CN101197660A - Encrypting method and chip for anti-attack standard encryption criterion - Google Patents
Encrypting method and chip for anti-attack standard encryption criterion Download PDFInfo
- Publication number
- CN101197660A CN101197660A CNA2006101192396A CN200610119239A CN101197660A CN 101197660 A CN101197660 A CN 101197660A CN A2006101192396 A CNA2006101192396 A CN A2006101192396A CN 200610119239 A CN200610119239 A CN 200610119239A CN 101197660 A CN101197660 A CN 101197660A
- Authority
- CN
- China
- Prior art keywords
- des
- mask
- box
- key
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides an attack-proof DES encryption method and an encryption chip, relating to the information security technical field. The encryption chip comprises a memory interface module for the chip input and output, the data bit transformation and comprising each register and an encryption engine DES Mask of the DES decryption operation for realizing the DPA attack proof; an output signal and an input signal of the encryption engine are respectively connected to a corresponding register. The encryption method comprises the following steps that: 1) in the process of clear-text input, a uniform random number of x is used to Mask; 2) the standard DES operation is completed including the XOR operation of a round key generated by the mask of the Key of a Mask Key and the operation of the replacement of a modified S-box; 3) when the result is outputted, the calculation result of the DES is obtained when the uniform random number of x is XOR. The invention can effectively avoid the SPA attack, the DPA attack and the high-order DPA attack.
Description
Technical field
The present invention relates to information security technology, particularly relate to the technology of a kind of attack protection DES (Standard Encryption standard) encryption method and encryption chip.
Background technology
Along with constantly popularizing of network, the raising day by day of social informatization degree, the importance of information security progressively shows especially out.Encryption plays an important role as the strongest weapon in the information security.Cryptographic algorithm at present commonly used roughly can be divided into two classes: be the symmetry algorithm of representative and be the asymmetric arithmetic of representative with RSA (a kind of key encrypt method) and ECC (elliptic curve cryptography) with DES (Standard Encryption standard) and AES (Advanced Encryption Standard).In data communication, the fast and simple advantage of implementation method is widely used symmetric cryptography with enciphering rate.The des encryption algorithm becomes encryption standard to this seventies, has experienced long-term test.
Any safety product or cryptographic system all must in the last few years, a kind of new strong attack method occur in the face of how a defensive attack and a problem of spying out, and people are referred to as bypass attack (SCA).Bypass attack (side channel attack) at first equals proposition in 1998 by Paul Kocher.Bypass attack is exactly a bypass information of utilizing crypto chip to reveal in running, such as power consumption, time, electromagnetic wave and error message etc., utilizes above-mentioned information that cryptographic system is attacked and spied out.Bypass attack has become grave danger of information security chip product, and its harm is far longer than traditional mathematical analysis means.
The SCA power consumption attack is a kind of of bypass attack, and power consumed comes key is attacked when utilizing crypto chip to carry out cryptographic calculation.Chip institute's power consumed when handling nonidentity operation is different, also is different even handle same instruction operands different power consumption, therefore power consumption is analyzed, and can extrapolate key.Power consumption attack is divided into simple power consumption analysis and attacks (SPA) and differential power consumption analysis attack (DPA), and wherein the DPA attack is more effective, and application is more extensive.
Traditional DES algorithm mainly is made of scramble and diffusion, is easy to realize with hardware: yet because the block cipher general character of loop iteration repeatedly, the hardware power consumption presents certain feature in the process that realizes this algorithm.The assailant monitors the power consumption curve of hardware unit, utilizes the method for statistics that collected curve is carried out analyzing and processing, draws the key of DES by statistic algorithm.Traditional DES is fragile in face of DPA, and the probability of success attack is very big in a complete test environment, therefore will redesign the DES that can prevent that DPA from attacking, and this paper has provided one and realized that on algorithm the DES that anti-DPA attacks has adopted the Mask technology.
Summary of the invention
At the defective that exists in the above-mentioned prior art, technical problem to be solved by this invention provides a kind of attack protection DES (Standard Encryption standard) encryption method and the encryption chip thereof that can take precautions against simple power consumption attack (SPA), differential power consumption attack (DPA), high order DPA attack effectively.
In order to solve the problems of the technologies described above, a kind of attack protection DES provided by the present invention (Standard Encryption standard) encryption chip is made up of Memory interface module and crypto engine (encryption core), it is characterized in that comprising:
One input register Memory interface module is used for the conversion of chip input (going out) and data bit;
One crypto engine DES_Mask is used to the DES decrypt operation of realizing that anti-DPA attacks; Each input of crypto engine connects each output of input register interface module respectively;
One output register Memory interface module is used for the conversion of chip output and data bit, and each input of output register interface module connects each output of crypto engine respectively.
Further, described input register Memory interface module comprises data input register, control register, and described output register Memory interface module comprises data output register, status register.
In order to solve the problems of the technologies described above, a kind of attack protection DES provided by the present invention (Standard Encryption standard) encryption method is characterized in that step is:
When 1) expressly importing, it is carried out Mask (XOR calculating) with a random number x;
2) through the DES computing of standard, comprise through with key XOR and the S-box computing of replacing mutually;
3) when the result exports with random number x XOR mutually, obtain the result of calculation of standard DES.
Further, described step 2) key is round key RoundKey in, by random number MaskKey key K ey is carried out mask and generates.
Further, described step 2) S-box of middle S-box for revising, represent with SM-box, and be defined as:
P wherein
-1Expression displacement P's is contrary.
The beneficial effect of attack protection DES provided by the invention (Standard Encryption standard) encryption method and encryption chip:
MASK is a kind of method that prevents DPA, compares with additive method, and higher fail safe is arranged.Its mechanism is by the primary data of input and a random number XOR and the intermediate data that DPA need use is covered.Because each random number difference of encrypting or deciphering use has just been lost the repeatedly computing needed rule of global analysis again, the Fundamentals of Mathematics that DPA attacks have been destroyed.And the key of MASK all data in the middle of being all be modified but finally can recover reduction output to data again.
1), because employing is carried out mask to input plaintext (perhaps ciphertext), behind plaintext and the random number x XOR of input, make in the flow process of whole DES computing, information is expressly just covered by random number x and (mask), power consumption is no longer simply with expressly relevant during computing, and the assailant can not obtain key information with the plaintext correlation by analyzing power consumption.Even the plaintext that the assailant gives is identical at every turn, all different at every turn but random number x is the concrete value that produces at random, and power consumption is and plaintext P and all relevant function of random number x; So no matter simple power consumption attack (SPA), or differential power consumption attack (DPA) is all invalid to DES_Mask.
2), owing to adopt key carried out mask, covered the information of key, even make the assailant attack key, can not obtain any information.Even the key K ey that gives is identical at every turn, all different at every turn but random number MaskKey is the concrete value that produces at random, and power consumption is and key K ey and all relevant function of random number MaskKey; So no matter simple power consumption attack (SPA), or differential power consumption attack (DPA) is all invalid to DES_Mask.
3), in adopting the method generate SM-Box as required, regenerate SM-Box according to the random number X and the MaskKey that latch when needing.Traditional Mask method generally only adopts several fixing look-up tables, selects to use which look-up table as S-Box according to random number, and this mode is attacked generally inoperative to high order DPA; Because SM-Box is relevant with random number, no longer is several look-up tables of fixing, randomness improves greatly, and security performance also improves greatly, so SM-Box can effectively take precautions against the attack of high order DPA; In order to reduce the expense of hardware resource, adopt SRAM to realize SM-Box simultaneously.
Description of drawings
Fig. 1 is the structural representation block diagram of the DES_Mask chip of the embodiment of the invention;
Fig. 2 is the basic principle block diagram of the DES_Mask of the embodiment of the invention;
Fig. 3 is the DES_Mask FB(flow block) of the embodiment of the invention;
Fig. 4 is the FB(flow block) that the key Mask of the embodiment of the invention handles;
Fig. 5 is the SM-Box module frame chart of the embodiment of the invention.
Embodiment
Below in conjunction with description of drawings embodiments of the invention are described in further detail, but present embodiment is not limited to the present invention, every employing analog structure of the present invention, method and similar variation thereof all should be listed protection scope of the present invention in.
The embodiment of the invention is realization DES algorithm high-speed encryption chip design---the DES_Mask IP of a anti-bypass attack (especially DPA attacks).Designed chip not only adopts the canonical algorithm DES of NIST, prevents that DPA from attacking, and also has characteristics at a high speed in addition, can carry out cryptographic calculation to the message of random length, and the key of employing is 64bits (comprising parity check bit).Entire chip is made as DES_Mask IP, and wherein crypto engine is made as DES_Mask.This chip (or IP) design has three wound core parts: bright ciphertext is carried out mask (mask), key is carried out mask (mask) and each the encryption according to the new random number of random number generation.
Entire I P is made up of input, output Memory (register) interface module and crypto engine (encryption core).As shown in Figure 1:
One input register Memory interface module is the bridge between external bus and the engine, the conversion of 32 bit wide data of realization Memory interface and 64 bit wide interfaces of engine; Be made up of Memory interface and each register, register comprises data input register Datain reg, control register Control reg, control register Key reg; Be provided with the Data Input Interface (data in) of 32bits, the address input interface (addrin) of 32bits, the clock signal of 1bits (clk), the reset signal of 1bits (reset), the enable signal of 1bits (EN), the read-write control signal of 1bits (WR);
One crypto engine DES_Mask is the main modular of DES_Mask IP chip, is the core of chip, realizes the DES decrypt operation that anti-DPA attacks; Crypto engine connects the Data Input Interface (Din) that the input register interface module has 64bits, the key input interface (Key) of 64bits, the encryption of 1bits or deciphering input control bit (decrypt), the encryption of 1bits or deciphering start input control bit (load), and the DES algorithm that described whole anti-DPA attacks all is to be finished by crypto engine (DES_Mask);
One output register Memory interface module is the bridge between external bus and the engine, the conversion of 32 bit wide data of realization Memory interface and 64 bit wide interfaces of engine; Register comprises data output register Dataout reg, status register Status reg; The output register interface module connects the output interface (Dout) that crypto engine has 64bits, and output indicating bit (Ready) has been finished in the encryption of 1bits or deciphering; Be provided with the data output interface (data out) of 32bits, the visit corresponding signal (Respond) of 1bits, the interrupt signal output of 1bits (INT).
DES_Mask adopts the Mask technology that plaintext in the DES computing and key are carried out mask, and the related power consumption that makes and import plaintext and storage key does not leak out.The Mask technology is to utilize a random number x to come the key message of wanting mask is handled because random number x is unknown with changeable, therefore promptly be to use DPA to attack after, the result who analyzes not is the legitimate reading that the assailant wants.
Fig. 2 is the basic principle of DES_Mask: when expressly importing, at first with a random number x it is carried out Mask (XOR calculating); Then, the DES computing of process standard; At last when the result exports with random number x XOR mutually, obtain the result of calculation of standard DES.
It is first innovation part of the present invention that input plaintext (perhaps ciphertext) is carried out mask.As can be seen from Figure 2 behind Shu Ru plaintext and the random number x XOR, in the flow process of whole DES computing, the information of plaintext is just covered by random number x and (mask), and power consumption is no longer simply with expressly relevant during computing, and the assailant can not obtain key information with the plaintext correlation by analyzing power consumption.Even the plaintext that the assailant gives is identical at every turn, all different at every turn but random number x is the concrete value that produces at random, and power consumption is and plaintext P and all relevant function of random number x; So no matter simple power consumption attack (SPA), or differential power consumption attack (DPA) is all invalid to DES_Mask.
Fig. 3 is the block diagram of whole DES_Mask, and each the parameter connotation among Fig. 3 is as follows:
M represents 64 input plaintext
X represents 64 input random number
X1 represents IP (X), and promptly X is through initial permutation IP gained
IP represents initial permutation
X1
0-31(or X1
32-63) low 32 (or high 32) parts of expression X1
X2 represents EP (X1
32-63), i.e. X1
32-63Through expanding displacement EP gained
EP represents the expansion displacement of every DES of wheel
Round1
0-63Value after the expression standard DES first round computing
RoundK
0-63Value after the computing of expression standard DES K wheel.
As shown in Figure 3, when the DES_Mask algorithm is initial, at first M is carried out Mask, promptly with X
Pass through initial permutation IP then, be divided into left and right sides two halves.Right half part adds through expanding displacement EP and round key, obtains X2 before input S-box displacement.DES_Mask need be at every X1 that rebuilds when taking turns the DES computing.In order to obtain X1, the present invention uses a S-box who revised, and represents with SM-box.The SM-box design must be satisfied: after X2 exports through SM-box, through obtaining X1 behind displacement P and the left-half XOR expressly
32-63Therefore SM-box is defined as:
P wherein
-1Expression displacement P's is contrary.
In order to rebuild X1, the left-half of algorithm also will be passed through and be handled, with
The phase XOR.Left and right sides two halves algorithm is through after adjusting, and therefore whenever takes turns the DES algorithm and finishes, and X1 is just rebuilt.
Last is taken turns after the DES, 32 exchanges of left and right sides two parts, every part all will with
XOR, then through the FP displacement, last and Mask random number X XOR obtains final result.
From the DES_Mask flow chart and above analysis can see that the emphasis of whole algorithm is the reconstruction of X1, the value that obtains after the every DES_Mask of wheel computing is the value RoundK that obtains after the standard DES computing
0-63With the X1 value of XOR mutually, promptly
Algorithm like this realizes having two benefits: the first, each value of taking turns DES_Mask is all used the X1 mask, and median is also no longer leaked; The second, after X1 carries out contrary initial permutation FP, promptly obtain X, with the X XOR, just can make the counteracting of the random number information of centre the result of DES_Mask and standard DES in full accord during final DES_Mask output.
Key handling:
Above the FB(flow block) of DES_Mask has provided Mask process expressly, comprises Mask XOR, S-Box processing, left-half data processing or the like, and this section is inquired into the Mask of key.Can cover up the correlation of input plaintext plaintext M ask with power consumption, if but key is carried out DPA attack, be not enough only to plaintext M ask, need be to key also Mask.Adopt the key schedule of Mask technology that the input key has been carried out XOR, the information of key has also been covered in the whole algorithm engineering.It is second largest innovation part of the present invention that key is carried out the mask processing.
Generate block diagram as Fig. 4 for the key that adopts the Mask technology, wherein Key is the input key; MaskKey is a random number, is used for the Mask key; PC1 and PC2 are respectively displacement selection 1 and displacement selects 2; Round1Key to Round16Key 16 takes turns round key.
ROL represents ring shift left in the following formula, the figure place difference that moves to left according to different wheel numbers; PC1 and PC2 are that displacement selects 1 and 2.
From top analysis as can be seen, key is carried out mask, covered the information of key,, can not obtain any information even make the assailant attack key.Even the key K ey that gives is identical at every turn, all different at every turn but random number MaskKey is the concrete value that produces at random, and power consumption is and key K ey and all relevant function of random number MaskKey; So no matter simple power consumption attack (SPA), or differential power consumption attack (DPA) is all invalid to DES_Mask.
The S-Box design:
It is non-linear that S-Box replaces, in order to adapt to the correction of Mask algorithm needs.In the DES_Mask algorithm, adopted and revised SM-Box:
SM-Box can adopt fixedly look-up table method realization, the method that also can adopt each encryption to generate.The DES algorithm has 8 S-Box, and therefore same DES_Mask algorithm also needs 8 SM-Box.The fixed table method is solidified several different SM-Box look-up tables at IP, estimates the different different look-up tables of random number selection.For example solidify four SM-Box, then according to last two (2 of random number
2) SM-Box of selection.The fixed table method realizes simple, but has reduced randomness, and security performance reduces, and the strick precaution effect that high-order DPA is attacked is general.
To take precautions against the method that effect the present invention employing generates SM-Box as required in order strengthening, to regenerate SM-Box according to the random number X and the MaskKey that latch when needing.Because SM-Box is relevant with random number, no longer is several look-up tables of fixing, randomness improves greatly, and security performance also improves greatly; In order to reduce the expense of hardware resource, adopt SRAM to realize SM-Box simultaneously.Generating SM-Box as required at random is the design's the third-largest innovation.Traditional Mask method generally only adopts several fixing look-up tables, selects to use which look-up table as S-Box according to random number, and this mode is attacked generally inoperative to high order DPA; The design adopts generates the attack that SM-Box can effectively take precautions against high order DPA at random.
The S box of standard DES has 6 inputs to produce 4 outputs, realizes the fixing function of replacing.When realizing with SRAM, can be used as address wire to 6 inputs, data wire is used as in 4 outputs, and is also different according to the difference output of address.Fig. 5 is the module frame chart of SM-BOX, and each SM-Box module is made up of a SRAM (sram64x4) and state machine (State Machine).
SRAM has 4 input data line din, 4 to select cen (effectively low), output enable oen (effectively low) and write with address wire addr, sheet with output data line dout, 6 to enable wen (low effective).Because during DES_Mask work, SM-Box will export effectively always, so choosing of the sheet of SRAM and output enable oen connect low level all the time; Control by state machine and write enable signal, be used with addr/din.
State machine (State Machine) is the SM-Box core, is used for controlling whole SM-Box work.When the load signal is effective, at first SRAM is carried out write operation, the value that substitutes is write among the SRAM, at this moment the addr of SRAM is controlled by state machine, and a clock is write an address, writes 64 clocks altogether; Write finish after, the addr of SRAM is directly controlled by the input signal S_i of the SM-Box of outside, and the input S_o of SM-Box is received in the output of SRAM always.Upgrading a SRAM needs 64 clock cycle, long; But do not need each encryption all to upgrade, can encrypt SRAM of renewal per five times, like this data throughput and fail safe can both guarantee.
Random number generates:
Two 64 random number: X and MaskKey have been used in whole DES_Mask design.Two random numbers produce by the RNG (random number generation module) that is embedded among the IP and generate random number of each clock generating.When each encryption began, at first the random number that RNG is produced was latched among X and the MaskKey, remains unchanged in the process of whole encryption and decryption.
Claims (5)
1. attack protection des encryption chip is characterized in that comprising:
One input register Memory interface module is used for the conversion of chip input and data bit;
One crypto engine DES_Mask is used to the DES decrypt operation of realizing that anti-DPA attacks; Each input of crypto engine connects each output of input register interface module respectively;
One output register Memory interface module is used for the conversion of chip output and data bit, and each input of output register interface module connects each output of crypto engine respectively.
2. attack protection des encryption chip according to claim 1, it is characterized in that, described register Memory interface module comprises data input register, control register, and described output register Memory interface module comprises data output register, status register.
3. attack protection des encryption method that is used for the described encryption chip of claim 1 is characterized in that the step of method is:
When 1) expressly importing, it is carried out Mask (XOR calculating) with a random number x;
2) through the DES computing of standard, comprise through with key XOR and the S-box computing of replacing mutually;
3) when the result exports with random number x XOR mutually, obtain the result of calculation of standard DES.
4. attack protection des encryption method according to claim 3 is characterized in that described step 2) in key be round key RoundKey, by random number MaskKey key K ey is carried out mask and generates.
5. attack protection des encryption method according to claim 3 is characterized in that described step 2) S-box of middle S-box for revising, represent with SM-box, and be defined as:
P wherein
-1Expression displacement P's is contrary.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006101192396A CN101197660A (en) | 2006-12-07 | 2006-12-07 | Encrypting method and chip for anti-attack standard encryption criterion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006101192396A CN101197660A (en) | 2006-12-07 | 2006-12-07 | Encrypting method and chip for anti-attack standard encryption criterion |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101197660A true CN101197660A (en) | 2008-06-11 |
Family
ID=39547831
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006101192396A Pending CN101197660A (en) | 2006-12-07 | 2006-12-07 | Encrypting method and chip for anti-attack standard encryption criterion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101197660A (en) |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101908963A (en) * | 2010-08-09 | 2010-12-08 | 北京飞天诚信科技有限公司 | Method for realizing digest engine |
| CN101958789A (en) * | 2010-09-17 | 2011-01-26 | 北京航空航天大学 | High-speed data encryption/decryption module in communication link |
| CN102024810A (en) * | 2009-09-18 | 2011-04-20 | 索尼公司 | Integrated circuit and electronic apparatus |
| CN101431405B (en) * | 2008-11-17 | 2011-09-14 | 暨南大学 | DES encrypted method and its hardware circuit implementing method |
| CN102571331A (en) * | 2012-02-07 | 2012-07-11 | 中国科学院软件研究所 | Cryptographic algorithm realization protecting method used for defending energy analysis attacks |
| CN102880836A (en) * | 2011-07-15 | 2013-01-16 | 富士通半导体股份有限公司 | Security device |
| CN102970134A (en) * | 2012-12-11 | 2013-03-13 | 成都卫士通信息产业股份有限公司 | Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment |
| CN102983964A (en) * | 2012-12-28 | 2013-03-20 | 大唐微电子技术有限公司 | method and device for improving digital encryption standard resisting differential power analysis |
| CN103384197A (en) * | 2012-05-03 | 2013-11-06 | 国家电网公司 | Circuit, chip and method for defending against energy attack on grouping algorithm |
| CN103618595A (en) * | 2013-09-13 | 2014-03-05 | 杭州晟元芯片技术有限公司 | Cryptographic algorithm substitution circuit of resisting power consumption analysis |
| CN103647639A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | Method for symmetric cryptographic algorithm to resist side-channel analysis |
| CN103684748A (en) * | 2012-09-26 | 2014-03-26 | 上海复旦微电子集团股份有限公司 | Symmetric encryption and decryption method, and symmetric encryption and decryption system |
| CN103888247A (en) * | 2014-03-10 | 2014-06-25 | 深圳华视微电子有限公司 | Data processing system resistant to differential power attack analysis and data processing method thereof |
| CN103905462A (en) * | 2014-04-16 | 2014-07-02 | 深圳国微技术有限公司 | Encryption processing device and method capable of defending differential power analysis attack |
| CN104579635A (en) * | 2015-01-27 | 2015-04-29 | 聚辰半导体(上海)有限公司 | DES system capable of performing circulatory iteration to resist channel attack and remapping achieving SBOX method |
| CN104639312A (en) * | 2013-11-08 | 2015-05-20 | 国家电网公司 | Anti-power-attack method and device for DES (Data Encrypt Standard) algorithm |
| CN104639502A (en) * | 2013-11-08 | 2015-05-20 | 国家电网公司 | Mask method and device for resisting power attack in SM4 algorithm |
| CN106330424A (en) * | 2015-06-17 | 2017-01-11 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device of password module based on SM3 algorithm |
| CN106341230A (en) * | 2015-07-08 | 2017-01-18 | 吴清山 | Unconditional security cryptosystem |
| CN106462701A (en) * | 2014-06-12 | 2017-02-22 | 密码研究公司 | Performing cryptographic data processing operations in a manner resistant to external monitoring attacks |
| CN106503590A (en) * | 2016-10-17 | 2017-03-15 | 杭州国芯科技股份有限公司 | A kind of anti-power consumption attack circuit of chip and the method for preventing power consumption attack |
| CN106911461A (en) * | 2017-01-13 | 2017-06-30 | 江苏大学 | A kind of McEliece public key mask encryption methods of secure lightweight |
| CN108964872A (en) * | 2018-07-23 | 2018-12-07 | 武汉大学 | A kind of encryption method and device based on AES |
| CN109617668A (en) * | 2018-12-14 | 2019-04-12 | 四川长虹电器股份有限公司 | A method of preventing bypass attack |
| CN110263586A (en) * | 2019-06-19 | 2019-09-20 | 广西师范大学 | A kind of hardware security appraisal procedure of chaos cipher system |
| CN107070633B (en) * | 2017-03-20 | 2021-08-03 | 江苏大学 | AES mask encryption method for resisting high-order power analysis |
-
2006
- 2006-12-07 CN CNA2006101192396A patent/CN101197660A/en active Pending
Cited By (48)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101431405B (en) * | 2008-11-17 | 2011-09-14 | 暨南大学 | DES encrypted method and its hardware circuit implementing method |
| CN102024810B (en) * | 2009-09-18 | 2013-06-19 | 索尼公司 | Integrated circuit and electronic apparatus |
| CN102024810A (en) * | 2009-09-18 | 2011-04-20 | 索尼公司 | Integrated circuit and electronic apparatus |
| CN101908963A (en) * | 2010-08-09 | 2010-12-08 | 北京飞天诚信科技有限公司 | Method for realizing digest engine |
| CN101958789B (en) * | 2010-09-17 | 2012-07-04 | 北京航空航天大学 | High-speed data encryption/decryption module in communication link |
| CN101958789A (en) * | 2010-09-17 | 2011-01-26 | 北京航空航天大学 | High-speed data encryption/decryption module in communication link |
| CN102880836A (en) * | 2011-07-15 | 2013-01-16 | 富士通半导体股份有限公司 | Security device |
| US9152805B2 (en) | 2011-07-15 | 2015-10-06 | Socionext Inc. | Security device |
| CN102880836B (en) * | 2011-07-15 | 2016-02-10 | 株式会社索思未来 | Safety feature |
| CN102571331A (en) * | 2012-02-07 | 2012-07-11 | 中国科学院软件研究所 | Cryptographic algorithm realization protecting method used for defending energy analysis attacks |
| CN103384197B (en) * | 2012-05-03 | 2016-08-31 | 国家电网公司 | A kind of defence circuit, chip and method to grouping algorithm Attacks |
| CN103384197A (en) * | 2012-05-03 | 2013-11-06 | 国家电网公司 | Circuit, chip and method for defending against energy attack on grouping algorithm |
| WO2013163854A1 (en) * | 2012-05-03 | 2013-11-07 | 国网电力科学研究院 | Circuit, chip and method against power attack for grouping algorithms |
| CN103684748A (en) * | 2012-09-26 | 2014-03-26 | 上海复旦微电子集团股份有限公司 | Symmetric encryption and decryption method, and symmetric encryption and decryption system |
| CN103684748B (en) * | 2012-09-26 | 2017-02-08 | 上海复旦微电子集团股份有限公司 | Symmetric encryption and decryption method, and symmetric encryption and decryption system |
| CN102970134B (en) * | 2012-12-11 | 2015-06-03 | 成都卫士通信息产业股份有限公司 | Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment |
| CN102970134A (en) * | 2012-12-11 | 2013-03-13 | 成都卫士通信息产业股份有限公司 | Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment |
| CN102983964A (en) * | 2012-12-28 | 2013-03-20 | 大唐微电子技术有限公司 | method and device for improving digital encryption standard resisting differential power analysis |
| CN103618595A (en) * | 2013-09-13 | 2014-03-05 | 杭州晟元芯片技术有限公司 | Cryptographic algorithm substitution circuit of resisting power consumption analysis |
| CN103618595B (en) * | 2013-09-13 | 2017-03-29 | 杭州晟元数据安全技术股份有限公司 | A kind of cryptographic algorithm substitution circuit of resisting power consumption analysis |
| CN104639312A (en) * | 2013-11-08 | 2015-05-20 | 国家电网公司 | Anti-power-attack method and device for DES (Data Encrypt Standard) algorithm |
| CN104639312B (en) * | 2013-11-08 | 2017-12-29 | 国家电网公司 | A kind of method and device of the anti-Attacks of DES algorithms |
| CN104639502B (en) * | 2013-11-08 | 2017-12-05 | 国家电网公司 | A kind of mask method and device of the anti-Attacks of SM4 algorithms |
| CN104639502A (en) * | 2013-11-08 | 2015-05-20 | 国家电网公司 | Mask method and device for resisting power attack in SM4 algorithm |
| CN103647639A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | Method for symmetric cryptographic algorithm to resist side-channel analysis |
| CN103888247B (en) * | 2014-03-10 | 2017-09-22 | 深圳华视微电子有限公司 | Resist the data handling system and its data processing method of Differential power attack analysis |
| CN103888247A (en) * | 2014-03-10 | 2014-06-25 | 深圳华视微电子有限公司 | Data processing system resistant to differential power attack analysis and data processing method thereof |
| US9628265B2 (en) | 2014-04-16 | 2017-04-18 | Shenzhen State Micro Technology Co., Ltd. | Encryption processing device and method capable of defending differential power analysis attack |
| WO2015158038A1 (en) * | 2014-04-16 | 2015-10-22 | 深圳国微技术有限公司 | Encryption device and method of defending against differential power analysis attack |
| CN103905462A (en) * | 2014-04-16 | 2014-07-02 | 深圳国微技术有限公司 | Encryption processing device and method capable of defending differential power analysis attack |
| CN103905462B (en) * | 2014-04-16 | 2017-05-17 | 深圳国微技术有限公司 | Encryption processing device and method capable of defending differential power analysis attack |
| US11757617B2 (en) | 2014-06-12 | 2023-09-12 | Cryptography Research, Inc. | Performing cryptographic data processing operations in a manner resistant to external monitoring attacks |
| CN106462701A (en) * | 2014-06-12 | 2017-02-22 | 密码研究公司 | Performing cryptographic data processing operations in a manner resistant to external monitoring attacks |
| US10897344B2 (en) | 2014-06-12 | 2021-01-19 | Cryptography Research, Inc. | Performing cryptographic data processing operations in a manner resistant to external monitoring attacks |
| CN104579635A (en) * | 2015-01-27 | 2015-04-29 | 聚辰半导体(上海)有限公司 | DES system capable of performing circulatory iteration to resist channel attack and remapping achieving SBOX method |
| CN104579635B (en) * | 2015-01-27 | 2018-07-06 | 聚辰半导体(上海)有限公司 | The DES systems of recyclable iteration preventing side-channel attack and realization can remap SBOX methods |
| CN106330424B (en) * | 2015-06-17 | 2019-11-05 | 上海复旦微电子集团股份有限公司 | The anti-attack method and device of crypto module based on SM3 algorithm |
| CN106330424A (en) * | 2015-06-17 | 2017-01-11 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device of password module based on SM3 algorithm |
| CN106341230A (en) * | 2015-07-08 | 2017-01-18 | 吴清山 | Unconditional security cryptosystem |
| CN106341230B (en) * | 2015-07-08 | 2020-08-21 | 吴清山 | Method for realizing unconditional safety of modern cryptosystem by shortening cipher text length |
| CN106503590A (en) * | 2016-10-17 | 2017-03-15 | 杭州国芯科技股份有限公司 | A kind of anti-power consumption attack circuit of chip and the method for preventing power consumption attack |
| CN106503590B (en) * | 2016-10-17 | 2019-02-01 | 杭州国芯科技股份有限公司 | A kind of method chip anti-power consumption attack circuit and prevent power consumption attack |
| CN106911461A (en) * | 2017-01-13 | 2017-06-30 | 江苏大学 | A kind of McEliece public key mask encryption methods of secure lightweight |
| CN107070633B (en) * | 2017-03-20 | 2021-08-03 | 江苏大学 | AES mask encryption method for resisting high-order power analysis |
| CN108964872B (en) * | 2018-07-23 | 2020-05-26 | 武汉大学 | Encryption method and device based on AES |
| CN108964872A (en) * | 2018-07-23 | 2018-12-07 | 武汉大学 | A kind of encryption method and device based on AES |
| CN109617668A (en) * | 2018-12-14 | 2019-04-12 | 四川长虹电器股份有限公司 | A method of preventing bypass attack |
| CN110263586A (en) * | 2019-06-19 | 2019-09-20 | 广西师范大学 | A kind of hardware security appraisal procedure of chaos cipher system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101197660A (en) | Encrypting method and chip for anti-attack standard encryption criterion | |
| US8094816B2 (en) | System and method for stream/block cipher with internal random states | |
| Gueron | Intel’s new AES instructions for enhanced performance and security | |
| CA2578316C (en) | Table splitting for cryptographic processes | |
| CN101350714B (en) | Efficient advanced encryption standard (AES) data path using hybrid RIJNDAEL S-BOX | |
| US7720225B2 (en) | Table splitting for cryptographic processes | |
| TWI338872B (en) | ||
| JP5198526B2 (en) | Encryption device and decryption device | |
| EP3371928B1 (en) | Key sequence generation for cryptographic operations | |
| CN107491317A (en) | A kind of symmetrical encryption and decryption method and systems of AES for accelerating platform based on isomery | |
| US8619985B2 (en) | Table splitting for cryptographic processes | |
| CN106487499B (en) | protection of Rijndael algorithm | |
| CN103051446B (en) | A kind of key encrypting and storing method | |
| US20120093308A1 (en) | Apparatus and method for generating random data | |
| CN102541762A (en) | Data protector for external memory and data protection method | |
| Paragas et al. | Hill cipher modification: A simplified approach | |
| EP3776305A1 (en) | Using cryptographic blinding for efficient use of montgomery multiplication | |
| CN103873229B (en) | Rapid protection method for resisting timing and cache side channel attack under KLEIN encryption AVR environment | |
| GB2532835A (en) | Double-mix feistel network for key generation or encryption | |
| CN107171782A (en) | A kind of AES secret daily record encryption methods based on reversible logic circuits | |
| Singh et al. | Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish | |
| Dahiya et al. | Hybrid parallel partial model for robust & secure authentication in healthcare IoT environments | |
| CN107766725B (en) | Template attack resistant data transmission method and system | |
| JP2008139742A (en) | Nonlinear function unit, ciphering device for stream cipher, deciphering device, mac generating device, ciphering method for stream cipher, deciphering method, mac generating method, and program | |
| CN105897405B (en) | 128 Symmetric key generations of one kind and protective device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| ASS | Succession or assignment of patent right |
Owner name: SHANGHAI AIXINNUO HANGXIN ELECTRONIC SCIENCE CO., Free format text: FORMER OWNER: SHANGHAI ANCHUANG INFORMATION TECHNOLOGY CO., LTD. Effective date: 20090515 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090515 Address after: Floor 6, building 555, No. 8, Dongchuan Road, Shanghai, Minhang District Applicant after: Shanghai Aisino Chip Electronic Technology Co., Ltd. Address before: In Shanghai Road, Pudong New Area Zhangjiang hi tech park, 299 No. 6 Lane 202 Applicant before: Shanghai Anchuang Information Technology Co., Ltd. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080611 |