Fault Injection + Power Side-Channel Resistance
FIPS 140-3 Level 3 requires physical attack countermeasures beyond logical security. The zeroRISC IP core implements redundant logic paths, glitch detectors, alert architecture, and masked cryptographic operations to resist EMFI, laser fault injection, voltage glitching, and differential power analysis.
Request DatasheetPhysical attack vectors and assurance levels
| Attack Vector | Description | Countermeasure | Status |
|---|---|---|---|
| EMFI | Electromagnetic fault injection — localized EM pulse disrupts logic state | Redundant execution paths + majority voter; alert on divergence | MITIGATED |
| Laser FI | Focused laser beam flips individual SRAM cells or logic gates | Metal shield layer in PDK; sensor mesh with tamper response | MITIGATED |
| Voltage Glitch | Supply voltage transient causes skipped instructions or corrupted ALU results | On-chip voltage glitch detector; clamp + alert on rail deviation | MITIGATED |
| Clock Glitch | Short clock pulse causes setup-time violations in sequential logic | Clock glitch detector circuit; redundant clock domain sampling | MITIGATED |
| DPA / SPA | Differential/simple power analysis correlates switching activity with key bits | First-order masking for AES and HMAC; randomized stall insertion in pipeline | MITIGATED |
| Timing Attack | Variable execution time leaks secret-dependent branching or memory access patterns | Constant-time cryptographic operations; no secret-dependent branches | MITIGATED |
| Microprobing | Physical access to internal buses via FIB/microprobe | Metal bus encryption; active shield mesh; wire bonding on top metal | PARTIAL* |
* Microprobing resistance depends on packaging choices made by the OEM. zeroRISC provides bus encryption; physical package security (potting, active enclosure) is OEM scope.
Implementation of physical attack countermeasures
Redundant Logic Paths
Critical security decisions (lifecycle checks, key operations, AES S-box) execute on two or three redundant logic paths with a majority voter. A divergence between paths triggers the alert handler.
Alert Architecture
Centralized alert handler receives signals from glitch detectors, sensor mesh, redundancy voters, and parity checkers. Configurable response: key wipe, lifecycle lock-to-RMA, or CPU reset.
Masking (AES / HMAC)
First-order boolean masking applied to AES S-box and HMAC compression function. Random share refreshing seeded from CSRNG every n operations (configurable).
PRNG Pipeline Stalls
CSRNG-seeded random stall insertion in the cryptographic pipeline reduces DPA correlation by randomizing the timing of power consumption peaks across many traces.
Glitch Detectors
Dedicated voltage and clock glitch detector circuits monitor VDD and CLK rail quality. Configured thresholds trigger alert within 2 clock cycles of a detected anomaly.
Sensor Mesh
Active tamper detection mesh layered over the RoT die area detects physical probing or die opening. Breach triggers immediate key wipe via OTP destruction command.
Request the fault-injection countermeasure datasheet
Detailed countermeasure specification with test methodology and FIPS 140-3 Level 3 design evidence package. Note: zeroRISC provides the IP-level countermeasures; package-level physical security (potting, active enclosure) is OEM scope and is not replaced by this IP block.