CN105897399A - DES (Data Encryption Standard) algorithm oriented power analysis attack resisting method based on register mask - Google Patents
DES (Data Encryption Standard) algorithm oriented power analysis attack resisting method based on register mask Download PDFInfo
- Publication number
- CN105897399A CN105897399A CN201610412868.1A CN201610412868A CN105897399A CN 105897399 A CN105897399 A CN 105897399A CN 201610412868 A CN201610412868 A CN 201610412868A CN 105897399 A CN105897399 A CN 105897399A
- Authority
- CN
- China
- Prior art keywords
- xor
- unit
- wheel
- depositor
- xor unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
Abstract
The invention discloses a DES (Data Encryption Standard) algorithm oriented power analysis attack resisting method based on register mask. A random number generator, a left register protection module and a right register protection module are added in a DES algorithm. The left register protection module comprises a first left exclusive or unit, a second left exclusive or unit and a left register. The right register protection module comprises a first right exclusive or unit, a second right exclusive or unit and a right register. When intermediate results in registers are updated, after exclusive or operation is carried out on the intermediate results needing to be stored and random numbers, the intermediate results are stored in the registers, and moreover, the random numbers are stored. When the intermediate results in the registers are read, the values in the registers are read, and the exclusive or operation is carried out on the values and the random numbers. According to the method, the storage values in the registers are ensured to have randomness, the Hamming distance leakage in the DES encryption algorithm is effectively hidden, and the power analysis attack based on a Hamming distance model can be effectively resisted.
Description
Technical field
The present invention relates to IC Hardware realize and field of information security technology, particularly relate to a kind of based on depositing
The anti-power consumption attack method towards DES algorithm of device mask.
Background technology
Along with the fast development of Internet technology Yu Information technology, information encryption has the heaviest in a lot of fields
The application wanted.Password product can use software or hardware to realize, but owing to hardware realizes realizing having speed than software
Spend faster, the advantage that power consumption is lower, become study hotspot based on hard-wired encryption device.Various based on
The crypto chip of DES (Data Encryption Standard, data encryption standards) algorithm obtained widely research and
Exploitation.
Crypto chip is also faced with various security risk, and the bypass attacked as representative with differential power consumption in recent years is attacked
Hitting, the safety to encryption device proposes stern challenge.Power consumption attack is that a kind of non-invasive is attacked, and attacks
Person obtains the power consumption information that encryption device is revealed when encryption and decryption operates the most in a large number, then according to plaintext or ciphertext
Set up the mathematical model of power consumption, obtain a large amount of intermediate value, intermediate value and actual power loss are analyzed, use
Statistical processing methods calculates correlation coefficient, thus analyzes the key information of key.How to resist power consumption analysis to attack
Hitting protection algorism is safely one important research point of academia.
After collecting a large amount of actual power loss, power consumption attack successfully be it is critical only that to set up power consumption mathematics accurately
Model.The basic thought of Hamming distance model is to calculate digital circuit in certain specific time period internal circuit 0 → 1 turn
Change and the sum of 1 → 0 conversion, then utilize the sum of conversion to portray circuit power consumption within this time period.
For digital circuit, power consumption mostlys come from the State Transferring of circuit, and is not rely on data itself, and turns over
The device turned is the most, and its power consumption is the biggest.Therefore Hamming distance model is used can preferably to portray the energy of digital circuit
Amount consumes.At a time, if it is possible to be calculated data D0 before circuit upset and the data after upset
D1, obtains the number of bits of Data flipping, thus calculates the Hamming distance of data, it is possible to and real power consumption number
Set up contact.When setting up Hamming distance model, it is to be appreciated that numerical value before and after data variation in depositor.Hamming distance
It is generally used for the power consumption of depositor is described from model.
It is the point of attack that assailant typically chooses the depositor of intermediate data storage.First assailant guesses key, enters one
Step guesses the intermediate value of adjacent two-wheeled, calculates Hamming distance as the produced power consumption model of depositor change;Then
Gather actual power loss, power consumption model and actual power loss are carried out correlation analysis and obtains correct key.
For the method for existing anti-power consumption attack, from the perspective of realizing cost, mostly have that hardware resource cost is big, property
The energy shortcomings such as expense is big, extensibility is weak, from the perspective of realizing effect, some only weakens the intermediate result data Chinese
Dependency between prescribed distance and power consumption, and fail to be completely eliminated the two direct dependency, therefore cannot support completely
Imperial power consumption attack based on Hamming distance.
Summary of the invention
Goal of the invention: it is an object of the invention to provide a kind of can solve the problem that prior art exists not enough based on depositing
The anti-power consumption attack method towards DES algorithm of device mask.
Technical scheme: for reaching this purpose, the present invention by the following technical solutions:
The anti-power consumption attack method towards DES algorithm based on depositor mask of the present invention, at DES
Algorithm adds randomizer, left depositor protection module and right depositor protection module, left depositor
Protection module includes the first left XOR unit, the second left XOR unit and left depositor, right depositor protection mould
Block includes the first right XOR unit, the second right XOR unit and right depositor;In the starting stage of DES algorithm,
Operate through initial permutation in plain text, the left-half of the M position intermediate data of initial permutation operation output and right-hand part
Divide respectively as independent left-halfBit data L0And right half partBit data R0, left-halfBit data
L0And right half partBit data R0Being respectively fed to the first left XOR unit and the first right XOR unit, random number is sent out
Raw device produces starting stage random number, and starting stage random number is respectively fed to the first left XOR unit, second left side
XOR unit, the first right XOR unit and the second right XOR unit, left-half bit data L0And the starting stage
Random number carries out xor operation by the first left XOR unit, and the first left XOR unit is by left xor operation result
Send in left depositor, right half partBit data R0With starting stage random number by the first right XOR unit
Carrying out xor operation, right xor operation result is sent in right depositor by the first right XOR unit, the 1st wheel
When operation starts, left xor operation result is sent into the second left XOR unit by left depositor, and left xor operation is tied
Fruit and starting stage random number carry out xor operation by the second left XOR unit, obtain the left side being reduced
PointBit data L0, as the first input data of the 1st wheel operation, right xor operation result is sent by right depositor
Enter the second right XOR unit, right xor operation result and starting stage random number to be carried out by the second right XOR unit
Xor operation, obtains the right half part being reducedBit data R0, as the second input data of the 1st wheel operation;
In i-th wheel operation, 1≤i < N, N are the total degree of DES algorithm wheel operation, and wheel operation module calculates
Obtain the i-th left intermediate value L taken turnsiWith right intermediate value Ri, wheel operation module takes turns left intermediate value L by i-thiSend into
First left XOR unit, wheel operation module takes turns right intermediate value R by i-thiSend into the first right XOR unit, at random
Number generator produces i+1 wheel random number, i+1 wheel random number be respectively fed to the first left XOR unit, the
Two left XOR unit, the first right XOR unit and the second right XOR unit, i-th takes turns left intermediate value LiWith i-th
Wheel random number carries out xor operation by the first left XOR unit, and left xor operation is tied by the first left XOR unit
Fruit is sent in left depositor, and i-th takes turns right intermediate value RiTake turns random number with i-th to be entered by the first right XOR unit
Row xor operation, right xor operation result is sent in right depositor by the first right XOR unit, i+1 wheel wheel
When operation starts, left xor operation result is sent in the second left XOR unit by left depositor, left xor operation
Result and i+1 wheel random number carry out xor operation by the second left XOR unit, obtain i-th be reduced
Take turns left intermediate value Li, as the first input data of i+1 wheel wheel operation, right depositor is by right xor operation
Result is sent in the second right XOR unit, and right xor operation result and i+1 wheel random number are right different by second
Or unit carries out xor operation, obtain being reduced i-th takes turns right intermediate value Ri, as i+1 wheel wheel operation
Second input data;The N that N wheel wheel operation obtains takes turns left intermediate value LNRight intermediate value is taken turns with N
RNSynthesis M-bit data also carries out obtaining ciphertext after initial permutation.
Further, in the jth wheel wheel operation of described DES algorithm, 1 < j≤N, wheel operation module is to jth-1
Wheel intermediate value Rj-1Be extended successively, xor operation, byte are replaced and replacement operator, then displacement are grasped
Make result and Lj-1Carry out xor operation, obtain jth and take turns right intermediate value Rj, and by Rj-1Left as jth wheel
Between be worth Lj。
Beneficial effect: compared with prior art, the method have the advantages that
1) hardware resource cost of the present invention is low;Have only to increase a small amount of XOR unit and randomizer, compare whole
DES cryptochannel only accounts for very small scale;
2) performance cost of the present invention is low;Circuit critical path is only increased to the delay of a small amount of XOR unit, compare whole
The delay of the modules such as extension, xor operation, byte replacement and replacement operator in DES circuit, only accounts for very
Little ratio, has substantially reduction thus without causing work dominant frequency;
3) present invention has the strongest autgmentability and versatility, by protecting depositor, can move very easily
Plant in other DES cryptographic algorithms' implementation circuit;
4) the storage value during the present invention ensures depositor has randomness, effectively conceals the Chinese in DES cryptographic algorithm
Prescribed distance is revealed, and eliminates the dependency between intermediate result data Hamming distance and power consumption, it is possible to effectively support
Anti-based on Hamming distance model power consumption attack.
Accompanying drawing explanation
Fig. 1 is the flow chart of traditional DES algorithm;
Fig. 2 is the flow chart of the DES algorithm that have employed the inventive method;
Fig. 3 is that tradition DES algorithm is carried out the correlation coefficient matrix obtained by first 6 bit of power consumption attack
Result;
Fig. 4 be to using the DES algorithm after the inventive method to carry out first 6 bit of power consumption attack obtained by
Correlation coefficient matrix result.
Detailed description of the invention
Below in conjunction with detailed description of the invention, technical scheme is further introduced.
Tradition DES algorithm as it is shown in figure 1, be made up of 3 parts altogether, be respectively initial permutation, 16 take turns identical
Wheel operation and inverse initial permutation convert.Each wheel is required to a round key to complete key add operation, Yi Gongshi
Six sub-keys, be designated as Kn (n=0 ..., 16).Sub-key and is put through initial permutation, ring shift left by initial key
Obtain after changing selection.The wheel operation of 16 circulations in the middle of DES algorithm include extension, xor operation, byte replacement,
Displacement and xor operation five operation.DES often takes turns end all can produce two 32 intermediate value data, Ke Yiji
For Ln (n=0 ..., 16), Rn (n=0 ..., 16) be stored in depositor L and R, wherein L16And R16Merge into one
Individual 64 bit data, carry out inverse initial permutation operating result and are ciphertext output.
As a example by the DES hardware algorithm of one-level flowing water realizes, the plaintext of input and hardware can be obtained assailant
In the case of power consumption track, assailant can attack for the output valve of the first round.By key is guessed
Surveying, assailant can derive the output valve of the first round from plaintext, owing to depositor at a time its value is from plain text
The output of inverse initial permutation become the output of the first round, therefore can set up Hamming distance model.Due to the first round
Key length is 86 bits, therefore can break through by 6 bits one by one, and concrete step is as follows:
1. according to R0The value of 48 bit intermediate values after first round extended operation can be derived.
2. according to the value of n-th 6 bit of intermediate value after extended operation and the n-th 6 of hypothesis key K1
Bit, can derive the value of data nth byte after key adds.
3. the value of n-th 6 bit after being added by key can be derived byte through byte conversion and replace behaviour
Make the value of n-th 6 bit exported.
4. after in the output replaced by first round byte, the value of n-th 6 bit can derive replacement operator
The value of n-th 4 bit.
5. by the value of the value of n-th 4 bit after replacement operator and n-th 4 bit of L0 through different
Or operate the value of n-th 4 bit that can derive first round output.
6. pass through value and the R of n-th 4 bit in the output of the first round0Between the value of n-th 4 bit permissible
Set up the Hamming distance model of 4 bits.
For above-mentioned attack based on Hamming distance model, the invention discloses a kind of face based on depositor mask
To the anti-power consumption attack method of DES algorithm, as in figure 2 it is shown, in DES algorithm add randomizer 1,
Left depositor protection module 2 and right depositor protection module 3, left depositor protection module 2 includes that first is left
XOR unit the 21, second left XOR unit 23 and left depositor 22, right depositor protection module 3 includes the
One right XOR unit the 31, second right XOR unit 33 and right depositor 32.In the starting stage of DES algorithm,
Operate through initial permutation in plain text, the left-half of 64 intermediate data of initial permutation operation output and right half
Part is respectively as independent left-half 32 bit data L0With right half part 32 bit data R0, left-half 32
Data L0With right half part 32 bit data R0It is respectively fed to the first left XOR unit 21 and the first right XOR unit
31, randomizer 1 produces starting stage random number, and it is left different that starting stage random number is respectively fed to first
Or unit 21, second left XOR unit the 23, first right XOR unit 31 and the second right XOR unit 33, left
Half part 32 bit data L0Xor operation is carried out by the first left XOR unit 21 with starting stage random number, the
Left xor operation result is sent in left depositor 22 by one left XOR unit 21, right half part 32 bit data R0
Xor operation, the first right XOR unit 31 is carried out by the first right XOR unit 31 with starting stage random number
Right xor operation result being sent in right depositor 32, when the 1st wheel operation starts, left depositor 22 will
It is logical that left xor operation result sends into the second left XOR unit 23, left xor operation result and starting stage random number
Cross the second left XOR unit 23 and carry out xor operation, obtain left-half 32 bit data L being reduced0, as
First input data of the 1st wheel operation, right xor operation result is sent into the second right XOR list by right depositor 32
Unit (33), right xor operation result and starting stage random number carry out XOR by the second right XOR unit (33)
Operation, obtains the right half part being reducedBit data R0, as the second input data of the 1st wheel operation.The
In i wheel wheel operation, 1≤i < 16, wheel operation module is calculated the i-th left intermediate value L taken turnsiWith right intermediate value
Ri, wheel operation module takes turns left intermediate value L by i-thiSending into the first left XOR unit 21, wheel operation module is by the
I takes turns right intermediate value RiSending into the first right XOR unit 31, randomizer 1 produces i+1 wheel random number,
I+1 wheel random number is respectively fed to first left XOR unit 21, second left XOR unit the 23, first right XOR
Unit 31 and the second right XOR unit 33, i-th takes turns left intermediate value LiTo take turns random number left different by first with i-th
Or unit 21 carries out xor operation, left xor operation result is sent into left depositor by the first left XOR unit 21
In 22, i-th takes turns right intermediate value RiTake turns random number with i-th and carry out xor operation by the first right XOR unit 31,
Right xor operation result is sent in right depositor 32 by the first right XOR unit 31, and i+1 wheel wheel operation is opened
During the beginning, left xor operation result is sent in the second left XOR unit 23 by left depositor 22, left xor operation
Result and i+1 wheel random number carry out xor operation by the second left XOR unit 23, obtain being reduced the
I takes turns left intermediate value Li, as the first input data of i+1 wheel wheel operation, right depositor 32 is by right XOR
Operating result is sent in the second right XOR unit 33, and right xor operation result and i+1 wheel random number are by the
Two right XOR unit 33 carry out xor operation, and obtain being reduced i-th takes turns right intermediate value Ri, as i+1
Second input data of wheel wheel operation;16th wheel operates the 16th obtained and takes turns left intermediate value L16With the 16th
Take turns right intermediate value R16Ciphertext is obtained after synthesizing 64 bit data and carrying out inverse initial permutation.
After using the inventive method, the hardware resource needed for whole DES cipher circuit adds 14%,
Critical path delay increases 17%, compares with other anti-Hamming distance power consumption attack methods based on mask,
Area overhead and performance cost are affected limited.
The DES algorithm circuit realized based on FPGA platform has been carried out based on Hamming distance by this detailed description of the invention
Power consumption attack from model.Arranging initial key is ' 0102030405060708 ', wherein 64 ratios of the first round
Special sub-key is ' 000004320a02 '.This experiment use oscillograph acquires FPGA and carries out des encryption
Power consumption track during computing totally 5000, every power consumption track count as N, obtain 5000 groups of phases simultaneously
Corresponding clear data.Article 5000, power consumption track can synthesize the actual power loss track of 5000 row N row
Matrix.Simultaneously by these 5000 groups of clear datas can be calculated 5000 times based on plaintext initial permutation and
The Hamming distance of first round output, breaks through, therefore for each one by one owing to dividing the key into 86 bits
Individual byte has 64 kinds of hypothesis values, therefore can obtain the hypothesis power consuming matrix of 64 row 5000 row.Logical
Cross the every string to the every string and actual power consumption track of assuming power consuming matrix and carry out correlation calculations, permissible
Obtaining the correlation matrix of 64 row N row, the corresponding key of every a line is assumed.By this dependency square
Battle array is depicted as 64 curves, as it is shown on figure 3, be the dependency square obtained by attacking for first 6 bit
The system of battle formations, it appeared that occur in that obvious spike, i.e. by this phase in the curve corresponding to correct key hypothesis
Closing property matrix can deduce 6 correct bit keys values.Finding through experiment, 5000 power consumption tracks can
To break through all bits of key, and obtain correct initial key.
A kind of method for depositor protection being then used by present invention proposition improves DES algorithm.And will
DES algorithm after improvement FPGA realizes, and attempts carrying out power consumption attack.This experiment uses oscillograph
Gather the power consumption track that the DES algorithm after FPGA operational development realizes, and by power consumption trace bar number from 5000
Bar increases to 100,000.Then 100,000 power consumption tracks are used to realize carrying out for the DES algorithm after improving
Power consumption attack based on Hamming distance, obtains correlation coefficient matrix, as shown in Figure 4.
As can be seen from Figure 4 correct key homologous thread has been submerged among other 63 curves, after improvement
DES algorithm realize, power consumption trace bar number from 5000 increase to 100,000 after, correct key does not the most occur
Spike, and correlation coefficient occurs in that significantly reduction.It appeared that the DES algorithm after Gai Jining effectively is resisted
Power consumption attack of based on Hamming distance, it was demonstrated that the effectiveness of the inventive method.
Claims (2)
1. the anti-power consumption attack method towards DES algorithm based on depositor mask, it is characterised in that:
In DES algorithm, add randomizer (1), left depositor protection module (2) and right depositor protect
Protecting module (3), left depositor protection module (2) includes that the first left XOR unit (21), second left side are different
Or unit (23) and left depositor (22), right depositor protection module (3) includes the first right XOR unit
(31), the second right XOR unit (33) and right depositor (32);In the starting stage of DES algorithm,
Operate through initial permutation in plain text, the left-half of the M position intermediate data of initial permutation operation output and right-hand part
Divide respectively as independent left-halfBit data L0And right half partBit data R0, left-halfBit data
L0And right half partBit data R0It is respectively fed to the first left XOR unit (21) and the first right XOR unit (31),
Randomizer (1) produces starting stage random number, and starting stage random number is respectively fed to the first left XOR
Unit (21), the second left XOR unit (23), the first right XOR unit (31) and the second right XOR list
Unit (33), left-halfBit data L0Entered by the first left XOR unit (21) with starting stage random number
Row xor operation, left xor operation result is sent in left depositor (22) by the first left XOR unit (21),
Right half partBit data R0XOR behaviour is carried out by the first right XOR unit (31) with starting stage random number
Making, right xor operation result is sent in right depositor (32) by the first right XOR unit (31), and the 1st takes turns
When wheel operation starts, left xor operation result is sent into the second left XOR unit (23) by left depositor (22),
Left xor operation result and starting stage random number carry out xor operation by the second left XOR unit (23),
Obtain the left-half being reducedBit data L0, as the first input data of the 1st wheel operation, right depositor
(32) right xor operation result is sent into the second right XOR unit (33), right xor operation result and starting stage
Random number carries out xor operation by the second right XOR unit (33), obtains the right half part being reducedBit data
R0, as the second input data of the 1st wheel operation;In i-th wheel operation, 1≤i < N, N are DES
The total degree of algorithm wheel operation, wheel operation module is calculated the i-th left intermediate value L taken turnsiWith right intermediate value Ri,
Wheel operation module takes turns left intermediate value L by i-thiSending into the first left XOR unit (21), wheel operation module is by the
I takes turns right intermediate value RiSending into the first right XOR unit (31), randomizer (1) produces i+1 wheel
Random number, i+1 wheel random number be respectively fed to the first left XOR unit (21), the second left XOR unit (23),
First right XOR unit (31) and the second right XOR unit (33), i-th takes turns left intermediate value LiTake turns with i-th
Random number carries out xor operation by the first left XOR unit (21), and the first left XOR unit (21) is by a left side
Xor operation result is sent in left depositor (22), and i-th takes turns right intermediate value RiTake turns random number with i-th to pass through
First right XOR unit (31) carries out xor operation, and right xor operation is tied by the first right XOR unit (31)
Fruit is sent in right depositor (32), and when i+1 wheel wheel operation starts, left depositor (22) is by left XOR
Operating result is sent in the second left XOR unit (23), and left xor operation result and i+1 wheel random number lead to
Crossing the second left XOR unit (23) and carry out xor operation, obtain being reduced i-th takes turns left intermediate value Li, make
For the first input data of i+1 wheel wheel operation, right xor operation result is sent into the by right depositor (32)
In two right XOR unit (33), right xor operation result and i+1 wheel random number are by the second right XOR list
Unit (33) carries out xor operation, and obtain being reduced i-th takes turns right intermediate value Ri, as i+1 wheel wheel behaviour
The the second input data made;The N that N wheel wheel operation obtains takes turns left intermediate value LNRight is taken turns with N
Value RNSynthesis M-bit data also carries out obtaining ciphertext after initial permutation.
The anti-power consumption attack towards DES algorithm based on depositor mask the most according to claim 1
Method, it is characterised in that: in the jth wheel wheel operation of described DES algorithm, 1 < j≤N, takes turns operation module
Jth-1 is taken turns intermediate value Rj-1Be extended successively, xor operation, byte are replaced and replacement operator, then will
Replacement operator result and Lj-1Carry out xor operation, obtain jth and take turns right intermediate value Rj, and by Rj-1As jth
Take turns left intermediate value Lj。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610412868.1A CN105897399B (en) | 2016-06-14 | 2016-06-14 | A kind of anti-power consumption attack method towards DES algorithm based on register mask |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610412868.1A CN105897399B (en) | 2016-06-14 | 2016-06-14 | A kind of anti-power consumption attack method towards DES algorithm based on register mask |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105897399A true CN105897399A (en) | 2016-08-24 |
CN105897399B CN105897399B (en) | 2019-01-29 |
Family
ID=56730262
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610412868.1A Active CN105897399B (en) | 2016-06-14 | 2016-06-14 | A kind of anti-power consumption attack method towards DES algorithm based on register mask |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105897399B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107769910A (en) * | 2017-11-15 | 2018-03-06 | 东南大学 | A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100232602A1 (en) * | 2009-03-13 | 2010-09-16 | Hiromi Nobukata | Encryption processing apparatus |
CN102752103A (en) * | 2012-07-26 | 2012-10-24 | 上海爱信诺航芯电子科技有限公司 | Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack |
CN102970132A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm |
CN102970131A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Circuit structure for preventing power attacks on grouping algorithm |
CN103647640A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | Power consumption attacking method for DES second-round L register reversal |
-
2016
- 2016-06-14 CN CN201610412868.1A patent/CN105897399B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100232602A1 (en) * | 2009-03-13 | 2010-09-16 | Hiromi Nobukata | Encryption processing apparatus |
CN102970132A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm |
CN102970131A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Circuit structure for preventing power attacks on grouping algorithm |
CN102752103A (en) * | 2012-07-26 | 2012-10-24 | 上海爱信诺航芯电子科技有限公司 | Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack |
CN103647640A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | Power consumption attacking method for DES second-round L register reversal |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107769910A (en) * | 2017-11-15 | 2018-03-06 | 东南大学 | A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF |
CN107769910B (en) * | 2017-11-15 | 2020-08-04 | 东南大学 | DES (data encryption Standard) protection method and circuit for resisting side channel attack based on L atch PUF (physical unclonable function) |
Also Published As
Publication number | Publication date |
---|---|
CN105897399B (en) | 2019-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101237320B (en) | Method for password protection for constructing unidirectional hash function based on infinite dimension ultra-chaos | |
CN103067155A (en) | Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis | |
CN103634102B (en) | A kind of means of defence of side-channel attack and fault attacks | |
CN105871536A (en) | AES-algorithm-oriented power analysis attack resistant method based on random time delay | |
CN103916236B (en) | Power attack prevention method oriented at AES algorithm and circuit achieving method thereof | |
CN105656619B (en) | A kind of AES encryption method and the anti-power consumption attack method based on it | |
CN103905182A (en) | Anti-attack method based on middle data storage position dynamic change and circuit implementation | |
CN105933108B (en) | A kind of pair of SM4 algorithm realizes the method cracked | |
CN106452725B (en) | A kind of anti-power consumption attack method towards aes algorithm based on register mask | |
CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
CN106301759A (en) | A kind of method of data encryption, the method and device of deciphering | |
CN102970132A (en) | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm | |
CN107994980B (en) | DPA attack resisting method adopting clock disorder technology and chaotic trigger | |
CN107204841A (en) | A kind of method that many S boxes of the block cipher for resisting differential power attack are realized | |
CN107154843A (en) | A kind of system for implementing hardware of the SM4 algorithms of anti-power consumption attack | |
CN104301095A (en) | DES round operation method and circuit | |
CN107483182B (en) | AES algorithm-oriented power attack resisting method based on out-of-order execution | |
CN102970131A (en) | Circuit structure for preventing power attacks on grouping algorithm | |
Zhu et al. | Counteracting leakage power analysis attack using random ring oscillators | |
CN109347621A (en) | The high speed AES encryption circuit of defensive collision attack based on random delay S box | |
CN105897399A (en) | DES (Data Encryption Standard) algorithm oriented power analysis attack resisting method based on register mask | |
CN104811295A (en) | Side channel energy analysis method for ZUC cryptographic algorithm with mask protection | |
CN108650072A (en) | It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method | |
CN108123792A (en) | A kind of power consumption method for scrambling of SM4 algorithms circuit | |
CN104717060B (en) | A kind of method for attacking elliptic curve encryption algorithm and attack equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 210009 No. 87 Dingjiaqiao, Gulou District, Nanjing City, Jiangsu Province Applicant after: Southeast University Address before: 210096 No. four archway, 2, Jiangsu, Nanjing Applicant before: Southeast University |
|
GR01 | Patent grant | ||
GR01 | Patent grant |