CN108322301A - The implementation method of S box operations in software levels double rail logic - Google Patents

The implementation method of S box operations in software levels double rail logic Download PDF

Info

Publication number
CN108322301A
CN108322301A CN201710034812.1A CN201710034812A CN108322301A CN 108322301 A CN108322301 A CN 108322301A CN 201710034812 A CN201710034812 A CN 201710034812A CN 108322301 A CN108322301 A CN 108322301A
Authority
CN
China
Prior art keywords
look
address
split
double rail
bits
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710034812.1A
Other languages
Chinese (zh)
Inventor
顾星远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Huahong Integrated Circuit Co Ltd
Original Assignee
Shanghai Huahong Integrated Circuit Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huahong Integrated Circuit Co Ltd filed Critical Shanghai Huahong Integrated Circuit Co Ltd
Priority to CN201710034812.1A priority Critical patent/CN108322301A/en
Publication of CN108322301A publication Critical patent/CN108322301A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]

Abstract

The present invention is directed to propose a kind of implementation method of the S box operations in software levels double rail logic, including:Being originally inputted for the S boxes operation is split as N number of part, N is the integer more than 0;1 grade of N tables look-up before being carried out using described 1 part the preceding N being originally inputted after being split, and every grade of output tabled look-up is the result is that the table address that next stage is tabled look-up;And carry out N grades by using n-th part and table look-up, obtain the output result of the S boxes operation.The arithmetic speed for the S box operations that the above method is realized is comparatively fast and the memory space of needs is smaller.

Description

The implementation method of S box operations in software levels double rail logic
Technical field
The present invention relates to the implementation methods of the S box operations under the encryption method of chip more particularly to software levels double rail logic.
Background technology
Any encryption device can all give out various forms of information at runtime, such as power consumption, electromagnetic radiation, sound, fortune Row time etc..These information can be collected and analyze, and recover the secret information of encryption device by this method.This attack It is called bypass attack.Bypass attack is realized for Encryption Algorithm, is not directed to some specific algorithm.Therefore, though certain A Encryption Algorithm mathematically or is in theory proved to be safe, it still is possible to be bypassed in practical applications and attack It hits and breaks through.In fact, the conventional implementation method of Encryption Algorithm can not usually resist bypass attack.It is a kind of common in bypass attack Method is power consumption analysis, it restores the secret information of the equipment by the power consumption that analytical equipment is distributed.Wherein, according to power consumption The direct feature of curve is referred to as simple power consumption analysis (Simple Power Analysis, SPA) come the method analyzed. It is analyzed according to the statistical nature of a large amount of power consumption profile and the method for calculating secret information is referred to as differential power consumption analysis (Differential Power Analysis,DPA)。
In cmos circuitry, the power consumption that register generates depends on the number of its bit reversal, that is, former depending on it Hamming distance between value and new value.It is consequently possible to calculate median when encryption device is run, and according to " register produces Raw power consumption depends on the number of its bit reversal ", to estimate power consumption size when encryption device operation.Wherein, median is Refer to from it is given be input to obtain output between median in all calculating process.
Double rail logic is resistant to the hardware implementation method of power consumption analysis.Specifically, indicating one using two physical bits Logical bits, you can to indicate a logical bits " 0 " with two physical bits " 01 ", one is indicated with two physical bits " 10 " A logical bits " 1 ", and stipulated that the change of any numerical value needs first to become pre-charge state (i.e. numerical value " 00 ") from initial value, then It is transformed into new value again.In this way, all numerical value change caused by power consumption all same, attacker just can not according to power consumption size come Distinguish different runtime values.The defect of the above method is that the area of chip can be double, this is for lightweight encryption device Huge cost.Certain Encryption Algorithm are realized in programmable encryption device by software, such as CPU card.These add Close algorithm can realize double rail logic by the form of software.
Software levels double rail logic refers to the realization method of the analog hardware double rail logic in software programming, and key is not only The data fit double rail logic for ensureing to output and input is needed, it is also to be ensured that the safety of the median in calculating process.Therefore, Mode that software levels double rail logic generally use is tabled look-up is realized.
S box operations are the basic operations in symmetric encipherment algorithm, basic calculating process be for an input data, with One specific corresponding data is exported as a result.The S box operations that one n-bit input, m bits export are to define One kind from x | 0≤x≤2n- 1, x ∈ Z } to x | 0≤x≤2m- 1, x ∈ Z } mapping.Each Encryption Algorithm defines the S of oneself The data correspondence of box operation, and S boxes defined in different Encryption Algorithm are generally also different.And for the operation of S boxes this There is no the operation of apparent logical relation, realization of tabling look-up to need to consume a large amount of memory space between the input and output of sample.
Invention content
The present invention is intended to provide a kind of arithmetic speed is very fast and the implementation method of the S box operations that need memory space smaller.
The present invention proposes a kind of implementation method of the S box operations in software levels double rail logic, including:By the S boxes operation Be originally inputted and be split as N number of part, N is the integer more than 0;Use the preceding N-1 part being originally inputted after being split It tables look-up to carry out first N-1 grades, every grade of output tabled look-up is the result is that the table address that next stage is tabled look-up;And by using n-th portion Divide N grades of progress to table look-up, obtains the output result of the S boxes operation.
Preferably, described be originally inputted with the output result is coding and double track.
Preferably, the used table of tabling look-up meets claimed below:(1) have with the address of all tables of level-one identical Hamming weight;(2) address of table is the integral multiple of the size of the table;And the size of (3) table is 2 integral number power.
Preferably, each in N number of part after being split is coding and double track;And N number of part is One or more of the following terms:Single logical bits, being arranged in order of multiple neighbor logic bits, non-conterminous logical bits Between combination.
Description of the drawings
Including attached drawing it is further understood to present disclosure to provide.Attached drawing shows the implementation of present disclosure Example, and play the role of explanation present disclosure principle together with this specification.In conjunction with attached drawing and reading following to spy After the embodiment of fixed non-limiting present disclosure, the technical solution and its advantage of present disclosure will become aobvious and easy See.Wherein:
Fig. 1 shows method flow diagram according to an embodiment of the invention.
Specific implementation mode
With reference to the non-limiting embodiment for being shown in the accompanying drawings and being described in detail in the following description, more completely illustrate the disclosure The multiple technical characteristics and Advantageous details of content.Also, it is described below and has ignored to well known original material, treatment technology, group The description of part and equipment, in order to avoid unnecessarily obscure the technical essential of present disclosure.However, those skilled in the art can It is understood that when the embodiment of present disclosure is described below, description and particular example are only as illustrative and not limiting side Formula provides.
In the case of any possible, same or analogous portion will be indicated using identical label in all the appended drawings Point.In addition, although the term used in present disclosure is selected from public term, present disclosure Specification mentioned in some terms to may be disclosure people carry out selection by his or her judgement, detailed meanings exist Illustrate in the relevant portion of description herein.In addition, it is desirable that not only by used actual terms, and be also to by every Meaning that a term is contained understands present disclosure.
The present invention proposes a kind of implementation method of the S box operations under software levels double rail logic, outputs and inputs data and passes through By coding and double track.In calculating process, all operation datas, median Hamming weight all with bright ciphertext and the data of key Content is unrelated, i.e., algorithm performs when the power consumption that generates and algorithm involved by data there is no any relevance, attacker is also with regard to nothing Method obtains the key of Encryption Algorithm by power consumption analysis.Wherein, Hamming weight refers to the number of bit in binary data " 1 ". Meanwhile the above method, compared with conventional S box operational software grade double rail logics are realized, the very fast and required storage of arithmetic speed is empty Between it is smaller.
In one embodiment, a logical bits " 0 " is indicated with two physical bits " 01 ", with two physical bits " 10 " indicate a logical bits " 1 ".In another embodiment, a logic can also be indicated with two physical bits " 01 " Bit " 1 " indicates a logical bits " 0 " with two physical bits " 10 ".Assuming that the input of S box operations is denoted as I, output is denoted as R then has R=S (I).Herein, S indicates the operation of S boxes from the transformation for being input to output.If indicating coding and double track transformation with dr (), The operation S that then this method is realizedDMeet:Dr (R)=SD(dr(I)).Wherein, SDIndicate the S boxes operation under double rail logic from defeated Enter the transformation to output.
In a preferred embodiment, S boxes are split as multiple sub- S boxes, and the related operation of S boxes will also pass through multistage It tables look-up to obtain final result.
As shown in Figure 1, it is assumed that be originally inputted as I, the length of input is L logical bits.To be originally inputted be split as it is N number of Partly (N is the integer more than 0) (101), are denoted as I respectively1,I2,...,IN, the length of this N number of part is respectively L1,L2,..., LNA logical bits.Each part I after fractionation1,I2,...,INIt is still coding and double track.The logic that multistage is tabled look-up is as follows:
R1=S1(I1)
R2=R1(I2)
RN=RN-1(IN)
Here R1~RN-1For first N-1 grades table look-up as a result, and RNFor final output.S1Indicate that the first order is tabled look-up when institute Table.It is originally inputted before the preceding N-1 part after being split is respectively used to and tables look-up for N-1 grades, the output tabled look-up is the result is that next The table address (102) that grade is tabled look-up;Finally, N grades are carried out by using n-th part to table look-up, obtains the output result of S box operations (103)。
In entire calculating process, the input of S box operations, output data are through coding and double track.Although in table lookup operation The address date of table is unrelated with code data, but if attacker, which can find out, has used different tables, is also equivalent to It finds out to obtain same data message.Therefore the address of table should meet following two conditions:
1. the address Hamming weight having the same of all tables with level-one.In this way, the table address reading with level-one is produced Raw power consumption information would not have differences, to make attacker that can not obtain useful information.
2. the address of table is the integral multiple of the size of the table, and the size of table is 2 integral number power.In this way, when table When address is plus input data as offset address, since input data is coding and double track, actual address when addressing Hamming weight still can be consistent, to make attacker that can not obtain useful information.
In a preferred embodiment, by taking first S box operation for realizing DES cryptographic algorithms as an example.Assuming that available Memory space address is 0x1000-0x2000, is defined as using " 01 " expression 0 using coding and double track, with " 10 " expression " 1 ".
Calculating can be divided into two-stage and table look-up, i.e., input is split as 2 parts.The S boxes input of DES cryptographic algorithms is patrolled for 6 Collect bit.Here, the input data that the first order is tabled look-up is the 1st and the 6th logical bits (part 1 after splitting is defeated The combination of the 1st entered and the 6th logical bits), the input data (part 2 after splitting) that the second level is tabled look-up is 2- 5 logical bits amount to 4 logical bits.The 2nd grade of table address tabled look-up be respectively 0x1300,0x1500,0x1600 and 0x1900, and address above mentioned Hamming weight having the same.
First order table S1Initial address be 0x1000, table S1In data it is specific as follows:
S1=[0,0,0,0,0,0x1300,0x1500,0,0,0x1600,0x1900,0,0,0,0,0]
When input is respectively " 0101 ", " 0110 ", " 1001 " and " 1010 " (5,6,9 and 10), second can be obtained The address (i.e. 0x1300,0x1500,0x1600 and 0x1900) of grade table.Other positions will not usually be found, therefore can be filled out 0, Hamming weight nonsignificant data identical with 0x1300 can also be filled in.
4 table S of the second level2,S3,S4,S5Specific as follows, final output can be obtained by tabling look-up by the second level.
S2Initial address be 0x1300, the specific data in table are as follows:
S2=
[0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa6,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa9,0x65,0x00, 0x00,0x00,0x56,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x59,0xaa, 0x00,0x00,0x9a,0x95,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x5a,0x99,0x00,0x00,0x69,0xa5,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x66,0x96,0x00,0x00,0x55,0x6a,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00]
S3Initial address be 0x1500, the specific data in table are as follows:
S3=
[0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x6a,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x55,0xaa,0x00, 0x00,0x00,0x65,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa9,0x59, 0x00,0x00,0xa6,0x56,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x99,0x69,0x00,0x00,0xa5,0x9a,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x96,0x66,0x00,0x00,0x5a,0x95,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00]
S4Initial address be 0x1600, the specific data in table are as follows:
S4=
[0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa9,0x65,0x00, 0x00,0xa6,0x56,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x59,0xaa, 0x00,0x00,0x9a,0x95,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x5a,0x99,0x00,0x00,0x69,0xa5,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x66,0x96,0x00,0x00,0x55,0x6a,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00]
S5Initial address be 0x1900, the specific data in table are as follows
S5=
[0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xaa,0xa5,0x00, 0x00,0x95,0x59,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x65,0x96, 0x00,0x00,0x56,0x6a,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x66,0x9a,0x00,0x00,0x5a,0xa9,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x99,0x55,0x00,0x00,0x69,0xa6,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00]
In a preferred embodiment, the input of first S box operation of DES algorithms is 6 bit datas (i.e. 0-63), Output is 4 bit datas (i.e. 0-15).The original transform of the S box operations is as follows:
S=
[0xe,0x0,0x4,0xf,0xd,0x7,0x1,0x4,0x2,0xe,0xf,0x2,0xb,0xd,0x8,0x1,0x3, 0xa,0xa,0x6,0x6,0xc,0xc,0xb,0x5,0x9,0x9,0x5,0x0,0x3,0x7,0x8,0x4,0xf,0x1,0xc, 0xe,0x8,0x8,0x2,0xd,0x4,0x6,0x9,0x2,0x1,0xb,0x7,0xf,0x5,0xc,0xb,0x9,0x3,0x7, 0xe,0x3,0xa,0xa,0x0,0x5,0x6,0x0,0xd]
That is S [0]=0xe, S [1]=0x0, S [2]=0x4 ... S [63]=0xd.Here, with input for 0x00 and 0x1c For illustrate how the S boxes operation in the present invention runs.
Assuming that " 01 " expression " 0 " is used in double rail logic, with " 10 " expression " 1 ".
For 0x00:Its 6 bit data is " 000000 ", is " 010101010101 " if being indicated with double rail logic (0x555).Here it is first carried out the first order with the 1st and the 6th logical bits combination and is tabled look-up, namely be combined as " 0101 " (0x5), To S1It tables look-up, i.e. S1[5]=0x1300.It is later that " 01010101 " (0x55) is right with the 2nd to the 5th logical bits The position of 0x1300 is tabled look-up, namely has S2[0x55]=0xa9, and 0xa9 is " 10101001 ", be that is to say " 1110 " The double rail logic of (0xe) indicates.In the whole process, S boxes operation of the invention has obtained 0xa9 from input 0x555 by two steps Output, i.e., expressed in the form of double rail logic from input 0x0 to 0xe output.
For 0x2c:Its 6 bit data is " 101100 ", is " 100110100101 " if being indicated with double rail logic (0x9a5).Here it is first carried out the first order with the 1st and the 6th logical bits combination and is tabled look-up, namely be combined as " 1001 " (0x9), To S1It tables look-up, i.e. S1[9]=0x1600.It is later that " 01101001 " (0x69) is right with the 2nd to the 5th logical bits The position of 0x1600 is tabled look-up, namely has S4[0x69]=0x59, and 0x59 is " 01011001 ", be that is to say " 0010 " The double rail logic of (0x2) indicates.In the whole process, S boxes operation of the invention has obtained 0x59 from input 0x9a5 by two steps Output, i.e., expressed in the form of double rail logic from input 0x2c to 0x02 output.
It will be appreciated by persons skilled in the art that the fractionation mode for input is not limited to above-mentioned ad hoc fashion.It tears open N number of part after point can be one or more of the following terms:Single logical bits, multiple neighbor logic bits are successively Combination between arrangement, non-conterminous logical bits.When being split, logical bits be integrally included into some part without It can be opened.Therefore, N number of part after fractionation still maintains the property of coding and double track.
According to above-described embodiment it is found that being tabled look-up by above-mentioned classification can make several tables of the second level in different moments Identical memory space is shared, more flexible and easily operation time and memory space can be put down thereby using family Weighing apparatus.
Although some embodiments of the present invention are described in present specification, to art technology Personnel are it is readily apparent that these embodiments are merely possible to shown in example.It may occur to persons skilled in the art that numerous Variant scheme, alternative solution and improvement project without beyond the scope of this invention.The appended claims are intended to limit this hair Bright range, and thereby cover the method and structure in the range of these claims itself and its equivalents.

Claims (4)

1. a kind of implementation method of the S box operations in software levels double rail logic, including:
Being originally inputted for the S boxes operation is split as N number of part, N is the integer more than 0;
It tables look-up for N-1 grades before being carried out using the preceding N-1 part being originally inputted after being split, every grade of output result tabled look-up It is the table address that next stage is tabled look-up;And
N grades are carried out by using n-th part to table look-up, and obtain the output result of the S boxes operation.
2. the method as described in claim 1, which is characterized in that described be originally inputted with the output result is coding and double track 's.
3. the method as described in claim 1, which is characterized in that the used table of tabling look-up meets claimed below:
(1) with the address Hamming weight having the same of all tables of level-one;
(2) address of table is the integral multiple of the size of the table;And
(3) size of table is 2 integral number power.
4. the method as described in claim 1, which is characterized in that each in N number of part after being split is double track Coding;And N number of part is one or more of the following terms:Single logical bits, multiple neighbor logic bits Be arranged in order, the combination between non-conterminous logical bits.
CN201710034812.1A 2017-01-17 2017-01-17 The implementation method of S box operations in software levels double rail logic Pending CN108322301A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710034812.1A CN108322301A (en) 2017-01-17 2017-01-17 The implementation method of S box operations in software levels double rail logic

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710034812.1A CN108322301A (en) 2017-01-17 2017-01-17 The implementation method of S box operations in software levels double rail logic

Publications (1)

Publication Number Publication Date
CN108322301A true CN108322301A (en) 2018-07-24

Family

ID=62892162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710034812.1A Pending CN108322301A (en) 2017-01-17 2017-01-17 The implementation method of S box operations in software levels double rail logic

Country Status (1)

Country Link
CN (1) CN108322301A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101267331A (en) * 2008-04-23 2008-09-17 华为技术有限公司 A search method and device for multicast forward table
US20150270949A1 (en) * 2014-03-19 2015-09-24 Nxp B.V. Protecting a white-box implementation against attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101267331A (en) * 2008-04-23 2008-09-17 华为技术有限公司 A search method and device for multicast forward table
US20150270949A1 (en) * 2014-03-19 2015-09-24 Nxp B.V. Protecting a white-box implementation against attacks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
顾星远 等: "一种软件级双轨逻辑的完整实现方案", 《通信技术》 *

Similar Documents

Publication Publication Date Title
Alon et al. Fast fast
Gross et al. Ascon hardware implementations and side-channel evaluation
CN105306195A (en) Sm4 acceleration processors, methods, systems, and instructions
Agnew Contemporary political geography: intellectual heterodoxy and its dilemmas
Barnes et al. Nonassociative geometry in quasi-Hopf representation categories II: Connections and curvature
Bounhas et al. Analogical classification: A new way to deal with examples.
CN105446897A (en) High-speed cache Hashing
Vukicevic et al. Improving hospital readmission prediction using domain knowledge based virtual examples
Huang et al. A scalable, high-performance customized priority queue
Li et al. Efficient implementation of lightweight block ciphers on volta and pascal architecture
CN108322301A (en) The implementation method of S box operations in software levels double rail logic
Lorenzo-Freire et al. Characterizations of the Deegan–Packel and Johnston power indices
Saeed et al. Recent Trends in Data Science and Soft Computing: Proceedings of the 3rd International Conference of Reliable Information and Communication Technology (IRICT 2018)
Caranicolas et al. Using the S (c) spectrum to distinguish between order and chaos in a 3D galactic potential
Ariffin et al. An immune system-inspired byte permutation function to improve confusion performance of round transformation in symmetric encryption scheme
Bounhas et al. Analogical classification: A rule-based view
Da Silva et al. Weighted average operators generated by n-dimensional overlaps and an application in decision
Sirbiladze Modeling of extremal fuzzy dynamic systems. Part III. Modeling of extremal and controllable extremal fuzzy processes
Gan et al. Geometrical representation of automata over some abelian groups
Banciu et al. Exploring the resilience of some lightweight ciphers against profiled single trace attacks
Slater Competitive Authoritarianism: Hybrid Regimes after the Cold War. By Steven Levitsky and Lucan A. Way. New York: Cambridge University Press, 2010. 517p. 29.99 paper.
Zhang et al. Real time related key attack on Hummingbird-2
Sugawara Hardware Performance Evaluation of Authenticated Encryption SAEAES with Threshold Implementation
Huang et al. A novel method of parallel gpu implementation of knn used in text classification
Ertimi et al. The Conditional Curse, a Missing Dimension of the Oil Curse—Economic Sanctions Channel in a Petrostate Economy: A Curse or a Blessing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180724

WD01 Invention patent application deemed withdrawn after publication