当前位置:文档之家 › dual-rail_random_switching_logic

dual-rail_random_switching_logic

  • 格式:pdf
  • 大小:164.19 KB
  • 文档页数:13

下载文档原格式

  / 13

合集下载

不确定时滞奇异系统基于PD观测器的鲁棒控制

不确定时滞奇异系统基于PD观测器的鲁棒控制

Q[ ]一 一 , [ ]一 ]一 ] w ,[ ,[ , P S
并 设
P1 + S Q— 1 P2 +S Q— E 1 , Er 2

则 我 们 有下 面 的定 理 :
定 理 1 对 于 系统 ( ) 若 存 在 正参 数 e 0 , 8, , , 正定 矩 阵 P (一1 2 3 , , ) / , ,) Q (一1 2 和矩 阵 (一1 2 满足 ,) 以下 不 等式 , 系 统 ( ) 于 P 则 8基 D观 测器 ( ) 5 的控 制下 是 鲁棒 可控 的 , 中 K=Y2 L 和 L 可 由 L ( ) 其  ̄F , 。 z MI9 解
数 的 常数 阵 , 定 rn ( ) ≤ 为 连续 的状态 初值 函数 ; 假 a k E 一r r为状态 中的滞 后 常量 , △A 范数有 界 的 时 △4, 是
变 不确 定 的.
不 确定 的参 数 有 以下 形式 :
[ A △ ] F() E E2 △ A。 一D t[ ]
LC - f +Q 1 ≤ a C L ̄ t L L C T + LC 1P +L C P ≤ 正 眈 + C 1 c PPc
把 ( 1 代 入 ( o 并 由 S h r 引理 可 得 ( ) 1) 1) cu 补 9.

3 数 值 实 例
E一
DEF+E D ≤ a F DD + r E.
引理 2
对奇 异 系 统
f ( ) A f +A1 t f E主 f 一 ( ) ( — )
【 f一咖 f ,E( ,] () () t 一f o .
来说 , 如果 存 在 矩 阵 P O Q>o和 w 满 足 > ,
LE SP二SQ)r S q 1E ]o P +QE+( Q- APW J<. ( A E )w ( )q P A 一

不确定离散奇异系统的鲁棒H∞控制及仿真

不确定离散奇异系统的鲁棒H∞控制及仿真
AB TRACT: o ls fu c r i i g lr d s r t - i i e r s se ih t -i v ra tn r l b u d d p — S F ra ca so n e t n sn u a ic ee t a me l a y tms w t i n me n a i n o n — o n e a
1 引 言
由于奇异系统广泛 地应用 于经 济系统 、 源系统 、 能 大范
围 系 统 …… … ; 一 方 面 , 于 模 型 误 差 、 性 化 、 件 变 化 另 由 线 条 和 数 据误 差 等 因 素 均 可 引 起 系 统 矩 阵 的 不 确 定 性 J 所 。 以 , 年来奇异系统的 H 近 控 制 问 题 、 棒 控 制 问题 成 为研 究 鲁 热 点 。 现 在见 到 的文 献 上 的 一些 方 法 , 以 解 决 一 类 线 性 定 可 常广 义 系统 的鲁 棒 控 制 问 题 , 应 用 这 些 方 法 时 , 了可 能 但 除
第2卷 第3 8 期
文 章 编 号 :0 6 9 4 (0 )3 0 3 — 3 10 — 3 8 2 1 0 - 2 1 0 1



仿

21年3 01 月
不 确 定 离 散 奇 异 系 统 的 鲁 棒 H∞控 制 及 仿 真
方 晨
( 皇 岛职 业 技 术 学 院 , 秦 河北 秦 皇 岛 0 60 ) 6 10 摘 要 : 对 一 类 具 有 时 不变 且 模 有 界 参 数 不 确 定 性 的离 散 奇 异 系 统 , 了 提 高 控 制 系 统 的稳 定 性 , 决 了系 统 的状 态 反 馈 鲁 针 为 解 棒H 控 制 的 难点 问题 。提 出采 用 线 性 矩 阵 不 等 式 ( MI的 方 法 , 得 到 问 题求 解 的 条 件 , 给 出 相 应 的 状 态 反 馈 控 制 律 。 L ) 可 并 在一定条件下 , 所得 的状 态 反 馈 鲁 棒 H 控 制 律不 仅 使 离 散 奇 异 系 统 对 所 有 容 许 的 不 确 定 性 参 数 , 够 保 证 闭 环 系统 正 则 , 能

莱埃尔电子有限公司产品说明:拉瓦雷特时间间隔计数器说明书

莱埃尔电子有限公司产品说明:拉瓦雷特时间间隔计数器说明书

LAUREL ELECTRONICS, INC.Laureate™ Time Interval Meter Resolution to 0.2 µs for time of periodic events. Displays highly accurate rate based on 1 / time.Features•Times periodic events with width from 1 µs to 199.999 s•Display resolution to 0.2 µs•Rep rates to 250 kHz•Inputs from NPN or PNP proximity switches, contact closures, digital logic,magnetic pickups down to 12 mV, or AC inputs up to 250 Vac•Triggers on positive or negative pulse edges•Universal AC power, 85-264 Vac•Isolated 5, 10 or 24 Vdc excitation supply to power sensors•NEMA 4X, 1/8 DIN case•Optional serial I/O: Ethernet, USB, RS232, RS485, Ethernet-to-RS485 converter•Optional relay outputs: dual or quad relays, contact or solid state•Optional isolated analog output: 4-20 mA, 0-20 mA, 0-10V, -10 to +10V•Optional low voltage power: 10-48 Vdc or 12-32 Vac•Optional Extended Timer: features of standard timer plus rate based on 1/time DescriptionThe Laureate A-to-B Time Interval Meter can display pulsewidth or time delay between individual pulses to a resolution of0.2 µs. It can also display average pulse width or average timedelay between multiple pulses.Time interval is measured between inputs on channels A andB. Timing starts when a pulse is applied to Channel A (selectablepositive or negative edge), and ends when a pulse is applied toChannel B (selectable positive or negative edge). In case of asingle pulsed signal, the A and B inputs can be tied together. Apositive or negative slope may be selected to start timing, andthe opposite slope must be selected to stop timing. Timing isachieved by counting 5.5 MHz clock pulses. Multiple integral timeintervals are averaged over a gate time which is selectable from10 ms to 199.99 s and also controls the display update time.Time interval can be displayed in seconds, milliseconds, ormicroseconds with 6-digit resolution. In the typical application,time is displayed in milliseconds with 1 µs resolution. For timesless than 100 ms, display resolution down to 0.2 µs can beachieved by applying a multiplier of 10, moving the decimal pointby one position, and averaging many time intervals.Highly accurate rate can be displayed by taking the inverse oftime. Extensive arithmetic capabilities allow display inengineering units, such as meters/sec. Rate based on timerequires use of the Extended counter main board.The FR dual-channel signal conditioner board accepts inputsfrom proximity switches with PNP or NPN output, TTL or CMOSlogic, magnetic pickups, contact closures, and other signals from12 mV to 250 Vac. Jumper selections provide optimum operationfor different sensor types and noise conditions. A built-in isolated5, 10, or 24 Vdc excitation supply can power proximity switchesand other sensors, and eliminate the need for an external powersupply.Designed for system use. Optional plug-in boards includeEthernet and other serial communication boards, dual or quadrelay boards, and an isolated analog output board. Laureatesmay be powered from 85-264 Vac or optionally from 12-32 Vacor 10-48 Vdc. The display is available with red or green LEDs.The 1/8 DIN case meets NEMA 4X (IP65) specifications from thefront when panel mounted. Any setup functions and front panelkeys can be locked out for simplified usage and security. A built-in isolated 5, 10, or 24 Vdc excitation supply can power trans-ducers and eliminate the need for an external power supply.All power and signal connections are via UL / VDE / CSA ratedscrew clamp plugs.SpecificationsDisplayReadoutRangeIndicators6 LED digits, 7-segment, 14.2 mm (.56"), red or green-999999 to +999999Four LED lampsInputsTypes Grounding Minimum Signal Maximum Signal Noise Filter Contact Debounce AC, pulses from NPN, PNP transistors, contact closures, magnetic pickups. Common ground for channels A & BNine ranges from (-12 to +12 mV) to (+1.25 to +2.1V).250 Vac1 MHz, 30 kHz, 250 Hz (selectable)0, 3, 50 ms (selectable)Time Interval ModeTiming StartTiming StopPeriodic Timing Interval Gate TimeTime Before Zero Output Channel A pulse, + or - edges Channel B pulse, + or - edgesGate time + 30 ms + 0-2 time intervals Selectable 10 ms to 199.99 s Selectable 10 ms to 199.99 sResolution0 - 199.999 s 0 - 99.9999 s 0 - 9.99999 s 0 - .999999 s 0 - .099999 s 1 ms 100µs 10 µs 1 µs 0.2 µsAccuracyTime Base Span Tempco Long-term Drift Crystal calibrated to ±2 ppm ±1 ppm/°C (typ)±5 ppm/yearPowerVoltage, standard Voltage, optional Power frequency Power consumption (typical, base meter) Power isolation 85-264 Vac or 90-300 Vdc12-32 Vac or 10-48 VdcDC or 47-63 Hz1.2W @ 120 Vac, 1.5W @ 240 Vac, 1.3W @ 10 Vdc, 1.4W @ 20 Vdc, 1.55W @ 30 Vdc, 1.8W @ 40 Vdc,2.15W @ 48 Vdc250V rms working, 2.3 kV rms per 1 min testExcitation Output (standard)5 Vdc10 Vdc24 VdcOutput Isolation 5 Vdc ± 5%, 100 mA 10 Vdc ± 5%, 120 mA 24 Vdc ± 5%, 50 mA 50 Vdc to meter groundAnalog Output (optional)Output Levels Current compliance Voltage compliance Scaling Resolution Isolation 4-20 mA, 0-20 mA, 0-10V, -10 to +10V (single-output option) 4-20 mA, 0-20 mA, 0-10V (dual-output option)2 mA at 10V ( > 5 kΩ load)12V at 20 mA ( < 600Ω load)Zero and full scale adjustable from -99999 to +9999916 bits (0.0015% of full scale)250V rms working, 2.3 kV rms per 1 min test(dual analog outputs share the same ground)Relay Outputs (optional)Relay Types Current Ratings Output common Isolation 2 Form C contact relays or 4 Form A contact relays (NO)2 or 4 Form A, AC/DC solid state relays (NO)8A at 250 Vac or 24 Vdc for contact relays120 mA at 140 Vac or 180 Vdc for solid state relays Isolated commons for dual relays or each pair of quad relays 250V rms working, 2.3 kV rms per 1 min testSerial Data I/O (optional)Board SelectionsProtocols Data RatesDigital Addresses Isolation Ethernet, Ethernet-to-RS485 server, USB, USB-to-RS485 server, RS485 (dual RJ11), RS485 Modbus (dual RJ45), RS232 Modbus RTU, Modbus ASCII, Laurel ASCII protocol 300 to 19200 baud247 (Modbus), 31 (Laurel ASCII),250V rms working, 2.3 kV rms per 1 min testEnvironmental Operating Temperature Storage Temperature Relative Humidity Protection0°C to 55°C -40°C to 85°C95% at 40°C, non-condensingNEMA-4X (IP-65) when panel mountedElectrical ConnectionsMechanicalApplication ExamplesTime Interval Mode for Time DelayFor periodic pulses applied to A and B channels, time delays can be measured down to 0.2 µs resolution from the rising or falling edge of A to the rising or falling edge of B (selectable). Time Interval Mode for Pulse WidthThe width of periodic pulses (t1 or t2) can be measured by tying the A and B channels together. As for time delay, readings are averaged over a user-selectable gate time. Timing Process DynamicsThe start and stop pulses used for timing can be generated by the dual relay board in a Laureate panel meter or digital counter. For instance, the start and stop pulse edges can be created as temperature passes two alarm setpoints, or temperature cycles in a hysteresis control mode. Rate Based on 1 / TimeThe start and stop pulses used for timing can be generated by the dual relay board in a Laureate panel meter or digital counter. For instance, the start and stop pulse edges can be created as temperature passes two alarm setpoints, or temperature cycles in a hysteresis control mode.Replacing an Oscilloscope with a Laureate Time Interval MeterAn oscilloscope is great for viewing and timing pulses in a lab. However, in fixed installations where digital timing accuracy and control outputs are required, a low-cost Laureate time interval meter will be the instrument of choice. Resolution to 0.2 µs is feasible.Instrumenting a Pulsed Laser SystemSome of the many possibilities in instrumenting a pulsed laser system with Laureate dual-channelcounters: elapsed time, number of pulses, pulse width, pulse separation, duty cycle, and pulse rep rate.Ordering GuideCreate a model number in this format: L50000FR, IPCMain Board L5 Standard Main Board, Green LEDsL6 Standard Main Board, Red LEDsL7 Extended Main Board, Green LEDsL8 Extended Main Board, Red LEDsNote: Use of the Extended Main Board makes this counter also suitable for A-B time interval,frequency, rate, period, square root of rate, up or down total, arithmetic functions, simultaneousrate and total, phase, duty cycle, batching, and custom curve linearization.Power0 Isolated 85-264 Vac1 Isolated 12-32 Vac or 10-48 VdcRelay Output (isolated) 0 None1 Two 8A Contact Relays2 Two 120 mA Solid State Relays3 Four 8A Contact Relays4 Four 120 mA Solid State RelaysAnalog Output (isolated) 0 None1 Single isolated 4-20 mA, 0-20 mA, 0-10V, -10 to +10V2 Dual isolated 4-20 mA, 0-20 mA, 0-10VDigital Interface (isolated) 0 None1 RS2322 RS485 (dual RJ11 connectors)4 RS485 Modbus (dual RJ45 connectors)5 USB6 USB-to-RS485 converter7 Ethernet8 Ethernet-to-RS485 converterInput Type FR Dual-Channel Pulse Input Signal ConditionerAdd-on Options CBL01RJ11-to-DB9 cable. RJ11 to DB9. Connects RS232 ports of meter and PC.CBL02USB-to-DB9 adapter cable. Combination of CBL02 and CBL01 connects meter RS232port to PC USB port.CBL03-16-wire data cable, RJ11 to RJ11, 1 ft. Used to daisy chain meters via RS485.CBL03-76-wire data cable, RJ11 to RJ11, 7 ft. Used to daisy chain meters via RS485.CBL05USB cable, A-B. Connects USB ports of meter and PC.CBL06USB to RS485 adapter cable, half duplex, RJ11 to USB. Connects meter RS485 portto PC USB port.CASE1Benchtop laboratory case for one 1/8 DIN meterCASE2Benchtop laboratory case for two 1/8 DIN metersIPC Splash-proof coverBOX1NEMA-4 EnclosureBOX2NEMA-4 enclosure plus IPCBL Blank Lens without button padsNL Meter lens without button pads or Laurel logo。

多米诺电路简介

多米诺电路简介
CLK nfets
“latching” pfet acts like keeper above unless dynamic node gets pulled down during evaluate phase. When buffer output goes high it switches keeper off saving static power. Good for leakage current problems...
small large nfets large
Some designers also “grade” the sizes of the nfets, smallest at the top (increase in R offset by decrease in C)
small
CLK
If we make the nfet in the output inverter much smaller than the pfet then the load on the internal node decreases, and the switching threshold of the inverter increases Both effects make the gate evaluate sooner. If large >> small, the gate delay can be cut almost in half! However, the other edge is very slow, so ripple precharge is a problem.
When CLK goes high
“precharge” switch
A CLK

量子动态交叉正余弦混合并行算法的路径规划

量子动态交叉正余弦混合并行算法的路径规划

量子动态交叉正余弦混合并行算法的路径规划
李月英
【期刊名称】《组合机床与自动化加工技术》
【年(卷),期】2022()10
【摘要】为提高复杂环境下移动机器人路径规划的求解精度和寻优效率,提出了量子动态交叉正余弦混合并行算法。

该算法采用量子位Bloch球面初始化种群,提升算法初始搜索精度与效率;嵌入动态交叉边界因子实现种群实时动态分级调整,采用混合并行分级精细策略对种群位置动态更新;引入逐维随机反向学习和退火混合搜索策略对算法个体进行扰动,以平衡算法的全局探索与局部开发能力。

测试函数和路径规划实验结果表明,所提出的算法整体寻优能力优于其他算法,具有较强的稳定性和鲁棒性,可高效地解决复杂环境中的移动机器人最优路径规划问题。

【总页数】6页(P21-26)
【作者】李月英
【作者单位】郑州科技学院电子与电气工程学院
【正文语种】中文
【中图分类】TH165;TG659
【相关文献】
1.一种改进的未知动态环境下机器人混合路径规划方法
2.基于数据分割的二维离散余弦变换并行算法及其在图像压缩中的应用
3.基于改进混合蛙跳算法的动态环境
路径规划4.混合自适应动态规划和蚁群算法的agent路径规划5.基于蝙蝠算法和动态窗口法的混合路径规划
因版权原因,仅展示原文概要,查看原文内容请购买。

KFD0-RSH-1.4S.PS2 1-通道信号条件器关联模块手册说明书

KFD0-RSH-1.4S.PS2 1-通道信号条件器关联模块手册说明书

Relay ModuleKFD0-RSH-1.4S.PS2<1-channel signal conditioner<24 V DC supply (loop powered)<Logic input 20 V DC ... 26.5 V DC, non-polarized<Fail-safe relay contact output for de-energized and energized tosafe function<Test pulse immunity<Up to SIL 3 acc. to IEC/EN 61508This signal conditioner is a relay module that is suitable for safely switching applications of a load circuit. The device isolates load circuits up to 230 V and the 24 V control interface.The energized to safe (ETS) function is permitted for SIL3 applications with output I. The de-energized to safe (DTS) function is permitted for SIL3 applications with output II. Additionally a dual pole switching (DPS) is possible by combination of output I and II.The relays are of diverse design, but have a common effect on the individual switch output. For checking of these relays, terminals 10, 11 and 12 can be used. The test mode will be indicated by LEDs according to NAMUR NE44.The outputs are galvanically isolated from the input. Output II is protected against contact welding by a fuse depending on the used terminal.7810121124 V45623IIIDPS DTS ETSedate:221-12-2Dateofissue:221-12-2Filename:224579_eng.pdfe d a t e : 2021-12-20 D a t e of i s s u e : 2021-12-20 F i l e n a m e : 224579_e ng .p d fK-DUCT-GYProfile rail, wiring comb field side, graye d a t e : 2021-12-20 D a t e of i s s u e : 2021-12-20 F i l e n a m e : 224579_e ng .p d fe d a t e : 2021-12-20 D a t e of i s s u e : 2021-12-20 F i l e n a m e : 224579_e ng .p d fThis device is compatible to the controls:•Yokogawa ProSafe DO cards SDV531, SDV541•Honeywell DO card SDO-0824Compatibility check to other ESD/DCS systems on request.DeratingDerating for Zone 2 ApplicationMaximum Switching Power of Output Contactsfused 5 AT unfused fused 5 AT, 10 mmunfused, 10 mm U i26.5 VU i26.5 Vfused 5 AT unfused fused 5 AT, 10 mmunfused, 10 mm U i26.5 VU i26.5 Ve d a t e : 2021-12-20 D a t e of i s s u e : 2021-12-20 F i l e n a m e : 224579_e ng .p d fResistive load DC Resistive load AC1max. 105 switching cycles2max. 3 x 104 switching cycles0.110.220.330.440.55I (A)。

量子随机循环移位交织器的设计模型


信息处理 方面的 巨大 潜力 。随着 量子信息 处理技术 的发 展, 量子信息 处理技术 已逐渐 从理论走 向实验 , 向实用化方 向 并
发 展 。
即 m 个量子码字经交织后能够纠 正所有 的长度 小于等于 b m
的连 续 突 发 性 错 误 , 因此 量 子 交织 器 的研 究和 设 计对 量 子 纠
功率控制 中引入 成本 函数 ,来使各个用户有 效地利用 系统 资
源 ,代价 函数 的存在 可以促使各用 户选择服 从全 局最优 的发
射功率 。
21 非合 作功 率控 制 博弈 .
无线环境 中, 号会 受到诸如多径效应 、 信 边缘效应 、 路径 衰耗和加性 噪声等 因素的影响而逐渐 失真导致恶化 ,再加上 系统 中码 分多址干扰的影响 ,这些 因素都会对接收端信 号质 量产 生极其 显著的影响 。我们一般还是采用用户信干 比作 为 变量 的函数式来表 示。 WC DMA系统 中用户 i 以功率 发射信 号时,其效度 函
数表示 为:
1 博弈 论基 础
11 博弈 论基 本 概念 .
博弈 理论又可 以称为对策论 ,它最初是用来研 究决策者 在 已知信 息的情况下如何来决策 并最大化 自己的效益,并在 各个 决策 者之 间取得一个均衡 的理论 。它主要有 四个 因素组 成: 博弈者 、 策略空间、 博弈 的顺序 、 博弈 的信 息。
对 应 的 映射 函数 进 行 重 新 排 序 后 输 出 。利 用 交织 器 ,可 以将
量子计算的每一步都不产生错误和误差 ,因此量子纠错编码 成为克服 这一 困难 的有效手段 ,目前量子纠错 的方法有量子
重 复码 、 子 C S 和 量 子稳 定子 码 , 子 纠 错 主 要 是 通 过 增 量 S码 量

交织技术在高斯随机数发生器设计中的应用

V0 .3 No 1 1 6. . 2
De 2 1 c, 0 1
火 力 与 指 挥 控 制
F r o t l C mma d C n rl i C nr & o e o n o t o
第3 6卷
第 l 2期
21 0 1年 l 2月
文 章 编 号 :0 20 4 (0 1 1—140 1 0 6 0 2 1 )20 2 —3
Ra o N m be nr t r nd m u r Ge a o
JA a — n , HICh n h GU h— in I P na S u — e, Z iqa g
( . r o a c n ier g C l g , hj z u n 5 0 3 C ia 2 Unt 6 0 1 O d n n eE g ne i ol e S i a h a g 0 0 0 , h n , . i 6 2 8o n e i fPL S i a h a g 0 0 8 , h n ) A。 h iz u n 5 0 1C ia j
引 言
在通信 系统 内部及其使用 环境 中普 遍存在 随机 噪 声 , 中以高 斯 白噪声 最为 常见 , 其 其频 谱 较宽 , 干
扰 的频带 范 围较大 , 实际应用 造成 了严 重危 害 。 对 为 了 克服 噪声 的影 响 , 使用前 要 对设 备进 行 抗 噪声 在 模拟 测试 , 因此需要人 为的产生 高斯 白噪声 。 生 白 产 噪 声 的方法 有多种 , 目前常用 的一种 方法 是 利用 线
r n om i e la r ha ha s r g r e fc i de i ne by do i i e l a i g e hn q . sng hi ad nt re ve t t s ton e fe t s sg d a ptng nt re v n t c i ue U i t s

一种混合算法求解多体问题下行星际转移轨道

40 7) 304 ( 中国地质大学 ( 武汉) 计算机 学院 武汉


在 限制 性 多 体 问题 下 的行 星 际 转移 轨道 是一 个 典 型 的 两 点 边 值 问 题 。求 解 该 类 问 题 的 常 用 方 法 是 采 用 打 靶

法 结 合 Ru g- t 积 分 进 行 求 解 , 是 在 求解 行 星 际 转 移 轨 道 时 , 于 方 程 比较 复 杂 普 通 的 打 靶 法 在 某 些 情 况 下 不 能求 n eKut a 但 由 到 解 。文 章 提 出 了一 种 基 于 差 分 演 化 和 打 靶 法 的混 合 算 法 可 以很 好 地解 决 这 些 问 题 。 关 键 词 行 星 际 转 移 轨 道 ;差 分 演 化 ; 进 打 靶 法 ; 点 边 值 问 题 改 两
Li n tn Ta Ch n n M o Li a g Yu i g n Yi e g Na
( c o l f mp tr S h o o Co ue ,Chn ie st fGe s in e ,W u a 4 0 7 ) ia Unv riyo o ce cs hn 3 0 4
中 图分 类 号 T 316 P 0 .
An Hy r d M e h d f r I e p a tar a f r b i t o o nt r l ne — y Tr ns e
Trj co yDe n i l b d rbe a tr sg n Mut o yP o lm e i i
t e ta i o a t o s v r if u t o mp s i i t O c m p t h e u t I h s p p r we p o o e u i g a y rd h rdt n l i me h d i e y df i l r i o sb l y t o u e t e r s l c i . n t i a e r p s sn n h b i me h d o s le t e p o lm. t o t o v h r b e

集成电路和数字电路设计 讲义— Lecture9


All others “disconnect” their
= 01
outputs, but can “listen”.
=0
7
EE141
Tri-state Based Multiplexor
Multiplexor
Transistor Circuit for inverting multiplexor:
Non-Inverting switches
PUN and PDN are dual logic networks PUN and PDN functions are complementary
❑ Full rail-to-rail swing
❑ Symmetrical VTC
❑ No (…) static power dissipation
EECS 151/251A Spring 2018 Digital Design and Integrated Circuits
Instructors: Nick Weaver & John Wawrzynek
Lecture 9
EE141
Administration
❑ First Midterm Thursday
In3
F
In4
No connections to GND or VDD
5
EE141
Tri-state Buffers
Tri-state Buffer:
“high impedance” (output disconnected)
Variations:
Inverting buffer Inverted enable
❑ Decided on closed book (sorry), but will give you extra time. We will make an exam that is expected to take 90 minutes, but will give you 3 hours.
  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

Dual-Rail Random Switching Logic:ACountermeasure to Reduce Side ChannelLeakageZhimin Chen and Yujie ZhouShanghai Jiao Tong University,Chinachenzhimin@,zhou863@Abstract.Recent research has shown that cryptographers with glitchesare vulnerable in front of Side Channel Attacks(SCA).Since then,sev-eral methods,such as Wave Dynamic Differential Logic(WDDL)andMasked Dual-Rail Pre-charge Logic(MDPL),have been presented tomake circuits clean.In this paper,we propose a more accurate powermodel based on logic gates’output transitions and divide it into piecesaccording to input signals’transformations.Based on our model,wedemonstrate that1-bit masked logic gates with asynchronous inputs al-ways leak side-channel information from their output transitions.There-fore,even those gates designed without glitches are still susceptible tobe attacked.To solve this problem,Dual-Rail Random Switching Logic(DRSL)is presented.By introducing a local pre-charge signal,DRSLgates have their inputs synchronized.Experimental results indicate thatDRSL eliminates most of the leakage.Keywords:Side Channel Attacks,DPA,Gate Level Masking,DRSL,Dual-Rail,Pre-charge.1IntroductionUntil Paul Kocher et al.[1]proposed practical Side Channel Attacks(SCA)on chips,especially powerful Differential Power Analysis(DPA),people generally thought that cryptographic algorithms implemented in hardware chips were se-cure,therefore,they put more attention on security of protocols and mathematic algorithms.But since then,people began to pay more attention on implementa-tions,and lots of countermeasures have been proposed in the last few years.The earliest ways to act against DPA were called“Ad-hoc Approaches”[2], such as adding noises,randomizing execution sequence and so on.The drawback of this kind of countermeasures is that they do not prevent attacks completely: attacks can still be successful by taking more samples and signal processing.For the purpose of preventing DPA completely,methods to protect cryptog-raphers on the algorithm level were presented.Louis Goubin et al.[3]proposed This work has been supported by National Science Fund for Creative Research Groups(60521002)and Shanghai AM Fund(0425)a way called duplication(or masking).Subsequently,masking method has been improved by many researchers[12,13,16,17,18].On the other hand,more generic countermeasures are also under discussion. These countermeasures are on circuit level.We call them more generic in that they are not constrained to a certain cryptographic algorithm.Once a practical method is found,designers need not to care about the security of implementa-tions for a specific algorithm.This makes possible the automatic design.These measures fall into two categories:complementary circuits and gate level mask circuits.Kris Tiri and Ingrid Verbauwhede[7]proposed a complementary logic called “Sense Amplifier Based Logic”(SABL),in which“Dual-rail”and“Pre-charge”are employed.Considering SABL requires a new core cell library,“Simple Dy-namic Differential Logic”(SDDL)and its refinement“Wave Dynamic Differen-tial Logic”(WDDL)came into being afterward also under efforts of Kris Tiri [8].Compared with SABL,WDDL only makes use of common cells.Besides complementary circuits,masking on gate level is analyzed in[9], and implementation of masked gate circuits has been presented by Trichina and Korkishko in[10,11].Though the above methods,in both algorithm level and circuit level,aim at preventing DPA completely,they still leak side channel information.For masking methods,outputs’transitions of logic gates are dependent on the input signals when glitches exist[4].What’s more,in[5],Stefan Mangard et al.did a successful attack on masked AES hardware implementations with glitches.For complemen-tary circuits,loading capacitance is hard to control for deep submicron process technologies where the transistor sizes and wiring widths continuously shrink[6].To overcome the disadvantages of both masked and complementary circuits, Thomas Popp and Stefan Mangard in[6]bound masked and complementary cir-cuits together and showed us“Masked Dual-Rail Pre-charge Logic”(MDPL).By absorbing“pre-charge protocol”and“Dual-Rail encoding”,no glitches appears in MDPL circuits;by masking intermediate value with random bit,designers do not have to consider routing constrains.However,wefind that predictable energy dissipation still appears whenever inputs of a logic gate arrive at different moments,no matter glitches exist or not.This means that the previous methods are still susceptible to be attacked, including WDDL and MDPL.We did attack simulation with Hspice and the results demonstrate that our opinion is reasonable.What should be mentioned is that Daisuke Suzuki et al.[15]also presented a kind of masked logic gate called“Random Switching Logic”(RSL).RSL belongs to Single-Rail circuits.All inputs to a RSL gate are synchronized by a pre-charge signal(called“enable signal”in[15]),but how to generate such a pre-charge signal was not mentioned yet.We think it is hard to generate such a pre-charge signal for each gate respectively in Single-Rail circuits.In this article,we propose a power dissipation model according to a gate’s output transitions,and divide it into pieces according to the input transitions. Based on our model,we demonstrate that1-bit masked logic gates still leakside channel information.As an effective countermeasure,Dual-Rail Random Switching Logic(DRSL)is presented,in which inputs are synchronized for each gate respectively.Our experimental results show that DRSL reduces most of the side channel leakage.Therefore,DRSL is more robust than other logics.This article is organized as follows.In Section2,a mathematical model of power consumption and theoretical analysis of gate leakage are proposed.Our logic DRSL is presented in Section3.Experimental results are given in Section 4.2Mathematical Models and Analysis2.1Gate ModelA logic gate in a cryptographer performs a Boolean algebra function.Factors that influence a gate’s output values can be categorized into two groups:one is those determinable factors that can be decided by internal keys and outside input(or output)data;the other is the independent factors,such as the internal generated random numbers.For simplicity,we,here,only consider gates with only one output.What’s more,for the practical consideration,each logic gate discussed in this article has only one independent factor.Then our model can be described in Equation1.q=f(a0,a1,···,a n−1,m)(1) where q is the output value;a0,a1,···,a n−1are n factors related to key and outside data while m is the internal independent factor,f is the Boolean function that the gate performs.Hereafter,we also represent a0,a1,···,a n−1as A for simplicity.In a gate level masked circuit,‘m’is a mask signal,‘a i’is the unmasked value of a masked input and‘q’is a masked output.A common digital circuit can be considered as a special subset of masked circuits,in which‘m’equals toa constant‘0’or‘1’.2.2Power ModelPower consumed by a CMOS gate is determined by many factors,such as output transition,load capacitance,self capacitance,clock frequency,supply voltage, and switch voltage[14].In this article,we mainly focus on output transitions. We define the output transition as(q i−1,q i).Correspondingly,energy consumed can be defined as E(q i−1,q i).In a combinational circuit,input signals to a gate always arrive at different moments.The result following this is that outputs would probably switch several times during a clock cycle before they reach stable values.This is what we usually call“glitches”.Suppose inputs arrive at k different moments,then power consumption can be represented as shown in Equation2.E=(E0,E1,···,E i,···,E k−1,E k)(2)where E i is the gate’s power consumption during the input arriving intervals between moment i and moment i+1.When voltage of the output at moment i (v i)and i+1(v i+1)are both stable values(for example,0v or1.8v in0.18µm technology),energy can be written as E(0,0),E(0,1),E(1,0),or E(1,1).Oth-erwise,if at least one of them is not stable,energy consumed can be represented as tE(0,1)or tE(1,0)by employing a coefficient‘t’(0<t<1).Here,t is de-termined by v i and v i+1.From another point of view,t is mainly determined by the length of the interval,and is independent on the value of A.2.3AnalysisWhen attacking cryptographers using DPA,attackers aim to discover whether their key guesses are correct.Explaining this with our model,a correct key guess brings us a correct prediction of internal predictable factors,while incorrect key guesses lead to wrong predictions.If some statistical characteristic of the energy dissipated depends on the predictable factors,then attackers can make use of the power consumption as side-channel information to judge whether their key guesses are valid.Hence,secure cryptographers should have their power dissipation statistically independent on those predictable factors.DPA can target on a circuit element(CE),which is a(group of)gate(s). Output values of a CE are statistically independent of others,so independence between the power consumption and the internal predictable factors lays on no correlation between E and A of a CE.What’s more,we hold the opinion that independence between E and A at every time can be satisfied only if every element E i of E is statistically independent on A,otherwise,the cryptographers would probably suffer from DPA.In pre-charge circuits,at the beginning of evaluation phase,every signal has an initialized value:0.(In some logics,signals are pre-charged to1,but there is no essential difference.)As mentioned before,coefficient‘t’is independent on A,hence,independence of E i and A stands on independence between q i+1and A(q i=0).This is the main topic of the following discussion.Single-Rail Circuits In a Single-Rail circuit,each CE has only one output. The independence between q and A can be described in an equation as follows.P(q=0/A i)=P(q=0/A j)(3) where P is the conditional probability,A i and A j are arbitrary sets of(a0,a1,···, a n−1).What’s more,q must not be a constant and is related to every input.Until now,the problem becomes to designing a logic gate that satisfies Equa-tion3in all the k time intervals during a clock cycle.First,we consider the scenario that all inputs have arrived at this gate.Lemma1.Let f be a logic gate’s Boolean algebra function,q be its output and a0,a1,···,a n−1,and m be its n+1independent variables:q=f(a0,a1,···,a n−1, m).When q does not equal to constant0or1,and is correlated to every input,then the necessary and sufficient condition for the statistical independence be-tween q and a0,a1,···,a n−1isq=f(a0,a1,···,a n−1,m)=g(a0,a1,···,a n−1)⊕m(4)andP(m=0)=P(m=1)=1/2where g is a Boolean algebra function;P is the probability.(Since lemmas in this article are easy to prove,we do not list their proof here.)As we can see,to make circuits designed resistant to DPA,signals propagating inside should be masked as a⊕m or¯a⊕m.When considering other cases,we take the k th interval as an example.In this interval,only one input has not arrived at the gate,which means either one of the masked signals(a i⊕m)or the masking signal(m)remains pre-charged.If the last one is a i⊕m,we define the delayed signal as a im.Since a im is pre-charged to0,we can assume that a i equals to m in this interval.Then Equation 4can be rewritten as follows.q=f(a0,a1,···,a n−1,m)=g(a0,a1,···,a i−1,m,a i+1,···,a n−1)⊕m(5)Is q in this case still independent on the remaining predictable factors(a0,a1,···, a i−1,a i+1,···,a n−1)?According to Lemma1,we should make sure whether there exists a Boolean algebra function h satisfying the following equation.q=f(a0,a1,···,a n−1,m)=h(a0,a1,···,a i−1,a i+1,···,a n−1)⊕m(6)Lemma2.When a Boolean function f can be written as Equation5,it cannot be rewritten into Equation6.If the last one is signal m,we can represent output q with the same equation as before while replacing a i with a i⊕m,and m with0(m is still pre-charged). So Equation4can be rewritten as follows.q=g(a0⊕m,a1⊕m,···,a n−1⊕m)⊕0(7)Still,we should make sure whether there is a function h which satisfies Equation 8.q=h(a0,a1,···,a n−1)⊕m(8)Lemma3.when a gate’s logic function can be described as Equation7and Equation8,then n must be an odd number andh(a0,a1,···,a n−1)=f a(a0)⊕a1⊕···⊕a n−1(9)According to Lemma3,gates,such as masked AND and OR,do not satisfy Equations7and8simultaneously.Therefore,when m arrives last,output q is dependent on predictable factors A.Since AND and OR gates are the maincomponents of cryptographers,so we can say that delay of the mask signal also has side channel leakage.Based on Lemma1to Lemma3,we can make a conclusion:Conclusion1.In Single-Rail Circuits with all signals masked by the same ran-dom bit,when inputs arrive at logic gates at different moments,predictable fac-tors dependent power dissipation appears no matter glitches occur or not.What’s more,if inputs to a gate are pre-charged asynchronously,leakage would also oc-cur.Dual-Rail Circuits As for the Dual-Rail Circuits,the independent circuit element is a pair of complementary signals.Therefore,Equation4should be rewritten as follows.(Q1,Q0)=q+¯q=f(A,m)+f(A,m)=g(a0,a1,···,a n−1)⊕m+g(a0,a1,···,a n−1)⊕¯m(10)where‘+’represents common addition;q and¯q are a pair of complementary signals.¯q equals to the inversion of q in evaluation phase,while equals to q in pre-charge phase.Therefore,Q0=q⊕¯q,Q1=q¯qFor a Dual-Rail Circuit resistant to DPA,both Q0and Q1should be statis-tical independent on A.Using the same proof methods employed in last section,we can demonstrate that when inputs to a gate arrive asynchronously,side-channel leakage occurs as well.Therefore,we can get Conclusion2as follows.Conclusion2.In Dual-Rail Circuits with all signals masked by the same random bit,when inputs arrive at logic gates at different moments,predictable factors dependent power dissipation appears,no matter glitches occur or not.What’s more,if inputs to a gate are pre-charged asynchronously,leakage would also occur.3Dual-Rail Random Switching Logic3.1Basic CellsSection2tells us that besides“free of glitches”and“no routing constrains”, every internal gate in a DPA resistant cryptographer should have its inputs synchronized.DRSL is devised under such a guideline.To suppress glitches,“pre-charge”protocol is used;to remove routing constrains,random mask is introduced;to synchronize input signals,a local pre-charge signal is generated. The main idea of DRSL is derived from RSL and MDPL.But compared with MDPL,the advantage of DRSL is that it avoids side channel leakage caused byasynchronous inputs.As for RSL,DRSL makes use of Dual-Rail method to make practical the generation of the local pre-charge signal(called“enable”signal in RSL)for every gate.The schematic of a two-input DRSL AND gate is shown in Fig.1.Fig.1(a) presents a single rail element;Fig.1(b)describes a DRSL AND gate with a logic part(two Single-Rail elements)and a pre-charge generation circuit in it.(a)(b)Fig.1.(a).RSL NAND schematic,(b).DRSL AND schematic In DRSL circuits,there are two work phases alternating with each other:one is pre-charge phase,the other is evaluation phase.In the pre-charge phase,all signals,including mask signal m,are pre-charged to0;while in the evaluation phase,pre-charge signal turns to be invalid after all inputs are evaluated values. Pre-charge of the whole circuit is done in a way of waveform:starting from registers,propagating through combinational logic gates andfinally running back to registers.A global pre-charge signal is not suitable in that,between logic gates, their inputs arrive at different moments.This is similar to WDDL and MDPL, however,the difference is that each DRSL gate has its own pre-charge circuit.A DRSL gate is pre-charged at the time when one of the inputs turns to be pre-charged value,and enabled after all its inputs are evaluated values.Thus, DRSL gates do not suffer from asynchronous inputs.In a Single-Rail circuit,pre-charged values and evaluated values can both be 0,so it is hard to judge when all inputs are evaluated values.On the other hand, pre-charged and evaluated values in Dual-Rail circuit do not have intersection: the former can only be(0,0),and the latter belong to(1,0)and(0,1).This makes it possible to identify the time when all evaluated inputs have arrived. Based on the above consideration,Dual-Rail circuits are preferable in our logic. Once the pre-charge signal is generated,input signals are synchronized.This property of DRSL allows converting all kinds of logic gates to DRSL.For exam-ple,XOR,which is not a monotonic gate,is not used in MDPL and WDDL.But in DRSL,XOR is accepted.What’s more,since DRSL is Dual-Rail,an inverter can be implemented by just swapping its two complementary inputs.The sameas mentioned in[15],odd-number-input XOR and XNOR function does not need a random signal input in DRSL.Fig.2.DRSL D-flip-flop schematicSince random mask changes every clock cycle,value stored in registers should be masked by the random signal for the following clock period.We incorporate the idea of MDPL D-flip-flop,in which a D-flip-flop consists of a RSL XOR gate, a common CMOS D-flip-flop and two CMOS NOR gates.Random signals for the XOR gate are m i⊕m i+1and m i⊕m i+1,where m i is the random value for the current cycle and m i+1is the one for the next.DRSL D-flip-flop schematic is presented in Fig.2.Table1compares DRSL cells in0.18µm technology with the corresponding cells from TSMC0.18µm standard cell library in area complexity.Table1.DRSL cells area complexityDRSL Cell Implementation Area(gate equivalents)RatioDRSL Standard DRSL/std.Inverter Wire swapping00.670Buffer2×Buffer 2.66 1.332 AND,OR(2-in)2×RSL NAND,OAI7.21 1.33 5.42NAND,NOR(2-in)2×RSL NAND,OAI7.2117.21 XOR,XNOR2×RSL XOR,OAI8.22 2.67 3.30D-flip-flop DRSL XOR,CMOS14.49 5.67 2.56D-FF,2×NORAs can be seen from Table1,DRSL AND,OR,NAND,and NOR gates cost much more area than standard gates.This is mainly caused by the local pre-charge circuit and the dual-rail circuit.However,as the gate becomes morecomplex,pre-charge circuit takes less proportion.Area ratio of DRSL XOR, XNOR,and D-flip-flop is smaller than DRSL AND and OR gates.Compared with MDPL gates,DRSL AND(OR)gates cost more area than MDPL AND(OR)gates.But for XOR and DFF gates,DRSL costs less.Consid-ering DRSL is compatible with MDPL,when designing DRSL circuits,a DRSL AND(OR)gate can be replaced by a MDPL AND(OR)gate if inputs to it are already synchronized.3.2Security AnalysisFor every DRSL gate,outputs only change after all inputs arrive,energy elements before the last signal’s arrival should be2E(0,0),assume signals arrive at k different moments and thefinal output is q,then the last energy piece is E(0,0)+ E(0,q).Power consumption of a DRSL gate can be represented as follows.E=(2E0(0,0),2E1(0,0),···,2E i(0,0),···,2E k−1(0,0),E k(0,0)+E k(0,q)) Since output q is masked by a random signal,the above equation is not influenced by those predictable factors.So we can see the logic part of DRSL is free of leakage caused by asynchronous inputs.Similarly,for the pre-charge circuit in DRSL,its power consumption can be described as follows.E=(E0(0,0),E1(0,0),···,E i(0,0),···,E k−1(0,0),E k(0,1)) Again,the equation is not related to those predictable factors,which means the pre-charge circuit is secure as well.4Experimental ResultsWe have performed DPA attacks simulation with Hspice on four2-input AND gates implemented by common Single-Rail masked logic,WDDL,MDPL,and DRSL.All these gates are in0.18µm technology.The layout parasitics have been neglected.Test circuits are illustrated in Fig.3.In Fig3(a),a m arrives last;in Fig.3(b),the random mask signal m arrives last.For the Single-Rail masked AND gate,when a m arrives later than b m and m,then in the time interval,output q can be shown as follows.q=((a m⊕m)(b m⊕m))⊕m=((0⊕m)(b m⊕m))⊕m=¯bmFor WDDL and MDPL,we can also get the following results(m=0for WDDL):¯q=((¯a m⊕¯m)(¯b m⊕¯m))⊕¯m=((0⊕¯m)(¯b m⊕¯m))⊕¯m=¯b¯mq0=q⊕¯q=¯b,q1=q¯q=0We simulate all the8possible combinations of input transitions on each of the AND gate.Current I(Vd)from circuits to power Vdd is the probed signal.(a)(b)Fig.3.(a).a m arrives last,(b).m arrives lastWaveforms are divided into two groups,one with b=b m⊕m=1,while the other with b=0.Finally,we subtract the average of group2(b=0)by the means of group1(b=1)to get the difference.In the time interval when b m and m have arrived and a m is still pre-charged,only group2is possible to change output to be‘1’;after a m arrives,raise of output only occurs in group1.So it is expected to get afigure with a valley followed by a peak in SRML,WDDL,and MDPL circuits.Results can be seen in Fig.4.Fig.4.Difference of meansWhen m arrives last,for Single-Rail masked AND gate:q=((a m⊕0)(b m⊕0))⊕0=(¯a¯bm)∨(ab¯m)For MDPL,we can also get the following results:¯q=((¯a m⊕0)(¯b m⊕0))⊕0=(¯a¯b¯m)∨(abm)q0=q⊕¯q=a⊗b,q1=q¯q=0In this case we divide waveforms of I(Vd)into two groups,one with a=b,while the other with a=b.Since this division happens to be the same as the former, theirfigures are similar(slight differences are caused by different self capacitance related to each input).We do not list the plots of this case here.¿From Fig.4we can clearly notice the advantage of the DRSL AND Gate. Thefirst three plots apparently have a valley followed by a peak,while the fluctuation of DRSL AND Gate is much smaller.Peak-to-peak values of each plot are approximately418(SRML),363(WDDL),550(MDPL),and117(DRSL)µA.Therefore,leakage of DRSL is reduced by at least68%.When comparing the total power leakage,DRSL’s performance is even better.We also did an experiment in which every input reaches the gate at the same time.We divide the waveforms and get the difference of means in the same way as before.Result can be seen in Fig.5(a).What’s more,two immediate current I(Vd)plots(a m b m m=000and a m b m m=100)are shown in Fig.5(b).(a)(b)Fig.5.(a).Inputs synchronized,(b).Immediate Current By comparing Fig.4(d)and Fig.5(a),we notice that the two plots are iden-tical around0.75ns,which means this part of leakage occurs even if inputs arrive at the same time.Accordingly,we divide the plot in Fig.4(d)into two parts:the high-frequencyfluctuation around0.5ns and the comparatively low-frequency part near0.75ns.We think the former be related to self capacitance.Leakage in this part is hard to identify.As for the latter,it is caused by different charging speeds.If a m=b m=m,all P transistors in the transiting RSL AND gate are open.This brings larger current and quicker change than other cases.In Fig. 5(b),charging current(-I(Vd))belonging to a m b m m=000(real line)is larger than that of a m b m m=100(dotted line)at the beginning of transition.Since thestored charge is limited,the former also ends earlier than the latter.According to the above categorization,all traces belonging to a m=b m=m were grouped into the second group(b=0),so when subtracting the means of the two groups, a small valley followed by a peak appears.This kind of leakage is not considered in our model,as it does not come from the total power difference but the imme-diate power trace disagreement.Unfortunately,DRSL cannot avoid this kind of leakage.To minimize such kind of leakage is our job in the future.5ConclusionWe presented a power model where the power consumption of a logic gate de-pends on the value of the gate’s output transition.Based on the model,we establish conditions for statistical independence between output transitions and the input values.Theoretical analysis shows that1-bit masked gates with asyn-chronous inputs always leak side channel information.After that,we propose a kind of logic called Dual-Rail Switching Logic,which employs a local pre-charge circuit in each gate.Experimental results show that DRSL can eliminate most of the side channel leakage and therefore is more secure.References[1]Paul Kocher,Joshus Jaffe,and Benjamin Jun.Differential Power Analysis.Inproceeding of Advances in Cryptology-CRYPTO’99,pp.388-397,Springer, 1999.[2]Suresh Chari,Charanjit S.Jutla,Josyula R.Rao,and Pankaj Rohatgi.To-wards Sound Approaches to Counteract Power-Analysis Attacks.In proceeding of Advances in Cryptology-CRYPTO’99,pp.398-412,Springer,1999. [3]Louis Goubin and Jacques Patarin.DES and Differential Power Analysis-The“Duplication”Method.In proceeding of Cryptographic Hardware and Embed-ded Systems-CHES’99,pp.158-172,Springer,1999.[4]Stefan Mangard,Thomas Popp,and Berndt M.Gammel.Side-Channel Leakageof Masked CMOS Gates.In Topics in Cryptology-CT-RSA2005,pp.351-365, Springer,2005.[5]Stefan Mangard,Norbert Pramstaller,and Elisabeth Oswald.Successfully At-tacking Masked AES Hardware Implementations.In proceeding of Crypto-graphic Hardware and Embedded Systems-CHES2005,pp.157-171,Springer, 2005.[6]Thomas Popp and Stefan Mangard.Masked Dual-Rail Pre-charge Logic:DPA-Resistance Without Routing Constraints.In proceeding of Cryptographic Hard-ware and Embedded Systems-CHES2005,pp.172-186,Springer,2005. [7]Kris Tiri and Ingrid Verbauwhede.Securing Encryption Algorithms againstDPA at the Logic Level Next Generation Smart Card Technology.In proceeding of Cryptographic Hardware and Embedded Systems-CHES2003,pp.137-151, Springer,2003.[8]Kris Tiri and Ingrid Verbauwhede.A Logic Level Design Methodology for aSecure DPA Resistant ASIC or FPGA Implementation.In Design,Automatin and Test in Europe Conference and Exposition(DATE2004),IEEE Computer Society,pp.246-251,2004.[9]Yuval Ishai,Amit Sahai,and David Wagner.Private Circuits:Securing Hard-ware against Probing Attacks.In proceeding of Advances in Cryptology-CRYPTO2003,pp.463-481,Springer,2003.[10]Elena binational Logic Design for AES SubByte Transformationon Masked Data.Cryptology ePrint Archive(/),Report 2003/236,2003.[11]Elena Trichina and Tymur Korkishko.Small Size,Low Power,Side Channel-Immune AES Comprocessor:Design and Synthesis Results.In proceeding of the Fourth Conference on the Advanced Encryption Standard(AES),2004.[12]Elena Trichina and Tymur Korkishko.Secure AES Hardware Module for Re-source Constrained Devices.In proceeding of Security in Ad-hoc and Sensor Networks:First European Workshop,ESAS2004,pp.215-229,Springer2005.[13]Elena Trichina and Lesya Korkishko.Secure and Efficient AES Software Im-plementation for Smart Cards.In proceeding of Information Security Applica-tions:5th International Workshop,WISA2004,pp.425-439,Springer2004.[14] A.P.Chandrakasan,S.Shen and R.W.Brodersen.Low Power Digital CMOSDesign.In IEEE Journal of Solid State Circuits,Vol.27,N0.4.pp.473-484, 1992.[15]Daisuke Suzuki,Minoru Saeki,and Tetsuya Ichikawa.Random Switching Logic:A Countermeasure against DPA based on Transition Probability.CryptologyePrint Archive(/),Report2004/346,2004.[16]Mehdi-Laurent Akkar and Christophe Giraud.An Implementation of DES andAES,Secure against Some Attacks.In proceeding of Cryptographic Hardware and Embedded Systems:CHES2001,pp.309-318,Springer2001.[17]Johannes Blomer,Jorge Guajardo,and Volker Krummel.Provably SecureMasking of AES.In proceeding of Selected Areas in Cryptography:11th Inter-national Workshop,SAC2004,pp.69-83,Springer2005.[18]Elisabeth Oswald,Stefan Mangard,Norbert Pramstaller,and Vincent Rijmen.A Side-Channel Analysis Resistant Description of the AES S-Box.In proceed-ing of Fast Software Encryption:12th International Workshop,FSE2005,pp.413-423,Springer2005.。