Abstract: Programmable reversible logic is emerging as a prospective logic design style for implementation in modern nanotechnology and quantum computing with minimal impact on circuit heat generation.
I. INTRODUCTION
UANTUM mechanics principles govern the physical limitations of computing circuits and systems. These systems dissipate energy due to bit erasure within their interconnected primitive structures, which is an important consideration as transistor density increases. Entropy gain in these environments is directly related to the probability of a quantum particle occupying any of its states.
The basic principle of reversible computing is that a bijective device with an identical number of input and output lines will have no heat dissipation. There are two separate, yet equally important paradigms with reversible logic. The first is logical reversibility, which is using the principles that govern reversible logic structure to determine the logical calculations necessary for feasible designs. The second is physical reversibility, which entails design a physical structure whose input values may be uniquely determined by the output at each computing cycle, and whose energy dissipation does not exceed the Landauer Barrier of kTln(2) joules per computing cycle.
The quantum principles of adiabaticity and reversibility focus on zero-energy dissipation in ideal conditions. In this paper, we refer to an adiabatic circuit as a design methodology where ramp functions are used to attempt to minimize energy dissipated during switching events. Conventional CMOS inverters are logically reversible, yet they do not produce the input waveform if you place the equivalent output waveform on the output pin.
Smart cards are small integrated circuits embedded onto plastic or tokens, and are used for authentication, identification, and personal data storage. They are used by the military, in ATMs, mobile phone SIM cards, by schools for tracking class attendance, and storing certificates for use in secure web browsing. The international standard for both contactless smart cards electronic identification cards and smart cards is the ISO/IEC 7816 [1] , and the contactless smart card is the ISO/IEC 14443 [2] . In this standard, Smart Cards use the Triple Data Encryption Standard, and the standard operating frequency is 13.56MHz.
Even though smart cards utilize operating systems with cryptographic kernels, the memory devices used to store them are not isolated in perfectly tamper-proof locations.
Theory, Synthesis, and Application of Adiabatic and Reversible Logic Circuits for Security Applications
Q
The use of power consumption to obtain compromising information is known as a Differential Power Analysis (DPA) attack. The attacker analyzes information gleaned from the practical implementation details of otherwise secure algorithms [3] . Therefore, the most effective approach to prevention of DPA attacks is to include securitybased logic within the hardware implementation itself in order to make it difficult for the attacker to ascertain the necessary information to determine the inputs. Thus, the motivation for this dissertation is to investigate the theory, synthesis, and application of adiabatic and reversible logic circuits for security applications.
II. THEORY
Sequential computing structures are efficient, low-cost devices that use feedback paths in order to reuse subroutines, so that the device may refresh the information being stored before it is lost. There is a debate as to whether or not feedback causes bit erasure. This would prevent a computer from being able to retrace all of its computations, making the design of a Quantum Turing Machine with feedback impossible. Many texts and papers state emphatically that feedback is not permissible in a quantum computing structure under any circumstances. Others say this is "a common misperception" [4] . Paper espousing both points of view have been published within the last [5] [6] . Establishing laws and metrics for these devices is essential to determining the natural bounds of computing design for any computing technology.
In this section, I address the permissibility of sequential logic in reversible computing systems. In order for a quantum reversible computing machine to satisfy the constraints set forth by Bennett [7] , the device must be completely reversible in time, meaning that -given the timedependent set of outputs.
During the initial clock cycle of any sequential reversible logic device, the loss of one input state per d dependent inputs will result in the loss of d 2 potential input states. In addition, each ancillary input will reduce the total number of possible states by a 2 , since the outputs possible when a is the opposite value will never be attained. This results in a loss of
potential input states. Since the device is reversible and the source bit producing the values for the ancillary inputs are reversible, the bijection will result in the loss of 2 p + a potential output states, where p is the number of feedback-producing outputs. Since the input and output states are bijective, the initial value of each dependent input is uniquely determinable. Therefore, since d = p, the total number of possible input states and output states are equivalent, and are equal to the quantity
Since we know that the number of feedback-dependent inputs is equal to the number of feedback-producing outputs, the equation evaluates to . This gives the equation to determine the statistical probability of each input and output state for every subsequent clock cycle.
We know that the number of feedback paths is equal to both d and p, and that each feedback path is reversible. Therefore, the value of i for each feedback-dependent input must be equivalent to the k value of the corresponding feedback-producing output. This means:
Therefore, the entropy equation reduces to dQ T = 0. This means that sequential reversible logic structures as we defined them are physically reversible in all cases.
III. SYNTHESIS
In this section, we present a novel algorithm for synthesis of adiabatic logic structures in CMOS. We achieve synthesis by comparing the binary representation of the output value and its offset from its location in the unitary matrix. Once the initial circuit is synthesized, the number of transistors required for between each input and output node are minimized using the ESPRESSO heuristic branch-andbound method [8] for prime implicants. The program generates a CMOS circuit in HSPICE that is used for simulation and verification. Fig. 1 shows the synthesis flow of the algorithm.
The synthesis results show that, on average, the proposed algorithm represents an improvement of 36% over the best known reversible designs with the optimized dualrail cells. Synthesis of a dual-rail adiabatic S-box for the Rijndael cipher show improvement in differential power over single-rail and conventional implementations. 
III. SECURITY APPLICATION
In this section, we present method fo of High-Performance Adiabatic Dynamic D (PADDL) design methodology for mitigatin high-performance applications. The data p section was obtained using HPSICE simu 22nm predictive technology model presente
A. Adiabatic Dynamic Differential Logic
The objective of PADDL is to design a capable of dynamically performing all of two-input logical calculations (AND, NA XOR and XOR) with the minimal differ each logical calculation. The device is bo physically bijective. This means that the may be uniquely determined by read waveforms, a necessity in implementatio reversible and adiabatic designs.
The logical calculations of the output si are ܲ ൌ ‫ܣ‬ ҧ , ܲ ത ൌ ‫,ܣ‬ ܳ ൌ ሺ‫ܣ‬ ‫ܥ۩‪ሻ‬ܤ‬ തതതതതതതതതതതതതതത , ܳ ܴ ൌ ‫ܥ۩ܤܣ‬ തതതതതതതതത , and ܴ ത ൌ ‫.ܥ۩ܤܣ‬ The object square circuit diagram is to determine the s for an input signal to flow from an inp Consider Fig. 11a : in order for the output Q input C is a '1', either A or B must be a close the switch. The circuit diagram sho switch will open or close when the approp is a '1'. The output Q is determined with th the output R is determined with circuit 1(b). Next, we compare our presented PAD previous benchmarks in mitigation of DPA [10] , RCCDL [11] , and WDDL [12] . WD used to improve We reproduced those c technology using the methods presented in t 
B. Adiabatic S-Box Design
The ByteSub portion of the Rij using a 16x16 lookup table to determ 4-bits correspond to the row of the correspond to the column of the Sthe table are bijective, meaning tha uniquely determined by knowing th result is an 8 bit output, we may co and physically reversible S-box circuits. We synthesized our S-box in Verilog. The Verilog circuit w Compiler in order to generate the H Compiler, we were able to generate for power and area using TSMC 0.25ȝm, IBM files for 0.18ȝm, 0.13 files for 65nm, 45nm, 32nm, and variety of frequencies.
Our presented design require forward encryption for the S-Bo benchmarks, this is significantly h percent in some cases. However, an dual-rail adiabatic design in this app reversibility allows for the same cir encryption and decryption. Most R require forward and revers implementations. Our method requ control signal, and 32 Fredkin ga through the device.
Energy imbalance, a metric pres fair comparison across technology combinations e1 and e2, the energy during those time frames may be fo ቚ భ ି మ భ ା మ ቚ ‫כ‬ ͳͲͲΨ. The improvement over the previous best case for CSSAL in [14] , is 41% at 50MHz. [22] , provides a files. Given two input y imbalance of the circuit ound using the equation: of our proposed method energy imbalance, the Our circuit improves the upon energy imbalance over previous work by an average of 65 percent, which makes our circuit an effective mitigant of DPA attacks. The design is advantageous in terms of worstcase EI and Pavg for all benchmarks. In most cases, the encryption area is significantly higher, as we expected. The physical reversibility of our proposed structure significantly reduces the area trade-off when the area overhead required for S-box decryption is also considered. This is especially advantageous over the CSSAL, which is not physically bijective, resulting in a significant transistor overhead for decryption.
CONCLUSIONS
In this dissertation, we address the theory, synthesis, and application of adiabatic and reversible logic in security application. First, I presented a mathematical proof to support the view that feedback is permitted in the design reversible logic based sequential computing structures. Next, I presented a novel algorithm for synthesis of adiabatic logic structures in CMOS. The resulting circuits are synthesized and simulated using HSPICE. The synthesis results show that, on average, the proposed algorithm represents an improvement of 36% over the best known reversible designs with the optimized dual-rail cells. Synthesis of a dual-rail adiabatic S-box for the Rijndael cipher show improvement in differential power over single-rail and conventional implementations. These results suggest that dual-rail adiabatic logic is a promising design methodology for circuits where security is this most important design metric, and frequencies are slower, such as the ISO 14443 Smart Card standard.
Next, we propose an Adiabatic Dynamic Differential Logic design methodology for mitigation of DPA attacks on secure integrated chips. This design improves upon previously presented benchmarks by 76.41% for average power due to a reduced reliance of evaluation and discharge networks. The PADDL cell also improved upon the differential power of a conventional NAND gate by a factor of 112. Finally, we propose an Adiabatic Dynamic Differential Logic design methodology for mitigation of DPA attacks on secure integrated chips.
SUPPORTING PUBLICATIONS AND PATENTS
The sequential reversible logic proof was accepted into ISVLSI 2012, and was nominated for the Best Paper Award [15] . The adiabatic reversible synthesis algorithm and the Rijndael S-Box was accepted for publication in the IEEE Transactions on Computer Aided Design [16] . The PADDL cell was accepted for publication in the IEEE Transactions on Very Large Scale Integration [17] . In all, my dissertation work comprised of three transaction journal papers and twelve selective conference papers [15] [16] [17] [18] [19] [20] [21] [22] [23] .
