CN103888245A - S box randomized method and system for smart card - Google Patents
S box randomized method and system for smart card Download PDFInfo
- Publication number
- CN103888245A CN103888245A CN201210557220.5A CN201210557220A CN103888245A CN 103888245 A CN103888245 A CN 103888245A CN 201210557220 A CN201210557220 A CN 201210557220A CN 103888245 A CN103888245 A CN 103888245A
- Authority
- CN
- China
- Prior art keywords
- box
- mark
- smart card
- random number
- randomization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an S box randomized method and a system for a smart card and belongs to the information safety technology field. The method comprises steps that: (1), all array mark [] elements are initialized to be 0; (2), a randomized number r=rand()%8 is generated, and cnt is initialized to be 0; (3), whether the mark[r] is equal to 1 is determined, if yes, r=(r+1)%8 is commanded till a position of which the first mark[r] is equal to 0; (4), an input position and an output position which correspond to the S box are selected; (5), the S box is selected, and compression operation is carried out; (6), the S box is marked to have been involved in operation, and the mark[r] =1; (7), cnt++ is calculated, if cnt is equal to 7, the algorithm ends; if not, the progress enters the second step and continues. The method and the system provided by the invention can improve the DES algorithm, improves difference power consumption analysis attack resistance difficulty, is not complex to realize in COS and has property of good anti-attack effects.
Description
Technical field
The invention belongs to field of information security technology, be specifically related to a kind of S box method of randomization and system of smart card.
Background technology
Day by day universal along with the high speed development of information technology and smart card, the application of smart card has spread all over the every aspect of people's life.Smart card (smart card) claim again integrated circuit card, i.e. IC-card (integrated circuit card).It has the features such as Portable safety.In order to protect information and the safety of communicating by letter on smart card, on smart card, realize multiple encryption algorithms, it is one of means of current effective guarantee smart card security that smart card is encrypted.DES algorithm is symmetry algorithm the most frequently used in smart card.Security algorithm can be realized in two ways: hardware is realized and software is realized.
Owing to there is a large amount of sensitive informations in smart card, for the various attack technology of stealing smart card protected data also at synchronized development.At present the attack of smart card is mainly comprised to physical attacks, logical attack and bypass attack both at home and abroad.Physical attacks cost is high, and time and effort consuming, although the high less employing of success rate; Less input for logical attack, easily implements, but also easily take precautions against, and success rate is lower.Emerging bypass attack technology is implemented simple and is widely used compared with high yield because of it.Power consumption analysis is the one of bypass analysis.Power consumption analysis attack can be subdivided into again simple power consumption analysis attack (SPA) and Differential power attack analysis (DPA).In in the past 10 years, these two kinds of attack meanses have obtained significant progress and have obtained significant success.Because it is easily implemented and the high remarkable advantage of success rate, it has brought huge security risk to smart card industry.In nearly all domestic and international smart card security examination criteria all faces bypass attack security risk as smart card first threatens.
Bypass attack is a kind of attack method that utilizes information that smart card leaks out in calculating process to attack, power consumption attack is wherein the conventional attack method of current assailant, the type attack means collection taking differential power consumption analysis (DPA) as representative be the power consumption information of smart card cryptographic calculation chips, then to power consumption information processing and analysis, obtain about the useful information cracking.Obtaining of power consumption information can be by the V at smart card
cCor the resistance of connecting on GND contact is realized.
No matter be computer or smart card, its CPU is processing in the time carrying out data processing, and the operation of logic state 0 and logic state 1 has finally all been summed up in the point that in the calculating of data, to 0 and 1 processing, has different power consumptions.Utilize professional power consumption sample devices can obtain the waveform of smart card power consumption in deal with data process, the interval of determining that by analyzing the power consumption waveform of smart card smart card is encrypted, to a large amount of samplings between encrypted area and reach by follow-up analysis and processing the object that cracks smart card encryption key, Here it is power consumption attack.
It is than effective attack means for smart card that existing differential power consumption analysis (DPA) is attacked, this attack means can, by a large amount of power consumption curves that gather smart card DES algorithm for encryption, use statistical analytical calculation to obtain the key of DES algorithm for encryption in smart card.
The rapid-result algorithm of one of having mentioned random S box in prior art document " the accidental enciphering scheme Random encryption scheme based on variable S-boxes based on variable S box " (http://lib.cqvip.com/qk/90750X/201107/39043463.html), this algorithm has generated randomization S box and has changed former S box.But, S box randomization Design and implementation on aes algorithm of the document, instead of DES algorithm; And the S box that the document generates has changed original S box, it is that the S box of generation is substituted to the S box designing in former AES.And in DES algorithm, S box is nonlinear, cannot arbitrarily change.
In other one section of document " randomization of S-box and randomization DES chain structure " (http://wuxizazhi.cnki.net/Search/JFYZ707.013.html), utilized mathematical principle be " any 0 to n!-1 integer m can be expressed as uniquely: m=a
n-1(n-1)! + a
n-2(n-2)! + ... + a
n-i(n-i)! + ... + a
1.Author utilizes (a
n-1, a
n-2... a
1) sequence represents the order of operation of S box after treatment.The problem that the method exists is: first, use " encryption time " has been proposed as random number in document, and the time of encrypting be the date, be easy to be forged random number and generate the sequence of S box, be applied in smart card dangerous.The second, in author's realization, use power operation and modular arithmetic, in smart card, this operation time, complexity was higher, and the power of consumption and time can be taught and be easy to identify in power consumption diagram, have reduced the difficulty of the anti-power consumption analysis attack of smart card.
Attack for DPA, existing multiple defence policies, such as random delay, noise jamming, the randomization of S box etc.Wherein design and the specific implementation of the randomized strategy of S box in smart card DES algorithm there is not yet document openly.
Summary of the invention
For the defect existing in prior art, the object of this invention is to provide a kind of S box method of randomization and system of smart card.The method and system can be improved smart card DES algorithm, increase the difficulty that smart card opposing DPA attacks.
For reaching above object, the technical solution used in the present invention is: a kind of S box method of randomization of smart card, comprises the following steps:
(1) initialization array mark[] element is all 0;
(2) generate random number r=rand () %8, initialization cnt equals 0;
(3) judge mark[r] whether equal 1, if so, make r=(r+1) %8, until find first mark[r] equal 0 position;
(4) select input position and the outgoing position corresponding with S box;
(5) select S box, carry out compaction algorithms;
(6) mark S box is for participating in computing, mark[r]=1;
(7) calculate cnt++, if cnt equals 7, algorithm finishes; Otherwise entering step (2) continues to carry out.
A S box randomization system for smart card, comprises with lower module:
Initialization module, for initialization array mark[] element is all 0;
Random number generation module, for generating random number r=rand () %8, initialization cnt equals 0;
Judge module, for judging mark[r] whether equal 1, if so, make r=(r+1) %8, until find first mark[r] equal 0 position;
Select module, for selecting the input position corresponding with S box and outgoing position;
Compaction algorithms module, for selecting S box to carry out compaction algorithms;
Mark module, for mark S box for participating in computing, mark[r]=1;
Counting module, for calculating cnt++, if cnt equals 7, algorithm finishes; Otherwise forwarding random number generation module to continues to carry out.
Further, the S box order of operation that in des encryption algorithm, each is taken turns is different, and its order is determined by the random number generating.It is whether identical that each takes turns the random number no matter generating, and only need to generate 8 random numbers.In DES algorithm, the randomization of S box adopts the auxiliary array of 8 byte-sized.
Further, in step (2) or random number generation module generate random number be call COS generate true random number.
Effect of the present invention is: adopt method of the present invention, can improve smart card DES algorithm, make the order of operation randomization of S box in DES algorithm, increase the difficulty that smart card opposing DPA attacks.
Brief description of the drawings
Fig. 1 is the flow chart of the method for the invention;
Fig. 2 is the structure chart of system of the present invention;
Fig. 3 is the position view of system of the present invention in DES algorithm.
Embodiment
Below in conjunction with the drawings and specific embodiments, the invention will be further described.
Each of DES algorithm is taken turns and in computing, has been used 8 S boxes, not adding in the DES algorithm of random S box strategy, in algorithm, the order of the execution of S box is fixed, according to S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7] sequential operation.DPA attack in first to first S box S[0] input guess.Pay close attention to S[0] certain 1 bit in output, this 1 bit depends on the S[0 with 6 bits] box input, and further depend on the sub-key of 6 bits.Therefore can guess the sub-key of this 6 bit, totally 64 kinds of conjecture possibilities.Conjecture each time, in conjunction with the plaintext input that has collected a large amount of power consumption diagram, can produce a corresponding n S[0] value of certain 1 bit of box in exporting.By n the S[0 producing] value and the n bar energy consumption figure of certain 1 bit in box output carry out correlation comparison, if guess that correctly the result of correlation comparison will occur peak value at particular point in time.Once peak value is confirmed, can determine 6 bits in 48 bit subkeys, use the same method and process other 7 S boxes, can obtain 48 complete bit subkeys.
Once irregular the following of order that these 8 S boxes calculate, that DPA just attacks cannot, for certain S box conjecture key, increase the difficulty that DPA attacks.
As shown in Figure 1, a kind of S box method of randomization of smart card, comprises the following steps S1-S7:
Step S1, initialization array mark[] element is all 0;
Step S2, generates random number r=rand () %8, and initialization cnt equals 0;
Step S3, judges mark[r] whether equal 1, if so, make r=(r+1) %8, until find first mark[r] equal 0 position;
Step S4, selects input position and the outgoing position corresponding with S box;
Step S5, selects S box, carries out compaction algorithms;
Step S6, mark S box is for participating in computing, mark[r]=1;
Step S7, calculates cnt++, if cnt equals 7, algorithm finishes; Otherwise entering step S2 continues to carry out.
Adopt the above-mentioned randomized strategy of S box, the order completely random that S box is calculated, take turns in computing in each of DES algorithm, produce the random number (comprising 0 and 7) between 8 0-7, computation sequence with deciding S box: produce a random number, determine the first S box of operation, after this S box has calculated, produce second random number and calculate next S box, comprising repeating the methods such as judgement.In the present embodiment, the random number generating in step S2 is to call the true random number that COS generates.
In the present embodiment, a kind of specific implementation flow process of S box method of randomization of smart card is as follows:
(1) initialization array mark[] element is all 0;
(2) generate random number r=rand () %8, initialization cnt equals 0;
(3) judge mark[r] whether equal 1, if so, make r=(r+1) %8, until find first mark[r] equal 0 position;
(4) select input position and the outgoing position corresponding with S box; 6 input (x of S box
0, x
1, x
2, x
3, x
4, x
5), wherein (x
0, x
5) identify the line number in table; (x
1, x
2, x
3, x
4) identify the row number in wherein showing, select numerical value corresponding in S box according to line number and row number, S box is referring to DES algorithm;
(5) select S box, carry out compaction algorithms; Compaction algorithms principle is replacement operator, and permutation table is referring to DES algorithm;
(6) mark S box is for participating in computing, mark[r]=1;
(7) calculate cnt++, if cnt equals 7, algorithm finishes; Otherwise entering step (2) continues to carry out.
As shown in Figure 2, a kind of S box randomization system of smart card, comprises with lower module:
Initialization module 11, for initialization array mark[] element is all 0;
Random number generation module 12, for generating random number r=rand () %8, initialization cnt equals 0, and the random number generating is to call the true random number that COS generates;
Judge module 13, for judging mark[r] whether equal 1, if so, make r=(r+1) %8, until find first mark[r] equal 0 position;
Select module 14, for selecting the input position corresponding with S box and outgoing position;
Compaction algorithms module 15, for selecting S box to carry out compaction algorithms;
Mark module 16, for mark S box for participating in computing, mark[r]=1;
Counting module 17, for calculating cnt++, if cnt equals 7, algorithm finishes; Otherwise forwarding random number generation module 12 to continues to carry out.
As shown in Figure 3, the flow process of DES algorithm and the position of random S cassette method application have been described.In DES algorithm, altogether need 16 computings of taking turns repetition, every wheel all will be carried out the computing of 8 S boxes in computing.S box method of randomization has substituted S box sequential operation part in DES algorithm, has improved DES algorithm, has realized S box randomized strategy.
Can find out according to above-described embodiment, the S box method of randomization of a kind of smart card of the present invention does not change the S box design in DES, only changes the computation sequence of S box, and the randomization of S box has reduced time complexity by auxiliary array (8 byte-sized array).Whether 8 S boxes of supplementary number group echo had participated in calculating.Take turns in computing at each, first call the true random number of one byte of COS bottom generation, this random number is transformed between 0 to 7, this numeral has just been determined the S box of first calculating, after having calculated, is 1 position mark corresponding in auxiliary array; Next continue to generate a random number, in the auxiliary array of judgement, whether the S box of this position had participated in calculating, if S box had been participated in calculating, rechecking random number so adds 1 S box and whether participated in calculating, otherwise calculates this S box and it is 1 in auxiliary array acceptance of the bid note.
Method of the present invention has avoided having generated the problem of repeating random number.Repeat for general random number, can continue to generate random number until unduplicated random number still make like this number of times that calls random number greatly increase, and the present invention has used auxiliary array, each is taken turns only need to generate 8 random numbers.
Compared with prior art, existing S box randomized strategy design is had plenty of based on the consideration of DES algorithm, but on the basis of smart card, does not design.In DES algorithm, the structure of S box is unalterable, can not regenerate S box and substitute the S box in DES.Because the restriction of smart card CPU processing speed, the power that some randomized algorithms use and Montgomery Algorithm can be observed out with comparalive ease in power consumption analysis, have reduced the difficulty of power consumption analysis.Therefore, the present invention combines the defect of the problems referred to above, realized dexterously the randomized strategy of S box, the computation sequence that makes them on the basis of not changing 8 S boxes in DES algorithm is not by S[0], S[1] ... S[7] order computation, but irregular random calculating.In addition, in the present invention, the realization of random number is in smart card system COS, to call the true random number of bottom hardware generation to use through after changing.
Chamber equipment is to adding the attack contrast before and after the randomization of S box by experiment in the present invention, and the ability that adds the randomized smart card opposing of S box DPA to attack in DES algorithm obviously improves.Improve the ability of the anti-power consumption attack of smart card, better the safety of key and information in protection card.Meanwhile, this strategy can also be applied in other algorithms of smart card, as aes algorithm etc.
It will be understood by those skilled in the art that method and system of the present invention is not limited to the embodiment described in embodiment, specific descriptions are above just in order to explain object of the present invention, not for limiting the present invention.Those skilled in the art's technical scheme according to the present invention draws other execution mode, belongs to equally technological innovation scope of the present invention, and protection scope of the present invention is limited by claim and equivalent thereof.
Claims (10)
1. a S box method of randomization for smart card, comprises the following steps:
(1) initialization array mark[] element is all 0;
(2) generate random number r=rand () %8, initialization cnt equals 0;
(3) judge mark[r] whether equal 1, if so, make r=(r+1) %8, until find first mark[r] equal 0 position;
(4) select input position and the outgoing position corresponding with S box;
(5) select S box, carry out compaction algorithms;
(6) mark S box is for participating in computing, mark[r]=1;
(7) calculate cnt++, if cnt equals 7, algorithm finishes; Otherwise entering step (2) continues to carry out.
2. the S box method of randomization of a kind of smart card as claimed in claim 1, is characterized in that: the S box order of operation that in des encryption algorithm, each is taken turns is different, and its order is by determining after the random number conversion generating.
3. the S box method of randomization of a kind of smart card as claimed in claim 1, is characterized in that: it is whether identical that each takes turns the random number no matter generating, and only need to generate 8 random numbers.
4. the S box method of randomization of a kind of smart card as claimed in claim 1, is characterized in that: in DES algorithm, the randomization of S box adopts the auxiliary array of 8 byte-sized.
5. if claim 1 is in the S box method of randomization of a kind of smart card as described in 4 any one, it is characterized in that: the random number generating in step (2) is to call the true random number that COS generates.
6. a S box randomization system for smart card, comprises with lower module:
Initialization module, for initialization array mark[] element is all 0;
Random number generation module, for generating random number r=rand () %8, initialization cnt equals 0;
Judge module, for judging mark[r] whether equal 1, if so, make r=(r+1) %8, until find first mark[r] equal 0 position;
Select module, for selecting the input position corresponding with S box and outgoing position;
Compaction algorithms module, for selecting S box to carry out compaction algorithms;
Mark module, for mark S box for participating in computing, mark[r]=1;
Counting module, for calculating cnt++, if cnt equals 7, algorithm finishes; Otherwise forwarding random number generation module to continues to carry out.
7. the S box randomization system of a kind of smart card as claimed in claim 6, is characterized in that: the S box order of operation that in des encryption algorithm, each is taken turns is different, and its order is by determining after the random number conversion generating.
8. the S box randomization system of a kind of smart card as claimed in claim 6, is characterized in that: it is whether identical that each takes turns the random number no matter generating, and only need to generate 8 random numbers.
9. the S box randomization system of a kind of smart card as claimed in claim 6, is characterized in that: in DES algorithm, the randomization of S box adopts the auxiliary array of 8 byte-sized.
10. the S box randomization system of a kind of smart card as described in claim 6 to 9 any one, is characterized in that: the random number that random number generation module generates is to call the true random number that COS generates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210557220.5A CN103888245A (en) | 2012-12-20 | 2012-12-20 | S box randomized method and system for smart card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210557220.5A CN103888245A (en) | 2012-12-20 | 2012-12-20 | S box randomized method and system for smart card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103888245A true CN103888245A (en) | 2014-06-25 |
Family
ID=50956973
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210557220.5A Pending CN103888245A (en) | 2012-12-20 | 2012-12-20 | S box randomized method and system for smart card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103888245A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107466453A (en) * | 2017-03-16 | 2017-12-12 | 深圳大趋智能科技有限公司 | The method and device of the anti-DPA attacks of DES softwares |
| CN108737067A (en) * | 2018-04-04 | 2018-11-02 | 中国电子科技集团公司第三十研究所 | A kind of dividing method based on S boxes |
| CN111339577A (en) * | 2020-02-12 | 2020-06-26 | 南京师范大学 | Construction method of S box with excellent DPA resistance |
| CN111464288A (en) * | 2019-12-18 | 2020-07-28 | 安徽继远软件有限公司 | S box generation method and system |
| WO2022227273A1 (en) * | 2021-04-30 | 2022-11-03 | 武汉天喻信息产业股份有限公司 | Smart card protection method and apparatus capable of side channel attack resistance |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020027987A1 (en) * | 2000-07-04 | 2002-03-07 | Roelse Petrus Lambertus Adriaanus | Substitution-box for symmetric-key ciphers |
| CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
| CN102447556A (en) * | 2010-10-14 | 2012-05-09 | 上海华虹集成电路有限责任公司 | DES (data encryption standard) encryption method of resisting differential power analysis based on random offset |
-
2012
- 2012-12-20 CN CN201210557220.5A patent/CN103888245A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020027987A1 (en) * | 2000-07-04 | 2002-03-07 | Roelse Petrus Lambertus Adriaanus | Substitution-box for symmetric-key ciphers |
| CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
| CN102447556A (en) * | 2010-10-14 | 2012-05-09 | 上海华虹集成电路有限责任公司 | DES (data encryption standard) encryption method of resisting differential power analysis based on random offset |
Non-Patent Citations (1)
| Title |
|---|
| 宫亚明: "智能卡抗差分功耗分析攻击的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107466453A (en) * | 2017-03-16 | 2017-12-12 | 深圳大趋智能科技有限公司 | The method and device of the anti-DPA attacks of DES softwares |
| CN107466453B (en) * | 2017-03-16 | 2020-11-24 | 深圳大趋智能科技有限公司 | Method and device for preventing DPA attack of DES software |
| CN108737067A (en) * | 2018-04-04 | 2018-11-02 | 中国电子科技集团公司第三十研究所 | A kind of dividing method based on S boxes |
| CN111464288A (en) * | 2019-12-18 | 2020-07-28 | 安徽继远软件有限公司 | S box generation method and system |
| CN111339577A (en) * | 2020-02-12 | 2020-06-26 | 南京师范大学 | Construction method of S box with excellent DPA resistance |
| WO2022227273A1 (en) * | 2021-04-30 | 2022-11-03 | 武汉天喻信息产业股份有限公司 | Smart card protection method and apparatus capable of side channel attack resistance |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103227717B (en) | The input of round key XOR is selected to carry out the method that SM4 cryptographic algorithm side channel energy is analyzed | |
| CN103138917B (en) | The Hamming distance model being input as basis with S box carries out SM4 cryptographic algorithm side channel energy analytical method | |
| CN103457719B (en) | A kind of side channel energy to SM3 cryptographic algorithm HMAC pattern analyzes method | |
| CN102509036B (en) | Reconfigurable cipher processor and anti-power consumption attach method | |
| CN103166752B (en) | Round function is selected to be the application that object of attack carries out the channel energy analysis of SM4 cryptographic algorithm side | |
| US8074076B2 (en) | Method to protect a cryptographic assembly by homographic masking | |
| CN101009554A (en) | A byte replacement circuit for power consumption attack prevention | |
| CN101729241A (en) | AES encryption method for resisting differential power attacks | |
| CN104852795B (en) | It is a kind of to take turns ZUC stream cipher algorithm mask means of defence of the output for boolean's mask | |
| CN103647637A (en) | Second-order side channel energy analysis method for SM4 algorithm of simple mask | |
| CN103825722A (en) | Second order side channel energy analysis method for SM4 cipher algorithm | |
| CN103067155A (en) | Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis | |
| CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
| CN109450632B (en) | Key recovery method based on white-box block cipher CLEFIA analysis | |
| CN103258312B (en) | There is the digital image encryption method of fast key stream generting machanism | |
| CN103888245A (en) | S box randomized method and system for smart card | |
| RU2533693C2 (en) | Encoding points on elliptic curve | |
| CN104301095A (en) | DES round operation method and circuit | |
| CN103679008A (en) | Efficient secure chip power consumption attack test method | |
| CN101951314A (en) | Design method of S-box in symmetric password encryption | |
| CN109756322A (en) | Digital image encryption method based on DES structure and DNA encoding | |
| CN103916236A (en) | Power attack prevention method oriented at AES algorithm and circuit achieving method thereof | |
| CN103905182A (en) | Anti-attack method based on middle data storage position dynamic change and circuit implementation | |
| Luo et al. | Cryptanalysis of a chaotic block cryptographic system against template attacks | |
| CN104811295A (en) | Side channel energy analysis method for ZUC cryptographic algorithm with mask protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140625 |
|
| RJ01 | Rejection of invention patent application after publication |