CN103067155A - Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis - Google Patents
Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis Download PDFInfo
- Publication number
- CN103067155A CN103067155A CN2012105787546A CN201210578754A CN103067155A CN 103067155 A CN103067155 A CN 103067155A CN 2012105787546 A CN2012105787546 A CN 2012105787546A CN 201210578754 A CN201210578754 A CN 201210578754A CN 103067155 A CN103067155 A CN 103067155A
- Authority
- CN
- China
- Prior art keywords
- mask
- des
- power consumption
- algorithm
- xor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis. Before a first subkey K1 carries out operation on data, an algorithm process is kept the same with an original DES process, after xor is conducted on a plaintext through the subkey K1 in a first round, a mask off code X is led in, operation of encryption processes from a following second round to a fifteenth round is similar, only numerical values of random numbers of the xor are different, and correctness of processing procedures in the arithmetic is ensured. At last, the mask off code X on the xor is output in a sixteenth round, real ciphertext information is restored through inverse permutation between initial permutation (IP) and final permutation (FP) and a mask off code X4. According to the DES, due to the fact that values and positions of mask off codes added in the first round and the last round are different from those of other rounds, namely encryption by non symmetrical mask off codes, so that effects of the mask off codes cannot be eliminated by adoption of a hamming distance model, and therefore power attack on the DES can be prevented, and the purpose of ensuring safety of a DES secret key is achieved.
Description
Technical field
The present invention relates to a kind of method and test circuit that prevents based on the DES algorithm attack of power consumption analysis, a kind of method and circuit of the DES algorithm being attacked based on power consumption analysis of preventing specifically, can utilize asymmetric mask cryptographic calculation to prevent from power consumption attack to the DES algorithm chip belonging to the Research on Integrated Circuit Security technical field.
Background technology
American National security bureau (NIST) announced a kind of cryptographic algorithm by the computer cryptology research project group development of IBM in 1977, ratify it as the data encryption standard of non-confidential departments, vehicle economy S.The DES algorithm is to be widely used the most in the world up to now and popular a kind of symmetric cryptographic algorithm.Although DES is substituted by new Encryption Standard AES now, domestic a lot of encryption chips are still using the DES algorithm, and it has worked laying a foundation property to development and the application of modern symmetric encipherment algorithm.The DES algorithm of realizing carries out physical attacks to obtain key wherein, and common physical attacks method comprises time series analysis attack method, electromagnetic radiation method and power consumption attack method, and wherein the power consumption attack method is the most effective attack method.
1999, Kocher proposes simple power consumption attack (SPA, Simple Power Analysis) and differential power consumption is attacked (DPA, Differential Power Analysis) method.And utilize this method successfully the smart card of des encryption to be attacked.
A large amount of CMOS (Complementary Metal Oxide Semiconductor complementary metal oxide semiconductors (CMOS)) pipe has been used in the manufacturing of integrated circuit, and this has caused encrypting the power consumption difference that different keys consumes.Like this, in program operation process, the variation of power consumption can reflect the content of the key that uses, the basis that Here it is attacks based on power consumption analysis.
Simple power consumption analysis be the DES algorithm chip be encrypted with decrypting process in, directly measure the power consumption situation of chip, sample to obtain abundant sample value in the fixing moment.Analyze by the power consumption that encryption and decryption are consumed, these power consumptions and corresponding key are mapped, thereby reach the purpose of attack.
Differential power consumption analysis is to extract the relevant information of key with error correcting technique by statistical analysis from the power consumption information that gathers.Generally, simple power consumption analysis need to be known the application specific details of object code.Therefore, only in the situation that guarantees certain signal to noise ratio, simple power consumption analysis could be effectively.And differential power consumption analysis is much smaller to the requirement of signal to noise ratio, but need to obtain the power consumption number of a large amount of different samples, and corresponding sample is carried out statistical analysis just can obtain corresponding key.
The DES chip is carried out the power consumption attack method normally: at first, select certain median of DES implementation, this median will by cipher key operation, in most of Attack Scenarios, generally be chosen plaintext or ciphertext as this median; Then, measure the actual power loss of des encryption process, if gather D ciphering process, the each encryption gathers T power consumption point, then obtains the power consumption matrix of a D * T, is designated as matrix T; And calculate the median of hypothesis, and suppose that key k has the K kind possible, go out median for computations each time, can obtain the matrix V of a D * K; Then median is mapped as the analog power consumption value, and adopts power consumption model (Hamming distance or Hamming weight model), calculate the matrix of a D * K, be designated as the H matrix; Calculate again the correlation between analog power consumption matrix and the actual power loss matrix, draw the matrix of a K * T, be designated as the Z matrix, its every delegation is the key of corresponding a kind of conjecture respectively, the corresponding coefficient correlation between this moment analog power consumption and actual power loss of each row, computing formula is as shown in Equation 1; Utilize at last the Z matrix to draw out curve (key-correlation curve) by row, the curve that peak value occurs is corresponding power consumption attack result.
H wherein
D, iBe H entry of a matrix element, i=1~K, t
D, jBe T entry of a matrix element, j=1 ~ T.
At present strick precaution is roughly adopted several measure described below to the method that the DES chip carries out power consumption attack.
1) introduces random noise.In system, increase by one and produce the at random module of power consumption, and when Montgomery Algorithm is worked, enable this module, thereby so that the at random power consumption of these generations is superimposed on the power consumption mark of assailant's acquisition, so that useful power consumption information falls into oblivion fully in useless at random power consumption, effective information and the signal difference score value of all Some Related Algorithms operations all can not appear in the power consumption trajectory diagram.Can increase the difficulty that the assailant obtains useful power consumption mark although introduce random noise, so that it is more difficult to decode key, if but the at random power consumption of introducing is not ideal enough, and the power consumption curve that the assailant obtains is abundant, the at random power consumption that the designer introduces still can be filtered out.
2) make the execution sequential randomization of circuit.Encryption device can the frequency of utilization change at random internal clocking, suppose the cryptographic calculation of one of each clock cycle processing, randomly the selective system clock so that the power consumption mark that ciphering process produces can't align because of the difference of clock cycle, if directly carry out calculus of differences, the correct track that the difference mark that obtains neither be required.But like this so that a plurality of clocks occurred in a system, so that the implementation complexity of rear end promotes greatly.
Summary of the invention
Goal of the invention: for problems of the prior art and deficiency, the invention provides a kind of method and test circuit that prevents based on the DES algorithm attack of power consumption analysis, can take precautions against the DES chip is carried out power consumption attack, make the assailant can't obtain by simple power consumption analysis and differential power consumption analysis method the key of DES.
Technical scheme: a kind of preventing comprises the steps: based on the method for the DES algorithm attack of power consumption analysis
At first sub-key K
1Before data not being operated, it is identical with original DES flow process that the cryptographic algorithm flow process keeps, at first round sub-key K
1Introduce mask X to expressly carrying out behind the XOR;
The the 2nd to the 15th ciphering process of taking turns subsequently, mode of operation is similar, and only the random number numerical value of XOR is not identical, is intended to keep the correctness of algorithm intermediate treatment process function;
Mask X on the XOR before the 16th takes turns ciphering process output passes through IP inverse permutation (FP) and also adds mask X at last
4The cipher-text information of rediscover.
Described mask X is random number, mask X
1~ X
4Equal random numbers for being calculated by X, computational methods are: X
1=P (X), X
2=EP (X
1),
X
4=IP ([X
3, X
3]), wherein P () expression P box is replaced, the displacement of EP () expression E box, and IP () expression IP displacement, [X3, X3] represents with two mask X
3The variable that is spliced into of head and the tail, thereby mask X is 32bit, mask X
1Be 32bit, mask X
2Be 48bit, mask X
3Be 32bit, mask X
4Be 64bit.
A kind of test circuit that prevents based on the DES algorithm attack of power consumption analysis, mainly by oscilloscope, PC, difference detector, power supply, daughter board and motherboard consist of; Oscilloscope records the electric current that produces when motherboard moves cryptographic calculation in real time by being connected on the difference detector at the resistance two ends that are series between motherboard and the power supply.After current value is converted into corresponding power consumption number, by netting twine power consumption data is transferred to PC.PC also will send excitation to motherboard except receiving and process the power consumption data.Wherein, FPGA is as motherboard, respectively burning the image file of original DES algorithm and the improved DES algorithm of this paper.In addition, a microprocessor that utilizes the UART interface integrated is as daughter board, for motherboard and PC provide interface, makes things convenient for the transmission of excitation vectors between PC and FPGA.
Beneficial effect: with respect to prior art, among the present invention, because the mask value that the first run of DES and end wheel add and position all differ from other and take turns, be non-to covering encryption, so that effect that can't the cancellation mask when it is adopted the Hamming distance model, thereby reach the protection to the power consumption attack of DES algorithm, guarantee the purpose of DES secret key safety.
Description of drawings
Fig. 1 is the flow chart of the embodiment of the invention;
Fig. 2 is the circuit diagram of the asymmetric mask DES of the embodiment of the invention;
Fig. 3 is the asymmetric mask DES simulation waveform of the embodiment of the invention;
Fig. 4 is that the CPA of the embodiment of the invention attacks the asymmetric mask DES of experimental result (a) symmetrical DES algorithm (b) algorithm.
Embodiment
Below in conjunction with specific embodiment, further illustrate the present invention, should understand these embodiment only is used for explanation the present invention and is not used in and limits the scope of the invention, after having read the present invention, those skilled in the art all fall within the application's claims limited range to the modification of the various equivalent form of values of the present invention.
For overcoming the potential safety hazard of using same mask to bring between traditional symmetric cryptography two-wheeled, the present invention's proposition prevents the method based on the DES algorithm attack of power consumption analysis, its core concept is that mask value that the first run of DES and end wheel are added and position all differ from other and take turns, so that effect that can't the cancellation mask when it is adopted the Hamming distance model.The idiographic flow of this programme as shown in Figure 1, wherein X is random number, X
1~ X
4Equal random numbers for being calculated by X, computational methods are: X
1=P (X), X
2=EP (X
1),
X
4=IP ([X
3, X
3]), wherein P () expression P box is replaced, the displacement of EP () expression E box, and IP () expression IP displacement, [X3, X3] represents with two X
3The variable that is spliced into of head and the tail, thereby X is 32bit, X
1Be 32bit, X
2Be 48bit, X
3Be 32bit, X
4Be 64bit.
The method is at first sub-key K
1Before data not being operated, it is identical with original DES flow process that algorithm flow keeps, at first round sub-key K
1Introduce mask X to expressly carrying out behind the XOR; The the 2nd to the 15th ciphering process of taking turns subsequently, mode of operation is similar, and only the random number numerical value of XOR is not identical, is intended to keep the correctness of algorithm intermediate treatment process function; Mask X on the XOR before the 16th takes turns output passes through IP inverse permutation (FP) and also adds mask X at last
4The cipher-text information of rediscover.
Can find out that from the method only after key information was introduced, just to mask on the register superposition, after this random number directly affected the upset of register, thereby change the actual power loss that algorithm produces.If adopt above-mentioned CPA attack method to this algorithm is same, still choosing value after the IP displacement and the output valve of the first run is the point of attack.Take the first round as example; Hamming distance between value in this scheme after the IP displacement and the output valve of the first run is shown in the formula (2), wherein R
0The 32-63bit part that plaintext M is carried out the data behind the initial permutation, R
1The 32-63bit part of first round output data, the Hamming distance of visible this programme because XOR random number X
1And become random number.
And corresponding to original DES, Hamming distance still is shown in the formula (3), and the impact of random number is eliminated:
Can find out, owing to introduced random number X
1, so that the Hamming distance of this scheme is different from the Hamming distance of standard DES.Be that the assailant utilizes the Hamming distance model can't characterize out actual power consumption consumption.Therefore concerning CPA attacked, even the conjecture key is correct, coefficient correlation also can't obtain maximum.
The DES algorithm comprises 16 interative computations of taking turns, and wherein, except the first run and end wheel, each breast wheel operating process is identical.Therefore, 16 take turns operation can use same set of hardware configuration realization in difference constantly by the bound fraction control logic, and namely one-period is finished a cryptographic calculation of taking turns.Need 16 cycles so finish once complete cryptographic calculation.Sub-key generation method is identical with standard DES algorithm, only needs shift operation and in-place computation to realize.In addition, this algorithm is except mask type S box, and the residue in-place computation is all identical with the DES standard, is not described in detail in this.
Down the circuit unit that relates to the mask operation is described in detail.
Random number generation circuit:
Employed random number is to be produced by the pseudorandom number generator (RNG) of hardware description in the design of this paper, and implementation method is linear feedback shift register.
Mask circuit between wheel:
Mask circuit between wheel, for generation of asymmetrical at random Mask, owing to take turns in the iteration at each, each intermediate object program of 64 is divided into left and right sides two parts, and left and right sides two parts are processed as 32 separate bit data.
The 1st takes turns: random mask X on the left-half XOR.Right half part is random mask X on the output XOR of S box, and obtains after the displacement of P box.Owing to take turns S box unmodified at this, the displacement of P box is linear operation, therefore is somebody's turn to do mask X on the Output rusults XOR of taking turns right half part
1
The the 2nd to 15 takes turns interative computation: left-half is the output of last round of right half part, i.e. random mask X on the left-half XOR
1Right half part is after the S box behind the expansion of E box, the mask, the displacement of P box, and Output rusults keeps mask X on the XOR
1So that algorithm flow keeps the symmetry of height, guarantee that also the function of algorithm is correct like this.
The 16th takes turns: random mask X on the left-half XOR; The computing of right half part and the 15th is taken turns class of operation seemingly, and unique difference is mask X on P box output XOR only.So so that mask X on the two-part output difference XOR of the left and right sides
4
Mask type S box circuit:
Mask type S box circuit is done in the S-BOX wheel according to the Mask algorithm and is replaced, and revised circuit is SM-BOX; It is the core place of computing in the wheel that S-BOX replaces, and is nonlinear, in order to adapt to the correction of Mask algorithm needs.Take turns to the 16th in the 2nd of this paper design and to take turns in the operation, adopt corrected SM-BOX, shown in (4), P in the following formula wherein
-1Computing need be constructed a P
-1Box carries out conversion, P
-1Box is the inverse permutation computing of P box.Adopt look-up tables'implementation S-BOX and SM-BOX.
P wherein
-1Box is the inverse permutation computing of P box.
Final displacement (FP) circuit:
Final displacement (FP) circuit can under the prerequisite that guarantees algorithm security, remove mask and restore correct cipher-text information.Because initial permutation (IP) and final displacement (FP) are reciprocal linear operation, therefore, structure mask X4 operates in this scheme, finally to replace (FP) at algorithm and to guarantee under the prerequisite of algorithm security, removes mask and restores correct cipher-text information.
The signaling interface of encrypted circuit comprises clock end (clk), reset terminal (reset_n), loads mask signal (ld), loads expressly signal (load_i), enciphering/deciphering signal (encrypt_i), expressly (data_i), key (key_i), ciphertext (data_o) and encrypt settling signal (ready_o) as shown in Figure 2.The encrypt_i control circuit is operated in encrypted state or decrypted state; When appearring in load_i, high level represents to encrypt beginning; Ld represents to load mask when being high level, circuit has decorrelation power consumption attack ability; When appearring in ready_o, high level pulse shows then to encrypt and finishes that ciphertext is exported by data_o.
Verilog code emulation result
With above-mentioned module Verilog language design, each cycle is realized a cryptographic operation of taking turns.And will design under the platform of ModelSim and test, the test vector that utilizes the FIPS-81 standard to provide is inputted as plaintext, and the encryption and decryption result who draws is correct.For example be input as h ' 68652074696d6520, key is taken as h ' 0123456789abcdef, and the input in module adds excitation respectively, and the waveform that obtains as shown in Figure 3.Can find out that from waveform the clock cycle is 100ns, one time ciphering process needs 16 cycles to finish.When output signal was effective, encrypted result was h ' 6a271787ab8883f9, with coming to the same thing that test vector provides, and in ciphering process, and mask value X, X1, X2, X3, X4 all keep constant, and random number is different in the encryption of homogeneous not.Similarly, as shown in Figure 3, under the FPGA platform, also carried out the test of many groups test vector, the result is correct.So the DES algorithm that the asymmetric mask scheme of utilizing this paper to design realizes is realized the encryption and decryption functions of the DES algorithm of standard fully on function.
The FPGA circuit is realized
Test circuit as shown in Figure 4, this platform is mainly by oscilloscope, PC, difference detector, power supply, daughter board and motherboard consist of.Oscilloscope records the electric current that produces when motherboard moves cryptographic calculation in real time by being connected on the difference detector at the resistance two ends that are series between motherboard and the power supply.After current value is converted into corresponding power consumption number, by netting twine power consumption data is transferred to PC.PC also will send excitation to motherboard except receiving and process the power consumption data.Wherein, FPGA is as motherboard, respectively burning the image file of original DES algorithm and the improved DES algorithm of this paper.In addition, a microprocessor that utilizes the UART interface integrated is as daughter board, for motherboard and PC provide interface, makes things convenient for the transmission of excitation vectors between PC and FPGA.
Anti-power consumption attack experiment and result
Choose the first round of attacking the DES algorithm, and crack as one group take 6 seat keys.Attack flow process according to the 1st joint CPA, utilize formula (1) to calculate coefficient correlation, thereby guess correct key value by the peak value of seeking coefficient correlation.First original DES algorithm is carried out CPA and attack, input 20000 groups expressly, fix a group key, oscillographic sample frequency is 1GHz.8500 power consumption points of oscilloscope sampling in ciphering process.So generate 20000 * 8500 power consumption T matrix.Take 6 seat keys as one group, attack by group.To guess first six keys as example, the sub-key of conjecture has 2
6=64 kinds of possibilities, the size of the power consumption H matrix that therefore measures is 20000 * 64.
After the power consumption data of two matrixes is directed into Matlab, calculates coefficient correlation and draw out curve.Intercept the coefficient correlation track in front 4 cycles shown in Fig. 4 (a).Can see that when the conjecture key is 43 (being correct sub-key 101011) obvious peak value appears to coefficient correlation (light color expression) in (first round is encrypted the finish time approximately) at the 1000th power consumption point place, i.e. first 6 seat cipher key attacks successes.Fortune uses the same method and attacks remaining 42 keys, namely remaining 7 S boxes are carried out CPA and attack, find that peak value still appears in coefficient correlation when the conjecture sub-key is identical with true subkey, therefore can from coefficient correlation, guess real key value, so the CPA success attack.
Use the same method under FPGA power consumption attack environment, asymmetric mask DES algorithm in this paper is carried out power consumption attack, attack sample and be increased to 100000, the coefficient correlation track is shown in Fig. 4 (b).Can find out that when the conjecture key was 43, the coefficient correlation of its drafting (light color expression) fell into oblivion in other power consumption marks.Then fortune uses the same method and attacks remaining 42 keys, namely remaining 7 S boxes being carried out CPA attacks, find that when the conjecture sub-key is identical with true subkey correctly the coefficient correlation track of key generation is still without obvious peak value occurring, so can't from the power consumption mark, infer and correct key.
Power consumption attack experimental result to above-mentioned different DES nuclears is added up and can be found out, owing to introduced asymmetric mask random number, so that the Hamming distance of this scheme is changed by random number, namely the assailant utilizes the Hamming distance model can't characterize out actual power consumption consumption.Therefore concerning CPA attacked, even the conjecture key is correct, coefficient correlation also can't obtain maximum, even take the attack sample that increases by 500 as cost, the key of asymmetric mask DES nuclear still can't be obtained by coefficient correlation.And compare the power consumption matrix operation of processing two 20,000 row, the time of processing the matrix operation cost of two 100,000 row significantly promotes.Experimental result shows that the asymmetric mask DES nuclear of this Project design has good anti-CPA attack effect.
Claims (3)
1. a method that prevents from attacking based on the DES algorithm of power consumption analysis is characterized in that: comprise the steps:
At first sub-key K
1Before data not being operated, it is identical with the DES flow process that the cryptographic algorithm flow process keeps, at first round sub-key K
1Introduce mask X to expressly carrying out behind the XOR;
The the 2nd to the 15th ciphering process of taking turns subsequently, mode of operation is similar, and only the random number numerical value of XOR is not identical;
Mask X on the XOR before the 16th takes turns ciphering process output passes through the IP inverse permutation and also adds mask X at last
4The cipher-text information of rediscover.
2. the method for attacking based on the DES algorithm of power consumption analysis of preventing as claimed in claim 1, it is characterized in that: described mask X is random number, mask X
1~ X
4Equal random numbers for being calculated by X, computational methods are: X
1=P (X), X
2=EP (X
1),
X
4=IP ([X
3, X
3]), wherein P () expression P box is replaced, the displacement of EP () expression E box, and IP () expression IP displacement, [X3, X3] represents with two mask X
3The variable that is spliced into of head and the tail, thereby mask X is 32bit, mask X
1Be 32bit, mask X
2Be 48bit, mask X
3Be 32bit, mask X
4Be 64bit.
3. one kind prevents from it is characterized in that based on the test circuit of the DES algorithm attack of power consumption analysis: mainly by oscilloscope, and PC, difference detector, power supply, daughter board and motherboard consist of; Oscilloscope is by being connected on the difference detector at the resistance two ends that are series between motherboard and the power supply, the electric current that produces when recording in real time motherboard operation cryptographic calculation, current value is converted into corresponding power consumption number after, by netting twine power consumption data is transferred to PC; PC also will send excitation to motherboard except receiving and process the power consumption data; Wherein, FPGA is as motherboard, respectively burning the image file of original DES algorithm and the improved DES algorithm of this paper; In addition, a microprocessor that utilizes the UART interface integrated is as daughter board, for motherboard and PC provide interface, makes things convenient for the transmission of excitation vectors between PC and FPGA.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012105787546A CN103067155A (en) | 2012-12-27 | 2012-12-27 | Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012105787546A CN103067155A (en) | 2012-12-27 | 2012-12-27 | Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103067155A true CN103067155A (en) | 2013-04-24 |
Family
ID=48109627
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012105787546A Pending CN103067155A (en) | 2012-12-27 | 2012-12-27 | Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103067155A (en) |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103532973A (en) * | 2013-10-25 | 2014-01-22 | 东南大学 | Differential power attack testing method for DES (data encryption standard) algorithm circuit |
CN103560929A (en) * | 2013-10-29 | 2014-02-05 | 武汉大学 | Practical intelligent card general testing system based on power consumption analysis |
CN103618595A (en) * | 2013-09-13 | 2014-03-05 | 杭州晟元芯片技术有限公司 | Cryptographic algorithm substitution circuit of resisting power consumption analysis |
CN103647638A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | DES masking method for resisting side-channel attack |
CN103646219A (en) * | 2013-11-29 | 2014-03-19 | 东南大学 | Power consumption compensation and attack resisting circuit based on neural network power consumption predication and control method |
CN103647640A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | Power consumption attacking method for DES second-round L register reversal |
CN103905182A (en) * | 2014-04-25 | 2014-07-02 | 东南大学 | Anti-attack method based on middle data storage position dynamic change and circuit implementation |
CN104158649A (en) * | 2013-05-14 | 2014-11-19 | 上海复旦微电子集团股份有限公司 | Security SBOX realization method and apparatus |
CN104410491A (en) * | 2014-08-27 | 2015-03-11 | 北京中电华大电子设计有限责任公司 | A protecting method for defending template attack on secret key loading |
CN104598828A (en) * | 2013-10-31 | 2015-05-06 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device for data |
CN104639312A (en) * | 2013-11-08 | 2015-05-20 | 国家电网公司 | Anti-power-attack method and device for DES (Data Encrypt Standard) algorithm |
CN105092923A (en) * | 2014-05-22 | 2015-11-25 | 特克特朗尼克公司 | Dynamic mask testing |
CN105099684A (en) * | 2014-05-08 | 2015-11-25 | 国民技术股份有限公司 | Processing method, equipment and password device of modular exponentiation |
CN105871536A (en) * | 2016-06-14 | 2016-08-17 | 东南大学 | AES-algorithm-oriented power analysis attack resistant method based on random time delay |
CN105897398A (en) * | 2016-06-03 | 2016-08-24 | 深圳视融达科技有限公司 | Key protection method and system for use in DES (Data Encryption Standard) encryption process |
CN106156615A (en) * | 2016-06-21 | 2016-11-23 | 上海观源信息科技有限公司 | Based on class separability sentence away from bypass circuit sectionalizer method and system |
CN107466453A (en) * | 2017-03-16 | 2017-12-12 | 深圳大趋智能科技有限公司 | The method and device of the anti-DPA attacks of DES softwares |
CN107769910A (en) * | 2017-11-15 | 2018-03-06 | 东南大学 | A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF |
CN108646072A (en) * | 2018-05-16 | 2018-10-12 | 电子科技大学 | A kind of triggering generation device based on Hamming distance |
CN108847929A (en) * | 2018-05-28 | 2018-11-20 | 数字乾元科技有限公司 | The thresholding restoration methods and system of private key storage |
CN108959980A (en) * | 2018-07-25 | 2018-12-07 | 北京智芯微电子科技有限公司 | The public key means of defence and public key guard system of safety chip |
CN109413051A (en) * | 2018-10-09 | 2019-03-01 | 深圳南方德尔汽车电子有限公司 | Data ciphering method, device, computer equipment and storage medium |
CN110190951A (en) * | 2019-06-17 | 2019-08-30 | 中金金融认证中心有限公司 | A kind of power consumption attack method and system for the overturning of DES algorithm L register |
CN110417540A (en) * | 2019-08-05 | 2019-11-05 | 李春旺 | A kind of information ciphering method of resisting differential power consumption analysis |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101196965A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Algorithm of encrypted chip with anti-attack advanced encryption standard |
CN101729241A (en) * | 2008-10-23 | 2010-06-09 | 国民技术股份有限公司 | AES encryption method for resisting differential power attacks |
-
2012
- 2012-12-27 CN CN2012105787546A patent/CN103067155A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101196965A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Algorithm of encrypted chip with anti-attack advanced encryption standard |
CN101729241A (en) * | 2008-10-23 | 2010-06-09 | 国民技术股份有限公司 | AES encryption method for resisting differential power attacks |
Non-Patent Citations (1)
Title |
---|
李杰等: "一种抗相关功耗攻击 DES 算法及 FPGA 电路实现", 《东南大学学报(自然科学版)》, vol. 42, no. 6, 20 November 2012 (2012-11-20) * |
Cited By (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104158649B (en) * | 2013-05-14 | 2017-09-12 | 上海复旦微电子集团股份有限公司 | Security SBOX implementation method and device |
CN104158649A (en) * | 2013-05-14 | 2014-11-19 | 上海复旦微电子集团股份有限公司 | Security SBOX realization method and apparatus |
CN103618595A (en) * | 2013-09-13 | 2014-03-05 | 杭州晟元芯片技术有限公司 | Cryptographic algorithm substitution circuit of resisting power consumption analysis |
CN103618595B (en) * | 2013-09-13 | 2017-03-29 | 杭州晟元数据安全技术股份有限公司 | A kind of cryptographic algorithm substitution circuit of resisting power consumption analysis |
CN103532973A (en) * | 2013-10-25 | 2014-01-22 | 东南大学 | Differential power attack testing method for DES (data encryption standard) algorithm circuit |
CN103560929A (en) * | 2013-10-29 | 2014-02-05 | 武汉大学 | Practical intelligent card general testing system based on power consumption analysis |
CN104598828A (en) * | 2013-10-31 | 2015-05-06 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device for data |
CN104598828B (en) * | 2013-10-31 | 2017-09-15 | 上海复旦微电子集团股份有限公司 | The anti-attack method and device of data |
CN104639312A (en) * | 2013-11-08 | 2015-05-20 | 国家电网公司 | Anti-power-attack method and device for DES (Data Encrypt Standard) algorithm |
CN104639312B (en) * | 2013-11-08 | 2017-12-29 | 国家电网公司 | A kind of method and device of the anti-Attacks of DES algorithms |
CN103646219B (en) * | 2013-11-29 | 2016-03-30 | 东南大学 | Based on power consumption compensation anti-attack circuit and the control method of neural network power consumption prediction |
CN103646219A (en) * | 2013-11-29 | 2014-03-19 | 东南大学 | Power consumption compensation and attack resisting circuit based on neural network power consumption predication and control method |
CN103647638A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | DES masking method for resisting side-channel attack |
CN103647640A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | Power consumption attacking method for DES second-round L register reversal |
CN103905182B (en) * | 2014-04-25 | 2017-02-15 | 东南大学 | Anti-attack method based on middle data storage position dynamic change and circuit implementation |
CN103905182A (en) * | 2014-04-25 | 2014-07-02 | 东南大学 | Anti-attack method based on middle data storage position dynamic change and circuit implementation |
CN105099684A (en) * | 2014-05-08 | 2015-11-25 | 国民技术股份有限公司 | Processing method, equipment and password device of modular exponentiation |
CN105099684B (en) * | 2014-05-08 | 2019-08-16 | 国民技术股份有限公司 | A kind of processing method of Montgomery Algorithm, device and encryption device |
CN105092923B (en) * | 2014-05-22 | 2020-12-08 | 特克特朗尼克公司 | Dynamic mask testing |
CN105092923A (en) * | 2014-05-22 | 2015-11-25 | 特克特朗尼克公司 | Dynamic mask testing |
CN104410491A (en) * | 2014-08-27 | 2015-03-11 | 北京中电华大电子设计有限责任公司 | A protecting method for defending template attack on secret key loading |
CN105897398A (en) * | 2016-06-03 | 2016-08-24 | 深圳视融达科技有限公司 | Key protection method and system for use in DES (Data Encryption Standard) encryption process |
CN105871536A (en) * | 2016-06-14 | 2016-08-17 | 东南大学 | AES-algorithm-oriented power analysis attack resistant method based on random time delay |
CN105871536B (en) * | 2016-06-14 | 2019-01-29 | 东南大学 | A kind of anti-power consumption attack method towards aes algorithm based on random delay |
CN106156615A (en) * | 2016-06-21 | 2016-11-23 | 上海观源信息科技有限公司 | Based on class separability sentence away from bypass circuit sectionalizer method and system |
CN106156615B (en) * | 2016-06-21 | 2018-12-28 | 上海观源信息科技有限公司 | Based on class separability sentence away from bypass circuit sectionalizer method and system |
WO2018165949A1 (en) * | 2017-03-16 | 2018-09-20 | 深圳大趋智能科技有限公司 | Des software dpa attack prevention method and device |
CN107466453A (en) * | 2017-03-16 | 2017-12-12 | 深圳大趋智能科技有限公司 | The method and device of the anti-DPA attacks of DES softwares |
CN107466453B (en) * | 2017-03-16 | 2020-11-24 | 深圳大趋智能科技有限公司 | Method and device for preventing DPA attack of DES software |
CN107769910A (en) * | 2017-11-15 | 2018-03-06 | 东南大学 | A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF |
CN107769910B (en) * | 2017-11-15 | 2020-08-04 | 东南大学 | DES (data encryption Standard) protection method and circuit for resisting side channel attack based on L atch PUF (physical unclonable function) |
CN108646072A (en) * | 2018-05-16 | 2018-10-12 | 电子科技大学 | A kind of triggering generation device based on Hamming distance |
CN108646072B (en) * | 2018-05-16 | 2019-12-27 | 电子科技大学 | Trigger generating device based on Hamming distance |
CN108847929B (en) * | 2018-05-28 | 2020-12-01 | 数字乾元科技有限公司 | Threshold recovery method and system for private key storage |
CN108847929A (en) * | 2018-05-28 | 2018-11-20 | 数字乾元科技有限公司 | The thresholding restoration methods and system of private key storage |
CN108959980A (en) * | 2018-07-25 | 2018-12-07 | 北京智芯微电子科技有限公司 | The public key means of defence and public key guard system of safety chip |
CN109413051A (en) * | 2018-10-09 | 2019-03-01 | 深圳南方德尔汽车电子有限公司 | Data ciphering method, device, computer equipment and storage medium |
CN109413051B (en) * | 2018-10-09 | 2021-02-26 | 深圳南方德尔汽车电子有限公司 | Data encryption method and device, computer equipment and storage medium |
CN110190951A (en) * | 2019-06-17 | 2019-08-30 | 中金金融认证中心有限公司 | A kind of power consumption attack method and system for the overturning of DES algorithm L register |
CN110190951B (en) * | 2019-06-17 | 2022-09-27 | 中金金融认证中心有限公司 | Power consumption attack method and system for DES algorithm L register turning |
CN110417540A (en) * | 2019-08-05 | 2019-11-05 | 李春旺 | A kind of information ciphering method of resisting differential power consumption analysis |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103067155A (en) | Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis | |
CN107070630B (en) | A kind of fast and safely hardware configuration of aes algorithm | |
CN104734842B (en) | Method is resisted in circuits bypass attack based on pseudo-operation | |
CN102970132B (en) | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm | |
CN101009554A (en) | A byte replacement circuit for power consumption attack prevention | |
CN103905182B (en) | Anti-attack method based on middle data storage position dynamic change and circuit implementation | |
CN103916236B (en) | Power attack prevention method oriented at AES algorithm and circuit achieving method thereof | |
CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
CN103532973A (en) | Differential power attack testing method for DES (data encryption standard) algorithm circuit | |
CN103530474A (en) | AES (advanced encryption standard) algorithm circuit oriented method for testing differential power attack | |
CN104734845A (en) | Side-channel attack protection method based on full-encryption algorithm pseudo-operation | |
CN103679008A (en) | Efficient secure chip power consumption attack test method | |
CN102710413A (en) | System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention | |
CN104301095A (en) | DES round operation method and circuit | |
CN110190951A (en) | A kind of power consumption attack method and system for the overturning of DES algorithm L register | |
Wang et al. | A performance and area efficient ASIP for higher-order DPA-resistant AES | |
CN107483182A (en) | A kind of anti-power consumption attack method towards aes algorithm based on Out-of-order execution | |
CN108650072A (en) | It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method | |
CN106452725A (en) | AES algorithm oriented power attack resisting method based on register mask | |
CN109347621A (en) | The high speed AES encryption circuit of defensive collision attack based on random delay S box | |
CN103888245A (en) | S box randomized method and system for smart card | |
CN104811295A (en) | Side channel energy analysis method for ZUC cryptographic algorithm with mask protection | |
CN109936437B (en) | power consumption attack resisting method based on d +1 order mask | |
CN108123792A (en) | A kind of power consumption method for scrambling of SM4 algorithms circuit | |
CN103647640B (en) | The power consumption attack method of L register upset is taken turns for DES second |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130424 |