CN103634102B - A kind of means of defence of side-channel attack and fault attacks - Google Patents

A kind of means of defence of side-channel attack and fault attacks Download PDF

Info

Publication number
CN103634102B
CN103634102B CN201310690055.5A CN201310690055A CN103634102B CN 103634102 B CN103634102 B CN 103634102B CN 201310690055 A CN201310690055 A CN 201310690055A CN 103634102 B CN103634102 B CN 103634102B
Authority
CN
China
Prior art keywords
computing
level production
plaintext
input
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310690055.5A
Other languages
Chinese (zh)
Other versions
CN103634102A (en
Inventor
于艳艳
李娜
胡晓波
甘杰
孙歆
赵保华
王志皓
颜立
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Zhejiang Electric Power Co Ltd
China Electric Power Research Institute Co Ltd CEPRI
State Grid Electric Power Research Institute
Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Zhejiang Electric Power Co Ltd
China Electric Power Research Institute Co Ltd CEPRI
State Grid Electric Power Research Institute
Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Zhejiang Electric Power Co Ltd, China Electric Power Research Institute Co Ltd CEPRI, State Grid Electric Power Research Institute, Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201310690055.5A priority Critical patent/CN103634102B/en
Publication of CN103634102A publication Critical patent/CN103634102A/en
Application granted granted Critical
Publication of CN103634102B publication Critical patent/CN103634102B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明提供一种侧信道攻击和故障攻击的防护方法,该方法包括以下步骤:I、将分组密码算法的运算划分为若干级流水线;II、随机选择两级流水线输入真实的明文,其他各级的输入为随机数;III、进行运算,当运算结束,将两个真实数据比较运算结果是否一致。该方法既能抵抗侧信道攻击,又能抵抗故障攻击,安全性强,而且执行效率高。

The present invention provides a kind of protection method of side-channel attack and fault attack, and this method comprises the following steps: 1, the operation of block cipher algorithm is divided into several stages of pipelines; II, randomly select two stages of pipelines to input real plaintext, other levels The input of is a random number; III. Carry out the operation, and when the operation is finished, compare the two real data to see if the results of the operation are consistent. The method can resist both side-channel attacks and fault attacks, and has strong security and high execution efficiency.

Description

一种侧信道攻击和故障攻击的防护方法A Defense Method for Side Channel Attack and Fault Attack

技术领域technical field

本发明涉及一种智能卡芯片领域的方法,具体涉及一种侧信道攻击和故障攻击的防护方法。The invention relates to a method in the field of smart card chips, in particular to a protection method for side channel attacks and fault attacks.

背景技术Background technique

随着计算机技术的发展、社会信息化程度的不断提高,信息安全问题越来越受到人们的广泛重现。加密作为信息安全中一个有力的武器正在发挥着重要的作用,各种加密算法不断涌现,目前比较流行的分组密码算法有DES、AES等。分组密码算法是对固定长度的明文进行加密的算法。它将明文按一定的长度分组,明文和密钥经过加密运算得到密文。解密时,密文和密钥经过解密运算还原成明文。With the development of computer technology and the continuous improvement of social informatization, information security issues are more and more widely reproduced by people. Encryption, as a powerful weapon in information security, is playing an important role. Various encryption algorithms are constantly emerging. Currently, the more popular block cipher algorithms include DES and AES. A block cipher algorithm is an algorithm for encrypting fixed-length plaintext. It groups the plaintext by a certain length, and encrypts the plaintext and the key to obtain the ciphertext. When decrypting, the ciphertext and key are restored to plaintext through decryption operation.

随着测量分析方法的进步,各种攻击方法也不断发展。侧信道攻击和故障攻击是近年提出的具有代表性且对芯片威胁性较强的两种攻击方法。侧信道攻击利用了密码设备运行期间泄露的侧信息与密码算法的中间值有一定的相关性,通过多次测量侧信息然后进行统计分析,进而获得密钥信息。故障攻击的基本原理是将密码芯片置于强磁场中,或者改变芯片的电源电压、工作频率、温度等,使密码芯片中的寄存器、存储器在加解密过程中产生随机错误,某些输出bit从原来的0变成1或1变成0。通过对正确密文输出和错误密文输出的比较,经过理论分析得到芯片内部的秘密数据信息。常见的防御侧信道攻击的方法主要是对数据或密钥进行随机掩码等,常见的防御故障攻击的方法有对相同的数据计算两次然后比较运算结果是否一致。With the advancement of measurement and analysis methods, various attack methods have also been continuously developed. Side-channel attack and fault attack are two representative attack methods proposed in recent years that are more threatening to chips. Side-channel attacks use the side information leaked during the operation of the cryptographic device to have a certain correlation with the intermediate value of the cryptographic algorithm, and obtain the key information by measuring the side information multiple times and then performing statistical analysis. The basic principle of the fault attack is to put the encryption chip in a strong magnetic field, or change the power supply voltage, operating frequency, temperature, etc. of the chip, so that the registers and memories in the encryption chip will generate random errors during the encryption and decryption process, and some output bits will change from The original 0 becomes 1 or 1 becomes 0. Through the comparison of the correct ciphertext output and the wrong ciphertext output, the secret data information inside the chip is obtained through theoretical analysis. A common defense against side-channel attacks is to perform random masking on data or keys. A common defense against fault attacks is to calculate the same data twice and then compare whether the calculation results are consistent.

现有方法是将分组算法每一轮运算划分为若干步骤,在所划分步骤的基础之上实行流水线操作运算。每一级流水线计算不同的数据,每个时钟周期进行不同数据的不同运算,对每一级流水线处理数据施加随机数掩码,保证实际处理数据的互异性。The existing method is to divide each round operation of the grouping algorithm into several steps, and perform pipeline operation operation on the basis of the divided steps. Each stage of the pipeline calculates different data, each clock cycle performs different operations on different data, and applies a random number mask to the data processed by each stage of the pipeline to ensure the mutuality of the actual processed data.

功耗分析作为侧信道攻击的一种方法,现有技术只能抵抗功耗攻击,不能抵抗故障攻击。若要既能抵抗侧信道分析,又能抵抗故障攻击,现有技术还需要增加其他防护方法,在实现时会占用更多的资源。且现有技术中将对称算法每一圈运算划分为若干子步骤,一般来说对称算法会包含有多个圈运算,如果对每一圈运算划分为若干子步骤,在算法运行时效率会很低,执行完一次加/解密运算会需要很多个时钟周期才能完成。As a method of side channel attack, power analysis can only resist power consumption attack, but cannot resist fault attack. To resist both side-channel analysis and fault attacks, the existing technology needs to add other defense methods, which will take up more resources during implementation. Moreover, in the prior art, each circle operation of the symmetric algorithm is divided into several sub-steps. Generally speaking, the symmetric algorithm will contain multiple circle operations. If each circle operation is divided into several sub-steps, the efficiency will be very high when the algorithm is running. Low, it will take many clock cycles to complete an encryption/decryption operation.

发明内容Contents of the invention

为了克服上述现有技术的缺陷,本发明提供一种侧信道攻击和故障攻击的防护方法,该方法既能抵抗侧信道攻击,又能抵抗故障攻击,安全性强,且执行效率高。In order to overcome the above-mentioned defects in the prior art, the present invention provides a protection method for side channel attacks and fault attacks, which can resist both side channel attacks and fault attacks, and has strong security and high execution efficiency.

为了实现上述发明目的,本发明采取如下技术方案:In order to realize the above-mentioned purpose of the invention, the present invention takes the following technical solutions:

一种侧信道攻击和故障攻击的防护方法,其改进之处在于:所述方法包括以下步骤:I、将分组密码算法的运算划分为流水线;A kind of protection method of side channel attack and fault attack, its improvement is: described method comprises the following steps: 1, the operation of block cipher algorithm is divided into pipeline;

II、随机选择两级流水线输入真实的明文,其他各级的输入为随机数;II. Randomly select two-stage pipelines to input real plaintext, and input random numbers at other stages;

III、进行运算,当运算结束,比较运算结果确定的两个真实数据是否一致。III. Carry out the calculation, and when the calculation is finished, compare whether the two real data determined by the calculation result are consistent.

进一步的,所述方法通过在同一时刻不同级的流水线运算不同的数据,随机数参与运算产生的侧信息作为噪声掩盖真实数据的侧信息,从而抵抗侧信道攻击。Further, the method uses pipelines at different stages to calculate different data at the same time, and the side information generated by random numbers participating in the operation is used as noise to cover up the side information of real data, thereby resisting side channel attacks.

进一步的,所述方法通过将两个真实密文运算结束后的结果对比,若两个运算结果一致,则认为运算过程中未出现故障,从而抵抗故障攻击。Further, the method compares the results of the two real ciphertext operations, and if the two operation results are consistent, it is considered that there is no fault during the operation, thereby resisting fault attacks.

进一步的,所述步骤I包括:Further, said step I includes:

设定分组密码算法轮运算数为2N,N为正整数,每一级流水线包含k个轮运算;Set the number of round operations of the block cipher algorithm to 2N, where N is a positive integer, and each stage of the pipeline includes k round operations;

将整个运算划分为n级流水线,n=2N/k,2N/k为整数。Divide the entire operation into n-stage pipelines, n=2N/k, where 2N/k is an integer.

进一步的,所述步骤II包括:Further, the step II includes:

随机选取A级流水线和B级流水线的输入为真实的明文,剩下(n-2)级流水线的输入为随机数。The input of the A-level pipeline and the B-level pipeline is randomly selected as the real plaintext, and the input of the remaining (n-2)-level pipeline is a random number.

进一步的,所述步骤III包括:Further, said step III includes:

明文进入A级流水线进行运算,剩余(n-1)级流水线输入随机数,且运算产生的侧信息作为噪声掩盖明文P运算产生的真实侧信息;The plaintext enters the A-level pipeline for calculation, and the remaining (n-1) pipelines input random numbers, and the side information generated by the operation is used as noise to cover up the real side information generated by the plaintext P operation;

明文进入B级流水线进行运算,剩余(n-2)级流水线输入随机数,且运算产生的侧信息作为噪声掩盖明文P运算产生的真实侧信息;The plaintext enters the B-level pipeline for calculation, and the remaining (n-2) pipelines input random numbers, and the side information generated by the operation is used as noise to cover up the real side information generated by the plaintext P operation;

直至2N轮运算结束,分别获得两个密文,判断两个密文是否一致,一致则认为运算过程无故障,否则发出警报信息。Until the end of the 2N rounds of calculations, two ciphertexts are obtained respectively, and it is judged whether the two ciphertexts are consistent. If they are consistent, the calculation process is considered to be faultless, otherwise an alarm message is issued.

与现有技术相比,本发明的有益效果在于:Compared with prior art, the beneficial effect of the present invention is:

1、本发明的方法解决了现有技术中存在执行效率低、消耗资源大等问题,或者往往只考虑抗侧信道攻击,而忽略了抵抗故障攻击,或者相反,因此安全性不高的问题,本发明的方法既能抵抗侧信道攻击,又能抵抗故障攻击,安全性强,且执行效率高。1. The method of the present invention solves the problems of low execution efficiency and large resource consumption in the prior art, or often only considers the resistance to side channel attacks, but ignores the resistance to fault attacks, or on the contrary, so the problem of low security, The method of the invention can not only resist side channel attack, but also resist fault attack, has strong security and high execution efficiency.

2、本发明的方法根据硬件资源的限制选择合适的流水线级数,实现时方便灵活,执行效率高。2. The method of the present invention selects the appropriate number of pipeline stages according to the limitation of hardware resources, which is convenient and flexible during implementation, and has high execution efficiency.

3、本发明的方法将抵抗侧信道攻击和故障攻击的防护方法相结合,极大的降低了由于防护而增加的额外资源,便于实现。3. The method of the present invention combines protection methods against side-channel attacks and fault attacks, which greatly reduces the additional resources increased due to protection, and is easy to implement.

4、本发明的方法在对大量数据进行加解密运算时,不仅可以保持较高的运算效率,同时还具有较强的安全防护能力。4. The method of the present invention can not only maintain high computing efficiency when performing encryption and decryption operations on a large amount of data, but also have strong security protection capabilities.

附图说明Description of drawings

图1为运用本发明方法的流程图;Fig. 1 is the flow chart of using the inventive method;

图2为运用本发明方法进行DES算法的流程图Fig. 2 is the flow chart that utilizes the inventive method to carry out DES algorithm

具体实施方式detailed description

下面结合附图对本发明作进一步说明。The present invention will be further described below in conjunction with accompanying drawing.

本发明提供一种抵抗侧信道攻击和故障攻击的防护方法,该方法采用流水线技术。本发明的方法为:将分组密码算法的运算划分为若干级流水线,随机选择其中的两级流水线,该两级流水线的输入真实的明文,其他各级的输入为随机数。The invention provides a protection method against side channel attack and fault attack, and the method adopts pipeline technology. The method of the present invention is as follows: the operation of the block cipher algorithm is divided into several stages of pipelines, and two stages of pipelines are randomly selected, the input of the two stages of pipelines is real plaintext, and the input of other stages is random numbers.

由于在同一时刻不同级的流水线是不同的数据参与运算,随机数参与运算时产生的侧信息作为噪声掩盖了真实数据参与运算产生的侧信息,从而可以抵抗侧信道攻击。Because at the same time, different levels of pipelines use different data to participate in the operation, and the side information generated when the random number participates in the operation is used as noise to cover up the side information generated by the real data participating in the operation, so that it can resist side channel attacks.

通过在运算结束时比较两个真实数据的运算结果是否一致,若一致则认为没有故障攻击,从而可以抵抗故障攻击。所述运算指分组密码的加密或解密运算。By comparing the operation results of the two real data at the end of the operation, if they are consistent, it is considered that there is no fault attack, so that the fault attack can be resisted. The operation refers to the encryption or decryption operation of the block cipher.

一般的,分组密码算法的轮运算数均为偶数,假设分组密码算法轮运算数为2N,N为正整数,假设每一级流水线包含k个轮运算。将整个运算划分为n=2N/k级流水线,k需要能分解2N,即2N/k为整数,可以根据硬件资源的限制选择合适的流水线级数,实现时方便灵活。随机选取两级流水线的输入为真实的明文,剩下(n-2)级流水线的输入为随机数。Generally, the number of round operations of the block cipher algorithm is an even number. It is assumed that the number of round operations of the block cipher algorithm is 2N, and N is a positive integer. It is assumed that each stage of the pipeline includes k round operations. Divide the entire operation into n=2N/k-level pipelines, k needs to be able to decompose 2N, that is, 2N/k is an integer, and the appropriate number of pipeline stages can be selected according to the limitations of hardware resources, which is convenient and flexible in implementation. The input of the two-stage pipeline is randomly selected as the real plaintext, and the input of the remaining (n-2) pipeline is a random number.

如图1所示,图1为运用本发明方法的流程图;本实施例中,假设分组密码算法轮运算数为2N,N为正整数,2N/k为整数;假设第一级和第二级流水线的输入为真实的明文P,第三级至第n级流水线的输入为随机数。则在运算过程中的步骤如下:As shown in Figure 1, Fig. 1 is the flow chart of using the method of the present invention; In the present embodiment, assume that block cipher algorithm round operand is 2N, N is a positive integer, 2N/k is an integer; Assume that the first level and the second The input of the first stage pipeline is the real plaintext P, and the input of the third stage to the nth stage pipeline is a random number. Then the steps in the operation process are as follows:

1、在Time1时刻,第一个明文P进入第一级流水线进行第1至第k轮的运算,此时第二级至第n级流水线的输入为随机数,第二级及第n级流水线的运算产生的侧信息会作为噪声掩盖明文P运算产生的真实侧信息。1. At Time1, the first plaintext P enters the first-stage pipeline for the first to k-th rounds of calculations. At this time, the input of the second-stage to n-stage pipelines is random numbers, and the second-stage and n-stage pipelines The side information generated by the operation of P will be used as noise to cover up the real side information generated by the plaintext P operation.

2、在Time2时刻,第一个明文P进入第二级流水线进行第k+1至第2k轮的运算,第二个明文P进入第一级流水线进行第1至第k轮的运算,此时第三级至第n级流水线的输入为随机数,其运算产生的侧信息会作为噪声掩盖明文P运算产生的真实侧信息。2. At Time2, the first plaintext P enters the second-stage pipeline for calculations from k+1 to 2k rounds, and the second plaintext P enters the first-stage pipeline for calculations from 1st to k-th rounds. The input of the pipeline from the third stage to the nth stage is a random number, and the side information generated by its operation will be used as noise to cover up the real side information generated by the plaintext P operation.

3、在Time3时刻,第一个明文P进入第三级流水线进行第2k+1至第3k轮的运算,第二个明文P进入第二级流水线进行第k+1至第2k轮的运算,随机数进入第一级流水线进行第1至第k轮的运算,此时第四级至第n级流水线的输入为随机数,其运算产生的侧信息会作为噪声掩盖明文P运算产生的真实侧信息。3. At Time3, the first plaintext P enters the third-stage pipeline for calculations from 2k+1 to 3k rounds, and the second plaintext P enters the second-stage pipeline for calculations from k+1 to 2k rounds. The random number enters the first-stage pipeline for the first to k-th rounds of operations. At this time, the input of the fourth-stage to the n-th-stage pipeline is a random number, and the side information generated by the operation will be used as noise to cover up the real side generated by the plaintext P operation. information.

4、以此类推,在Time n时刻,第一个明文P进入第n级流水线进行第(n-1)k+1至第nk轮的运算,至此第一个明文P加密结束,得到第一个密文C。4. By analogy, at Time n, the first plaintext P enters the nth-stage pipeline for (n-1)k+1 to nkth rounds of calculations. So far, the encryption of the first plaintext P is completed, and the first A ciphertext C.

5、在Time n+1时刻第二个明文P也会加密完毕,得到第二个密文C;比较第一个密文C和第二个密文C是否相等,若这两个密文相等则说明在运算过程中没有注入故障,加密结果可用;否则会产生相应的报警信息。5. At Time n+1, the second plaintext P will also be encrypted, and the second ciphertext C will be obtained; compare whether the first ciphertext C is equal to the second ciphertext C, if the two ciphertexts are equal It means that there is no injection fault during the operation, and the encryption result is available; otherwise, a corresponding alarm message will be generated.

运用DES算法为例进行说明,DES算法有16轮运算,划分为四级流水线,每一级流水线包含4轮运算,图中斜线部分表示随机数参与该级流水线运算。具体步骤如下:Using the DES algorithm as an example to illustrate, the DES algorithm has 16 rounds of operations, which are divided into four-stage pipelines, and each stage of the pipeline contains 4 rounds of operations. The oblique line in the figure indicates that random numbers participate in the operations of this stage of the pipeline. Specific steps are as follows:

1、在Time1时刻,第一个明文P进入第一级流水线进行第1至4轮的运算,此时第二级至第四级流水线的输入为随机数,第二级至第四级流水线的运算产生的侧信息会作为噪声掩盖明文P运算产生的真实侧信息。1. At Time1, the first plaintext P enters the first-stage pipeline for the first to fourth rounds of calculation. At this time, the input of the second-stage to the fourth-stage pipeline is a random number, and the input of the second-stage to the fourth-stage pipeline The side information generated by the operation will be used as noise to cover up the real side information generated by the plaintext P operation.

2、在Time2时刻,第一个明文P进入第二级流水线进行第5至8轮的运算,第二个明文P进入第一级流水线进行第1至4轮的运算,此时第三级至第四级流水线的输入为随机数,其运算产生的侧信息会作为噪声掩盖明文P运算产生的真实侧信息。2. At Time2, the first plaintext P enters the second-stage pipeline for the 5th to 8th round of calculation, and the second plaintext P enters the first-stage pipeline for the 1st to 4th round of calculation. At this time, the third stage to The input of the fourth-stage pipeline is a random number, and the side information generated by its operation will be used as noise to cover up the real side information generated by the plaintext P operation.

3、在Time3时刻,第一个明文P进入第三级流水线进行第9至12轮的运算,第二个明文P进入第二级流水线进行第5至8轮的运算,随机数进入第一级流水线进行第1至4轮的运算,此时第四级流水线的输入为随机数,其运算产生的侧信息会作为噪声掩盖明文P运算产生的真实侧信息。3. At Time3, the first plaintext P enters the third-stage pipeline for the 9th to 12th round of calculation, the second plaintext P enters the second-stage pipeline for the 5th to 8th round of calculation, and the random number enters the first stage The pipeline performs the first to fourth rounds of calculation. At this time, the input of the fourth pipeline is a random number, and the side information generated by the operation will be used as noise to cover up the real side information generated by the plaintext P operation.

4、在Time4时刻,第一个明文P进入第四级流水线进行第13至16轮的运算,至此第一个明文P加密结束,得到第一个密文C;4. At Time4, the first plaintext P enters the fourth-stage pipeline for the 13th to 16th rounds of calculation. So far, the encryption of the first plaintext P is completed, and the first ciphertext C is obtained;

第二个明文P进入第三级流水线进行第9至12轮的运算,随机数分别进入第二级、第一级流水线进行第5至8轮、第1至4轮的运算。The second plaintext P enters the third-stage pipeline for calculations in the 9th to 12th rounds, and the random numbers enter the second-level and first-level pipelines for the 5th to 8th and 1st to 4th rounds of calculations.

5、在Time5时刻第二个明文P也会加密完毕,得到第二个密文C。5. At Time5, the second plaintext P will also be encrypted, and the second ciphertext C will be obtained.

比较第一个密文C和第二个密文C是否相等,若这两个密文相等,则说明在运算过程中没有注入故障,加密结果可用;否则会产生相应的报警信息。Compare whether the first ciphertext C and the second ciphertext C are equal. If the two ciphertexts are equal, it means that there is no injection fault during the operation and the encryption result is available; otherwise, a corresponding alarm message will be generated.

最后应当说明的是:以上实施例仅用以说明本发明的技术方案而非对其限制,尽管参照上述实施例对本发明进行了详细的说明,所属领域的普通技术人员应当理解:依然可以对本发明的具体实施方式进行修改或者等同替换,而未脱离本发明精神和范围的任何修改或者等同替换,其均应涵盖在本发明的权利要求范围当中。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: the present invention can still be Any modification or equivalent replacement that does not depart from the spirit and scope of the present invention shall be covered by the scope of the claims of the present invention.

Claims (1)

1. the means of defence of a kind of side-channel attack and fault attacks, it is characterised in that:It the described method comprises the following steps:I, general The computing of block cipher is divided into streamline;
II, random selection two level production lines input are real in plain text, and other inputs at different levels are random number;
III, progress computing, when computing terminates, whether two True Datas that comparison operation result is determined are consistent;
Methods described is by the way that in the different data of synchronization pipeline operation not at the same level, random number participates in the side that computing is produced Information as noise takeover True Data side information, so as to resist side-channel attack;
Methods described by the way that two true ciphertext computings are terminated after Comparative result, if two operation results are consistent, then it is assumed that Do not broken down in calculating process, so as to resist fault attacks;
The step I includes:
Block cipher wheel operand is set as 2N, N is positive integer, each level production line includes k wheel computing;
Whole computing is divided into n level production lines, n=2N/k, 2N/k is integer;
The step II includes:
It is real plaintext to randomly select the input of A level production lines and B level production lines, and the input of remaining (n-2) level production line is Random number;
The step III includes:
Enter A level production lines in plain text and carry out computing, remaining (n-1) level production line input random number, and the side information that computing is produced The true side information produced as noise takeover plaintext P computings;
Enter B level production lines in plain text and carry out computing, remaining (n-2) level production line input random number, and the side information that computing is produced The true side information produced as noise takeover plaintext P computings;
Until 2N wheel computings terminate, two ciphertexts are obtained respectively, judge whether two ciphertexts are consistent, unanimously then think calculating process Fault-free, otherwise sends a warning.
CN201310690055.5A 2013-12-16 2013-12-16 A kind of means of defence of side-channel attack and fault attacks Active CN103634102B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310690055.5A CN103634102B (en) 2013-12-16 2013-12-16 A kind of means of defence of side-channel attack and fault attacks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310690055.5A CN103634102B (en) 2013-12-16 2013-12-16 A kind of means of defence of side-channel attack and fault attacks

Publications (2)

Publication Number Publication Date
CN103634102A CN103634102A (en) 2014-03-12
CN103634102B true CN103634102B (en) 2017-11-07

Family

ID=50214762

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310690055.5A Active CN103634102B (en) 2013-12-16 2013-12-16 A kind of means of defence of side-channel attack and fault attacks

Country Status (1)

Country Link
CN (1) CN103634102B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376046B (en) * 2014-08-06 2018-08-17 国家电网公司 A kind of encipher-decipher method and device of block cipher attack protection
CN105610568A (en) * 2014-11-21 2016-05-25 南方电网科学研究院有限责任公司 Fault detection method and device for block cipher algorithm
CN105809063B (en) * 2014-12-29 2019-01-15 联想(北京)有限公司 A kind of data processing method and safety chip device
CN106156614B (en) * 2015-03-25 2018-12-28 北京南瑞智芯微电子科技有限公司 A kind of means of defence and device for resisting fault attacks
CN105933108B (en) * 2016-05-30 2019-04-12 清华大学 A kind of pair of SM4 algorithm realizes the method cracked
CN109039590A (en) * 2017-06-09 2018-12-18 深圳九磊科技有限公司 Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack
CN111224770B (en) * 2019-12-25 2021-03-30 中国科学院软件研究所 Comprehensive protection method for resisting side channel and fault attack based on threshold technology
CN111600873B (en) * 2020-05-13 2023-03-10 江苏芯盛智能科技有限公司 Method for preventing side channel attack and related device
IT202000013390A1 (en) * 2020-06-05 2021-12-05 Milano Politecnico An IT platform to prevent side channel attacks
CN112187444A (en) * 2020-09-02 2021-01-05 中国科学院软件研究所 Comprehensive protection method for resisting side channel and fault attack
CN112653546A (en) * 2020-12-15 2021-04-13 电子科技大学 A Fault Attack Detection Method Based on Power Analysis

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101872294A (en) * 2009-04-23 2010-10-27 索尼公司 Signal conditioning package, operation verifying method and program
CN102970131A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Circuit structure for preventing power attacks on grouping algorithm

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2367316B1 (en) * 2010-03-12 2017-07-05 STMicroelectronics (Rousset) SAS Method and circuitry for detecting a fault attack
US20110299678A1 (en) * 2010-06-07 2011-12-08 Alexander Roger Deas Secure means for generating a specific key from unrelated parameters

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101872294A (en) * 2009-04-23 2010-10-27 索尼公司 Signal conditioning package, operation verifying method and program
CN102970131A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Circuit structure for preventing power attacks on grouping algorithm

Also Published As

Publication number Publication date
CN103634102A (en) 2014-03-12

Similar Documents

Publication Publication Date Title
CN103634102B (en) A kind of means of defence of side-channel attack and fault attacks
Wang et al. FPGA implementation of a large-number multiplier for fully homomorphic encryption
CN106375079B (en) Chaotic encryption method for voice information
CN104639314A (en) Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
CN103560876B (en) A kind of encryption method using the random clock based on chaos and device
CN103916236B (en) Power attack prevention method oriented at AES algorithm and circuit achieving method thereof
CN102523365B (en) A Method of Image Encryption and Decryption Based on Cellular Automata
Liu et al. A highly secure image encryption algorithm based on conservative hyperchaotic system and dynamic biogenetic gene algorithms
Sleem et al. TestU01 and Practrand: Tools for a randomness evaluation for famous multimedia ciphers
Banik et al. A chosen IV related key attack on Grain-128a
CN102624519A (en) A Realization Method of Mutual Disturbance Composite Chaotic Stream Cipher for Wireless Sensor Networks
CN105959107A (en) Novel and highly secure lightweight SFN block cipher implementation method
CN105871536A (en) AES-algorithm-oriented power analysis attack resistant method based on random time delay
CN102238003A (en) Root key generating method
Luo et al. Cryptanalysis of chaos-based cryptosystem from the hardware perspective
CN112491543B (en) IC card decryption method based on improved Montgomery modular exponentiation circuit
CN105703896A (en) Method for detecting resistance of HAS-160 algorithm to differential fault attack
Behera et al. Design of novel hardware architecture for fully homomorphic encryption algorithms in fpga for real-time data in cloud computing
CN103701591A (en) Sequence password realization method and key stream generating method and device
CN106452725A (en) AES algorithm oriented power attack resisting method based on register mask
Hao et al. Algebraic fault attack on the SHA-256 compression function
CN102546158A (en) Block encryption method based on parity cellular automaton
CN106788971A (en) A kind of sub-key generation method based on stream cipher arithmetic
CN114329524A (en) Encryption method and system for resisting bypass attack
Younes et al. CeTrivium: A Stream Cipher Based on Cellular Automata for Securing Real-TimeMultimedia Transmission.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant