CN102609556A - Method and circuit for designing function of resisting power consumption attack for AES (advanced encryption standard) module - Google Patents
Method and circuit for designing function of resisting power consumption attack for AES (advanced encryption standard) module Download PDFInfo
- Publication number
- CN102609556A CN102609556A CN2011100300267A CN201110030026A CN102609556A CN 102609556 A CN102609556 A CN 102609556A CN 2011100300267 A CN2011100300267 A CN 2011100300267A CN 201110030026 A CN201110030026 A CN 201110030026A CN 102609556 A CN102609556 A CN 102609556A
- Authority
- CN
- China
- Prior art keywords
- circuit
- power consumption
- auxiliary circuit
- auxiliary
- primary circuit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Design And Manufacture Of Integrated Circuits (AREA)
Abstract
The invention discloses a method and a circuit for designing function of resisting power consumption attack for an AES (advanced encryption standard) module, wherein the method comprises the steps of constructing an original circuit for achieving AES module function; constructing an auxiliary circuit for covering the power consumption of the original circuit to enable the auxiliary circuit to match with the structure of the original circuit but have logic which is opposite to the original circuit so as to avoid cross connection between the auxiliary circuit and the original circuit; enabling the auxiliary circuit and the original circuit to work synchronously so as to achieve power-resisting attack of the AES module through dynamic double-rail logic. Due to the double-rail dynamic logic composed of the auxiliary circuit with negative logic and the original circuit, the method can achieve the design for resisting DPA (data processing algorithm) attack on the FPGA (field programmable gate array) in order to ensure the safety of the AES module.
Description
Technical field
The present invention relates to IC design, relate in particular to the design that in chip design, realizes anti-power consumption attack AES functions of modules.
Background technology
Guard technology to AES (ADVANCED ENCRYPTION STANDARD Advanced Encryption Standard) algorithm mainly contains at present: algorithm is realized improving, hide intermediate result through in algorithm, introducing the mask that produces at random; Increase noise and produce circuit, increase the difficulty of power consumption attack with this.
The anti-attack technology of mask:
The character that the power consumption attack that people such as Kocher propose has utilized the value of intermediate result I to predict through choice function.After hiding intermediate result, this attack has just turned turtle, and this hidden method is exactly a mask technology.Arithmetic mask and boolean's mask are two kinds of the most frequently used mask means.Very typical a kind of arithmetic mask is the multiplication mask, adopts a random number m mould to take advantage of intermediate result a to obtain new intermediate result b=am (modn), uses b and m as the input quantity in the algorithm implementation, thereby reaches the purpose of hiding real intermediate result a.Boolean's mask be through with random number m mutually XOR hide a; I.e.
calendar year 2001; Akkar and Giraud are used for the aes algorithm protection with mask technology the earliest; The whole process of algorithm adopts XOR mask x; When the SubBytes conversion, added a multiplication mask y, the SubBytes conversion is to realize through a series of additions, multiplication and inversion operation on Galois field, has guaranteed that conversion front and back mask is consistent.Trichina further simplified this method in 2002, used identical random number as XOR mask and multiplication mask.People such as C.Tymen have adopted similar method to prove that the hamming weight of all intermediate results has the distribution probability that phase I cries, and are uncorrelated with key with expressly.But this realization more complicated does not also realize based on the specific algorithm of this mask protectiving scheme at present.2004; Norber Pranmstaller has proposed a kind of ASIC implementation of aes algorithm; Adopt a kind of new mask scheme; The realization of SubBytes is to obtain through a series of computings that convert the inversion operation in the Galois field to, realizes that anti-DPA (DIFFERENTIAL POWER ANALYSIS differential power consumption analysis) attacks and the O value is attacked.2006, people such as E.Osward realized successfully having carried out second order DPA to the software of aes algorithm on smart card that adopts the mask protection and attack, and experiment proof second order DPA attacks the mask securing software of aes algorithm is realized having constituted grave danger.People such as Christoph Herbst have also realized the aes algorithm on the smart card; In this realization, all intermediate result is carried out mask; And algorithm begun to carry out randomization protection with last operation; Can prevent that SPA, DPA from attacking, effective anti-HODPA (higher difference power consumption analysis), said here effective anti-HODPA is meant the difficulty that significantly increases HODPA.2007, the technology that people such as S.Tillich adopt mask and randomization to combine on 32 bit processors realized the anti-power consumption attack of aes algorithm software protecting.
The noise circuit:
Reduce the difficulty that noise recently increases power consumption attack through introducing noise.Signal to noise ratio (S/N ratio) is low more, and is just more little to the correlativity of the true power consumption of correct conjecture and the device of hypothesis power consumption model.Along with the development of Digital Signal Processing, conventional random noise can increase noise and just increase the needed sample number of power consumption attack through technological means filterings such as pattern-recognition, white adaptive filtering, wavelet analysises.
At present, the main developing direction of anti-power consumption attack technology is following:
(1) mask technology of the effective more anti-HODPA attack of research.Present mask technology can resist DPA to attack, in conjunction with the aes algorithm of mask and randomized technique can effectively anti-HODPA attack.Along with the increase of the quantity of the pseudo-operation of inserting, successful implementation HODPA attacks needed sample number and rolls up.Algorithm execution speed, needed storage space all can be a greater impact simultaneously.In practical application, execution speed, storage space receive certain limitation, therefore, and the mask technology that needs the effective more anti-HODPA of research to attack.
(2) research has the noise protection technology of permanent protective property ability.Introducing random noise is a kind of anti-power consumption attack guard technology that generally uses; But random noise is always obeyed certain probability distribution; The assailant can be by modern signal processing technology filtering noise as much as possible, and introducing conventional random noise has just increased the required sample number of power consumption attack.
(3) the novel constant logical block of power consumption of research.The anti-power consumption attack of design specific logical unit is to be the basis to develop the constant logical block of new power consumption; Its construction cycle is long, cost is high, have a big risk; And the present ubiquity power consumption of this preventive means, defective that the chip area expense is bigger, for example: adopting double track dynamic logic unit to be implemented on power consumption and the area is the twice that adopts the realization of static criteria cell library.But this guard technology does not receive specific algorithm limits, highly versatile, and many mechanisms have put into the research of this respect.Existing double track dynamic logic; Adopt the forward logic; The attack that has cross connection (cross connection) to make it on FPGA (FIELD-PROGRAMMABLE GATE ARRAY, field programmable gate array), can't realize power-consumption balance between primary circuit and the auxiliary circuit and can not resist DPA.
Summary of the invention
The technical matters that the present invention will solve is to overcome the deficiency of above-mentioned prior art, and proposes a kind of that the double track dynamic logic realizes on FPGA, as to resist the attack of DPA design of adopting.
The present invention solves the problems of the technologies described above the technological means that is adopted and comprises, proposes a kind of method of anti-power consumption attack AES functions of modules design, and this method comprises:
Structure is in order to realize a primary circuit of AES functions of modules;
Structure matees the structure of this auxiliary circuit and primary circuit fully, but has the logic opposite with primary circuit, thereby make this auxiliary circuit and primary circuit not have cross connection each other in order to an auxiliary circuit of the power consumption of covering this primary circuit;
This auxiliary circuit is synchronoused working with primary circuit, thereby can realize the anti-power consumption attack of AES module through dynamic double rail logic.
In each clock period, have only the door output of a circuit that the conversion between the 0-1 is arranged among this primary circuit and the auxiliary circuit.
This primary circuit and auxiliary circuit are identical to the load capacity of electric capacity.
This auxiliary circuit has the logic opposite with primary circuit and is meant that the value of this auxiliary circuit output in the course of the work is always opposite with the value that this primary circuit is exported.
The process that makes up this auxiliary circuit specifically comprises:
The design pre-charge circuit;
Duplicate this primary circuit, obtain and the structure of this a primary circuit initial auxiliary circuit completely, the layout of the position of this initial auxiliary circuit will guarantee that this initial auxiliary circuit and primary circuit expend identical path resource;
This initial auxiliary circuit is transformed, made the output valve of its output valve and primary circuit opposite, obtain the design of this auxiliary circuit.
This method also comprises: the area of constrained designs stays the space that can place pre-charge circuit on each register next door.
This method also comprises: the IO in this primary circuit is connected remove, connection again after accomplishing the walking crosswise of this auxiliary circuit.
This pre-charge circuit can be realized by having with the circuit of the antilogical mutually of primary circuit.
This pre-charge circuit makes the output port that shows look-up table keep logical zero in pre-charging stage through using the asynchronous reset latch always; If used trigger; Pre-charge circuit must be placed on from the near as far as possible position of this trigger so, minimizes to guarantee the path between two-layer.
The present invention solves the problems of the technologies described above the technological means that is adopted and also comprises, proposes a kind of anti-power consumption attack AES functions of modules designed circuit, and this circuit is the FPGA circuit with anti-power consumption attack AES functions of modules that adopts above-mentioned method to realize.
Compared with prior art; The Method and circuits of anti-power consumption attack AES functions of modules design of the present invention; The auxiliary circuit that has the negative sense logic through employing cooperates the double track dynamic logic that constitutes with primary circuit; Can on FPGA, realize to resist the design of the attack of DPA, to guarantee the safety of AES module.
Description of drawings
Fig. 1 is the process flow diagram of the method embodiment of anti-power consumption attack AES functions of modules design of the present invention.
Fig. 2 is the electrical schematic diagram that the primary circuit of the logical and not gate among the anti-power consumption attack AES functions of modules designed circuit embodiment of the present invention combines with auxiliary circuit.
Fig. 3 is the electrical schematic diagram that the method embodiment of anti-power consumption attack AES functions of modules design of the present invention realizes on the FPGA circuit.
Embodiment
In order to further specify principle of the present invention and structure, combine accompanying drawing to a preferred embodiment of the present invention will be described in detail at present.
An auxiliary circuit is added in anti-power consumption attack AES functions of modules design of the present invention on original existing circuit base, the characteristic of this circuit and the characteristic of primary circuit are identical, in the course of the work the value exported of the auxiliary circuit inverse value of ifq circuit always.When carrying out the auxiliary circuit design, two cardinal rules are arranged: 1. in each clock period, have only the door output of a circuit that the conversion between the 0-1 is arranged in primary circuit and the auxiliary circuit.2. two circuit all are identical to the load capacity of electric capacity.
This logic can be described as how redundant balance power consumption logic.In how redundant balance power consumption logic, allow to use the negative sense logic, this just makes that how redundant balance power consumption logic has use more alive in the dynamic difference logic.As showing, the negative sense logic can be used as a pre-charge circuit, because the negative sense circuit can stop the generation of preliminary filling electric wave like Fig. 1.
Because the characteristic of negative sense logic need not carried out cross connection between primary circuit and the auxiliary circuit, therefore the design of this symmetric circuit can be applied in the middle of the FPGA, and can make the internal feature of FPGA reach optimization.The concrete design procedure of many redundant balance power consumption logical models is following:
Step 1: precharge.As shown in Figure 2, pre-charge circuit makes the output port of LUT (LOOK-UP-TABLE shows look-up table) keep logical zero in pre-charging stage through using the asynchronous reset latch always.If in a design, used a trigger, pre-charge circuit must be placed on from the near as far as possible position of trigger so, can guarantee that like this path between two-layer minimizes.Comprise CLB (programmable logic cells) among the FPGA, the CLB unit pack contains four layers, every layer of storage unit that all comprises two LUT and two triggers or latch type.Each trigger and latch are all directly followed the back at LUT.
Step 2: duplicate circuit.The first step of duplicate circuit is exactly the living auxiliary circuit of characteristic Design by primary circuit.Be the identical path resource that guarantees that auxiliary circuit and primary circuit expend, the position that auxiliary circuit is laid also must careful consideration.
Step 3: the design of auxiliary logic.The auxiliary logic output valve is the inverse value of direct-path (ifq circuit).With LUT of Equation f (x) definition, the equation of auxiliary circuit
can be expressed as shown in following formula so in direct-path:
Can see concrete implementation rule among Fig. 2 in front.
Step 4: Safety Design flow process
Referring to Fig. 3, how redundant balance power consumption logical design flow process roughly comprises:
Phase one: design is with comprehensive: the area of constrained designs, and by each register, stay the space that can place precharge logical.
Subordinate phase: insert precharge logical, convert the design of phase one to corresponding description document.
Phase III: the structure auxiliary circuit at first connects the IO in the former design and removes, connection again after accomplishing the walking crosswise of auxiliary circuit.
Compared with prior art; Anti-power consumption attack AES functions of modules design of the present invention; Through on original road, adding a auxiliary circuit with negative sense logic, make integrated circuit after handling like this do what operation and can not bring the difference on the power consumption, be exactly to crack operation with the correlativity of power consumption in the chip operation process and power consumption attack relies on; Thereby can be the AES module protection to greatest extent is provided; And this guard technology does not receive specific algorithm limits, and highly versatile has very strong protective for power consumption attack.
More than be merely preferable possible embodiments of the present invention, and unrestricted protection scope of the present invention, so the equivalent structure that all utilizations instructions of the present invention and accompanying drawing content are made changes, all be included in protection scope of the present invention.
Claims (10)
1. the method for an anti-power consumption attack AES functions of modules design is characterized in that this method comprises:
Structure is in order to realize a primary circuit of AES functions of modules;
Structure matees the structure of this auxiliary circuit and primary circuit fully, but has the logic opposite with primary circuit, thereby make this auxiliary circuit and primary circuit not have cross connection each other in order to an auxiliary circuit of the power consumption of covering this primary circuit;
This auxiliary circuit is synchronoused working with primary circuit, thereby can realize the anti-power consumption attack of AES module through dynamic double rail logic.
2. according to the described method of claim 1, it is characterized in that in each clock period, having only the door output of a circuit that the conversion between the 0-1 is arranged among this primary circuit and the auxiliary circuit.
3. according to the described method of claim 1, it is characterized in that this primary circuit and auxiliary circuit are identical to the load capacity of electric capacity.
4. according to the described method of claim 1, it is characterized in that this auxiliary circuit has the logic opposite with primary circuit and is meant that the value of this auxiliary circuit output in the course of the work is always opposite with the value that this primary circuit is exported.
5. according to the described method of claim 1, it is characterized in that the process that makes up this auxiliary circuit specifically comprises:
The design pre-charge circuit;
Duplicate this primary circuit, obtain and the structure of this a primary circuit initial auxiliary circuit completely, the layout of the position of this initial auxiliary circuit will guarantee that this initial auxiliary circuit and primary circuit expend identical path resource;
This initial auxiliary circuit is transformed, made the output valve of its output valve and primary circuit opposite, obtain the design of this auxiliary circuit.
6. according to the described method of claim 5, it is characterized in that this method also comprises: the area of constrained designs stays the space that can place pre-charge circuit on each register next door.
7. according to the described method of claim 5, it is characterized in that this method also comprises: the IO in this primary circuit is connected remove, connection again after accomplishing the walking crosswise of this auxiliary circuit.
8. according to the described method of claim 5, it is characterized in that this pre-charge circuit can be realized by having with the circuit of the antilogical mutually of primary circuit.
9. according to the described method of claim 5; It is characterized in that; This pre-charge circuit makes the output port that shows look-up table keep logical zero in pre-charging stage through using the asynchronous reset latch always; If used trigger, pre-charge circuit must be placed on from the near as far as possible position of this trigger so, minimizes to guarantee the path between two-layer.
10. an anti-power consumption attack AES functions of modules designed circuit is characterized in that, this circuit is to adopt the FPGA circuit with anti-power consumption attack AES functions of modules that each described method realizes in the claim 1 to 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011100300267A CN102609556A (en) | 2011-01-25 | 2011-01-25 | Method and circuit for designing function of resisting power consumption attack for AES (advanced encryption standard) module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011100300267A CN102609556A (en) | 2011-01-25 | 2011-01-25 | Method and circuit for designing function of resisting power consumption attack for AES (advanced encryption standard) module |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102609556A true CN102609556A (en) | 2012-07-25 |
Family
ID=46526926
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011100300267A Pending CN102609556A (en) | 2011-01-25 | 2011-01-25 | Method and circuit for designing function of resisting power consumption attack for AES (advanced encryption standard) module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102609556A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103001762A (en) * | 2012-11-25 | 2013-03-27 | 宁波大学 | Method for defensing zero power consumption attack on code device |
CN103618595A (en) * | 2013-09-13 | 2014-03-05 | 杭州晟元芯片技术有限公司 | Cryptographic algorithm substitution circuit of resisting power consumption analysis |
CN104101828A (en) * | 2013-04-08 | 2014-10-15 | 北京大学 | Hardware-Trojan-resisting circuit design method based on activation probability analysis |
CN104426565A (en) * | 2013-09-10 | 2015-03-18 | 円星科技股份有限公司 | Digital receiver and method of digital receiver |
CN104601165A (en) * | 2013-10-31 | 2015-05-06 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device of data |
CN105378750A (en) * | 2013-03-14 | 2016-03-02 | 纽约大学 | System, method and computer-accessible medium for facilitating logic encryption |
CN106911461A (en) * | 2017-01-13 | 2017-06-30 | 江苏大学 | A kind of McEliece public key mask encryption methods of secure lightweight |
CN107070633B (en) * | 2017-03-20 | 2021-08-03 | 江苏大学 | AES mask encryption method for resisting high-order power analysis |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1647382A (en) * | 2002-04-18 | 2005-07-27 | 因芬尼昂技术股份公司 | Circuit arrangement and method for generating a dual-rail output signal |
CN101350038A (en) * | 2008-09-16 | 2009-01-21 | 中国人民解放军国防科学技术大学 | Design method of asynchronous block cipher algorithm coprocessor |
CN101187963B (en) * | 2006-11-15 | 2010-05-12 | 北京同方微电子有限公司 | A logic unit for oppositional differential power consumption analysis |
-
2011
- 2011-01-25 CN CN2011100300267A patent/CN102609556A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1647382A (en) * | 2002-04-18 | 2005-07-27 | 因芬尼昂技术股份公司 | Circuit arrangement and method for generating a dual-rail output signal |
CN101187963B (en) * | 2006-11-15 | 2010-05-12 | 北京同方微电子有限公司 | A logic unit for oppositional differential power consumption analysis |
CN101350038A (en) * | 2008-09-16 | 2009-01-21 | 中国人民解放军国防科学技术大学 | Design method of asynchronous block cipher algorithm coprocessor |
Non-Patent Citations (2)
Title |
---|
乐大珩 等: "基于LBDL逻辑的抗DPA攻击电路设计方法", 《国防科技大学学报》, vol. 31, no. 6, 31 December 2009 (2009-12-31) * |
王创伟 等: "基于FPGA平台的抗DPA攻击电路级防护技术研究", 《现代电子技术》, no. 9, 31 December 2009 (2009-12-31) * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103001762B (en) * | 2012-11-25 | 2015-08-19 | 宁波大学 | A kind of cipherware is defendd the method for null value power consumption attack |
CN103001762A (en) * | 2012-11-25 | 2013-03-27 | 宁波大学 | Method for defensing zero power consumption attack on code device |
CN105378750A (en) * | 2013-03-14 | 2016-03-02 | 纽约大学 | System, method and computer-accessible medium for facilitating logic encryption |
CN104101828B (en) * | 2013-04-08 | 2017-10-03 | 北京大学 | Anti- hardware Trojan horse circuit design method based on activation probability analysis |
CN104101828A (en) * | 2013-04-08 | 2014-10-15 | 北京大学 | Hardware-Trojan-resisting circuit design method based on activation probability analysis |
CN104426565A (en) * | 2013-09-10 | 2015-03-18 | 円星科技股份有限公司 | Digital receiver and method of digital receiver |
CN104426565B (en) * | 2013-09-10 | 2017-11-03 | 円星科技股份有限公司 | Digit receiver and its method |
CN103618595B (en) * | 2013-09-13 | 2017-03-29 | 杭州晟元数据安全技术股份有限公司 | A kind of cryptographic algorithm substitution circuit of resisting power consumption analysis |
CN103618595A (en) * | 2013-09-13 | 2014-03-05 | 杭州晟元芯片技术有限公司 | Cryptographic algorithm substitution circuit of resisting power consumption analysis |
CN104601165A (en) * | 2013-10-31 | 2015-05-06 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device of data |
CN104601165B (en) * | 2013-10-31 | 2018-01-09 | 上海复旦微电子集团股份有限公司 | The anti-attack method and device of data |
CN106911461A (en) * | 2017-01-13 | 2017-06-30 | 江苏大学 | A kind of McEliece public key mask encryption methods of secure lightweight |
CN107070633B (en) * | 2017-03-20 | 2021-08-03 | 江苏大学 | AES mask encryption method for resisting high-order power analysis |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102609556A (en) | Method and circuit for designing function of resisting power consumption attack for AES (advanced encryption standard) module | |
Guilley et al. | CMOS structures suitable for secured hardware | |
Danger et al. | Overview of dual rail with precharge logic styles to thwart implementation-level attacks on hardware cryptoprocessors | |
Aradhya et al. | Design of control unit for low power AU using reversible logic | |
Gupta et al. | Design of speed, energy and power efficient reversible logic based vedic ALU for digital processors | |
Majeed et al. | High-performance adder using a new XOR gate in QCA technology | |
Mehra | 2-bit comparator using different logic style of full adder | |
Wang et al. | An energy-efficient crypto-extension design for RISC-V | |
CN102970131A (en) | Circuit structure for preventing power attacks on grouping algorithm | |
Singha et al. | Securing AES designs against power analysis attacks: a survey | |
Yu et al. | The Coarse‐Grained/Fine‐Grained Logic Interface in FPGAs with Embedded Floating‐Point Arithmetic Units | |
CN107689863A (en) | A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask | |
Gorgin et al. | A family of high radix signed digit adders | |
Macé et al. | A design methodology for secured ICs using dynamic current mode logic | |
Caruso et al. | Analysis of compressor architectures in MOS current-mode logic | |
Bagwari et al. | Low Power Ripple Carry Adder Using Hybrid 1-Bit Full Adder Circuit | |
Pang et al. | A DPA resistant dual rail Préchargé logic cell | |
CN107508663A (en) | A kind of Boolean XOR mask turns the protection circuit of arithmetic addition mask | |
Soundharya et al. | GDI based area delay power efficient carry select adder | |
WO2020242844A1 (en) | Systems and methods for asynchronous programmable gate array devices | |
Mahor et al. | Parity Preserving Reversible Design Using FinFETs | |
Bin et al. | Mitigating the SERs of large combinational circuits by using half guard band technique in CMOS bulk technology | |
Sreelatha et al. | Performance analysis of 1-bit full adder using different design techniques | |
Habimana et al. | Multi-threshold dual-spacer dual-rail delay-insensitive logic: An improved IC design methodology for side channel attack mitigation | |
Menendez et al. | A high-performance, low-overhead, power-analysis-resistant, single-rail logic style |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120725 |