Energy-Privacy trade-offs in VLSI computations

  • Authors:

  • Akhilesh Tyagi

  • Affiliations:

  • Dept. of Electrical and Computer Engineering, Iowa State University, Ames, IA

  • Venue:
  • INDOCRYPT'05 Proceedings of the 6th international conference on Cryptology in India
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

VLSI circuits are open to sidechannel attacks which disclose information about its internal state to an adversary. Privacy is a design attribute to quantify the circuit’s resistance and resilience to sidechannel attacks. There has been some recent work in cryptography to capture the notion of privacy in circuits. Several constructions to transform a circuit into a private circuit have also been proposed. In this paper, we quantify the energy cost of providing privacy. We use the classical area-time-energy VLSI complexity theory techniques to prove lower bounds on the energy of any VLSI computation for a given function f parametrized by its privacy P (Privacy P or a P-private circuit implies that at least P bits of the circuit need to be observed to derive a single bit of information about an internal node). The main result establishes a lower bound of Ω(t2n2) on the E or ET or AT2 product of any t-private computation of an n-bit multiplier or shifter. Incidentally, the privacy transformation proposed by Ishai et al [6] will generate n-bit multiplier and shifter with matching energy, energy-time, and AT2 characteristics establishing that these lower bounds are tight. The privacy of the base design, without any privacy enhancement techniques, is t = 1. Hence this demonstrates that the privacy comes at a quadratic multiplicative factor energy cost, which can be significant for portable, energy-starved applications such as Smart card. We further introduce the notion of information splitting secret sharing based privacy enhancement techniques. The lower bound on the energy for this case improves to Ω(Pn2), a factor P improvement.