JP2010021624A - Information processing apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technique capable of preventing unauthorized decryption for the information processing apparatus including encryption operation process. <P>SOLUTION: A reconfiguration enable circuit (RECONF) 107 includes a plurality of equivalent logic circuits corresponding to one encryption processing algorithm, a random number generator, and a switch. The switch switches the plurality of equivalent logic circuits, based on a random number generated at the random number generator. A CPU 106 configures a logic circuit in the reconfiguration enable circuit 107 based on a configuration information stored at a ROM 112, and performs encryption operation process. A circuit for performing encryption operation processing for data actually is changed at random when the processing is performed, so that it is difficult to identify the circuit which actually performs the processing even if the configuration information is read. Thereby, unauthorized decryption using known power consumption analysis and/or timing analysis can be prevented. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an information processing apparatus, and particularly to an information processing apparatus such as a mobile phone terminal device that needs to perform not only data processing but also encryption processing for communication with the outside and protection of data. It relates to effective technology.

  As a technique examined by the present inventor, for example, the following technique can be considered in the information processing apparatus.

  For example, dedicated hardware for cryptographic operation processing has been installed in the system LSI for the purpose of performing cryptographic operations at high speed and protecting against simple attacks such as memory reading. System LSIs mounted on cellular phone terminal devices and the like have come to perform processing that requires security protection such as electronic payment, and a more robust system will be required in the future.

  As for cryptographic operation processing, attack techniques such as power analysis as shown in Non-Patent Document 1 and timing analysis as shown in Non-Patent Document 2 are known. These Non-Patent Documents 1 and 2 describe that a conventional semiconductor device has a cryptographic operation processing circuit fixedly disposed inside the semiconductor device. Patent Document 1 describes that when the physical arrangement is specified, the power consumption and processing time of the cryptographic operation are uniquely determined and have a vulnerability to key specification.

In a semiconductor device that performs cryptographic operation processing such as an IC card, there is a technique disclosed in Patent Document 1, for example, as one solution to this vulnerability. In Patent Document 1, a reconfigurable circuit and a random number generator are provided, a plurality of logical configuration information for performing the same processing is prepared, and the logical configuration information is selected and reconfigured according to the random number generated by the random number generator. A technique for executing cryptographic operation processing is disclosed. Even when the same cryptographic operation processing is performed, the power consumption waveform and the processing time are different, so that it becomes difficult to specify data to be processed and a key. This technique uses a reconfigurable circuit, not dedicated hardware, and randomly selects the configuration of the logic circuit to be processed, making it difficult to uniquely identify the circuit that actually performs the processing.
JP 2007-49524 A Paul Kocher, Joshua Jaffe, Benjamin Jun, "Differential Power Analysis", Crypt 99 (Crypto'99), 99. 388-397 Paul Kocher, “Timing Attacks on Implementations of Difficulties” Hellman, RSA, DSS, and Other Systems), Crypto '96, 1996, p. 104-113 Y. Tsunoo, E. Tsujihara, K. Minematsu, H. Miyauchi, "Cryptanalysis of Block Ciphers Implemented"・ On Computers with Cash ”, ISITA 2002, October 2002, p.7-11 Ito, Sakurai, “A First Algorithm for Multiple Inverse in GF (2 ^ m) using Normal Bases”, Information and Computing, 1988, Vol. 78, No. 3, p171-177

  By the way, as a result of the study of the information processing apparatus as described above by the present inventor, the following has been clarified.

  For example, a plurality of logical configuration information proposed by an IC card or the like as in Patent Document 1 is selected by a random number generated from a random number generator, a logical circuit is configured in a reconfigurable circuit, and cryptographic processing is performed. When the method for executing the above is applied to a general system LSI, the following problems exist.

  Some system LSIs can execute a program placed in an external memory, or some have a plurality of CPUs inside. In such a complex system, for example, contrary to the intention of the designer, an attacker may be able to read the logical configuration information stored in the internal memory and analyze the circuit configuration.

  Moreover, it may be possible to specify which one of a plurality of pieces of logical configuration information prepared in the ROM has been selected. For example, Non-Patent Document 3 points out an attack method that utilizes the fact that when a memory area once accessed by a CPU is copied to a cache, there is a difference in memory access time with other memory areas.

  According to this method, even when a plurality of pieces of configuration information are stored in a memory and randomly selected and configured as a reconfigurable circuit, which configuration information is selected is observed by the software, and the reconfigurable circuit is actually selected. There is a risk that the arrangement of the configured logic circuit will become clear.

  In that case, it is specified which logic circuit is actually configured in what arrangement and data processing is executed. When an attacker knows that processing has been performed by a specific circuit, there is a possibility that data to be processed can be decoded by known power consumption analysis or timing analysis.

  For example, in the AES encryption method, when generating a round key from a common key, the common key is divided into bytes and processed in several steps. In particular, in a step called S-BOX, after obtaining the inverse element in the Galois field of the key data, affine transformation is performed on the inverse element. At this time, it is known that there is a correlation between the power consumption waveform of the inverse operation and the key data.

  Therefore, in such a system LSI, there is a need for a method that makes it difficult to identify a circuit that has actually performed processing even when configuration information has been read.

  Accordingly, an object of the present invention is to provide a technique capable of preventing an illegal decryption of a cipher in an information processing apparatus including a cryptographic operation process.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the embodiments disclosed in the present application, the outline of typical ones will be briefly described as follows.

  That is, a reconfigurable circuit having a first logic circuit, a second logic circuit, and a switch circuit, and a random number generator, which are configured by switching connection relations of a plurality of processing elements, and the switch circuit is a random number Switching between the first logic circuit and the second logic circuit is performed based on the random number generated by the generator.

  According to the representative embodiment, it is possible to prevent unauthorized decoding by power consumption analysis and timing analysis.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

  In the following embodiment, when it is necessary for the sake of convenience, the description will be divided into a plurality of sections or embodiments. However, unless otherwise specified, they are not irrelevant, and one is the other. Some or all of the modifications, details, supplementary explanations, and the like are related. Further, in the following embodiments, when referring to the number of elements (including the number, numerical value, quantity, range, etc.), especially when clearly indicated and when clearly limited to a specific number in principle, etc. Except, it is not limited to the specific number, and may be more or less than the specific number.

  FIG. 1 is a block diagram showing a configuration example of a mobile phone terminal system in an information processing apparatus according to an embodiment of the present invention.

  As shown in FIG. 1, the mobile phone terminal system according to the present embodiment includes a baseband LSI (Base Band LSI) 102 that executes signal processing for wireless communication, an RF amplifier (RF) 103, an antenna 104, and the like. An application LSI 101 that performs data processing, an external memory (Memory) 105 that stores data, a system bus 114 that connects these, and the like.

  The application LSI 101 includes a CPU 106, a RAM 111, a ROM 112, an interface (I / F) 113 for connection to the outside of the LSI, a reconfigurable circuit (RECONF) 107, and a controller that controls the reconfigurable circuit 107 ( CTR) 108, a register (REG) 109 accessible from both the reconfigurable circuit 107 and the CPU 106, an interrupt controller (INT) 110, and the like.

  When the mobile phone terminal system performs communication, data output from the application LSI 101 is converted from a digital signal to an analog signal by the baseband LSI 102, amplified by the RF amplifier 103, and then transmitted from the antenna 104.

  For example, when transmitting electronic payment data from a mobile phone terminal to a server, the data is encrypted after being encrypted using AES (Advanced Encryption Standard), which is a common key encryption method, using a common key exchanged in advance. Do.

  In the mobile phone terminal system of this embodiment, the CPU 106 in the application LSI 101 uses a reconfigurable circuit 107 in order to AES-encrypt electronic payment data.

  FIG. 2 is a block diagram illustrating a configuration example of the reconfigurable circuit 107.

  As shown in FIG. 2, the reconfigurable circuit 107 includes, for example, processing elements (PE) 301 to 309 arranged two-dimensionally in vertical m rows and horizontal n columns, four adjacent PEs, and PEs. It consists of wiring connecting the register 109. Note that m and n are natural numbers, and FIG. 2 shows only PEs 301 to 309 with some of the PEs omitted.

  FIG. 3 is a block diagram illustrating each configuration example of the processing elements (PE) 301 to 309.

  As shown in FIG. 3, each of the processing elements (PE) 301 to 309 includes input / output N, S, W, E of 32-bit width wiring connected to adjacent upper, lower, left, and right PEs, an ALU 403, and a flip-flop. 403, a multiplexer (MUX) 401, 402, 405 for switching data paths, and a demultiplexer (DMUX) 406. The inputs of the multiplexers 401 and 402 and the outputs N, E, W, and S of the demultiplexer 406 are connected to the PE inputs and outputs N, E, W, and S, respectively. By switching the control signals of the multiplexers 401, 402, 405 and the demultiplexer 406, the data flow in the PE and the connection relationship with the adjacent PE can be controlled. The functions of the ALU 403 and the multiplexers 401, 402, 405 and the demultiplexer 406 for switching the data path are controlled by the controller 108 shown in FIGS. As a result, the data path between the PEs, the data path between the PEs and the registers 109, and the functions within the PEs can be controlled.

  The configuration information is a parameter that determines the data path between the PEs, the data path between the PEs and the register 109, and the functions in the PEs. The CPU 106 can reconfigure the circuit of the reconfigurable circuit 107 by setting the control register of the controller 108 based on this configuration information.

  Next, a flow in which the CPU 106 controls the reconfigurable circuit 107 and executes cryptographic calculation processing will be described. FIG. 4 is a flowchart showing the cryptographic operation processing flow by the CPU 106.

  As shown in FIG. 4, when the CPU 106 starts executing the cryptographic operation processing in step S501, one piece of configuration information is read from the ROM 112 (step S502). Based on the read configuration information, the controller 108 that controls the reconfigurable circuit 107 is set, and the circuit is reconfigured (step S503). Further, the CPU 106 copies the data stored in the RAM 111 to the register 109 of the reconfigurable circuit 107 (step S504), and instructs the reconfigurable circuit 107 to start processing (step S505). For example, processing can be executed by preparing an arithmetic processing enable bit in the controller 108 and writing “1” to this bit from the CPU 106.

  The reconfigurable circuit 107 reads data from the register 109 in response to a processing start instruction from the CPU 106 (step S510). The reconfigurable circuit 107 is a circuit that has been reconfigured so as to perform cryptographic calculation processing. Processing (step S511), the data subjected to the cryptographic operation processing is written back to the register 109 (step S512), and an interrupt request is transmitted to the CPU 106 (step S513).

  When the CPU 106 receives the interrupt request (step S506), it copies the processed data from the register 109 to the RAM 111 (step S507), and ends the series of processing flow (step S508).

  An example of the configuration and processing of a logic circuit that actually performs cryptographic operation processing will be described below. FIG. 5 is a block diagram illustrating a circuit configuration example reconfigured by the reconfigurable circuit 107. The reconfigurable circuit 107a shown in FIG. 5 includes a random number generator 201, a multiplexer (MUX) 202 and a demultiplexer (DMUX) 203 as switches, and a plurality of equivalent multiples selected by the switches. The example which comprised the logic circuits 204-207 is shown.

  The cryptographic operation processing is complicated, and depending on the circuit scale of the reconfigurable circuit, there are many cases where the entire algorithm cannot be executed at once. In this case, the entire process can be executed by dividing the algorithm, executing the process for each part, and reconfiguring the reconfigurable circuit from the CPU as described above each time the process is completed. it can. For example, as shown in FIG. 5, one piece of configuration information includes a random number generator (RND) 201, four equivalent logic circuits (LOG 1 to 4) 204 to 207, and random numbers generated from the random number generator 201. This is a parameter for configuring a switch composed of the multiplexer (MUX) 202 and the demultiplexer (DMUX) 203 for selecting the logic circuits 204 to 207 in the reconfigurable circuit 107a.

  However, if the logic circuits A and B that output data with respect to data input are equivalent circuits, the calculation result is equal for each input in a range where the output of the circuit A and the output of the circuit B are assumed. That is. That is, “equivalent” means that the calculation result for a certain value is the same. For example, two equivalent circuits need only have the same calculation result, and the timing at which the calculation result is determined may be different. By having a plurality of equivalent logic circuits, different power consumption waveforms can be obtained for the same operation.

  Note that the number of equivalent circuits configured by one piece of configuration information may be two or more, and may not be four (LOG1 to LOG4) as shown in FIG.

  As described above, according to the present invention, a plurality of logic circuits (LOG1 to LOG4) and a demultiplexer (DMUX) as a switch circuit for switching between the plurality of logic circuits are configured by switching the connection relationship of the processing elements (PE). And a multiplexer (MUX) in a reconfigurable circuit (RECONF), and which logic circuit is to be operated by a random number RND from a random number generator (RND) is switched using a switch circuit And

  This feature makes it possible to randomly select a logic circuit to be used when performing an operation using a random number. Therefore, even when processing the same data, the power consumption waveform is not the same, and It cannot be predicted. Therefore, it is possible to prevent unauthorized decoding by power consumption analysis and timing analysis. Details of this will be described later with reference to FIG.

  Here, the random number generator (RND) of the present embodiment can be configured using a processing element (PE). In addition, the random number generator can send the random number directly to the reconfigurable circuit (RECONF) without going through the CPU. Due to these characteristics, the present embodiment can illegally analyze the path for transmitting the random number as compared with the case where the random number generator is arranged outside the reconfigurable circuit (RECONF) and the random number is transmitted from the outside. Can be prevented.

  Next, a processing flow of the reconfigurable circuit 107a after configuration information is set from the CPU 106 will be described with reference to FIGS. FIG. 6 is a timing chart showing an operation example of the reconfigured reconfigurable circuit 107a.

  When the processing start of the reconfigurable circuit 107a is instructed by writing the enable bit (ENB) of the CPU 106, the random number generator 201 configured in the reconfigurable circuit 107a starts to generate a random number (RND). In FIG. 6, the RND outputs H, I, J, K, and random numbers, for example, every 4 clock cycles. The random numbers are input to the control signals of the multiplexer 202 and the demultiplexer 203, and a plurality of equivalent logic circuits (LOG1 to LOG4) 204 to 207 are switched. In FIG. 6, logic circuits LOG1, LOG2, LOG3, and LOG4 are selected in order.

  For example, one of the equivalent logic circuits 204 to 207 is selected by switching the multiplexer 202 and the demultiplexer 203 based on the random number output from the random number generator 201 of FIG.

  Further, data processing is executed in the selected logic circuit at the rising edge of the clock next to the timing when one of the plurality of equivalent logic circuits 204 to 207 is selected.

  For example, when three pieces of data are sequentially executed, such logic circuit switching is performed for each piece of data. The three data are sequentially processed by the logic circuits of LOG1, LOG2, and LOG3. When the processing of all the data is completed, the controller 108 issues an interrupt signal INT and ends the series of processing.

  When the data processing is completed, an interrupt signal is generated from the controller 108 of FIG. 1 to the interrupt controller 110, and the cryptographic operation processing of the reconfigurable circuit is completed.

  Next, a configuration example of the random number generator 201 will be described with reference to FIG. FIG. 7 is a block diagram illustrating an example of a logical configuration realized based on logical configuration information in a part of the reconfigurable circuit. FIG. 7 shows a configuration example of the random number generator 201.

  In FIG. 7, reference numerals 601 to 607 are realized by setting one of the PEs of the reconfigurable circuit 107a, and the arithmetic circuit represented by 601 to 607 is realized on the reconfigurable circuit. Reference numerals 601 to 606 denote 32-bit arithmetic operation units ALU, which can perform various arithmetic operations, logical operations, bit operations, and the like according to settings. PE (NOT) 601 is bit inverted, PE (8-bit ROTL) 602 is 8-bit counterclockwise rotation, PE (THR) 603 is data passing, PE (STR 0x000F) 604 is an immediate value 0x000F store, and PE (XOR) 605 is An exclusive OR, PE (AND) 606 is a logical product, and PE (FF) 607 is a flip-flop, which are connected as shown in FIG. A random number RND is output from the PE (FF) 607.

  The logic circuit configured as shown in FIG. 7 is described in detail as shown in FIG.

  7, 601 to 607 in FIG. 7 correspond to 701 to 707 in FIG. An exclusive OR with “0” and a logical product with “1” are the same operation as data passing, an exclusive OR with “1” is an inverter, and a logical product with “0” is a data mask. Is the same operation. These are written as shown in FIG. FIG. 9 is a circuit diagram illustrating a logical configuration example realized based on logical configuration information in a part of the reconfigurable circuit.

  Therefore, the logic circuits (701 to 703, 705 to 707) in FIG. 9 are represented by the logic circuits (801 to 806) in FIG. In FIG. 10, 801, 803, 804, and 805 correspond to 701, 802 corresponds to 705, and 806 corresponds to 707, respectively. The logic circuit of FIG. 9 forms eight ring oscillators including five inverters 801 to 805 and one flip-flop 806 as shown in FIG.

  In the ring oscillator composed of an odd number of inverters 801 to 805, the output of the final stage inverter 805 is connected to the input of the first stage inverter 801, and the final stage inverter 805 outputs the logical negation of the first stage input. The first input value is logically negated. As a result, the ring oscillator oscillates.

  A minute change occurs in the delay time of each gate due to variations in transistor characteristics during manufacture, thermal noise, and the like, and the oscillation frequency of the ring oscillator changes. This can be used to generate true random numbers that cannot be predicted by the observer.

  The lower 8 bits of the output of PE707, which is a flip-flop, generates an 8-bit random number.

  The AES encryption scheme identifies 8-bit data as the Galois field GF (256) element. Unless otherwise specified, this is displayed in hexadecimal.

  Configuration information that includes a plurality of equivalent logic circuits that execute Galois field product operations is prepared, and a step called S-BOX of the AES cryptographic operation processing is executed safely.

  As a circuit for obtaining the inverse element of the Galois field, for example, there is a circuit configuration described in Non-Patent Document 4, and the square circuit of the Galois field element is the basis. A Galois field product can be realized by a combination of a product operation and a sum of an arbitrary element and 0x02.

  11 and 12 show configuration examples of the plurality of equivalent logic circuits 204 to 207 shown in FIG. 11 and 12 are equivalent logic circuits that output 0x02 × D, which is the basis of Galois field product operation, for input data D. FIG. Here, in this specification, a Galois field product operation is expressed using the symbol x. In FIG. 11, 1001 to 1004 are realized by setting one of the PEs of the reconfigurable circuit, and the arithmetic circuit represented by 1001 to 1004 is realized on the reconfigurable circuit 107. Similarly, in FIG. 12, 1101 to 1108 are realized by setting one of the PEs of the reconfigurable circuit 107, and the arithmetic circuit represented by 1101 to 1108 is realized on the reconfigurable circuit 107. However, the processing time and power consumption are different because the number of gates passing from the input to the output and the configuration are different.

  In FIG. 11, PE (Left 1-bit Shift) 1001 shifts 1 bit to the left, PE (STR 0x117) 1002 stores the immediate value 0x117, PE (XOR) 1003 is exclusive OR, and PE (MUX) 1004 is PE ( Each of the multiplexers controlled by bit 7 of the output signal of Left 1-bit Shift) 1001 is shown.

  In FIG. 12, PE (STR 0x55) 1101 stores immediate value 0x55, PE (Left 1-bit Shift) 1102 shifts 1 bit to the left, PE (STR 0x117) 1103 stores immediate value 0x117, and PE (XOR) 1104 is exclusive. PE (Left 1-bit Shift) 1105 is shifted by 1 bit to the left, PE (XOR) 1106 is an exclusive OR, PE (MUX) 1107 is a multiplexer controlled by bit 7 of input D, PE (XOR ) 1108 represents exclusive OR.

  For example, in the PE 1101 of FIG. 12, even if the 8-bit random number generated from the random number generator is output as it is instead of the instruction for storing the immediate value 0x55, the circuit of FIG. This is a logic circuit equivalent to the circuit of FIG. 11 that executes the product 0x02 × D. At this time, this logic circuit is a circuit in which an operation with a random number is added to the data path, and is a logic circuit equivalent to FIG.

  Thus, since the value of PE 1101 does not affect the value of the operation result 0x02 × D, PE 1101 can be used as a random number input. Therefore, the invention described in FIGS. 11 and 12 is characterized by having the data input D and the input PE 1101 that can be handled as a random number input. Because of this feature, random numbers can flow in the data path in parallel even when performing the same operation, so the power consumption waveform etc. can be made more random, preventing unauthorized analysis. It becomes possible to do.

  FIG. 13 shows power consumption waveforms W01 to W04 when data is processed by one logic circuit and a plurality of equivalent logic circuits, and the logic circuits are switched based on random numbers generated from a random number generator. The power consumption waveforms W11 to W14 when data is processed are shown. If data processing is continuously executed by the same logic circuit, it is considered that the power consumption waveform when the same data processing is executed is the same every time. For example, waveforms W01 and W04 when data A is processed are the same.

  On the other hand, when selecting and selecting a plurality of equivalent logic circuits at random for each data processing and processing the data, even if the same data is processed, the circuit used in the actual processing is different, The waveforms are not always the same and cannot be predicted. For example, waveforms W11 and W14 when data A is processed are different waveforms.

  This makes it very difficult to identify the processed data from the power consumption waveform even if the configuration information used when reconfiguring the reconfigurable circuit is read.

  Therefore, according to the information processing apparatus of the present embodiment, random numbers are generated and extinguished inside the reconfigurable circuit, and thus used for selecting and selecting a plurality of logic circuits performing the same processing. Random numbers cannot be observed from outside. Therefore, even if the configuration information of the reconfigurable circuit used for cryptographic processing is read and analyzed by an attacker, it is not possible to determine which circuit actually executed the process, and power analysis Timing analysis becomes very difficult, and unauthorized decoding by power consumption analysis and timing analysis can be prevented.

  In addition, when these are implemented with dedicated hardware, a plurality of logic circuits must be prepared as actual circuits, and the logic scale becomes very large, but by using a reconfigurable circuit, It enables more robust cryptographic processing without increasing the scale.

  Although the invention made by the present inventor has been specifically described based on the embodiment, the invention is not limited to the embodiment and can be variously modified without departing from the scope of the invention. Needless to say.

  The present invention is effective for a semiconductor device, particularly a semiconductor device that performs cryptographic operation processing.

1 is a block diagram illustrating a configuration example of a mobile phone terminal system in an information processing apparatus according to an embodiment of the present invention. FIG. 3 is a block diagram illustrating a configuration example of a reconfigurable circuit in the information processing apparatus according to the embodiment of the present invention. It is a block diagram which shows each structural example of a processing element (PE) in the information processing apparatus by one embodiment of this invention. 5 is a flowchart showing a cryptographic operation processing flow by a CPU in the information processing apparatus according to the embodiment of the present invention. It is a block diagram which shows the example of a circuit structure reconfigure | reconstructed with the reconfigurable circuit in the information processing apparatus by one embodiment of this invention. 6 is a timing chart illustrating an operation example of a reconfigurable circuit that is reconfigured in the information processing apparatus according to the embodiment of the present invention. FIG. 3 is a block diagram illustrating an example of a logical configuration realized based on logical configuration information in a part of a reconfigurable circuit in the information processing apparatus according to the embodiment of the present invention. FIG. 3 is a circuit diagram showing an example of a logical configuration realized based on logical configuration information in a part of a reconfigurable circuit in the information processing apparatus according to the embodiment of the present invention. FIG. 3 is a circuit diagram showing an example of a logical configuration realized based on logical configuration information in a part of a reconfigurable circuit in the information processing apparatus according to the embodiment of the present invention. FIG. 3 is a circuit diagram showing an example of a logical configuration realized based on logical configuration information in a part of a reconfigurable circuit in the information processing apparatus according to the embodiment of the present invention. FIG. 3 is a block diagram illustrating an example of a logical configuration realized based on logical configuration information in a part of a reconfigurable circuit in the information processing apparatus according to the embodiment of the present invention. FIG. 3 is a block diagram illustrating an example of a logical configuration realized based on logical configuration information in a part of a reconfigurable circuit in the information processing apparatus according to the embodiment of the present invention. FIG. 6 is a waveform diagram illustrating an example of a power consumption value of a logic circuit realized in a reconfigurable circuit based on configuration information in the information processing apparatus according to the embodiment of the present invention.

Explanation of symbols

101 Application LSI
102 Baseband LSI
103 RF amplifier (RF)
104 Antenna 105 External memory (Memory)
106 CPU
107, 107a Reconfigurable circuit (RECONF)
108 Controller (CTR)
109 register (REG)
110 Interrupt controller (INT)
111 RAM
112 ROM
113 Interface (I / F)
114 System Bus 201 Random Number Generator (RND)
202, 401, 402, 405 Multiplexer (MUX)
203,406 Demultiplexer (DMUX)
204-207 Logic circuits 301-309, 601-607, 701-707, 1001-1004, 1101-1108 Processing elements (PE)
403 ALU
404,806 flip-flops 801-805 inverter (INV)

Claims (7)

A reconfigurable circuit having a first logic circuit, a second logic circuit, and a switch circuit configured by switching a connection relationship of a plurality of processing elements;
A random number generator,
The information processing apparatus, wherein the switch circuit switches between the first logic circuit and the second logic circuit based on the random number generated by the random number generator. The information processing apparatus according to claim 1,
The information processing apparatus, wherein the random number generator is provided in the reconfigurable circuit, and is configured by switching a connection relationship of the plurality of processing elements. The information processing apparatus according to claim 1,
The information processing apparatus, wherein the random number generator transmits the random number to the reconfigurable circuit without using a CPU. The information processing apparatus according to claim 1,
The information processing apparatus, wherein the first logic circuit and the second logic circuit are equivalent logic circuits. The information processing apparatus according to claim 1,
The first logic circuit and the second logic circuit have a first input for inputting data and a second input generated by the random number generator, and the first logic circuit and the second logic circuit are independent of the value of the second input. An information processing apparatus that performs the calculation on a value of one input. The information processing apparatus according to claim 1,
The information processing apparatus is characterized in that the calculation is cryptographic processing. The information processing apparatus according to claim 1,
A ROM storing configuration information for realizing the first and second logic circuits configured in the reconfigurable circuit;
An information processing apparatus, further comprising: a CPU that reads configuration information of the reconfigurable circuit from the ROM and causes the reconfigurable circuit to configure the first and second logic circuits.

Images