Exploring Effect of Residual Electric Charges on Cryptographic Circuits: Extended Version

We study a new transistor-level side-channel leakage caused by charges trapped in between stacked transistors namely residual electric (RECs). Building models is important designing countermeasures against attacks (SCAs). The conventional work showed that even measurable with local electromagnetic measurement. One example the current-path leak [1], [2]: an attacker can distinguish number of current path activated during signal transition. Addressing this issue, Sugawara et al. proposed to use mirror circuit has same on its possible paths. show countermeasure insufficient showing leakage, RECs, not covered previous work. RECs carry history gate's state over multiple clock cycles and changes electrical behavior. experimentally verify cause exploitable leakage. also propose REC leaks designed advanced encryption standard-128 (AES-128) circuits using IO-masked dual-rail read-only memory 180-nm complementary metal-oxide-semiconductor (CMOS) process. compared resilience our AES-128 EMA without investigated RECs' effect physically unclonable functions (PUFs). further extend function. demonstrate affect performance arbiter ring-oscillator PUFs through experiments custom chips fabricated 180- 40-nm CMOS processes*.