CN103888247A - Data processing system resistant to differential power attack analysis and data processing method thereof - Google Patents

Data processing system resistant to differential power attack analysis and data processing method thereof Download PDF

Info

Publication number
CN103888247A
CN103888247A CN201410086766.6A CN201410086766A CN103888247A CN 103888247 A CN103888247 A CN 103888247A CN 201410086766 A CN201410086766 A CN 201410086766A CN 103888247 A CN103888247 A CN 103888247A
Authority
CN
China
Prior art keywords
module
data
multiplying
isomorphism
carrying
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410086766.6A
Other languages
Chinese (zh)
Other versions
CN103888247B (en
Inventor
孙金龙
曾广旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Vision Intelligent Card Reader Co ltd
Original Assignee
CHINA VISION MICROELECTRONIC Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHINA VISION MICROELECTRONIC Co Ltd filed Critical CHINA VISION MICROELECTRONIC Co Ltd
Priority to CN201410086766.6A priority Critical patent/CN103888247B/en
Publication of CN103888247A publication Critical patent/CN103888247A/en
Application granted granted Critical
Publication of CN103888247B publication Critical patent/CN103888247B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Compression Or Coding Systems Of Tv Signals (AREA)

Abstract

The invention relates to the technical field of communications, in particular to a data processing system resistant to differential power attack analysis and a data processing method thereof. The data processing system comprises a first affine transformation module based on an addition mask, a finite field inversion module based on the addition mask and a second affine transformation module based on the addition mask, wherein the first affine transformation module based on the addition mask is used for conducting affine transformation operation on input mask data and masks and outputting first data and second data, the finite field inversion module based on the addition mask is used for conducting finite field inversion operation on the first data and the second data and outputting third data, and the second affine transformation module based on the addition mask is used for conducting affine transformation operation on the second data and the third data and outputting fourth data and fifth data. According to the data processing system resistant to differential power attack analysis and the data processing method thereof, an S box operation system enables S box operation to be realized through algebraic logic, so that the area of an S box is decreased, power dissipation is lowered, and the implementation cost of users is lowered.

Description

Data handling system and the data processing method thereof of opposing Differential power attack analysis
Technical field
The present invention relates to communication technique field, more particularly, relate to a kind of data handling system and data processing method thereof of resisting Differential power attack analysis.
Background technology
Along with the progress of network technology, the business such as ecommerce, E-Government, Web bank are extensively carried out, smart card has good security feature, has the feature such as be easy to carry, easy to use simultaneously, and this makes it play the part of extremely important role in fields such as finance, social security, traffic.But due to the opening of network, these emerging services are more easily under attack.Along with deepening continuously of research, be considered to the most dangerous a kind of attack method for the side-channel attack of smart card.The information such as output when side-channel attack can utilize power consumption, time of implementation, the fault of smart card and input behavior, radiation, electric power spike situation are attacked smart card, finally obtain user's key.In various side-channel attacks, Differential power attack analysis is one of the most effective attack method.Because intelligent card chip is in the time that various computing is carried out in the different instruction of execution, its power consumption also has corresponding variation, and Differential power attack analysis, according to the relevance between data and power consumption, restores key, and then reaches the effect of attack.Differential power attack analysis to the successful attack of the cryptographic algorithm in smart card by wide coverage.
Commercial cipher management board of country has announced the grouping symmetric cryptographic algorithm SMS4 algorithm for Wireless LAN Equipments in January, 2006.This algorithm adopts nonequilibrium Feistel structure, has the ability of stronger opposing differential attack, and security intensity reaches international block cipher standard.This is first commercial cipher algorithm that domestic official announces.In March, 2012, the national commercial cipher approval SMS4 of management board algorithm is commercial cipher industry standard, called after SM4 algorithm.In SM4 algorithm, S box is unique non-linear components, and each being present in cipher key spreading computing and encryption and decryption computing is taken turns in computing, therefore the realization of S box not only determines the performance of this SM4 algorithm, has also determined whether the hardware of SM4 algorithm can resist Differential power attack analysis.
In existing SM4 algorithm, the input and output of S box are all the data of 8 bits, are all generally to adopt look-up method to realize.This implementation method, because input data are too many, realizes cost very large, and is difficult to opposing Differential power attack analysis.
Summary of the invention
The technical problem to be solved in the present invention is, a kind of data handling system and data processing method thereof of improved opposing Differential power attack analysis is provided.
The technical solution adopted for the present invention to solve the technical problems is: construct a kind of data handling system of resisting Differential power attack analysis, comprising the S box that adopts SM4 algorithm, described S box comprises:
First based on addition mask affine transformation module, for mask data and the mask of input are carried out to affine transformation computing, and exports the first data and the second data;
Finite field based on the addition mask module of inverting, for to described first the first data and the second data based on the output of addition mask affine transformation module carry out finite field inversion operation, and export the 3rd data;
Second based on addition mask affine transformation module, for to described first invert the 3rd data of module output of the second data based on addition mask affine transformation module output and described finite field based on addition mask carry out affine transformation computing, and export the 4th data and the 5th data.
In the data handling system of above-mentioned opposing Differential power attack analysis, described first comprises based on addition mask affine transformation module:
Primary vector multiplier module, for carrying out vector multiplication computing to the mask data of input;
Secondary vector multiplier module, for the mask of input is carried out to vector multiplication computing, to export the second data;
The first XOR module, is connected in described primary vector multiplier module, and for carrying out XOR according to the result of calculation of described primary vector multiplier module output and the constant of input, to export the first data.
In the data handling system of above-mentioned opposing Differential power attack analysis, the Mathematical Modeling of described primary vector multiplier module is: a 1* A 1;
The Mathematical Modeling of described secondary vector multiplier module is: r 1* A 1;
The Mathematical Modeling of described the first XOR module is: a 1* A 1+ C 1;
Wherein, a 1and r 1be followed successively by mask data and the mask of input;
A 1 = 11100101 11110010 01111001 10111100 01011110 00101111 10010111 11001011 , constant C 1=(1,1,0,0,1,0,1,1).
In the data handling system of above-mentioned opposing Differential power attack analysis, the described finite field based on the addition mask module of inverting comprises:
The first isomorphism mapping block, for carrying out isomorphism mapping to described the first data;
The second isomorphism mapping block, for carrying out isomorphism mapping to described the second data;
The 3rd isomorphism mapping block, for carrying out isomorphism mapping according to the operation result of described the first isomorphism mapping block output;
The 4th isomorphism mapping block, for carrying out isomorphism mapping according to the operation result of described the first isomorphism mapping block output;
The 5th isomorphism mapping block, for carrying out isomorphism mapping according to the operation result of described the second isomorphism mapping block output;
The 6th isomorphism mapping block, for carrying out isomorphism mapping according to the operation result of described the second isomorphism mapping block output;
The first constant multiplying module, for carrying out constant multiplying to the operation result of described the 3rd isomorphism mapping block output;
The first square operation module, for carrying out square operation according to the operation result of described the 3rd isomorphism mapping block output;
The second square operation module, for carrying out square operation according to the operation result of described the 6th isomorphism mapping block output;
The 3rd square operation module, for carrying out square operation according to the operation result of described the first square operation module output;
Siping City side's computing module, for carrying out square operation according to the operation result of described the 5th isomorphism mapping block output;
The first multiplying module, for carrying out multiplying according to the operation result of described the 3rd isomorphism mapping block and described the 4th isomorphism mapping block output;
The second multiplying module, for carrying out multiplying according to the operation result of described the 5th isomorphism mapping block output;
The 3rd multiplying module, for carrying out multiplying according to the operation result of described the 4th isomorphism mapping block and the output of the 6th isomorphism mapping block;
The 4th multiplying module, for carrying out multiplying according to the operation result of described the 5th isomorphism mapping block and the output of the 6th isomorphism mapping block;
The second constant multiplying module, for carrying out multiplying according to the operation result of described the second square operation module output;
The second XOR module, for carrying out XOR according to the operation result of described the first multiplying module, the second multiplying module, the 3rd multiplying module, the 4th multiplying module, the second constant multiplying module, the first constant multiplying module, the 3rd square operation module and the output of Siping City side's computing module;
Inversion operation module, for carrying out inversion operation according to the operation result of described the second XOR module output;
The 3rd XOR module, for carrying out XOR according to the operation result of described inversion operation module and the output of the 4th isomorphism mapping block;
The 4th XOR module, for carrying out XOR according to the operation result of described the first square operation module and described the 3rd XOR module output;
The 6th multiplying module, for carrying out multiplying according to the operation result of described the first square operation module and described the 3rd XOR module output;
The 7th multiplying module, for carrying out multiplying according to the operation result of described the second isomorphism mapping block and described the 3rd XOR module output;
The 8th multiplying module, for carrying out multiplying according to the operation result of described the 4th isomorphism mapping block and described the 4th XOR module output;
The 9th multiplying module, for carrying out multiplying according to the operation result of described the 4th XOR module and described the 6th multiplying module output;
The 5th XOR module, for carrying out XOR according to the operation result of described the first multiplying module, the 3rd multiplying module, described the 6th multiplying module, the 7th multiplying module and described the first square operation module output;
The 6th XOR module, for carrying out XOR according to the operation result of described the second multiplying module, described the 8th multiplying module, the 9th multiplying module, described the 3rd XOR module, described the 4th XOR module and described the 5th XOR module output;
The first isomorphism inverse mapping module, for carrying out isomorphism inverse mapping computing according to the operation result of described the 6th XOR module output;
The second isomorphism inverse mapping module, for carrying out isomorphism inverse mapping computing according to the operation result of described the 5th XOR module output;
The 3rd isomorphism inverse mapping module, for carrying out isomorphism inverse mapping computing to export the 3rd data according to the operation result of described the first isomorphism inverse mapping module and described the second isomorphism inverse mapping module output.
In the data handling system of above-mentioned opposing Differential power attack analysis, the invert Mathematical Modeling of module of the described finite field based on addition mask is:
d = a h 2 v + a h a l + a l 2 + a h r l + a l r h + r h 2 v + r l 2 + r h r l ,
o h=a h(d -1+r l)+(d -1+r l)r h+a hr l+r hr l+r h
And o l=o h+ (d -1+ r h) a l+ (d -1+ r h) r h+ a lr h+ r l+ r hr l+ r h;
Wherein, a hbe that the first data are high 4 bits of a, a lbe low 4 bits of the first data a, r hbe high 4 bits of the second data r, r lbe low 4 bits of the second data r, v is constant; d -1for the inverse element of intermediate data d; o land o hthe described finite field based on the addition mask intermediate data in module (2) of inverting.
In the data handling system of above-mentioned opposing Differential power attack analysis, described second comprises based on addition mask affine transformation module:
The 3rd vectorial multiplier module, for carrying out vector multiplication computing to the 3rd data of input;
Four-way amount multiplier module, for the second data of input are carried out to vector multiplication computing, to export the 5th data;
The 7th XOR module, is connected in described the 3rd vectorial multiplier module, and for carrying out XOR according to the operation result of described the 3rd vectorial multiplier module output and the constant of input, to export the 4th data.
In the data handling system of above-mentioned opposing Differential power attack analysis, the Mathematical Modeling of described the 3rd vectorial multiplier module is: a 2* A 1;
The Mathematical Modeling of described four-way amount multiplier module is: r 2* A 1;
The Mathematical Modeling of described the 7th XOR module is: a 2* A 1+ C 1;
Wherein, a 2and r 2be followed successively by the 3rd data and the second data;
A 1 = 11100101 11110010 01111001 10111100 01011110 00101111 10010111 11001011 , constant C 1=(1,1,0,0,1,0,1,1).
The present invention has also constructed a kind of data processing method of resisting Differential power attack analysis, and it adopts SM4 algorithm to carry out data processing, and described data processing method comprises the following steps:
A, mask data and the mask of input are carried out to affine transformation computing, and export the first data and the second data;
B, described the first data and described the second data that to steps A, computing obtains are carried out finite field inversion operation, and are exported the 3rd data;
C, described the second data and described the 3rd data that to step B, computing obtains are carried out affine transformation computing, and are exported the 4th data and the 5th data.
Preferably, in the data processing method of above-mentioned opposing Differential power attack analysis, described step B comprises:
B1, by described the first data and described the second data calculation equation:
Figure BDA0000474928110000072
; Wherein, a hbe high 4 bits of the first data a, a lbe that the first data are low 4 bits of a, r hbe high 4 bits of the second data r, r lbe low 4 bits of the second data r, v is constant;
B2, the operation result d of step B1 is carried out to inversion operation, obtain the inverse element d of d -1;
B3, pass through a h, a l, r h, r l, d -1calculation equation: o h=a h(d -1+ r l)+(d -1+ r l) r h+ a hr l+ r hr l+ r hand o l=o h+ (d -1+ r h) a l+ (d -1+ r h) r h+ a lr h+ r l+ r hr l+ r h;
B4, operation result o to step B3 land o hcarry out isomorphism inverse mapping computing, to export the 3rd data.
Preferably, in the data processing method of above-mentioned opposing Differential power attack analysis, described affine transformation computing comprises:
Data to input are carried out respectively vector multiplication computing;
If the data of input are mask, the result of output vector multiplying; If the data of input are mask data, the result of vectorial multiplying and outside input constant are carried out to XOR, and export the result of XOR.
The invention has the beneficial effects as follows: because the affine transformation module of the affine transformation module, second of the finite field inversion operation module and first of data handling system utilization of the present invention based on addition mask based on addition mask based on addition mask cooperatively interacts to realize the computing of S box, the area of this S box is reduced, power-dissipation-reduced, reduced user's the cost that realizes.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the structure principle chart of data handling system in the preferred embodiment of the present invention;
Fig. 2 is the first structure principle chart based on addition mask affine transformation module in data handling system in the preferred embodiment of the present invention;
Fig. 3 is the invert structure principle chart of module of the finite field based on addition mask in data handling system in the preferred embodiment of the present invention;
Fig. 4 is the second structure principle chart based on addition mask affine transformation module in data handling system in the preferred embodiment of the present invention.
Fig. 5 is the schematic flow sheet of data processing method of the present invention.
Embodiment
Understand for technical characterictic of the present invention, object and effect being had more clearly, now contrast accompanying drawing and describe the specific embodiment of the present invention in detail.
Fig. 1 shows the data handling system of the opposing Differential power attack analysis in a preferred embodiment of the invention, comprising the S box that adopts SM4 algorithm.This S box system comprises that first based on addition mask affine transformation module 1, finite field based on the addition mask affine transformation module 3 of module 2 and second based on addition mask of inverting.Wherein: first based on addition mask affine transformation module 1 for mask data and the mask of input are carried out to affine transformation computing, and export the first data and the second data, wherein, mask data is that real data and mask carries out the later result of XOR; Mask is the random number of outside input, and mask data and mask are carried out to affine transformation computing, and can make real data is under the protection of mask, to carry out computing, can resist side-channel attack.Finite field based on addition mask is inverted module 2 for the first the first data and the second data of exporting based on addition mask affine transformation module 1 are carried out to finite field inversion operation, and exports the 3rd data.The second the 3rd data of exporting for module 2 that described first the second data of exporting based on addition mask affine transformation module 1 and described finite field based on addition mask are inverted based on addition mask affine transformation module 3 are carried out affine transformation computing, and export the 4th data and the 5th data.
As shown in Figure 2, first comprises primary vector multiplier module 11, secondary vector multiplier module 12 and the first XOR module 13 based on addition mask affine transformation module 1.In specific embodiment, the mask data of establishing input is a 1, mask is r 1.
Primary vector multiplier module 11 is for the mask data a to input 1carry out vector multiplication computing.The Mathematical Modeling of primary vector multiplier module 11 is: a 1* A 1.Secondary vector multiplier module 12 is for the mask r to input 1carry out vector multiplication computing, to export the second data.The Mathematical Modeling of secondary vector multiplier module 12 is: r 1* A 1.The first XOR module 13 is connected in primary vector multiplier module 11, and carries out XOR for the result of calculation exported according to primary vector multiplier module 11 and the constant of input, to export the first data.The Mathematical Modeling of the first XOR module 13 is: a 1* A 1+ C 1.Wherein, A 1 = 11100101 11110010 01111001 10111100 01011110 00101111 10010111 11001011 , Constant C 1=(1,1,0,0,1,0,1,1).
As shown in Figure 1, the module 2 of inverting of the finite field based on addition mask is connected based on addition mask affine transformation module 3 with second based on addition mask affine transformation module 1 with first, for to the first data and the second data at finite field gf (2 8) on carry out the inversion operation based on addition mask, to export the 3rd data to second based on addition mask affine transformation module 3.Wherein, finite field gf (2 8) be by irreducible function x 8+ x 7+ x 6+ x 5+ x 4+ x 3+ x 2+ 1 finite field generating.If first the first data of exporting based on addition mask affine transformation module 1 are a 1, the second data are r 1; If high 4 bits of a and low 4 bits are respectively a hand a l, high 4 bits and low 4 bits of establishing r are respectively r hand r l; Wherein high 4 bits and low 4 bits represent respectively an element of GF (24) the inside.
As shown in Figure 3, the module 2 of inverting of the finite field based on addition mask comprises: the first isomorphism mapping block 201, and for the first data are carried out to isomorphism mapping.The first isomorphism mapping block 201 is by GF (2 8) on element a be mapped as GF ((2 4) 2) on element.Wherein finite field gf (2 4) be by irreducible function x 4the finite field that+x+1 generates.
The second isomorphism mapping block 202, for carrying out isomorphism mapping to described the second data.The second isomorphism mapping block 202 is GF (2 8) on element r be mapped as GF ((2 4) 2) on element.
The 3rd isomorphism mapping block 203 carries out isomorphism mapping for the operation result of exporting according to described the first isomorphism mapping block 201.The 4th isomorphism mapping block 204 carries out isomorphism mapping for the operation result of exporting according to the first isomorphism mapping block 201.The 3rd isomorphism mapping block 203 and the 4th isomorphism mapping block 204 are mapped as GF (((2 the Output rusults of the first isomorphism mapping block 201 2) 2) 2) on element.
The 5th isomorphism mapping block 205 carries out isomorphism mapping for the operation result of exporting according to the second isomorphism mapping block 202.The 6th isomorphism mapping block 206 carries out isomorphism mapping for the operation result of exporting according to the second isomorphism mapping block 202.The 5th isomorphism mapping block 205 and the 6th isomorphism mapping block 206 are mapped as GF (((2 the Output rusults of the second isomorphism mapping block 202 2) 2) 2) on element, wherein GF (2 2) be by irreducible function x 2the finite field that+x+1 generates.
The first constant multiplying module 212, carries out constant multiplying for the operation result that the 3rd isomorphism mapping block 203 is exported.
The first square operation module 208, carries out square operation for the operation result of exporting according to the 3rd isomorphism mapping block 203.
The second square operation module 209, carries out square operation for the operation result of exporting according to the 6th isomorphism mapping block 206.The 3rd square operation module 211, carries out square operation for the operation result of exporting according to the first square operation module 208.Siping City side's computing module 215, carries out square operation for the operation result of exporting according to the 5th isomorphism mapping block 205.
The first multiplying module 210, carries out multiplying for the operation result of exporting according to the 3rd isomorphism mapping block 203 and the 4th isomorphism mapping block 204.The second multiplying module 213, carries out multiplying for the operation result of exporting according to the 5th isomorphism mapping block 205.The 3rd multiplying module 214, carries out multiplying for the operation result of exporting according to the 4th isomorphism mapping block 204 and the 6th isomorphism mapping block 206.The 4th multiplying module 216, carries out multiplying for the operation result of exporting according to the 5th isomorphism mapping block 205 and the 6th isomorphism mapping block 206.The second constant multiplying module 217, carries out multiplying for the operation result of exporting according to the second square operation module 209.
The second XOR module 218, carries out XOR for the operation result of exporting according to the first multiplying module 210, the second multiplying module 213, the 3rd multiplying module 214, the 4th multiplying module 216, the second constant multiplying module 217, the first constant multiplying module 212, the 3rd square operation module 211 and Siping City side's computing module 215.
The first square operation module 208, the second square operation module 209, the first multiplying module 210, the 3rd square operation module 211, the first constant multiplying module 212, the second multiplying module 213, the 3rd multiplying module 214, Siping City side's computing module 215, the 4th multiplying module 216, the second constant multiplying module 217 and the second XOR module 218 combined calculation equatioies d = a h 2 v + a h a l + a l 2 + a h r l + a l r h + r h 2 v + r l 2 + r h r l .
Inversion operation module 219, carries out inversion operation for the operation result of exporting according to the second XOR module 218.Inversion operation module 219 is for calculating GF (2 4) in the inverse element d of element d -1.
The 3rd XOR module 220, carries out XOR for the operation result of exporting according to inversion operation module 219 and the 4th isomorphism mapping block 204.The 4th XOR module 221, carries out XOR for the operation result of exporting according to the first square operation module 208 and the 3rd XOR module 220.
The 6th multiplying module 222, carries out multiplying for the operation result of exporting according to the first square operation module 208 and the 3rd XOR module 220.The 7th multiplying module 223, carries out multiplying for the operation result of exporting according to the second isomorphism mapping block 202 and the 3rd XOR module 220.The 8th multiplying module 224, carries out multiplying for the operation result of exporting according to the 4th isomorphism mapping block 204 and the 4th XOR module 221.The 9th multiplying module 225, carries out multiplying for the operation result of exporting according to the 4th XOR module 221 and the 6th multiplying module 222.
The 5th XOR module 226, carries out XOR for the operation result of exporting according to the first multiplying module 210, the 3rd multiplying module 214, the 6th multiplying module 222, the 7th multiplying module 223 and the first square operation module 208.The 6th XOR module 227, carries out XOR for the operation result of exporting according to the second multiplying module 213, the 8th multiplying module 224, the 9th multiplying module 225, the 3rd XOR module 220, the 4th XOR module 221 and the 5th XOR module 226.
O is calculated in the 3rd XOR module 220, the 4th XOR module 221, the 6th multiplying module 222, the 7th multiplying module 223, the 8th multiplying module 224, the 9th multiplying module 225, the 5th XOR module 226 and the 6th XOR module associating 227 h=a h(d -1+ r l)+(d -1+ r l) r h+ a hr l+ r hr l+ r hand o l=o h+ (d -1+ r h) a l+ (d -1+ r h) r h+ a lr h+ r l+ r hr l+ r h.
The first isomorphism inverse mapping module 228, carries out isomorphism inverse mapping computing for the operation result of exporting according to the 6th XOR module 227.The second isomorphism inverse mapping module 229, carries out isomorphism inverse mapping computing for the operation result of exporting according to the 5th XOR module 226.The 3rd isomorphism inverse mapping module 230, carries out isomorphism inverse mapping computing to export the 3rd data for the operation result of exporting according to the first isomorphism inverse mapping module 228 and the second isomorphism inverse mapping module 229.The first isomorphism inverse mapping module 228 and the second isomorphism inverse mapping module 229 are o hand o lbe mapped as respectively GF ((2 4) 2) on element; The operation result that the 3rd isomorphism inverse mapping module 230 is exported the first isomorphism inverse mapping module 228 and the second isomorphism inverse mapping module 229 is mapped to GF (2 8) on element.
The invert Mathematical Modeling of module 2 of finite field based on addition mask is:
Figure BDA0000474928110000131
o h=a h(d -1+ r l)+(d -1+ r l) r h+ a hr l+ r hr l+ r h, and o l=o h+ (d -1+ r h) a l+ (d -1+ r h) r h+ a lr h+ r l+ r hr l+ r h; Wherein, a hbe that the first data are high 4 bits of a, a lbe low 4 bits of the first data a, r hbe high 4 bits of the second data r, r lbe low 4 bits of the second data r, v is constant; d -1for the inverse element of intermediate data d; o land o hthe intermediate data of inverting in module 2 for the described finite field based on addition mask.
As shown in Figure 4, second comprises the 3rd vectorial multiplier module 31, four-way amount multiplier module 32 and the 7th XOR module 33 based on addition mask affine transformation module 3.The 3rd vectorial multiplier module 31, for carrying out vector multiplication computing to the 3rd data of input.Four-way amount multiplier module 32, for the second data of input are carried out to vector multiplication computing, to export the 5th data.The 7th XOR module 33, is connected in described the 3rd vectorial multiplier module 31, and carries out XOR for the operation result exported according to described the 3rd vectorial multiplier module 31 and the constant of input, to export the 4th data.
The Mathematical Modeling of the 3rd vectorial multiplier module 31 is: a 2* A 1.The Mathematical Modeling of four-way amount multiplier module 32 is: r 2* A 1.The Mathematical Modeling of the 7th XOR module 33 is: a 2* A 1+ C 1.Wherein, a 2and r 2be followed successively by the 3rd data and the second data.
The present invention has also constructed a kind of data processing method of resisting Differential power attack analysis, and it adopts SM4 algorithm to carry out data processing, and as shown in Figure 5, this data processing method comprises the following steps:
A, mask data and the mask of input are carried out to affine transformation computing, and export the first data and the second data;
B, the first data and the second data that to steps A, computing obtains are carried out finite field inversion operation, and export the 3rd data;
The 3rd data that C, computing obtains to steps A the second data and step B computing obtain are carried out affine transformation computing, and export the 4th data and the 5th data.
In step B, also comprise:
B1, by described the first data and described the second data calculation equation:
Figure BDA0000474928110000141
wherein, a hbe high 4 bits of the first data a, a lbe that the first data are low 4 bits of a, r hbe high 4 bits of the second data r, r lbe low 4 bits of the second data r, v is constant;
B2, the operation result d of step B1 is carried out to inversion operation, obtain the inverse element d of d -1;
B3, pass through a h, a l, r h, r l, d -1calculation equation: o h=a h(d -1+ r l)+(d -1+ r l) r h+ a hr l+ r hr l+ r hand o l=o h+ (d -1+ r h) a l+ (d -1+ r h) r h+ a lr h+ r l+ r hr l+ r h;
B4, operation result o to step B3 land o hcarry out isomorphism inverse mapping computing, to export the 3rd data, the Output rusults of the 3rd data is GF (2 4) in element.
0 0 1 1 0 0 0 0 1 0 1 0 0 1 0 0 1 0 0 1 1 0 0 0 1 0 1 1 0 0 0 0 0 1 0 1 1 0 1 0 1 0 0 1 0 0 1 0 0 1 0 1 1 0 0 0 0 1 0 1 0 0 0 1 ( o h , o l )
Affine transformation computing in steps A and step C comprises: the data to input are carried out respectively vector multiplication computing; If the data of input are mask, the result of output vector multiplying; If the data of input are mask data, the result of vectorial multiplying and outside input constant are carried out to XOR, and export the result of XOR.
The foregoing is only the preferred embodiments of the present invention, not in order to limit the present invention, all any modifications of doing in the spirit and principles in the present invention, be equal to and replace or improvement etc., all should be included in protection scope of the present invention.

Claims (10)

1. resist a data handling system for Differential power attack analysis, comprising the S box that adopts SM4 algorithm, it is characterized in that, described S box comprises:
First based on addition mask affine transformation module (1), for mask data and the mask of input are carried out to affine transformation computing, and exports the first data and the second data;
Finite field based on the addition mask module (2) of inverting, for to described first the first data and the second data based on addition mask affine transformation module (1) output carry out finite field inversion operation, and export the 3rd data;
Second based on addition mask affine transformation module (3), for to described first invert the 3rd data of module (2) output of the second data based on addition mask affine transformation module (1) output and described finite field based on addition mask carry out affine transformation computing, and export the 4th data and the 5th data.
2. the data handling system of opposing Differential power attack analysis according to claim 1, is characterized in that, described first comprising based on addition mask affine transformation module (1):
Primary vector multiplier module (11), for carrying out vector multiplication computing to the mask data of input;
Secondary vector multiplier module (12), for the mask of input is carried out to vector multiplication computing, to export the second data;
The first XOR module (13), is connected in described primary vector multiplier module (11), and for carrying out XOR according to the result of calculation of described primary vector multiplier module (11) output and the constant of input, to export the first data.
3. the data handling system of opposing Differential power attack analysis according to claim 2, is characterized in that, the Mathematical Modeling of described primary vector multiplier module (11) is: a 1* A 1;
The Mathematical Modeling of described secondary vector multiplier module (12) is: r 1* A 1;
The Mathematical Modeling of described the first XOR module (13) is: a 1* A 1+ C 1;
Wherein, a 1and r 1be followed successively by mask data and the mask of input;
A 1 = 11100101 11110010 01111001 10111100 01011110 00101111 10010111 11001011 , constant C 1=(1,1,0,0,1,0,1,1).
4. the data handling system of opposing Differential power attack analysis according to claim 1, is characterized in that, the described finite field based on the addition mask module (2) of inverting comprising:
The first isomorphism mapping block (201), for carrying out isomorphism mapping to described the first data;
The second isomorphism mapping block (202), for carrying out isomorphism mapping to described the second data;
The 3rd isomorphism mapping block (203), for carrying out isomorphism mapping according to the operation result of described the first isomorphism mapping block (201) output;
The 4th isomorphism mapping block (204), for carrying out isomorphism mapping according to the operation result of described the first isomorphism mapping block (201) output;
The 5th isomorphism mapping block (205), for carrying out isomorphism mapping according to the operation result of described the second isomorphism mapping block (202) output;
The 6th isomorphism mapping block (206), for carrying out isomorphism mapping according to the operation result of described the second isomorphism mapping block (202) output;
The first constant multiplying module (212), for carrying out constant multiplying to the operation result of described the 3rd isomorphism mapping block (203) output;
The first square operation module (208), for carrying out square operation according to the operation result of described the 3rd isomorphism mapping block (203) output;
The second square operation module (209), for carrying out square operation according to the operation result of described the 6th isomorphism mapping block (206) output;
The 3rd square operation module (211), for carrying out square operation according to the operation result of described the first square operation module (208) output;
Siping City side's computing module (215), for carrying out square operation according to the operation result of described the 5th isomorphism mapping block (205) output;
The first multiplying module (210), for carrying out multiplying according to the operation result of described the 3rd isomorphism mapping block (203) and described the 4th isomorphism mapping block (204) output;
The second multiplying module (213), for carrying out multiplying according to the operation result of described the 5th isomorphism mapping block (205) output;
The 3rd multiplying module (214), for carrying out multiplying according to the operation result of described the 4th isomorphism mapping block (204) and the output of the 6th isomorphism mapping block (206);
The 4th multiplying module (216), for carrying out multiplying according to the operation result of described the 5th isomorphism mapping block (205) and the output of the 6th isomorphism mapping block (206);
The second constant multiplying module (217), for carrying out multiplying according to the operation result of described the second square operation module (209) output;
The second XOR module (218), for carrying out XOR according to the operation result of described the first multiplying module (210), the second multiplying module (213), the 3rd multiplying module (214), the 4th multiplying module (216), the second constant multiplying module (217), the first constant multiplying module (212), the 3rd square operation module (211) and Siping City side's computing module (215) output;
Inversion operation module (219), for carrying out inversion operation according to the operation result of described the second XOR module (218) output;
The 3rd XOR module (220), for carrying out XOR according to the operation result of described inversion operation module (219) and the output of the 4th isomorphism mapping block (204);
The 4th XOR module (221), for carrying out XOR according to the operation result of described the first square operation module (208) and described the 3rd XOR module (220) output;
The 6th multiplying module (222), for carrying out multiplying according to the operation result of described the first square operation module (208) and described the 3rd XOR module (220) output;
The 7th multiplying module (223), for carrying out multiplying according to the operation result of described the second isomorphism mapping block (202) and described the 3rd XOR module (220) output;
The 8th multiplying module (224), for carrying out multiplying according to the operation result of described the 4th isomorphism mapping block (204) and described the 4th XOR module (221) output;
The 9th multiplying module (225), for carrying out multiplying according to the operation result of described the 4th XOR module (221) and described the 6th multiplying module (222) output;
The 5th XOR module (226), for carrying out XOR according to the operation result of described the first multiplying module (210), the 3rd multiplying module (214), described the 6th multiplying module (222), the 7th multiplying module (223) and described the first square operation module (208) output;
The 6th XOR module (227), for carrying out XOR according to the operation result of described the second multiplying module (213), described the 8th multiplying module (224), the 9th multiplying module (225), described the 3rd XOR module (220), described the 4th XOR module (221) and described the 5th XOR module (226) output;
The first isomorphism inverse mapping module (228), for carrying out isomorphism inverse mapping computing according to the operation result of described the 6th XOR module (227) output;
The second isomorphism inverse mapping module (229), for carrying out isomorphism inverse mapping computing according to the operation result of described the 5th XOR module (226) output;
The 3rd isomorphism inverse mapping module (230), for carrying out isomorphism inverse mapping computing to export the 3rd data according to the operation result of described the first isomorphism inverse mapping module (228) and described the second isomorphism inverse mapping module (229) output.
5. the data handling system of opposing Differential power attack analysis according to claim 4, is characterized in that, the invert Mathematical Modeling of module (2) of the described finite field based on addition mask is:
d = a h 2 v + a h a l + a l 2 + a h r l + a l r h + r h 2 v + r l 2 + r h r l ,
o h=a h(d -1+r l)+(d -1+r l)r h+a hr l+r hr l+r h
And o l=o h+ (d -1+ r h) a l+ (d -1+ r h) r h+ a lr h+ r l+ r hr l+ r h;
Wherein, a hbe that the first data are high 4 bits of a, a lbe low 4 bits of the first data a, r hbe high 4 bits of the second data r, r lbe low 4 bits of the second data r, v is constant; d -1for the inverse element of intermediate data d; o land o hthe described finite field based on the addition mask intermediate data in module (2) of inverting.
6. the data handling system of opposing Differential power attack analysis according to claim 1, is characterized in that, described second comprising based on addition mask affine transformation module (3):
The 3rd vectorial multiplier module (31), for carrying out vector multiplication computing to the 3rd data of input;
Four-way amount multiplier module (32), for the second data of input are carried out to vector multiplication computing, to export the 5th data;
The 7th XOR module (33), is connected in described the 3rd vectorial multiplier module (31), and for carrying out XOR according to the operation result of described the 3rd vectorial multiplier module (31) output and the constant of input, to export the 4th data.
7. the data handling system of opposing Differential power attack analysis according to claim 6, is characterized in that, the Mathematical Modeling of described the 3rd vectorial multiplier module (31) is: a 2* A 1;
The Mathematical Modeling of described four-way amount multiplier module (32) is: r 2* A 1;
The Mathematical Modeling of described the 7th XOR module (33) is: a 2* A 1+ C 1;
Wherein, a 2and r 2be followed successively by the 3rd data and the second data;
A 1 = 11100101 11110010 01111001 10111100 01011110 00101111 10010111 11001011 , constant C 1=(1,1,0,0,1,0,1,1).
8. resist a data processing method for Differential power attack analysis, it adopts SM4 algorithm to carry out data processing, it is characterized in that, described data processing method comprises the following steps:
A, mask data and the mask of input are carried out to affine transformation computing, and export the first data and the second data;
B, described the first data and described the second data that to steps A, computing obtains are carried out finite field inversion operation, and are exported the 3rd data;
Described in C, computing obtains to steps A described the second data and step B computing, the 3rd data are carried out affine transformation computing, and export the 4th data and the 5th data.
9. the data processing method of opposing Differential power attack analysis according to claim 8, is characterized in that, described step B comprises:
B1, by described the first data and described the second data calculation equation: ; Wherein, a hbe high 4 bits of the first data a, a lbe that the first data are low 4 bits of a, r hbe high 4 bits of the second data r, r lbe low 4 bits of the second data r, v is constant;
B2, the operation result d of step B1 is carried out to inversion operation, obtain the inverse element d of d -1;
B3, pass through a h, a l, r h, r l, d -1calculation equation: o h=a h(d -1+ r l)+(d -1+ r l) r h+ a hr l+ r hr l+ r hand o l=o h+ (d -1+ r h) a l+ (d -1+ r h) r h+ a lr h+ r l+ r hr l+ r h;
B4, operation result o to step B3 land o hcarry out isomorphism inverse mapping computing, to export the 3rd data.
10. the data processing method of opposing Differential power attack analysis according to claim 8, is characterized in that, described affine transformation computing comprises:
Data to input are carried out respectively vector multiplication computing;
If the data of input are mask, the result of output vector multiplying; If the data of input are mask data, the result of vectorial multiplying and outside input constant are carried out to XOR, and export the result of XOR.
CN201410086766.6A 2014-03-10 2014-03-10 Resist the data handling system and its data processing method of Differential power attack analysis Expired - Fee Related CN103888247B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410086766.6A CN103888247B (en) 2014-03-10 2014-03-10 Resist the data handling system and its data processing method of Differential power attack analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410086766.6A CN103888247B (en) 2014-03-10 2014-03-10 Resist the data handling system and its data processing method of Differential power attack analysis

Publications (2)

Publication Number Publication Date
CN103888247A true CN103888247A (en) 2014-06-25
CN103888247B CN103888247B (en) 2017-09-22

Family

ID=50956975

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410086766.6A Expired - Fee Related CN103888247B (en) 2014-03-10 2014-03-10 Resist the data handling system and its data processing method of Differential power attack analysis

Country Status (1)

Country Link
CN (1) CN103888247B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161002A (en) * 2015-04-01 2016-11-23 上海华虹集成电路有限责任公司 A kind of method of SM4 cryptochannel opposing side Multiple Channel Analysis
CN106452726A (en) * 2016-06-22 2017-02-22 深圳华视微电子有限公司 S box and construction method thereof
CN106656465A (en) * 2016-12-08 2017-05-10 上海爱信诺航芯电子科技有限公司 Energy analysis attack resistant addition mask hardware implementation method and circuit
CN106788978A (en) * 2016-12-30 2017-05-31 桂林电子科技大学 Argument decomposes limit door mask new method
US9870810B2 (en) 2016-05-18 2018-01-16 Sidense Corp. Method and system for power signature suppression in memory devices
CN107689863A (en) * 2017-09-05 2018-02-13 成都三零嘉微电子有限公司 A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask
CN107800530A (en) * 2017-11-28 2018-03-13 聚辰半导体(上海)有限公司 A kind of S box mask methods of SMS4
WO2018113014A1 (en) * 2016-12-22 2018-06-28 深圳国微技术有限公司 Mask s box, packet key calculation unit, device and corresponding construction method
CN108234107A (en) * 2016-12-21 2018-06-29 国民技术股份有限公司 A kind of the S boxes transform method and device of the affine mask of band

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070140478A1 (en) * 2005-12-15 2007-06-21 Yuichi Komano Encryption apparatus and encryption method
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
CN101197660A (en) * 2006-12-07 2008-06-11 上海安创信息科技有限公司 Encrypting method and chip for anti-attack standard encryption criterion
US20110228928A1 (en) * 2007-04-19 2011-09-22 Elena Vasilievna Trichina Selection of a lookup table with data masked with a combination of an additive and multiplicative mask

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070140478A1 (en) * 2005-12-15 2007-06-21 Yuichi Komano Encryption apparatus and encryption method
CN101197660A (en) * 2006-12-07 2008-06-11 上海安创信息科技有限公司 Encrypting method and chip for anti-attack standard encryption criterion
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
US20110228928A1 (en) * 2007-04-19 2011-09-22 Elena Vasilievna Trichina Selection of a lookup table with data masked with a combination of an additive and multiplicative mask

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐艳华: "抗攻击的SMS4密码算法集成电路设计研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161002A (en) * 2015-04-01 2016-11-23 上海华虹集成电路有限责任公司 A kind of method of SM4 cryptochannel opposing side Multiple Channel Analysis
US9870810B2 (en) 2016-05-18 2018-01-16 Sidense Corp. Method and system for power signature suppression in memory devices
TWI617944B (en) * 2016-05-18 2018-03-11 席登斯公司 Method and system for power signature suppression in memory devices
CN106452726A (en) * 2016-06-22 2017-02-22 深圳华视微电子有限公司 S box and construction method thereof
CN106452726B (en) * 2016-06-22 2020-04-07 深圳华视微电子有限公司 S-shaped box and construction method thereof
CN106656465A (en) * 2016-12-08 2017-05-10 上海爱信诺航芯电子科技有限公司 Energy analysis attack resistant addition mask hardware implementation method and circuit
CN106656465B (en) * 2016-12-08 2019-09-06 上海爱信诺航芯电子科技有限公司 A kind of the addition mask hardware implementation method and circuit of resisting energy analysis attacks
CN108234107A (en) * 2016-12-21 2018-06-29 国民技术股份有限公司 A kind of the S boxes transform method and device of the affine mask of band
WO2018113014A1 (en) * 2016-12-22 2018-06-28 深圳国微技术有限公司 Mask s box, packet key calculation unit, device and corresponding construction method
US10567162B2 (en) 2016-12-22 2020-02-18 Shenzhen State Micro Technology Co Ltd Mask S-box, block ciphers algorithm device and corresponding construction process
CN106788978A (en) * 2016-12-30 2017-05-31 桂林电子科技大学 Argument decomposes limit door mask new method
CN106788978B (en) * 2016-12-30 2020-04-21 桂林电子科技大学 Argument decomposition threshold mask method
CN107689863A (en) * 2017-09-05 2018-02-13 成都三零嘉微电子有限公司 A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask
CN107800530A (en) * 2017-11-28 2018-03-13 聚辰半导体(上海)有限公司 A kind of S box mask methods of SMS4
CN107800530B (en) * 2017-11-28 2020-09-18 聚辰半导体股份有限公司 S-box mask method of SMS4

Also Published As

Publication number Publication date
CN103888247B (en) 2017-09-22

Similar Documents

Publication Publication Date Title
CN103888247A (en) Data processing system resistant to differential power attack analysis and data processing method thereof
Zhang et al. A novel image encryption scheme based on a linear hyperbolic chaotic system of partial differential equations
CN107070630B (en) A kind of fast and safely hardware configuration of aes algorithm
CN110276210A (en) Based on the determination method and device of the model parameter of federation's study
CN104396181B (en) system and method for generating and protecting cryptographic key
CN104333447B (en) It is a kind of can resisting energy analysis attacks SM4 methods
CN103023648B (en) Based on elliptic curves discrete logarithm problem without certificate signature method
CN102752103B (en) Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack
CN112202568B (en) Software and hardware collaborative design SM9 digital signature communication method and system
CN106357380B (en) The mask method and device of SM4 algorithm
Man et al. An image segmentation encryption algorithm based on hybrid chaotic system
CN101938349A (en) S box applicable to hardware realization and circuit realization method thereof
CN104283669B (en) Re-encryption depth optimization method in full homomorphic cryptography
CN104270247A (en) Efficient generic Hash function authentication scheme suitable for quantum cryptography system
CN105846814B (en) For the building method of the quantum current distribution of encryption technology field multiplying
CN107769910A (en) A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF
CN103259662A (en) Novel procuration signature and verification method based on integer factorization problems
CN106788980A (en) Safe encryption method in a kind of matrix multiplication sub-contract management towards cloud computing
CN104065473A (en) Compact realization method of SM4 block cipher algorithm S box
CN103986571B (en) A kind of smart card multi-core processor system and its method for defending differential power consumption analysis
CN104301095A (en) DES round operation method and circuit
CN109861826A (en) A kind of implementation method that bi-directional proxy is signed again and device
CN106656465B (en) A kind of the addition mask hardware implementation method and circuit of resisting energy analysis attacks
CN103427980A (en) Physical layer security algorithm of OFDM (orthogonal frequency division multiplexing) system based on double matrix transformation
CN101969374B (en) Method for realizing confusing layer in block cipher algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200914

Address after: 518000, Shenzhen, Guangdong, Futian District Futian street, China Road, excellent Merlin Center Plaza (North District) 4, 1205

Patentee after: CHINA-VISION INTELLIGENT CARD READER Co.,Ltd.

Address before: 518000 Guangdong Province, Shenzhen city Futian District Mei Hua Lu Shen Hua Science and Technology Industrial Park, 1 floor East Building 4 A

Patentee before: CHINA VISION MICROELECTRONIC Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20170922