CN-121997386-A - Protected hardware processing device
Abstract
There is provided a hardware processing device comprising (i) a plurality of MAC units arranged to be operable in a secure mode to perform at least one addition of a first value and a second value, wherein the first value is represented by a number of shares and the second value is represented by the same number of shares, and to perform at least one multiplication of the first value and the second value based on the shares of the first value, the shares of the second value and a random number, and (ii) a multiplexer to switch between secure mode and normal mode, wherein the plurality of MAC units are arranged to operate the first value and the second value in a normal mode instead of the shares of the first value and the shares of the second value.
Inventors
- BERND MAYER
- Florian Mendel
Assignees
- 英飞凌科技股份有限公司
Dates
- Publication Date
- 20260508
- Application Date
- 20251024
- Priority Date
- 20241105
Claims (4)
- 1. A hardware processing device, comprising: A plurality of multiply-add MAC units arranged to be operable in a secure mode, Performing at least one addition of a first value and a second value, wherein the first value is represented by a number of shares and the second value is represented by the same number of shares, and Performing at least one multiplication of the first value and the second value based on the share of the first value, the share of the second value, and a random number, and A multiplexer for switching between the secure mode and a normal mode, wherein the plurality of MAC units are arranged to operate on the first value and the second value in the normal mode instead of on the shares of the first value and the shares of the second value.
- 2. The hardware processing device of claim 1, Wherein the number of shares is two; Wherein the first value is x and the length is n, represented by the shares x 0 and x 1 , such that Wherein the second value is y, the length is n, represented by the fractions y 0 and y 1 , such that Wherein the addition is performed according to the following formula , Wherein the multiplication is performed according to the following formula Where r is the random number.
- 3. The hardware processing device of any preceding claim, comprising a random number generator that determines the random number.
- 4. The hardware processing device of any of the preceding claims, wherein the hardware processing device is a hardware accelerator for a neural network.
Description
Protected hardware processing device Technical Field The present disclosure relates generally to the field of Artificial Intelligence (AI), and in particular to protected hardware processing devices. Background An Artificial Intelligence (AI) accelerator, deep learning processor, or Neural Processing Unit (NPU) is a class of specialized hardware accelerator or computer system that is intended to accelerate artificial intelligence and machine learning applications, including artificial neural networks and computer vision. An exemplary AI integrated circuit chip contains hundreds of billions of MOSFETs (see, e.g., https:// en. Wikipedia. Org/wiki/AI_aceiter). Such dedicated hardware is one specific example of a hardware processing device, also referred to herein as an accelerator. Such accelerators are typically used to accelerate the computation of the neural network during training or reasoning. The accelerator may be subject to attacks such as Side Channel Analysis (SCA). For example, timing Analysis (TA) and Simple Power Analysis (SPA) may reveal at least part of the topology of the neural network. Differential Power Analysis (DPA) or Differential Fault Analysis (DFA) may reveal weights, bias constants, and/or activation functions of the neural network. Furthermore, SCA's may also be used to extract or modify data that the accelerator processes during training or reasoning. Existing approaches do not provide effective protection or underprotection against any attacks based on SCA, TA, SPA, DPA or DFA. Such attacks may also be referred to as side channel attacks. It is therefore an object to protect or strengthen hardware processing devices, in particular the accelerators, in a cost-effective manner against any such attacks. Disclosure of Invention The above problems are addressed by the features of the embodiments disclosed in this disclosure. Additional embodiments are obtained based on the present disclosure. Examples presented herein may be based on at least one of the following solutions. In particular, the following features may be combined to achieve the desired results. There is provided a hardware processing device including: a plurality of MAC units arranged to be operable in a secure mode, Performing at least one addition of a first value and a second value, wherein the first value is represented by a number of shares (share) and the second value is represented by the same number of shares; Performing at least one multiplication of the first value and the second value based on the share of the first value, the share of the second value, and a random number; a multiplexer for switching between a secure mode and a normal mode, wherein the plurality of MAC units are arranged to operate on the first value and the second value in the normal mode instead of on the fraction of the first value and the fraction of the second value. It is noted that "random" or "randomization" as used in the context of the present application may particularly refer to true randomness, pseudo-randomness, or even some deterministic method that may introduce a sufficient level of entropy. Switching between secure and normal modes introduces the flexibility to perform only those operations in secure mode that need to be confused due to potential side channel attacks. This enables the efficiency of the hardware processing device to be adjusted according to predetermined needs or requirements. In accordance with one embodiment of the present invention, The number of shares is two; the first value is x and the length is n, expressed by the shares x 0 and x 1, such that The second value is y, the length is n, represented by the fractions y 0 and y 1, such that The addition is performed according to the following formula , Multiplication is performed according to the following formula Where r is a random number. According to an embodiment, the hardware processing device further comprises a random number generator determining the random number. The random number generator referred to herein may in particular provide a predefined entropy level. According to an embodiment, the hardware processing device is a hardware accelerator for a neural network. Drawings The embodiments are shown and described with reference to the drawings. The drawings are intended to illustrate the basic principles and thus only show aspects necessary for understanding the basic principles. The figures are not drawn to scale. In the drawings, like reference numerals refer to like features. FIG. 1 shows a block diagram of how visualizations implement multiplication in a secure manner. FIG. 2 illustrates an exemplary implementation of an accelerator utilizing a pipeline. FIG. 3 shows a schematic diagram of an alternative accelerator that does not employ pipelining. Detailed Description The examples presented herein enable, among other things, randomized masking (randomized masking) of data processed by an accelerator, which can be used to quantify neural networ