlist is re-formatted only 
       1 = calculate the optimisation possibilities only
       2 = convert the circuit into dual-rail 
       3 = build completion detection logic, add go input and done output 
  -cd, --completion-delay[CD]      - delay of completion logic (CD=[0],1...) 
  -ct, --clock-toggle              - build a toggle for alternating spacer 
  -srw,--single-rail-wrapper       - build a single-rail wrapper 
OPTIMISATION OPTIONS: 
  -ol, --optimisation-level[OL]    - optimisation level (OL=[0],1,2) 
       0 = no optimisation (positive gates) 
       1 = optimisation for negative gates or for a parameters 
           given by --optimisation-params option 
       2 = optimisation of spacer converters distribution 
  -op, --optimisation-params PARAM_NAMES - optimise for parameters [] 
       PARAM_NAMES is a coma separated list of parameter names which are 
       specified in the files provided by --params option 
  -gd, --gate-delay-param PARAM_NAME - name of the cell delay parameter [] 
       PARAM_NAME is parameter name which is specified in the files 
       provided by --params option 
STRUCTURE OPTIONS: 
  -tm, --topmost-module MODULE_NAME - name of the topmost module 
  -buf,--buffer                    - buffer SPACER and DONE signals 
  -ra, --reset-active[RA]          - reset active level (RA=[0],1) 
       0 = active-0 reset, 1 = active-1 reset 
  -rst,--reset PORT_NAMES          - names of reset ports [*.rst] 
  -clk,--clock PORT_NAMES          - names of clock ports [*.clk] 
  -sp0,--spacer-0 PORT_NAMES       - spacer-0 ports [*.*] 
  -sp1,--spacer-1 PORT_NAMES       - spacer-1 ports [] 
       PORT_NAMES is a comma-separated list of MODULE_NAME.PORT_NAME 
           MODULE_NAME.* = all ports of the MODULE_NAME module 
           *.PORT_NAME = port PORT_NAME of all modules 
           *.* = all ports of all modules 
           PORT_NAME = port PORT_NAME of the topmost module 
STATISTICS OPTIONS: 
  -s,  --statistics STAT_FILE_NAME - statistics output file [STDOUT] 
  -sl, --statistics-level[SL]      - statistics output level (SL=[0],1,2,3) 
       0 = no statistics is collected 
       1 = statistics is collected for single-rail circuit only 
       2 = statistics is collected for dual-rail circuit only 
       3 = statistics is collected for both single- and dual-rail circuits 
CONES OPTIONS: 
  -c,  --cones CONES_FILE_NAME     - cones output file name [-] 
  -cl, --cones-level[CL]           - cones output level (CL=[0],1,2,3) 
       0 = table of cones intersection only 
       1 = output nets in each cone 
       2 = output nets and instances in each cone 
       3 = additional comments for cones layers 
  -cv, --cones-vertex ITEM_NAMES   - list of vertex items to build the cones 
       ITEM_NAMES is a comma-separated list of MODULE_NAME.ITEM_NAME 
            ITEM_NAME is either net or instance name 
            MODULE_NAME.* = all nets and instances of the MODULE_NAME module 
            *.ITEM_NAME = item ITEM_NAME of all modules 
            *.* = all nets and instances of all modules 
            ITEM_NAME = item ITEM_NAME of the topmost module 
SWITCHING ACTIVITY OPTIONS: 
  -w, --wires WIRES_FILE_NAME      - wires switching output file [STDOUT] 
  -wl, --wires-level[WL]           - level of details for wires (WL=[0],1,2,3) 
       0 = no wires switching analysis 
       1 = wires switching is analysed for single-rail circuit only 
       2 = wires switching is analysed for dual-rail circuit only 
       3 = wires switching is analysed for both single- and dual-rail circuits 
  -wp, --wires-pattern PATTERN     - wires output format [always @(?) c=c+1;] 
       Question mark ? in the PATTERN is replaced by the wires full names 
TIMING ANALYSIS OPTIONS: 
  -cmd CMD_FILE_NAME               - Pearl timing analysis command file 
  -gcf GCF_FILE_NAME               - GCF file for timing analysis 
  -pp, --path-possibility[N]       - consider N worst paths (N=[1],2...) 
INFORMATION OPTIONS: 
  -h, --help                       - print this help only 
  -v, --version                    - print version only

References

1. A.Bystrov, D.Sokolov, A.Yakovlev, A.Koelmans: "Balancing Power Signature in Secure Systems". 14th UK Asynchronous Forum, Newcastle, June 2003.
2. D.Sokolov, J.Murphy, A.Bystrov, A.Yakovlev: "Improving the security of dual-rail circuits", In Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES), August 2004.
3. D.Sokolov, J.Murphy, A.Bystrov, A.Yakovlev: "Design and analysis of dual-rail circuits for security applications", IEEE Transactions on Computers, Volume 54(4), pages 449-460, April 2005.