Smart card integrated circuit with built-in 34K byte high density EEPROM and analog arithmetic processor (MAP)

In today's digital society, the development of asymmetric encryption algorithms has opened up a new world in the field of digital security. With this encryption technology, the implementation of various key management becomes very easy, and electronic digital signatures are also becoming possible.
On the other hand, the feasibility of portable user-friendly physical data storage security technology has been verified on cards (smart cards) made in chip form. However, due to the arithmetic complexity of smart card encryption algorithms, all the optimal tools for secure data exchange have not yet been fully integrated. In order to solve this problem, the wave of research and development of smart cards for complex controllers has been launched around the world. This article focuses on the physical factors and constraints that affect today's microelectronics industry. In the discussion process, in order to facilitate the reader's understanding, we will refer to ST's latest encryption smart card integrated circuit based on ST19X series platform.
The following two characteristics are the main factors that cause the complexity of smart card encryption:
(1) Modular arithmetic based smart card public key algorithm. Currently, standard CPU is not optimized for this task.
(2) The security of all public key algorithms depends entirely on the length of the operator. Today, 512-bit operators are the basic condition for secure operation, and most operators tend to choose 1024 bits. For 32-bit processors, this is already a very difficult computing task. For 8/16-bit processors, the difficulty can be imagined.
There are two other factors that limit the performance of smart card CPUs:
(1) Size limitation: The ISO7816 standard stipulates that the maximum size of the module whose chip size is on an IC card cannot exceed 25mm2.
(2) Current consumption limitation: Current consumption is not only limited by ISO7816, but also affected by the mobile device market (such as mobile phones). Although the ISO standard allows a maximum current of 200mA, cards with more than 20mA have no market at all. .
Today, the widely used smart card is an 8-bit enhanced CPU with a coprocessor that handles arithmetic calculations. Therefore, the powerful 32-bit CPU is expected to have broad application prospects in the coming year. For this demand, ST has specially developed a 32-bit smart card RISCCPU platform SmartJ. We will introduce this platform specifically below.
From the perspective of cost performance, high-performance CPUs cannot meet the user's performance requirements. Before implementing the number of calculations available for the mainstream asymmetric encryption algorithm RSA at 5 MHz, a 32-bit RISC CPU optimized for the algorithm is needed first, so as to achieve a typical encryption/signature number of not less than 300 ms. A typical standard 8/16-bit CPU (using 0.6 (m technology) requires at least 20 mm2 of silicon and consumes approximately 50 mA @ 5 KHz current.
Obviously, high-performance hardware or coprocessors designed to perform long-term arithmetic simulations are the best way to solve this problem.
Based on this scheme, ST began to use the MAT-Modular Arithmetic Processor as a peripheral in the early 1990s to enhance the performance of the existing 8-bit CPU (ST7 platform). The ST16CF54B and ST16CF68 are the first smart card 512-bit encryption devices developed on the ST16 platform using this solution.
It is very difficult to directly calculate A*Bmoden using a small device. MAP uses multiplication in P or "Montgomery segment" to avoid this difficult calculation process. Therefore, P(P(A*B)n*H)n is mitigated by adopting a tentative division process. The amount of calculation of the mold product A*Bmoden.
The mathematician can intuitively see that this basic idea is similar to the calculation method using the Laplace exchange table to solve differential equations. Two constants are required for the calculation: H and J0, which are functions of n. The calculation of P uses an iterative method, that is, a "forward" calculation of A*Bmoden through a tentative division process. The advantage of this method is that it is cost effective.
In order to make the modulo arithmetic processor easy to use and to maximize efficiency, ST provides users with a set of firmware subroutines. This subroutine is specifically designed to access the full functionality of the MAP and to execute complex, efficient, and secure algorithms.
This subroutine library is stored in a special location in the ROM, thus saving operating system designers time to encode the underlying functions, allowing them to concentrate on the implementation of algorithms, public key encryption, and private key encryption protocols. on.
With the continuous development of the high-efficiency smart card platform, ST has launched the ST19/X platform, which further enhances MAP's support for the 1088-bit algorithm. The ST19XL34 is ST's latest encryption device.
The ST19XL34 is a component of the ST19 platform. It is a serial access microcontroller designed for high-capacity, economical, and secure portable objects. Algorithms that implement high-performance public and private keys help improve system security and reduce initial and communication costs for these devices.
The following is a brief introduction to this device:
1 Features ● Enhanced 8-bit CPU, extended addressing mode ● 96KB user ROM, partitionable ● 4KB user RAM, partitionable ● 34KB user EEPROM, partitionable ● High reliability CMOSEEPROM 0.35μm sub-micron technology ● Single bit error Error Correction Code ● 10 years of data retention capability ● 100,000 erase/write cycles ● Correct a single bit error within each byte (ECC-ErrorCorrectionCode)
● 1-64 bytes of erasure or programming within 2ms ● Memory security firewall ● Super security features, including EEPROM flash program and clock management ● 3x8 bit timer with interrupt function ● Hardware DES accelerator ● 1088 bit mode arithmetic Processor, including asymmetric algorithm support library ● Up to 10MHz internal working frequency ● Built-in unique serial number on the chip ● Standby power saving mode ● ESD protection greater than 5000V ● 3V10%, or 5V10% power supply voltage ● Encryption library
2 Asymmetric algorithm ● In order to achieve efficient coding, the software encryption library is stored in different units of the ROM. ● Loads on the MAP or unloads the parameters and operation results from the MAP. ● Calculates the Montgomery constant. ● Multiplies the modulus and various lengths. The basic mathematics in the system ● the power of the module, you can choose to use the Chinese remainder theorem (CRT)
● Special functions, as shown in Table 1. For example: RSA signature, 2176-bit modulo length authentication, RSA key generation.
● 1088-bit DSA digital signature and authentication ● Full generation of internal signature and verification keys. This feature prevents the key from leaking from the chip, which is beneficial to the security of the entire system.
3 symmetric algorithm ● DES, 3DES, DESX calculation and CBC link mode ● CRC calculation block ● SHA-1
●Long random number generation ● Register data loading and unloading protection, prevent SPA/DPA
Remarks:
(1) Speed ​​is a typical value regardless of the external clock frequency and power supply voltage.
(2) CRT: Chinese remainder theorem
4 Hardware Introduction ST19XL34 is one of the products of ST19 platform, and its circuit design is shown in Figure 1. It is a serial access microcontroller designed for large-scale, low-cost security applications. It can be used to develop high-performance public key algorithms to reduce initial investment and communication costs and improve system security.
Table 1 special function table

Figure 1 circuit block diagram The encryption algorithm library is used to:
(1) Asymmetric algorithm ● Read from MAP, store parameters and results;
Calculate the Montgomery constant;
Basic mathematical calculations and modular multiplication/modulation square operations with variable word lengths;
● Modulating the power operation, with or without the Chinese remainder theorem (CRT);
● Dedicated arbitrary length (up to 2176 bits) RSA, DSA signature and confirmation function;
● The signature and confirmed key are generated entirely within the chip. This ensures that the key will not be leaked, thus improving the security of the entire system;
● Long random number generation function;
●RSA: 2176 bits ●DSA: 1088 bits ●SHA-1
●RSA key generation
(2) Symmetric algorithm ● DES, 3DES, DESX operation;
● CBC link mode;
● Prevent the secure register access of the DSP.