IEEE CICC 2025 28-4

## A 54µW Design-Agnostic Clock, Voltage, and EM-Pulse Fault-Injection Attack Detection using Time-to-Voltage Conversion

Yudhajit Ray, Archisman Ghosh, Sarthak Antal, Shreyas Sen

Purdue University, IN, USA

Fault Injection Attacks (FIAs) exploit faults to reveal sensitive information or extract keys from secured crypto algorithms (e.g. AES, Kyber, ASCON)[1-5]. Clock, voltage, and EM pulse (EMP) based FIAs are widespread due to the availability of cheap attack hardware [4]. Such glitches exploit digital designs by creating timing failures in the data path, leading to bit-flips, stuck-at-faults, etc. [3,4] (Fig. 1), which are exploited using algorithms such as Differential Faults Attacks [6]. In recent years, a few FIA detector ASICs have emerged, including design-specific attack detectors [7] and design-agnostic detectors[8,9]. [7] implements an error-checkingbased FIA detector for AES with a 40% area overhead. Oversampling the clock to detect glitches[8] restricts timing sensitivity and consumes high power and area (0.8mW, 4800µm2 in 5nm). [9] utilizes a delay-locked-loop (DLL) to determine the duty cycle deviation in the presence of clock glitches, consuming 300µW at 50MHz. Though [8,9] did not include a crypto core, the power consumption of the clock-glitch detector is >50-200% of a typical crypto core (e.g. AES 256 65nm 50MHz is 590µW[10]), calling for an order-of-magnitude improvement in the power of FIA detectors. Moreover, there have been no dedicated voltage or EM Pulse glitch detector ASICs. Relying on a clock-glitch detector for voltage glitch detection, as in [9], may miss a voltage/EM Pulse glitch that creates a fault in the data path but not a clock glitch, causing true negatives.

Noting the fundamental nature of an effective clock glitch, which has fixed amplitude ( $V_{\text{Pp}}$ ) but varies in time ( $\Delta t$ ) (Fig. 1), an integration-based solution promises to be highly sensitive and power efficient. Conversely, voltage/EMP glitch, i.e. small in amplitude ( $\Delta v$ ) and time ( $\Delta t$ ) calls for a differentiator for optimum detection. Utilizing these fundamentals, we introduce 1) an integrating clock glitch detector, to convert time information to voltage information that supports more efficient detection of all types of clock glitches (T1-T12), enabling a 4x benefit in glitch detection window and 33x power reduction over [9], 2) a differentiating voltage glitch/EMP detector consuming only 1.27 $\mu$ W power (<0.5%) with 3) an example newly standardized lightweight crypto-core ASCON, to investigate the effect of FIA, as highlighted in the overall system architecture in Fig. 2.

The system comprises two clock glitch detector units (26.5  $\mu$ W each) operating at opposite levels to provide full coverage of all clock glitch types (odd and even), utilizing the inversion property among different types of clock glitches (Fig. 1). The voltage glitch detector also helps in EMP detection as it creates voltage glitches without tampering with the IC. Internal and external clock glitch generation modalities are designed in for extensive testability. As clock and voltage glitch detectors consume minimal area and power, multiple monitors can be placed in the IC to detect localized attacks.

The clock glitch detector is composed of one integrating amplifier and two differential double-tail samplers with slightly different threshold voltages (TH1/2) to define the acceptable window for normal clock operation (Fig. 2). The differential variant of double-tail sampler provides better performance in terms of power and inputreferred noise. During normal clock operation, the sampler outputs (OUT1/2) will always be 0 and 1, respectively. In the presence of clock glitch, the deviation from normal operation of the positive detector (1A), as shown in Fig. 2-bottom left, ensures detection of glitches that affect the high state of the clock. Simultaneously operating the negative detector (1B) ensures detection of glitches that affect the low state of the clock. Clock glitches trip the detector circuit outside the acceptance window and create an output flag. Given that clock glitches are anomalies in time and detecting fine time leads to high power consumption, this architecture converts time anomalies to voltage anomalies and detects them in the voltage domain. A discrete-time integrating amplifier (Fig. 3) enables current-efficient time-to-voltage conversion. The output differential voltage is proportional to the clock high duration (TINT) and the transconductance (Gm) of the input nMOS pair. An nMOS crosscoupled integrating amplifier with cascading [11] enhances the current efficiency (Gm/ld), thereby reducing power consumption. Time-multiplexed operation further reduces the power consumption of each integrator by keeping them off for 50% of the clock period. Integration also reduces the impact of supply or input voltage noise at the differential output, enabling the detection of sharper clock glitches.

Voltage glitch detection (Fig. 3) operates on the principle of extracting maximum information through differentiation ( $dV/d\Delta t$ ) and filtering out other sources that can interfere with the detection. The self-biased inverter is used as the differentiator due to its low power consumption, followed by a current starved inverter to provide an

adjustable threshold voltage, rejecting supply noise in an amplified domain and creating a digital glitch flag. An RC-filter on the inverter supply ensures glitches only go to the detector input and not to the supply, which helps in avoiding missing alerts. A capacitive divider at the input aids in AC-coupled biasing while preventing direct supply to the ground path. The voltage glitch detector's normally off state only consumes active power in the presence of voltage or electromagnetic interference (EMP). As a result, the total power consumption of voltage glitch detector is only  $1.27\mu W, < 0.58\%$  of power of implemented NIST lightweight crypto core ASCON. We utilize 320-bit data-path ASCON implementation for 80-bit security[12]. Load characterization for different supply voltages and frequencies shows power consumption ranging from  $12\mu W$  at 0.8V supply,  $500 \rm KHz$  to  $850\mu W$  at 1V supply,  $500 \rm MHz$ 

Fig. 4 presents the measured output waveform from the 65nm CMOS IC, illustrating the glitch flag generated when a periodic voltage fault of 200mV depth and 4ns width is introduced every 500ns. The IC glitch flag operates in two modes: continuous multi-glitch detection and single-glitch detection. In Mode 1, the IC can detect continuous incoming glitches to ensure the absence of false-positives or falsenegatives. In Mode 2, the flag output can latch to VDD in the presence of a single voltage glitch, resulting in a total latency of 900ps from the onset of the fault. The voltage glitch detection Shmoo plot demonstrates the detector's performance under various voltage glitch depths and widths. A high-performance AWG is employed to generate voltage glitches with depths ranging from 100mV to 300mV and widths varying from 400ps to 8ns. Additionally, we present the impact of an electromagnetic pulse (EMP) attack on the supply rail of the IC and demonstrate the successful detection of an EMP attack using an on-chip detector for the first time. A 1.5W EMP generates a multi-peak glitch waveform on the IC supply, which the detector perceives as three concurrent glitches in Mode 1 (continuous detection mode) without any missed alerts. The EMP glitch detection Shmoo plot illustrates the detector's performance with varying EMP glitch generation power and the distance of the inductor from the supply. The overall implementation of the voltage glitch/EMP detector occupies an area of 1500µm2 and 1.27µW power.

Fig. 5 presents detailed measurements of the clock-glitch detector. The clock glitch generation circuit employs an internal counter to generate a configurable sharp pulse of 160ps to 1.2ns every 32 cycles of the input clock. This pulse can be added or subtracted to generate T1/T2 and T5-T12 clock glitches for continuous testing of clock glitch attacks. T3/T4 and broader clock glitch attacks are generated externally. The clock glitch Shmoo plot illustrates the detection performance. The detector can detect all tested glitch widths for T1-T4. For the remaining glitch widths, depending on the type of glitch, the crypto core is more susceptible to narrow glitch widths for T5-T6, T9-T10, and to wide glitch widths for T7-T8, T11-T12, respectively. In both ranges where the glitch is more effective, the detector successfully detects with zero errors. The clock glitch detector design offers a 4x improvement in the largest detectable glitch width (400ps in [9] to 1.6ns) for glitches where higher width is more challenging to detect. An operation frequency-independent comparison of glitch detectors is more suitable when compared in terms of duty-cycle deviation. The accurate detection window is improved from 4/50 [9] to 16-28/50 duty cycle deviation, depending on the type of clock glitch. Periodic detection (Fig. 5 top right) of all major types of clock glitches is tested while ensuring there are no missing alerts. In comparison to previous implementations of clock glitch detectors, the overall power consumption is significantly reduced by a factor of 33x at 2.5MHz and 28x at 40MHz, as demonstrated in [9] and [8], respectively. Furthermore, dutycycled operation of the detector further reduces the power consumption to 6µW at 2.5MHz and 53µW at 100MHz.

Fig. 6 illustrates the accuracy and power consumption of the clock glitch detector across a range of supply voltages, demonstrating its wide operational range from 0.85 V to 1.4 V. The complete clock glitch detector has an active area of 2250  $\mu m2$ . The impact of clock glitch faults on the ASCON crypto core has been investigated, revealing that while the absence of clock glitches results in consistent ciphertext generation, the presence of glitches at different clock cycles enables successful fault injection, leading to diverse ciphertext outputs. The comparison table demonstrates a power improvement of 3.6x to 33x over state-of-the-art clock detectors while simultaneously expanding the detection window by 4x. Additionally, the performance and power consumption of a dedicated on-chip voltage/EMP glitch detector are presented for the first time. Although the FIA detectors are designagnostic, when compared to the example ASCON core (216  $\mu$ W at 10 MHz), the overhead of the voltage/EMP and clock-glitch detectors is negligible, comprising only 0.58% and 5% respectively. The die micrograph, power, and area breakdowns of the implemented IC are presented in Fig. 7.



Fig. 1. Clock, voltage, and EMP glitch exploitations on digital designs, optimal operating principles for detecting clock and voltage glitch, inversion property of different types of clock glitches, previous design-agnostic clock glitch detectors.



Fig. 2. Overall system architecture of the implemented IC, clock glitch detector architecture; normal clock operation and deviation from it in the presence of clock glitch, affecting high state of the clock.



Fig. 3. Implemented integrating amplifier architecture and benefits in detecting glitches; Operation and load-characteristics of on-chip ASCON crypto core; Voltage glitch detector and operation analysis



Fig. 4. Implemented integrating amplifier architecture and benefits in detecting glitches; Operation and load-characteristics of on-chip ASCON crypto core; Voltage glitch detector and operation analysis



Fig. 5. Clock glitch generation architecture; measured clock glitch detector output waveforms, detection Shmoo plot and comparison with other state of the art achieving 3.6x-33x benefit compared to [9].



Fig. 6. Measured performance of Clock glitch detector for varied supply voltage; Effect of clock glitch on implemented ASCON core showing different ciphertext output, comparison with prior-art.

art achieving 3.6x-33x benefit compared to [9].

Output, comparison with prior-art.

Authorized licensed use limited to: Purdue University. Downloaded on August 28,2025 at 20:33:36 UTC from IEEE Xplore. Restrictions apply.



## Fig. 7 Chip Micrograph; Power and area breakdown of the different sub-systems; IC specifications

## References:

[1] K. Ramezanpour *et al.*, "A Statistical Fault Analysis Methodology for the Ascon Authenticated Cipher," HOST, 2019, <a href="https://doi.org/10.1109/HST.2019.8741029">https://doi.org/10.1109/HST.2019.8741029</a>
[2] K. Murdock *et al.*, "Flundervolt: Software-based Fault Injection Attacks against Intel SGX," IEEE SP, 2020, <a href="https://doi.org/10.1109/SP40000.2020.00057">https://doi.org/10.1109/SP40000.2020.00057</a>

[3] M. Tunstall *et al.*, "Differential Fault Analysis of the Advanced Encryption Standard Using a Single Fault. In: Ardagna," WISTP, 2011, https://doi.org/10.1007/978-3-642-21040-2\_15

[4] S. Kundu *et al.*, "Carry Your Fault: A Fault Propagation Attack on Side-Channel Protected LWE-Based KEM," CHES, 2024, https://doi.org/10.46586/tches.v2024.i2.844-869

[5] P. Mondal *et al.*, "A Practical Key-Recovery Attack on LWE-Based Key-Encapsulation Mechanism Schemes Using Rowhammer," ACNS, 2024, https://doi.org/10.1007/978-3-031-54776-8 11

[6] A. Ghosh et al., "36.2 An EM/Power SCA-Resilient AES-256 with Synthesizable Signature Attenuation Using Digital-Friendly Current Source and RO-Bleed-Based Integrated Local Feedback and Global Switched-Mode Control," ISSCC, 2021, https://doi.org/10.1109/ISSCC42613.2021.9365978

[7] R. Kumar *et al.*, "15.5 A 100Gbps Fault-Injection Attack Resistant AES-256 Engine with 99.1-to-99.99% Error Coverage in Intel 4 CMOS," ISSCC, 2023, https://doi.org/10.1109/ISSCC42615.2023.10067715

[8] S. Song et al., "An FLL-Based Clock Glitch Detector for Security Circuits in a 5nm FINFET Process," VLSI, 2022,

https://doi.org/10.1109/VLSITechnologyandCir46769.2022.9830157

[9] Y. He et al., " 16.5 A Synthesizable Design-Agnostic Timing Fault Injection

## Acknowledgements

<Acknowledgment placeholder>

Monitor Covering 2MHz to 1.26GHz Clocks in 65nm CMOS," ISSCC, 2024, <a href="https://doi.org/10.1109/ISSCC49657.2024.10454280">https://doi.org/10.1109/ISSCC49657.2024.10454280</a>

[10] A. Ghosh *et al.*, "Syn-STELLAR: An EM/Power SCA-Resilient AES-256 With Synthesis-Friendly Signature Attenuation," JSSC, 2022, https://doi.org/10.1109/JSSC.2021.3113335

[11] Y. Ray *et al.*, "Analysis of Discrete-Time Integrating Amplifiers as an Alternative to Continuous-Time Amplifiers in Broadband Receivers," OJCAS, 2023, https://doi.org/10.1109/OJCAS.2023.3338210

[12] C. Dobraunig *et al.*," Ascon v1.2: Lightweight Authenticated Encryption and Hashing, J Cryptol, 2021, <a href="https://doi.org/10.1007/s00145-021-09398-9">https://doi.org/10.1007/s00145-021-09398-9</a>