# Nanoscale cryptography: opportunities and challenges

- Massoud Masoumi
^{1}Email author, - Weidong Shi
^{1}and - Lei Xu
^{1}

**Received: **26 January 2015

**Accepted: **24 June 2015

**Published: **2 November 2015

## Abstract

While most of the electronics industry is dependent on the ever-decreasing size of lithographic transistors, this scaling cannot continue indefinitely. To improve the performance of the integrated circuits, new emerging and paradigms are needed. In recent years, nanoelectronics has become one of the most important and exciting forefront in science and engineering. It shows a great promise for providing us in the near future with many breakthroughs that change the direction of technological advances in a wide range of applications. In this paper, we discuss the contribution that nanotechnology may offer to the evolution of cryptographic hardware and embedded systems and demonstrate how nanoscale devices can be used for constructing security primitives. Using a custom set of design automation tools, it is demonstrated that relative to a conventional 45-nm CMOS system, performance gains can be obtained up to two orders of magnitude reduction in area and up to 50 % improvement in speed.

## Keywords

## 1 Background

- 1.
This paper presents the first crossbar based nanoscale computing platform (nano-architecture) for the implementation of encryption algorithms. This uniform array of nanowires in a multi-layer CMOS-Nano crossbar structure provides manufacturability by regularity, reliability (fault tolerance) by reconfigurability, and performance by logic density. Although, some works have addressed the use of nanowire crossbar architecture for logic implementation [2] but their performance cannot be easily evaluated and compared to MOSFET FPGAs.

- 2.
So far, mainly 128-bit key encryption has been designed and implemented by CMOS technology, primarily due to area, speed and power consumption problems associated with the implementation of the encryption algorithm with longer keys. The results we have obtained demonstrate that longer keys can be easily realized by hybrid CMOS-Nano FPGA architecture, making the implementation much more robust against unauthorized deciphering and cryptanalytic attacks.

The reminder of paper is organized as follows: Section II briefly explains reconfigurable hybrid CMOS/Nano technology. Section III illustrates the Secure Hash Algorithm very briefly. Section IV presents the performance results of the implementation of secure hash algorithm basic modules on hybrid CMOS/Nano platform. Finally, in the conclusion we briefly summarize the results of our discussions.

### 1.1 Reconfigurable hybrid CMOS/nanodevice circuits

*F*

_{ CMOS }of the CMOS system and that 2

*F*

_{ nano }of the nanowire crossbar. Figure 5 clarifies the subject. Figure 5(a) shows the schematics of hybrid CMOS-Nano system. As it is seen in Fig. 5(c), the interface pins of each type (reaching to either the lower or the upper nanowire level) are arranged into a square array with side 2

*βF*

_{ CMOS }, where

*β*is a dimensionless factor of the order of one that depends on the CMOS cell complexity. The nanowire crossbar is turned by angle α = arcsin (

*F*

_{ CMOS }/

*βF*

_{ nano }) relative to the CMOS pin array. Hence, by activating two pairs of perpendicular CMOS wires, we can select two individual nanowires and program a single nanodevice at their crosspoint (Fig. 5(b)) to connect or disconnect these two nanowires This not only makes each nanodevice individually accessible from CMOS subsection (even if

*F*

_{ nano }≪

*F*

_{ CMOS }) but also makes the system robust against small shifts of nanowire section. Indeed, studies of [22] shows that at the optimal choice of the pin tip diameter (equal to

*F*

_{ nano }), there is only one specific mutual position of the pins and crossbar (in each of two perpendicular directions), at which the connection between these two subsystems is imperfect, while even a small shift from that position restores the proper connectivity. This structure also allows us to use the high drive strength CMOS transistors to buffer and restore each nanowire output signal. The hybrid CMOS-Nano wired logic depends on the voltage divider between the junction switch (modeled as a resistor

*R*

_{ on }) and the pass transistor (modeled as a resistor

*R*

_{ PASS }) in order to provide a suitable voltage level to the input of the inverter. Figure 6 shows the NAND/buffers/flip-flop cells in the hybrid CMOS-Nano architecture. For clarity, Fig. 7 shows the implementation of a 7-input NOR gate from another perspective in which active nanodevices are shown in green while unused nanodevices are not shown. Please notice that this multi inputs NOR gate is implemented by only one minimum size inverter and several nanoelements while for the implementation of the same function in CMOS technology several NMOS and PMOS transistors are needed. This is the main reason that hybrid CMOS-Nano circuits are far smaller than their CMOS counterparts.

It should be mentioned that the enormous density of two-terminal nanodevices can hardly be used without reliable individual contacts to each of them. This is why the fabrication of wires with nanometer-scale cross-section is another fundamental problem of nanoelectronics. The currently available photolithography and patterning methods, and even their rationally envisioned extensions, will hardly be able to provide a few nanometer resolution. In addition, the scaling of the pitch (*F*
_{
nano
}) below 3 nm value would not be practical because of the quantum mechanical tunneling between nanowires. Hence, scaling down of these circuits in nano section will be limited by some fundamental problems. However, as will be demonstrated, hybrid CMOS-Nano circuits provide higher degree of integratability compared to their CMOS counterpart with the same feature size and design rules.

### 1.2 SHA-512 Logic

^{128}and produces as output a 512-bit message digest. The input is processed in 1024-bit blocks. Each round takes as input the 512-bit buffer value, abcdefgh, and updates the contents of the buffer. At input to the first round; the buffer has the value of the intermediate hash value,

*H*

_{ i ‐ 1}. Each round

*t*makes use of a 64-bit value

*W*

_{ t }, derived from the current 1024 bit block being processed (

*M*

_{ i }). Each round also makes use of an additive constant

*K*

_{ t }, where 0 ≤

*t*≤ 79 indicates one of the 80 rounds. The SHA-512 algorithm has the property that every bit of the hash code is a function of every bit of the input. The complex repetition of the basic function produces results that are well mixed; that is, it is unlikely that two messages chosen at random, even if they exhibit similar regularities, will have the same hash code. Unless there is some hidden weakness in SHA-512, which has not so far been published, the difficulty of coming up with two messages having the same message digest is on the order of operations, while the difficulty of finding a message with a given digest is on the order of operations. The algorithm has four basic modules:

*Round Function, Round Operation, Final Round Addition and Round Word Computation.*Figure 8 represents the overall processing of a message to produce a message digest [23].

## 2 Methods

## 3 Results and Discussions

*V*

_{ DD }= 0.3 V and given a 15 nm-wide metallic nanowire interconnects with 3 nm thick switching layer separating two nanowire layers, and an insulator between and around all nanowires with a dielectric constant of 3.9 (that of SiO

_{2}), the wire capacitance per unit length to be close to 0.2 fF/μm, capacitance

*C*

_{ wire }of the full nanowire fragment will be about 3 fF. It is known that

*R*

_{ ON }= 400 kΩ and the “ON” resistance of a crosspoint nanodevice is \( \frac{R_{ON}}{D}=5\ k\Omega,\ D=80 \) is the number of parallel nanodevices connected in series with the ohmic resistance

*R*

_{ wire }, driven by voltage

*V*

_{ DD }and

*I*is the maximum gate fanin (http://www.eecg.utoronto.ca/vpr/). The wire resistivity is almost at 8.88 μΩcm and the substrate and coupling capacitances are about 2 pF/cm and 1 pF/cm, respectively. The estimated resistance between the center and the end of a nanowire fragment, of the length \( \frac{\beta {\left({F}_{CMOS}\right)}^2}{F_{nano}}=7.2\ \upmu m \) is estimated less than 2.5 kΩ. Assuming the area of the minimum-width transistor to be 25(

*F*

_{ CMOS })

^{2}(http://www.eecg.utoronto.ca/vpr/), where

*F*

_{ CMOS }is the half pitch of the CMOS subsystem, the results for CMOS implementation is shown in the Table 1. Table 2 summarizes the performance estimation for the same circuits on hybrid CMOS-Nano FPGA fabric without defect. Table 3 shows the same with 10 % and 30 % defect rates. As it is seen, the hybrid-CMOS implementation is almost two orders of magnitude denser than its CMOS counterpart. Figure 9 shows the implementation of one columns of

*Final Round Addition*on a (9 + 2) × (9 + 2) CMOS FPGA block in which the critical path is represented by green color. Figure 10 shows the initial placement for that circuit in .BLIF format mapped on the (9 + 2) × (9 + 2) tile array with 30 % defects. (Here the additional layer of tiles at the array periphery is used exclusively for I/O functions). Figure 11 show initial placement and routing of the same circuit on the same platform. Figure 12 shows the same circuit after final placement and routing. Figure 13 shows the placement of

*Round Operation*with 10 % defective cells on a (27 + 2) × (27 + 2) CMOS-Nano FPGA. Figure 14 shows the initial placement of

*Round Operation*with 10 % defective cells. Figure 15 shows final routing and placement of the same circuit after final successful reconfiguration. Figure 16 shows the same implementation in which active nanoelements are shown with green dots. Figure 17 shows a zoomed view of

*Round Operation*mapped on a hybrid CMOS-Nano fabric. Active nanoelements are identified with green dots. Bad or unused nanoelements are not shown. Figure 18 shows a global view of

*Round Word Computation*mapped on a hybrid CMOS-Nano fabric with 30 % defect rate. Bad nanoelements are shown in black while good used are shown in green.

Performance results for SHA-512 building blocks mapped on CMOS FPGA

Circuit | CMOS FPGA | ||||
---|---|---|---|---|---|

F | |||||

Depth | LUT | Linear size | Area ( | Delay (ns) | |

Round function | 1 | 1218 | 8 × 8 | 124538 | 6.7 |

Round operation | 67 | 2769 | 27 × 27 | 304722 | 39.7 |

Final round addition | 19 | 286 | 9 × 9 | 36320 | 22 |

Round word computation | 7 | 1440 | 20 × 20 | 151369 | 3.7 |

Performance Results For SHA-512 Building blocks mapped on two-cell hybrid CMOS-NANO FPGA fabric

Circuit | Hybrid CMOS/NanoDevice FPGA | ||||
---|---|---|---|---|---|

F | |||||

Depth | Tile size | No. of nano devices | Area (μm | Delay | |

Round function | 23 | 12 × 12 | 2309 | 299 | 1.76 |

Round operation | 111 | 25 × 25 | 5786 | 1296 | 14.2 |

Final round addition | 67 | 7 × 7 | 602 | 168 | 10.6 |

Round word computation | 14 | 23 × 23 | 2146 | 1096 | 1.6 |

Performance results for SHA-512 building blocks mapped on two-cell hybrid CMOS-NANO FPGA with two different defect rates

Circuit | No defect | 10 % defective cells | 30 % defective cells | |||
---|---|---|---|---|---|---|

Area | Delay (ns) | Area ( | Delay (ns) | Area ( | Delay (ns) | |

Round function | 299 | 1.76 | 351 | 1.76 | 407 | 1.79 |

Round operation | 1296 | 14.2 | 1512 | 15.68 | 2540 | 17.24 |

Final round addition | 102 | 10.56 | 102 | 10.56 | 168 | 10.6 |

Round word computation | 1096 | 1.6 | 1096 | 1.8 | 1195 | 1.92 |

*P*

_{ ON }due to currents

*I*

_{ ON }

^{ , }, leakage power consumption

*P*

_{ leak }due to current leakage through nanodevices in their “OFF” state [24, 25]. Figure 19 shows the equivalent circuit for hybrid CMOS-Nano logic stage.

*R*

_{ ser }is the series resistance equivalent of

*R*

_{ ON }

*/D*and

*R*

_{ wire },

*D*is the total number of nanoscale switches in one nanowire crosspoint,

*M*is the number of closed crosspoint switches. With

*F*

_{ CMOS }= 45nm

*, F*

_{ nano }= 4.5nm,

*R*

_{ wire }= 14Ω,

*R*

_{ OFF }= 4

*G*Ω, and

*D*= 80 [24], the leakage and static power consumption of each module can be estimated. It is clear that P

_{ leak }can be neglected. Dynamic power consumption

*P*

_{ d }is mainly due to recharging of nanowire capacitances and depends on the number of nanowires allocated by the synthesis tool to implement a circuit onto the target platform and can be calculated using Eq. (3).

*α*is the average ‘switching activity’ of the circuit,

*N*is the number of nanowires participating in the implementation of logic function,

*C*is the capacitance of single nanowire,

*V*

_{ dd }is the voltage supply of CMOS transistors, and

*f*is the maximum clock speed determined by timing analysis of critical path. We chose an activity of 0.2, twice of the value predicted by Davis [26] to estimate the power consumption pessimistically not optimistically. Hence, the power consumption of each module (without defect) can be estimated as Table 4.

Power consumption of SHA-512 building blocks mapped on two-cell hybrid CMOS-NANO FPGA

Circuit | Hybrid CMOS/NanoDevice FPGA | |
---|---|---|

F | ||

Static power consumption (mW) | Dyanamic power consumption (mW) | |

Round function | 0.7 | 16 |

Round operation | 6.5 | 19 |

Final round addition | 0.7 | 2.7 |

Round word computation | 0.9 | 16 |

We have not computed the total power consumption of the whole algorithm; however, evidences show that the power consumption of the proposed design is close and comparable to the power consumption of the actual implementation of the algorithm on FPGA [27].

## 4 Conclusions

The invention of the transistor is one of the most important inventions of the 20^{th} century. Since its inception, the transistor size has been reduced so that now modern devices are orders of magnitude smaller than their earliest counterparts. Unfortunately, the scaling down will eventually end. Increasing power, capital costs, and ultimately theoretical size limitations, are poised to halt the process of continually shrinking the transistor. The results presented in this paper clearly demonstrate that nanoelectronic-based digital circuits may continue the performance scaling of microelectronics well beyond the limits of the currently dominating CMOS technology. However, whether nanoelectronics will be a replacement for conventional ICs, or as a complimentary technology, is yet to be investigated. We believe that this situation may justify large-scale research and development efforts in this area. In this paper, we discussed the contribution that nanotechnology may offer to the evolution of cryptographic hardware and embedded systems and demonstrated how nanoelectronics can be used for constructing security primitives. There are still some problems but the prospect of cheaply integrating 10^{12} devices per chip is a powerful incentive to overcome the existing challenges. In order for this prediction to become true, several challenges still have to be overcome. Without a doubt, the most important of them is the development of a highly reproducible technology for VLSI fabrication of crosspoint resistive switches. Finally, the preliminary research indicates that while existing parts of the CAD tools will be useful for nano-electronics, there will need to be some additions and changes made. Improved device models and 3-D CAD and design tools will certainly accelerate research in this area.

## Declarations

## Authors’ Affiliations

## References

- YM Chee, CH Ling, Limit on the addressability of fault-tolerant nanowire decoder. IEEE Transactions on Computer
**58**(1), 60–68 (2009)View ArticleGoogle Scholar - M Gholipour, N Masoumi, Design investigation of nanoelectronic circuits using crossbar-based nanoarchitectures. Microelectronics J
**44**, 190–200 (2013)View ArticleGoogle Scholar - M Haykel Ben Jamaa, Regular nanofabrics in emerging technologies, Lecture Notes in Electrical Engineering, Springer, 82 (2011)Google Scholar
- P Kocher, J Jaffe, B Jun, differential power analysis, Advances in Cryptology - Crypto 1999, LNCS 1666, (Springer 1999) pp.388-397Google Scholar
- M Masoumi, MH Rezayati, Novel approach to protect advanced encryption standard algorithm implementation against differential electromagnetic and power analysis. IEEE Trans. on Information Forensics and Security
**10**(2), 256–265 (2015)View ArticleGoogle Scholar - M Masoumi, M Masoumi, M Ahmadian,
*A practical differential power attack against an FPGA implementation of AES cryptosystem*(IEEE I-Society, London, UK, 2010)Google Scholar - M Masoumi, Differential power analysis, a serious threat to FPGA security. Int. J. Internet Tech. and Secured Transactions
**4**, 1 (2012)View ArticleGoogle Scholar - M Masoumi, S Mohammadi,
*A new and efficient approach to protect AES against differential power analysis attack*(IEEE WorldCIS, London, UK, 2011)Google Scholar - L T-Ha, C Canovas, J Cledier,
*An overview of side-channel analysis attacks, Proc. of the ACM Symp. on Information, Computer and Communications Security*(ACM, Tokyo, Japan, 2008), pp. 33–43Google Scholar - K Chen, Q Zhao, P Zhang, G Deng,
*The power of electromagnetic analysis on embedded cryptographic ICs, ICESS’08*, 2008, pp. 197–201Google Scholar - E Peeters, FX Standaert, JJ Quisquater, Power and electromagnetic analysis: improved model, consequences and comparisons. Integration, the VLSI Journal
**40**(1), 52–60 (2007)View ArticleGoogle Scholar - J Lu, J Pan, J den Hartog, Principles on the security of AES against first and second-order differential power analysis, in Applied Cryptography and Network Security (Lecture Notes in Computer Science), vol. 6123, (Springer, 2010), pp. 168–185Google Scholar
- D Dong, S Chen, W Haruehanroengra, W Wang, 3-D nFPGA: a reconfigurable architecture for 3-d CMOS/nanomaterial hybrid digital circuits. IEEE Trans. Circuits Syst.
**54**(11), 2489–2501 (2007)View ArticleGoogle Scholar - K Likharev, Hybrid Semiconductor/Nanoelectronic Circuits. NSTi-Nanotech
**1**, 553–555 (2007)Google Scholar - National Institue of Standard and Technology (NIST), Secure Hash Standard (SHS), FIPS-PUB-198, 2002Google Scholar
- M Haselman, S Hauck, The future of integrated circuits: a survey of nano-electronics, Proceedings of the IEEE, 98(1), 11–38 (January 2010)Google Scholar
- B Liu, Architecture exploration of crossbar-based nanoscale reconfigurable computing platforms, Nano Commun. Networks 2010) pp. 232–241Google Scholar
- M Masoumi, F Raissi, M Ahmadian, P Keshavarzi, Design and evaluation of basic standard encryption algorithm modules using nanosized cmos-molecular circuits. Nanotechnology
**17**, 89–99 (2006)View ArticleGoogle Scholar - Z Abid, A Alma’aitah, M Barua, W Wang, Efficient CMOL gate design for cryptography applications. IEEE Trans. on Nanotechnology
**8**(3), 315–321 (2009)View ArticleGoogle Scholar - GS Snider, RS Williams, Nano/CMOS architectures using a field-programmable nanowire interconnect. Nanotechnology
**18**(3), 1–11 (2007)View ArticleGoogle Scholar - NH Di Spigna, DP Nackashi, CJ Amsinck, SR Sonkusale, P Franzon, Deterministic nanowire fanout and interconnect without any critical translation alignment’. IEEE Trans. Nanotechnol.
**5**(4), 356–361 (2006)View ArticleGoogle Scholar - KK Likharev, Hybrid CMOS/Nanoelectronic circuits: Opportunities and Challenges, J. Nanoelctronics and Optoelectronics
**3**, 203–230 (2008)View ArticleGoogle Scholar - W Stallings, Cryptography and Network Security, 5th ed. (Wiley, 2011)Google Scholar
- DB Strukov, Digital architectures for hybrid CMOS/Nanodevice circuits, PhD Dissertation, Stony Brook University, 2006Google Scholar
- C Dong, W Wang, S Haruehanroengra, Efficient logic architectures for CMOL nanoelectronic circuits. Micro & Nano Letters
**1**(2), 74–78 (2006)View ArticleGoogle Scholar - JA Davis, K Vivek, JD Meindl, A stochastic wire-length distribution for gigascale integration (GSI)—Part II: applications to clock frequency, power dissipation, and chip size estimation”. IEEE Trans. Electron Devices
**45**, 590–7 (1998)View ArticleGoogle Scholar - N Sklavos, O Koufopavlou, Implementation of the SHA-2 hash family standard using FPGAs, The Journal of Supercomputing, 31, pp. 227– 248 (Springer, 2005)Google Scholar
- D Strukov, Hybrid semiconductor-nanodevice integrated circuits for digital electronics, Available online on the InternetGoogle Scholar
- DB Strukov, KK Likharev,
*Rconfigurable Crossbar Architectures, Nanoelectronics and Information Technology*(Wiley, Weinheim, Germany, 2012), pp. 435–454Google Scholar - Hybrid CMOS/Nano FPGA CAD 1.0, https://www.ece.ucsb.edu/~strukov/papers/2007/CMOLCAD2007.pdf

## Copyright

This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly credited.