CN105897399A - DES (Data Encryption Standard) algorithm oriented power analysis attack resisting method based on register mask - Google Patents

DES (Data Encryption Standard) algorithm oriented power analysis attack resisting method based on register mask Download PDF

Info

Publication number
CN105897399A
CN105897399A CN201610412868.1A CN201610412868A CN105897399A CN 105897399 A CN105897399 A CN 105897399A CN 201610412868 A CN201610412868 A CN 201610412868A CN 105897399 A CN105897399 A CN 105897399A
Authority
CN
China
Prior art keywords
xor
unit
wheel
depositor
xor unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610412868.1A
Other languages
Chinese (zh)
Other versions
CN105897399B (en
Inventor
曹鹏
申艾麟
陆启乐
陈圣华
刘波
杨锦江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201610412868.1A priority Critical patent/CN105897399B/en
Publication of CN105897399A publication Critical patent/CN105897399A/en
Application granted granted Critical
Publication of CN105897399B publication Critical patent/CN105897399B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Abstract

The invention discloses a DES (Data Encryption Standard) algorithm oriented power analysis attack resisting method based on register mask. A random number generator, a left register protection module and a right register protection module are added in a DES algorithm. The left register protection module comprises a first left exclusive or unit, a second left exclusive or unit and a left register. The right register protection module comprises a first right exclusive or unit, a second right exclusive or unit and a right register. When intermediate results in registers are updated, after exclusive or operation is carried out on the intermediate results needing to be stored and random numbers, the intermediate results are stored in the registers, and moreover, the random numbers are stored. When the intermediate results in the registers are read, the values in the registers are read, and the exclusive or operation is carried out on the values and the random numbers. According to the method, the storage values in the registers are ensured to have randomness, the Hamming distance leakage in the DES encryption algorithm is effectively hidden, and the power analysis attack based on a Hamming distance model can be effectively resisted.

Description

A kind of anti-power consumption attack method towards DES algorithm based on depositor mask
Technical field
The present invention relates to IC Hardware realize and field of information security technology, particularly relate to a kind of based on depositing The anti-power consumption attack method towards DES algorithm of device mask.
Background technology
Along with the fast development of Internet technology Yu Information technology, information encryption has the heaviest in a lot of fields The application wanted.Password product can use software or hardware to realize, but owing to hardware realizes realizing having speed than software Spend faster, the advantage that power consumption is lower, become study hotspot based on hard-wired encryption device.Various based on The crypto chip of DES (Data Encryption Standard, data encryption standards) algorithm obtained widely research and Exploitation.
Crypto chip is also faced with various security risk, and the bypass attacked as representative with differential power consumption in recent years is attacked Hitting, the safety to encryption device proposes stern challenge.Power consumption attack is that a kind of non-invasive is attacked, and attacks Person obtains the power consumption information that encryption device is revealed when encryption and decryption operates the most in a large number, then according to plaintext or ciphertext Set up the mathematical model of power consumption, obtain a large amount of intermediate value, intermediate value and actual power loss are analyzed, use Statistical processing methods calculates correlation coefficient, thus analyzes the key information of key.How to resist power consumption analysis to attack Hitting protection algorism is safely one important research point of academia.
After collecting a large amount of actual power loss, power consumption attack successfully be it is critical only that to set up power consumption mathematics accurately Model.The basic thought of Hamming distance model is to calculate digital circuit in certain specific time period internal circuit 0 → 1 turn Change and the sum of 1 → 0 conversion, then utilize the sum of conversion to portray circuit power consumption within this time period.
For digital circuit, power consumption mostlys come from the State Transferring of circuit, and is not rely on data itself, and turns over The device turned is the most, and its power consumption is the biggest.Therefore Hamming distance model is used can preferably to portray the energy of digital circuit Amount consumes.At a time, if it is possible to be calculated data D0 before circuit upset and the data after upset D1, obtains the number of bits of Data flipping, thus calculates the Hamming distance of data, it is possible to and real power consumption number Set up contact.When setting up Hamming distance model, it is to be appreciated that numerical value before and after data variation in depositor.Hamming distance It is generally used for the power consumption of depositor is described from model.
It is the point of attack that assailant typically chooses the depositor of intermediate data storage.First assailant guesses key, enters one Step guesses the intermediate value of adjacent two-wheeled, calculates Hamming distance as the produced power consumption model of depositor change;Then Gather actual power loss, power consumption model and actual power loss are carried out correlation analysis and obtains correct key.
For the method for existing anti-power consumption attack, from the perspective of realizing cost, mostly have that hardware resource cost is big, property The energy shortcomings such as expense is big, extensibility is weak, from the perspective of realizing effect, some only weakens the intermediate result data Chinese Dependency between prescribed distance and power consumption, and fail to be completely eliminated the two direct dependency, therefore cannot support completely Imperial power consumption attack based on Hamming distance.
Summary of the invention
Goal of the invention: it is an object of the invention to provide a kind of can solve the problem that prior art exists not enough based on depositing The anti-power consumption attack method towards DES algorithm of device mask.
Technical scheme: for reaching this purpose, the present invention by the following technical solutions:
The anti-power consumption attack method towards DES algorithm based on depositor mask of the present invention, at DES Algorithm adds randomizer, left depositor protection module and right depositor protection module, left depositor Protection module includes the first left XOR unit, the second left XOR unit and left depositor, right depositor protection mould Block includes the first right XOR unit, the second right XOR unit and right depositor;In the starting stage of DES algorithm, Operate through initial permutation in plain text, the left-half of the M position intermediate data of initial permutation operation output and right-hand part Divide respectively as independent left-halfBit data L0And right half partBit data R0, left-halfBit data L0And right half partBit data R0Being respectively fed to the first left XOR unit and the first right XOR unit, random number is sent out Raw device produces starting stage random number, and starting stage random number is respectively fed to the first left XOR unit, second left side XOR unit, the first right XOR unit and the second right XOR unit, left-half bit data L0And the starting stage Random number carries out xor operation by the first left XOR unit, and the first left XOR unit is by left xor operation result Send in left depositor, right half partBit data R0With starting stage random number by the first right XOR unit Carrying out xor operation, right xor operation result is sent in right depositor by the first right XOR unit, the 1st wheel When operation starts, left xor operation result is sent into the second left XOR unit by left depositor, and left xor operation is tied Fruit and starting stage random number carry out xor operation by the second left XOR unit, obtain the left side being reduced PointBit data L0, as the first input data of the 1st wheel operation, right xor operation result is sent by right depositor Enter the second right XOR unit, right xor operation result and starting stage random number to be carried out by the second right XOR unit Xor operation, obtains the right half part being reducedBit data R0, as the second input data of the 1st wheel operation; In i-th wheel operation, 1≤i < N, N are the total degree of DES algorithm wheel operation, and wheel operation module calculates Obtain the i-th left intermediate value L taken turnsiWith right intermediate value Ri, wheel operation module takes turns left intermediate value L by i-thiSend into First left XOR unit, wheel operation module takes turns right intermediate value R by i-thiSend into the first right XOR unit, at random Number generator produces i+1 wheel random number, i+1 wheel random number be respectively fed to the first left XOR unit, the Two left XOR unit, the first right XOR unit and the second right XOR unit, i-th takes turns left intermediate value LiWith i-th Wheel random number carries out xor operation by the first left XOR unit, and left xor operation is tied by the first left XOR unit Fruit is sent in left depositor, and i-th takes turns right intermediate value RiTake turns random number with i-th to be entered by the first right XOR unit Row xor operation, right xor operation result is sent in right depositor by the first right XOR unit, i+1 wheel wheel When operation starts, left xor operation result is sent in the second left XOR unit by left depositor, left xor operation Result and i+1 wheel random number carry out xor operation by the second left XOR unit, obtain i-th be reduced Take turns left intermediate value Li, as the first input data of i+1 wheel wheel operation, right depositor is by right xor operation Result is sent in the second right XOR unit, and right xor operation result and i+1 wheel random number are right different by second Or unit carries out xor operation, obtain being reduced i-th takes turns right intermediate value Ri, as i+1 wheel wheel operation Second input data;The N that N wheel wheel operation obtains takes turns left intermediate value LNRight intermediate value is taken turns with N RNSynthesis M-bit data also carries out obtaining ciphertext after initial permutation.
Further, in the jth wheel wheel operation of described DES algorithm, 1 < j≤N, wheel operation module is to jth-1 Wheel intermediate value Rj-1Be extended successively, xor operation, byte are replaced and replacement operator, then displacement are grasped Make result and Lj-1Carry out xor operation, obtain jth and take turns right intermediate value Rj, and by Rj-1Left as jth wheel Between be worth Lj
Beneficial effect: compared with prior art, the method have the advantages that
1) hardware resource cost of the present invention is low;Have only to increase a small amount of XOR unit and randomizer, compare whole DES cryptochannel only accounts for very small scale;
2) performance cost of the present invention is low;Circuit critical path is only increased to the delay of a small amount of XOR unit, compare whole The delay of the modules such as extension, xor operation, byte replacement and replacement operator in DES circuit, only accounts for very Little ratio, has substantially reduction thus without causing work dominant frequency;
3) present invention has the strongest autgmentability and versatility, by protecting depositor, can move very easily Plant in other DES cryptographic algorithms' implementation circuit;
4) the storage value during the present invention ensures depositor has randomness, effectively conceals the Chinese in DES cryptographic algorithm Prescribed distance is revealed, and eliminates the dependency between intermediate result data Hamming distance and power consumption, it is possible to effectively support Anti-based on Hamming distance model power consumption attack.
Accompanying drawing explanation
Fig. 1 is the flow chart of traditional DES algorithm;
Fig. 2 is the flow chart of the DES algorithm that have employed the inventive method;
Fig. 3 is that tradition DES algorithm is carried out the correlation coefficient matrix obtained by first 6 bit of power consumption attack Result;
Fig. 4 be to using the DES algorithm after the inventive method to carry out first 6 bit of power consumption attack obtained by Correlation coefficient matrix result.
Detailed description of the invention
Below in conjunction with detailed description of the invention, technical scheme is further introduced.
Tradition DES algorithm as it is shown in figure 1, be made up of 3 parts altogether, be respectively initial permutation, 16 take turns identical Wheel operation and inverse initial permutation convert.Each wheel is required to a round key to complete key add operation, Yi Gongshi Six sub-keys, be designated as Kn (n=0 ..., 16).Sub-key and is put through initial permutation, ring shift left by initial key Obtain after changing selection.The wheel operation of 16 circulations in the middle of DES algorithm include extension, xor operation, byte replacement, Displacement and xor operation five operation.DES often takes turns end all can produce two 32 intermediate value data, Ke Yiji For Ln (n=0 ..., 16), Rn (n=0 ..., 16) be stored in depositor L and R, wherein L16And R16Merge into one Individual 64 bit data, carry out inverse initial permutation operating result and are ciphertext output.
As a example by the DES hardware algorithm of one-level flowing water realizes, the plaintext of input and hardware can be obtained assailant In the case of power consumption track, assailant can attack for the output valve of the first round.By key is guessed Surveying, assailant can derive the output valve of the first round from plaintext, owing to depositor at a time its value is from plain text The output of inverse initial permutation become the output of the first round, therefore can set up Hamming distance model.Due to the first round Key length is 86 bits, therefore can break through by 6 bits one by one, and concrete step is as follows:
1. according to R0The value of 48 bit intermediate values after first round extended operation can be derived.
2. according to the value of n-th 6 bit of intermediate value after extended operation and the n-th 6 of hypothesis key K1 Bit, can derive the value of data nth byte after key adds.
3. the value of n-th 6 bit after being added by key can be derived byte through byte conversion and replace behaviour Make the value of n-th 6 bit exported.
4. after in the output replaced by first round byte, the value of n-th 6 bit can derive replacement operator The value of n-th 4 bit.
5. by the value of the value of n-th 4 bit after replacement operator and n-th 4 bit of L0 through different Or operate the value of n-th 4 bit that can derive first round output.
6. pass through value and the R of n-th 4 bit in the output of the first round0Between the value of n-th 4 bit permissible Set up the Hamming distance model of 4 bits.
For above-mentioned attack based on Hamming distance model, the invention discloses a kind of face based on depositor mask To the anti-power consumption attack method of DES algorithm, as in figure 2 it is shown, in DES algorithm add randomizer 1, Left depositor protection module 2 and right depositor protection module 3, left depositor protection module 2 includes that first is left XOR unit the 21, second left XOR unit 23 and left depositor 22, right depositor protection module 3 includes the One right XOR unit the 31, second right XOR unit 33 and right depositor 32.In the starting stage of DES algorithm, Operate through initial permutation in plain text, the left-half of 64 intermediate data of initial permutation operation output and right half Part is respectively as independent left-half 32 bit data L0With right half part 32 bit data R0, left-half 32 Data L0With right half part 32 bit data R0It is respectively fed to the first left XOR unit 21 and the first right XOR unit 31, randomizer 1 produces starting stage random number, and it is left different that starting stage random number is respectively fed to first Or unit 21, second left XOR unit the 23, first right XOR unit 31 and the second right XOR unit 33, left Half part 32 bit data L0Xor operation is carried out by the first left XOR unit 21 with starting stage random number, the Left xor operation result is sent in left depositor 22 by one left XOR unit 21, right half part 32 bit data R0 Xor operation, the first right XOR unit 31 is carried out by the first right XOR unit 31 with starting stage random number Right xor operation result being sent in right depositor 32, when the 1st wheel operation starts, left depositor 22 will It is logical that left xor operation result sends into the second left XOR unit 23, left xor operation result and starting stage random number Cross the second left XOR unit 23 and carry out xor operation, obtain left-half 32 bit data L being reduced0, as First input data of the 1st wheel operation, right xor operation result is sent into the second right XOR list by right depositor 32 Unit (33), right xor operation result and starting stage random number carry out XOR by the second right XOR unit (33) Operation, obtains the right half part being reducedBit data R0, as the second input data of the 1st wheel operation.The In i wheel wheel operation, 1≤i < 16, wheel operation module is calculated the i-th left intermediate value L taken turnsiWith right intermediate value Ri, wheel operation module takes turns left intermediate value L by i-thiSending into the first left XOR unit 21, wheel operation module is by the I takes turns right intermediate value RiSending into the first right XOR unit 31, randomizer 1 produces i+1 wheel random number, I+1 wheel random number is respectively fed to first left XOR unit 21, second left XOR unit the 23, first right XOR Unit 31 and the second right XOR unit 33, i-th takes turns left intermediate value LiTo take turns random number left different by first with i-th Or unit 21 carries out xor operation, left xor operation result is sent into left depositor by the first left XOR unit 21 In 22, i-th takes turns right intermediate value RiTake turns random number with i-th and carry out xor operation by the first right XOR unit 31, Right xor operation result is sent in right depositor 32 by the first right XOR unit 31, and i+1 wheel wheel operation is opened During the beginning, left xor operation result is sent in the second left XOR unit 23 by left depositor 22, left xor operation Result and i+1 wheel random number carry out xor operation by the second left XOR unit 23, obtain being reduced the I takes turns left intermediate value Li, as the first input data of i+1 wheel wheel operation, right depositor 32 is by right XOR Operating result is sent in the second right XOR unit 33, and right xor operation result and i+1 wheel random number are by the Two right XOR unit 33 carry out xor operation, and obtain being reduced i-th takes turns right intermediate value Ri, as i+1 Second input data of wheel wheel operation;16th wheel operates the 16th obtained and takes turns left intermediate value L16With the 16th Take turns right intermediate value R16Ciphertext is obtained after synthesizing 64 bit data and carrying out inverse initial permutation.
After using the inventive method, the hardware resource needed for whole DES cipher circuit adds 14%, Critical path delay increases 17%, compares with other anti-Hamming distance power consumption attack methods based on mask, Area overhead and performance cost are affected limited.
The DES algorithm circuit realized based on FPGA platform has been carried out based on Hamming distance by this detailed description of the invention Power consumption attack from model.Arranging initial key is ' 0102030405060708 ', wherein 64 ratios of the first round Special sub-key is ' 000004320a02 '.This experiment use oscillograph acquires FPGA and carries out des encryption Power consumption track during computing totally 5000, every power consumption track count as N, obtain 5000 groups of phases simultaneously Corresponding clear data.Article 5000, power consumption track can synthesize the actual power loss track of 5000 row N row Matrix.Simultaneously by these 5000 groups of clear datas can be calculated 5000 times based on plaintext initial permutation and The Hamming distance of first round output, breaks through, therefore for each one by one owing to dividing the key into 86 bits Individual byte has 64 kinds of hypothesis values, therefore can obtain the hypothesis power consuming matrix of 64 row 5000 row.Logical Cross the every string to the every string and actual power consumption track of assuming power consuming matrix and carry out correlation calculations, permissible Obtaining the correlation matrix of 64 row N row, the corresponding key of every a line is assumed.By this dependency square Battle array is depicted as 64 curves, as it is shown on figure 3, be the dependency square obtained by attacking for first 6 bit The system of battle formations, it appeared that occur in that obvious spike, i.e. by this phase in the curve corresponding to correct key hypothesis Closing property matrix can deduce 6 correct bit keys values.Finding through experiment, 5000 power consumption tracks can To break through all bits of key, and obtain correct initial key.
A kind of method for depositor protection being then used by present invention proposition improves DES algorithm.And will DES algorithm after improvement FPGA realizes, and attempts carrying out power consumption attack.This experiment uses oscillograph Gather the power consumption track that the DES algorithm after FPGA operational development realizes, and by power consumption trace bar number from 5000 Bar increases to 100,000.Then 100,000 power consumption tracks are used to realize carrying out for the DES algorithm after improving Power consumption attack based on Hamming distance, obtains correlation coefficient matrix, as shown in Figure 4.
As can be seen from Figure 4 correct key homologous thread has been submerged among other 63 curves, after improvement DES algorithm realize, power consumption trace bar number from 5000 increase to 100,000 after, correct key does not the most occur Spike, and correlation coefficient occurs in that significantly reduction.It appeared that the DES algorithm after Gai Jining effectively is resisted Power consumption attack of based on Hamming distance, it was demonstrated that the effectiveness of the inventive method.

Claims (2)

1. the anti-power consumption attack method towards DES algorithm based on depositor mask, it is characterised in that: In DES algorithm, add randomizer (1), left depositor protection module (2) and right depositor protect Protecting module (3), left depositor protection module (2) includes that the first left XOR unit (21), second left side are different Or unit (23) and left depositor (22), right depositor protection module (3) includes the first right XOR unit (31), the second right XOR unit (33) and right depositor (32);In the starting stage of DES algorithm, Operate through initial permutation in plain text, the left-half of the M position intermediate data of initial permutation operation output and right-hand part Divide respectively as independent left-halfBit data L0And right half partBit data R0, left-halfBit data L0And right half partBit data R0It is respectively fed to the first left XOR unit (21) and the first right XOR unit (31), Randomizer (1) produces starting stage random number, and starting stage random number is respectively fed to the first left XOR Unit (21), the second left XOR unit (23), the first right XOR unit (31) and the second right XOR list Unit (33), left-halfBit data L0Entered by the first left XOR unit (21) with starting stage random number Row xor operation, left xor operation result is sent in left depositor (22) by the first left XOR unit (21), Right half partBit data R0XOR behaviour is carried out by the first right XOR unit (31) with starting stage random number Making, right xor operation result is sent in right depositor (32) by the first right XOR unit (31), and the 1st takes turns When wheel operation starts, left xor operation result is sent into the second left XOR unit (23) by left depositor (22), Left xor operation result and starting stage random number carry out xor operation by the second left XOR unit (23), Obtain the left-half being reducedBit data L0, as the first input data of the 1st wheel operation, right depositor (32) right xor operation result is sent into the second right XOR unit (33), right xor operation result and starting stage Random number carries out xor operation by the second right XOR unit (33), obtains the right half part being reducedBit data R0, as the second input data of the 1st wheel operation;In i-th wheel operation, 1≤i < N, N are DES The total degree of algorithm wheel operation, wheel operation module is calculated the i-th left intermediate value L taken turnsiWith right intermediate value Ri, Wheel operation module takes turns left intermediate value L by i-thiSending into the first left XOR unit (21), wheel operation module is by the I takes turns right intermediate value RiSending into the first right XOR unit (31), randomizer (1) produces i+1 wheel Random number, i+1 wheel random number be respectively fed to the first left XOR unit (21), the second left XOR unit (23), First right XOR unit (31) and the second right XOR unit (33), i-th takes turns left intermediate value LiTake turns with i-th Random number carries out xor operation by the first left XOR unit (21), and the first left XOR unit (21) is by a left side Xor operation result is sent in left depositor (22), and i-th takes turns right intermediate value RiTake turns random number with i-th to pass through First right XOR unit (31) carries out xor operation, and right xor operation is tied by the first right XOR unit (31) Fruit is sent in right depositor (32), and when i+1 wheel wheel operation starts, left depositor (22) is by left XOR Operating result is sent in the second left XOR unit (23), and left xor operation result and i+1 wheel random number lead to Crossing the second left XOR unit (23) and carry out xor operation, obtain being reduced i-th takes turns left intermediate value Li, make For the first input data of i+1 wheel wheel operation, right xor operation result is sent into the by right depositor (32) In two right XOR unit (33), right xor operation result and i+1 wheel random number are by the second right XOR list Unit (33) carries out xor operation, and obtain being reduced i-th takes turns right intermediate value Ri, as i+1 wheel wheel behaviour The the second input data made;The N that N wheel wheel operation obtains takes turns left intermediate value LNRight is taken turns with N Value RNSynthesis M-bit data also carries out obtaining ciphertext after initial permutation.
The anti-power consumption attack towards DES algorithm based on depositor mask the most according to claim 1 Method, it is characterised in that: in the jth wheel wheel operation of described DES algorithm, 1 < j≤N, takes turns operation module Jth-1 is taken turns intermediate value Rj-1Be extended successively, xor operation, byte are replaced and replacement operator, then will Replacement operator result and Lj-1Carry out xor operation, obtain jth and take turns right intermediate value Rj, and by Rj-1As jth Take turns left intermediate value Lj
CN201610412868.1A 2016-06-14 2016-06-14 A kind of anti-power consumption attack method towards DES algorithm based on register mask Active CN105897399B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610412868.1A CN105897399B (en) 2016-06-14 2016-06-14 A kind of anti-power consumption attack method towards DES algorithm based on register mask

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610412868.1A CN105897399B (en) 2016-06-14 2016-06-14 A kind of anti-power consumption attack method towards DES algorithm based on register mask

Publications (2)

Publication Number Publication Date
CN105897399A true CN105897399A (en) 2016-08-24
CN105897399B CN105897399B (en) 2019-01-29

Family

ID=56730262

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610412868.1A Active CN105897399B (en) 2016-06-14 2016-06-14 A kind of anti-power consumption attack method towards DES algorithm based on register mask

Country Status (1)

Country Link
CN (1) CN105897399B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107769910A (en) * 2017-11-15 2018-03-06 东南大学 A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100232602A1 (en) * 2009-03-13 2010-09-16 Hiromi Nobukata Encryption processing apparatus
CN102752103A (en) * 2012-07-26 2012-10-24 上海爱信诺航芯电子科技有限公司 Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack
CN102970132A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm
CN102970131A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Circuit structure for preventing power attacks on grouping algorithm
CN103647640A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 Power consumption attacking method for DES second-round L register reversal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100232602A1 (en) * 2009-03-13 2010-09-16 Hiromi Nobukata Encryption processing apparatus
CN102970132A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm
CN102970131A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Circuit structure for preventing power attacks on grouping algorithm
CN102752103A (en) * 2012-07-26 2012-10-24 上海爱信诺航芯电子科技有限公司 Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack
CN103647640A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 Power consumption attacking method for DES second-round L register reversal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107769910A (en) * 2017-11-15 2018-03-06 东南大学 A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF
CN107769910B (en) * 2017-11-15 2020-08-04 东南大学 DES (data encryption Standard) protection method and circuit for resisting side channel attack based on L atch PUF (physical unclonable function)

Also Published As

Publication number Publication date
CN105897399B (en) 2019-01-29

Similar Documents

Publication Publication Date Title
CN101237320B (en) Method for password protection for constructing unidirectional hash function based on infinite dimension ultra-chaos
CN103067155A (en) Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis
CN103634102B (en) A kind of means of defence of side-channel attack and fault attacks
CN105871536A (en) AES-algorithm-oriented power analysis attack resistant method based on random time delay
CN103916236B (en) Power attack prevention method oriented at AES algorithm and circuit achieving method thereof
CN105656619B (en) A kind of AES encryption method and the anti-power consumption attack method based on it
CN103905182A (en) Anti-attack method based on middle data storage position dynamic change and circuit implementation
CN105933108B (en) A kind of pair of SM4 algorithm realizes the method cracked
CN106452725B (en) A kind of anti-power consumption attack method towards aes algorithm based on register mask
CN103795527A (en) Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
CN106301759A (en) A kind of method of data encryption, the method and device of deciphering
CN102970132A (en) Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm
CN107994980B (en) DPA attack resisting method adopting clock disorder technology and chaotic trigger
CN107204841A (en) A kind of method that many S boxes of the block cipher for resisting differential power attack are realized
CN107154843A (en) A kind of system for implementing hardware of the SM4 algorithms of anti-power consumption attack
CN104301095A (en) DES round operation method and circuit
CN107483182B (en) AES algorithm-oriented power attack resisting method based on out-of-order execution
CN102970131A (en) Circuit structure for preventing power attacks on grouping algorithm
Zhu et al. Counteracting leakage power analysis attack using random ring oscillators
CN109347621A (en) The high speed AES encryption circuit of defensive collision attack based on random delay S box
CN105897399A (en) DES (Data Encryption Standard) algorithm oriented power analysis attack resisting method based on register mask
CN104811295A (en) Side channel energy analysis method for ZUC cryptographic algorithm with mask protection
CN108650072A (en) It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method
CN108123792A (en) A kind of power consumption method for scrambling of SM4 algorithms circuit
CN104717060B (en) A kind of method for attacking elliptic curve encryption algorithm and attack equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 210009 No. 87 Dingjiaqiao, Gulou District, Nanjing City, Jiangsu Province

Applicant after: Southeast University

Address before: 210096 No. four archway, 2, Jiangsu, Nanjing

Applicant before: Southeast University

GR01 Patent grant
GR01 Patent grant