CN103888247B - Resist the data handling system and its data processing method of Differential power attack analysis - Google Patents
Resist the data handling system and its data processing method of Differential power attack analysis Download PDFInfo
- Publication number
- CN103888247B CN103888247B CN201410086766.6A CN201410086766A CN103888247B CN 103888247 B CN103888247 B CN 103888247B CN 201410086766 A CN201410086766 A CN 201410086766A CN 103888247 B CN103888247 B CN 103888247B
- Authority
- CN
- China
- Prior art keywords
- module
- data
- isomorphism
- xor
- multiplying
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 25
- 238000003672 processing method Methods 0.000 title claims abstract description 14
- PXFBZOLANLWPMH-UHFFFAOYSA-N 16-Epiaffinine Natural products C1C(C2=CC=CC=C2N2)=C2C(=O)CC2C(=CC)CN(C)C1C2CO PXFBZOLANLWPMH-UHFFFAOYSA-N 0.000 claims abstract description 48
- 230000009466 transformation Effects 0.000 claims abstract description 47
- 238000013507 mapping Methods 0.000 claims description 119
- 238000004364 calculation method Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 4
- 238000000034 method Methods 0.000 abstract description 13
- 238000004891 communication Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Abstract
The present invention relates to communication technique field, more particularly to a kind of data handling system and its data processing method for resisting Differential power attack analysis.The data handling system includes:First is based on addition mask affine transformation module, carries out affine transformation computing for the mask data to input and mask, and export the first data and the second data;Finite field inversions module based on addition mask, for carrying out finite field inversions computing to the first data and the second data, and exports the 3rd data;Second is based on addition mask affine transformation module, for carrying out affine transformation computing to the second data and the 3rd data, and exports the 4th data and the 5th data.The arithmetic system of S boxes of the present invention realizes the computing of S boxes by algebraic logic so that the area of S boxes reduces, lower power consumption, and reduce user realizes cost.
Description
Technical field
The present invention relates to communication technique field, more specifically to a kind of data for resisting Differential power attack analysis
Processing system and its data processing method.
Background technology
With the progress of network technology, the business such as ecommerce, E-Government, Web bank is carried out extensively, intelligence
Card have good security feature, while have be easy to carry, it is easy to use the features such as, this causes it in finance, social security, traffic
Extremely important role is play Deng field.But due to the opening of network, these emerging services are easily under attack.With grinding
That studies carefully deepens continuously, and the side-channel attack for smart card is considered as a kind of most dangerous attack method.Side-channel attack can
To utilize the letters such as the output when power consumption of smart card, execution time, failure and input behavior, radiation, power spikes situation
Cease to attack smart card, finally give the key of user.In various side-channel attacks, Differential power attack analysis is
One of maximally effective attack method.Because intelligent card chip is when performing the different instructions various computings of progress, its power consumption
Corresponding change is had, Differential power attack analysis restores key, and then reach according to the relevance between data and power consumption
The effect of attack.Differential power attack analysis is to the successful attack of the AES in smart card by wide coverage.
National commercial cipher management board discloses the packet symmetric cryptography calculation for Wireless LAN Equipments in January, 2006
Method SMS4 algorithms.The algorithm uses nonequilibrium Feistel structures, and the ability with stronger resistance differential attack, safety is strong
Degree reaches international block cipher standard.This is first commercial cipher algorithm that domestic official announces.In March, 2012,
National commercial cipher management board approval SMS4 algorithms are commercial cipher professional standard, are named as SM4 algorithms.In SM4 algorithms, S
Box is unique non-linear components, and in each round computing being present in cipher key spreading computing and encryption and decryption computing, therefore S
The realization of box not only determines the performance of this SM4 algorithm, also determines the hardware of SM4 algorithms and whether can resist differential power consumption analysis
Attack.
In existing SM4 algorithms S boxes input and output be all 8 bits data, typically all using look-up method come
Realize.This implementation method is too many due to input data, realizes that cost is very big, and is difficult resistance Differential power attack analysis.
The content of the invention
The technical problem to be solved in the present invention is that there is provided at a kind of data of improved resistance Differential power attack analysis
Reason system and its data processing method.
The technical solution adopted for the present invention to solve the technical problems is:A kind of resistance Differential power attack analysis of construction
Data handling system, including the S boxes using SM4 algorithms, the S boxes include:
First is based on addition mask affine transformation module, and affine transformation fortune is carried out for the mask data to input and mask
Calculate, and export the first data and the second data;
Finite field inversions module based on addition mask, for defeated based on addition mask affine transformation module to described first
The first data gone out and the second data carry out finite field inversions computing, and export the 3rd data;
Second is based on addition mask affine transformation module, for defeated based on addition mask affine transformation module to described first
The second data and the 3rd data of the finite field inversions module output based on addition mask gone out carry out affine transformation computing,
And export the 4th data and the 5th data.
In the data handling system of above-mentioned resistance Differential power attack analysis, described first is based on addition mask affine transformation
Module includes:
Primary vector multiplier module, vector multiplication computing is carried out for the mask data to input;
Secondary vector multiplier module, carries out vector multiplication computing, to export the second data for the mask to input;
First XOR module, is connected to the primary vector multiplier module, and for being multiplied according to the primary vector
The result of calculation of method module output carries out XOR with the constant of input, to export the first data.
In the data handling system of above-mentioned resistance Differential power attack analysis, the mathematical modulo of the primary vector multiplier module
Type is:a1*A1;
The mathematical modeling of the secondary vector multiplier module is:r1*A1;
The mathematical modeling of the first XOR module is:a1*A1+C1;
Wherein, a1And r1It is followed successively by the mask data and mask of input;
Constant C1=(1,1,0,0,1,0,1,1).
In the data handling system of above-mentioned resistance Differential power attack analysis, the finite field inversions based on addition mask
Module includes:
First isomorphism mapping block, for carrying out isomorphism mapping to first data;
Second isomorphism mapping block, for carrying out isomorphism mapping to second data;
3rd isomorphism mapping block, the operation result for being exported according to the first isomorphism mapping block carries out isomorphism and reflected
Penetrate;
4th isomorphism mapping block, the operation result for being exported according to the first isomorphism mapping block carries out isomorphism and reflected
Penetrate;
5th isomorphism mapping block, the operation result for being exported according to the second isomorphism mapping block carries out isomorphism and reflected
Penetrate;
6th isomorphism mapping block, the operation result for being exported according to the second isomorphism mapping block carries out isomorphism and reflected
Penetrate;
First constant multiplying module, the operation result for being exported to the 3rd isomorphism mapping block carries out constant
Multiplying;
First square operation module, the operation result for being exported according to the 3rd isomorphism mapping block carries out a square fortune
Calculate;
Second square operation module, the operation result for being exported according to the 6th isomorphism mapping block carries out a square fortune
Calculate;
3rd square operation module, the operation result for being exported according to the first square operation module carries out a square fortune
Calculate;
4th square of computing module, the operation result for being exported according to the 5th isomorphism mapping block carries out a square fortune
Calculate;
First multiplying module, for defeated according to the 3rd isomorphism mapping block and the 4th isomorphism mapping block
The operation result gone out carries out multiplying;
Second multiplying module, the operation result for being exported according to the 5th isomorphism mapping block carries out multiplication fortune
Calculate;
3rd multiplying module, for what is exported according to the 4th isomorphism mapping block and the 6th isomorphism mapping block
Operation result carries out multiplying;
4th multiplying module, for what is exported according to the 5th isomorphism mapping block and the 6th isomorphism mapping block
Operation result carries out multiplying;
Second constant multiplying module, the operation result for being exported according to the second square operation module is multiplied
Method computing;
Second XOR module, for being multiplied according to the first multiplying module, the second multiplying module, the 3rd
It is method computing module, the 4th multiplying module, the second constant multiplying module, the first constant multiplying module, the 3rd flat
Square computing module and the operation result of the 4th square of computing module output carry out XOR;
Inversion operation module, the operation result for being exported according to the second XOR module carries out inversion operation;
3rd XOR module, for the computing according to the inversion operation module and the output of the 4th isomorphism mapping block
As a result XOR is carried out;
4th XOR module, for defeated according to the first square operation module and the 3rd XOR module
The operation result gone out carries out XOR;
6th multiplying module, for defeated according to the first square operation module and the 3rd XOR module
The operation result gone out carries out multiplying;
7th multiplying module, for defeated according to the second isomorphism mapping block and the 3rd XOR module
The operation result gone out carries out multiplying;
8th multiplying module, for defeated according to the 4th isomorphism mapping block and the 4th XOR module
The operation result gone out carries out multiplying;
9th multiplying module, for defeated according to the 4th XOR module and the 6th multiplying module
The operation result gone out carries out multiplying;
5th XOR module, for according to the first multiplying module, the 3rd multiplying module, described
The operation result of six multiplying modules, the 7th multiplying module and the first square operation module output carries out XOR
Computing;
6th XOR module, for according to the second multiplying module, the 8th multiplying module,
Nine multiplying modules, the 3rd XOR module, the 4th XOR module and the 5th XOR
The operation result of module output carries out XOR;
First isomorphism inverse mapping module, the operation result for being exported according to the 6th XOR module carries out isomorphism
Inverse mapping computing;
Second isomorphism inverse mapping module, the operation result for being exported according to the 5th XOR module carries out isomorphism
Inverse mapping computing;
3rd isomorphism inverse mapping module, for according to the first isomorphism inverse mapping module and the second isomorphism inverse mapping
The operation result of module output carries out isomorphism inverse mapping computing to export the 3rd data.
In the data handling system of above-mentioned resistance Differential power attack analysis, the finite field inversions based on addition mask
The mathematical modeling of module is:
oh=ah(d-1+rl)+(d-1+rl)rh+ahrl+rhrl+rh,
And ol=oh+(d-1+rh)al+(d-1+rh)rh+alrh+rl+rhrl+rh;
Wherein, ahHigh 4 bit for being a for the first data, alFor the first data a low 4 bit, rhFor the second data r height
4 bits, rlFor the second data r low 4 bit, v is constant;d-1For intermediate data d inverse element;olAnd ohIt is described to be based on addition
Intermediate data in the finite field inversions module (2) of mask.
In the data handling system of above-mentioned resistance Differential power attack analysis, described second is based on addition mask affine transformation
Module includes:
3rd vectorial multiplier module, vector multiplication computing is carried out for the 3rd data to input;
4th vectorial multiplier module, carries out vector multiplication computing, to export the 5th data for the second data to input;
7th XOR module, is connected to the described 3rd vectorial multiplier module, and for being multiplied according to the 3rd vector
The operation result of method module output carries out XOR with the constant of input, to export the 4th data.
In the data handling system of above-mentioned resistance Differential power attack analysis, the mathematical modulo of the described 3rd vectorial multiplier module
Type is:a2*A1;
The mathematical modeling of the 4th vectorial multiplier module is:r2*A1;
The mathematical modeling of the 7th XOR module is:a2*A1+C1;
Wherein, a2And r2It is followed successively by the 3rd data and the second data;
Constant C1=(1,1,0,0,1,0,1,1).
The present invention have also been constructed a kind of data processing method for resisting Differential power attack analysis, and it uses SM4 algorithms to enter
Row data processing, the data processing method comprises the following steps:
A, the mask data to input and mask carry out affine transformation computing, and export the first data and the second data;
B, first data obtained to step A computings and second data carry out finite field inversions computing, and defeated
Go out the 3rd data;
C, second data obtained to step B computings and the 3rd data carry out affine transformation computing, and export
4th data and the 5th data.
Preferably, in the data processing method of above-mentioned resistance Differential power attack analysis, the step B includes:
B1, pass through first data and the second data calculation equation:
Wherein, ahFor the first data a high 4 bit, alLow 4 bit for being a for the first data, rhFor the second data r high 4 bit, rl
For the second data r low 4 bit, v is constant;
B2, the operation result d to step B1 carry out inversion operation, obtain d inverse element d-1;
B3, pass through ah、al、rh、rl、d-1Calculation equation:oh=ah(d-1+rl)+(d-1+rl)rh+ahrl+rhrl+rhAnd ol=
oh+(d-1+rh)al+(d-1+rh)rh+alrh+rl+rhrl+rh;
B4, the operation result o to step B3lAnd ohIsomorphism inverse mapping computing is carried out, to export the 3rd data.
Preferably, in the data processing method of above-mentioned resistance Differential power attack analysis, the affine transformation computing includes:
Data to input carry out vector multiplication computing respectively;
If the data of input are mask, the result of output vector multiplying;If the data of input are mask data,
Result and outside input constant to vector multiplication computing carry out XOR, and export the result of XOR.
The beneficial effects of the invention are as follows:Because the data handling system of the present invention is asked using the finite field based on addition mask
Inverse operation module and the first affine transformation module based on addition mask, the second affine transformation module based on addition mask are mutual
Coordinate to realize the computing of S boxes so that the area of the S boxes reduces, lower power consumption, and reduce user realizes cost.
Brief description of the drawings
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the structure principle chart of data handling system in the preferred embodiment of the present invention;
Fig. 2 is the first knot based on addition mask affine transformation module in data handling system in the preferred embodiment of the present invention
Structure schematic diagram;
Fig. 3 is the knot of the finite field inversions module based on addition mask in data handling system in the preferred embodiment of the present invention
Structure schematic diagram;
Fig. 4 is the second knot based on addition mask affine transformation module in data handling system in the preferred embodiment of the present invention
Structure schematic diagram.
Fig. 5 is the schematic flow sheet of data processing method of the present invention.
Embodiment
In order to which technical characteristic, purpose and effect to the present invention are more clearly understood from, now compare accompanying drawing and describe in detail
The embodiment of the present invention.
Fig. 1 shows the data handling system of the resistance Differential power attack analysis in a preferred embodiment of the invention,
Including the S boxes using SM4 algorithms.The S boxes system includes first based on addition mask affine transformation module 1, based on addition
Affine transformation module 3 of the finite field inversions module 2 and second based on addition mask of mask.Wherein:First is based on addition mask
Affine transformation module 1 is used to carry out the mask data and mask of input affine transformation computing, and exports the first data and second
Data, wherein, mask data is that real data and mask carry out the later result of XOR;Mask is the random of outside input
Number, carries out affine transformation computing, it is that computing is carried out under the protection of mask that can make real data by mask data and mask
, side-channel attack can be resisted.Finite field inversions module 2 based on addition mask is used for affine based on addition mask to first
The first data and the second data that conversion module 1 is exported carry out finite field inversions computing, and export the 3rd data.Second is based on adding
Method mask affine transformation module 3 is used for the described first the second data exported based on addition mask affine transformation module 1 and institute
The 3rd data progress affine transformation computing that the finite field inversions module 2 based on addition mask is exported is stated, and exports the 4th data
With the 5th data.
As shown in Fig. 2 first based on addition mask affine transformation module 1 include primary vector multiplier module 11, second to
Measure the XOR module 13 of multiplier module 12 and first.In a particular embodiment, if the mask data of input is a1, mask is r1。
Primary vector multiplier module 11 is used for the mask data a to input1Carry out vector multiplication computing.Primary vector multiplication
The mathematical modeling of module 11 is:a1*A1.Secondary vector multiplier module 12 is used for the mask r to input1Vector multiplication computing is carried out,
To export the second data.The mathematical modeling of secondary vector multiplier module 12 is:r1*A1.First XOR module 13 is connected to
One vector multiplication module 11, and it is different for the result of calculation according to the output of primary vector multiplier module 11 and the constant progress inputted
Or computing, to export the first data.The mathematical modeling of first XOR module 13 is:a1*A1+C1.Wherein,Constant C1=(1,1,0,0,1,0,1,1).
As shown in figure 1, the finite field inversions module 2 and first based on addition mask is based on addition mask affine transformation module
1 is connected with second based on addition mask affine transformation module 3, for the first data and the second data in finite field gf (28) on
The inversion operation based on addition mask is carried out, to export the 3rd data based on addition mask affine transformation module 3 to second.Its
In, finite field gf (28) it is by irreducible function x8+x7+x6+x5+x4+x3+x2The finite field of+1 generation.If first is based on addition
The first data that mask affine transformation module 1 is exported are a1, the second data are r1;If a high 4 bit and low 4 bit are respectively ah
And alIf r high 4 bit and low 4 bit are respectively rhAnd rl;Wherein high 4 bit and low 4 bit represent GF (2 respectively4) the inside
An element.
As shown in figure 3, the finite field inversions module 2 based on addition mask includes:First isomorphism mapping block 201, is used for
Isomorphism mapping is carried out to the first data.First isomorphism mapping block 201 is by GF (28) on element a be mapped as GF ((24)2) on
Element.Wherein finite field gf (24) it is by irreducible function x4The finite field of+x+1 generations.
Second isomorphism mapping block 202, for carrying out isomorphism mapping to second data.Second isomorphism mapping block
202 GF (28) on element r be mapped as GF ((24)2) on element.
The operation result that 3rd isomorphism mapping block 203 is used to be exported according to the first isomorphism mapping block 201 is carried out
Isomorphism maps.The operation result that 4th isomorphism mapping block 204 is used to be exported according to the first isomorphism mapping block 201 carries out isomorphism
Mapping.The output result of 3rd isomorphism mapping block 203 and the 4th isomorphism mapping block 204 the first isomorphism mapping block 201
It is mapped as GF (((22)2)2) on element.
The operation result that 5th isomorphism mapping block 205 is used to be exported according to the second isomorphism mapping block 202 carries out isomorphism
Mapping.The operation result progress isomorphism that 6th isomorphism mapping block 206 is used to be exported according to the second isomorphism mapping block 202 is reflected
Penetrate.5th isomorphism mapping block 205 and the 6th isomorphism mapping block 206 reflect the output result of the second isomorphism mapping block 202
Penetrate as GF (((22)2)2) on element, wherein GF (22) it is by irreducible function x2The finite field of+x+1 generations.
First constant multiplying module 212, the operation result for being exported to the 3rd isomorphism mapping block 203 carries out normal
Measure multiplying.
First square operation module 208, for the operation result progress square exported according to the 3rd isomorphism mapping block 203
Computing.
Second square operation module 209, for the operation result progress square exported according to the 6th isomorphism mapping block 206
Computing.3rd square operation module 211, the operation result for being exported according to the first square operation module 208 carries out a square fortune
Calculate.4th square of computing module 215, the operation result for being exported according to the 5th isomorphism mapping block 205 carries out square operation.
First multiplying module 210, for according to the 3rd isomorphism mapping block 203 and the 4th isomorphism mapping block 204
The operation result of output carries out multiplying.Second multiplying module 213, for defeated according to the 5th isomorphism mapping block 205
The operation result gone out carries out multiplying.3rd multiplying module 214, for according to the 4th isomorphism mapping block 204 and
The operation result of six isomorphism mapping blocks 206 output carries out multiplying.4th multiplying module 216, for according to the 5th
The operation result of the isomorphism mapping block 206 of isomorphism mapping block 205 and the 6th output carries out multiplying.Second constant multiplication is transported
Module 217 is calculated, the operation result for being exported according to the second square operation module 209 carries out multiplying.
Second XOR module 218, for according to the first multiplying module 210, the second multiplying module 213,
3rd multiplying module 214, the 4th multiplying module 216, the second constant multiplying module 217, the first constant multiplication
The operation result that computing module 212, the 3rd square operation module 211 and the 4th square of computing module 215 are exported carries out XOR
Computing.
First square operation module 208, the second square operation module 209, the first multiplying module 210, the 3rd square
Computing module 211, the first constant multiplying module 212, the second multiplying module 213, the 3rd multiplying module 214,
4th square of computing module 215, the 4th multiplying module 216, the second constant multiplying module 217 and the second XOR
The combined calculation equation of module 218
Inversion operation module 219, the operation result for being exported according to the second XOR module 218 carries out fortune of inverting
Calculate.Inversion operation module 219 is used to calculate GF (24) in element d inverse element d-1。
3rd XOR module 220, for being exported according to the isomorphism mapping block 204 of inversion operation module 219 and the 4th
Operation result carry out XOR.4th XOR module 221, for according to the first square operation module 208 and the 3rd
The operation result that XOR module 220 is exported carries out XOR.
6th multiplying module 222, for according to the first square operation module 208 and the 3rd XOR module 220
The operation result of output carries out multiplying.7th multiplying module 223, for according to the He of the second isomorphism mapping block 202
The operation result of 3rd XOR module 220 output carries out multiplying.8th multiplying module 224, for according to
Four isomorphism mapping blocks 204 and the operation result of the 4th XOR module 221 output carry out multiplying.9th multiplying
Module 225, for being multiplied according to the operation result of the 4th XOR module 221 and the output of the 6th multiplying module 222
Method computing.
5th XOR module 226, for according to the first multiplying module 210, the 3rd multiplying module 214,
The operation result of 6th multiplying module 222, the 7th multiplying module 223 and the output of the first square operation module 208
Carry out XOR.6th XOR module 227, for according to the second multiplying module 213, the 8th multiplying module
224th, the 9th multiplying module 225, the 3rd XOR module 220, the 4th XOR module 221 and the 5th XOR fortune
Calculate the operation result progress XOR that module 226 is exported.
3rd XOR module 220, the 4th XOR module 221, the 6th multiplying module 222, the 7th multiplication
Computing module 223, the 8th multiplying module 224, the 9th multiplying module 225, the 5th XOR module 226 and the 6th
XOR module joint 227 calculates oh=ah(d-1+rl)+(d-1+rl)rh+ahrl+rhrl+rhAnd ol=oh+(d-1+rh)al+(d-1+rh)rh+alrh+rl+rhrl+rh。
First isomorphism inverse mapping module 228, the operation result for being exported according to the 6th XOR module 227 carries out same
Structure inverse mapping computing.Second isomorphism inverse mapping module 229, for the operation result exported according to the 5th XOR module 226
Carry out isomorphism inverse mapping computing.3rd isomorphism inverse mapping module 230, for according to the first isomorphism inverse mapping module 228 and second
The operation result that isomorphism inverse mapping module 229 is exported carries out isomorphism inverse mapping computing to export the 3rd data.First isomorphism is inverse to reflect
The isomorphism inverse mapping module 229 of module 228 and second is penetrated ohAnd olIt is each mapped to GF ((24)2) on element;3rd isomorphism is inverse
Mapping block 230 is mapped to the operation result that the first isomorphism inverse mapping module 228 and the second isomorphism inverse mapping module 229 are exported
GF(28) on element.
The mathematical modeling of finite field inversions module 2 based on addition mask is:
oh=ah(d-1+rl)+(d-1+rl)rh+ahrl+rhrl+rh, and ol=oh+(d-1+rh)al+(d-1+rh)rh+alrh+rl+rhrl+
rh;Wherein, ahHigh 4 bit for being a for the first data, alFor the first data a low 4 bit, rhFor the second data r high 4 ratio
Spy, rlFor the second data r low 4 bit, v is constant;d-1For intermediate data d inverse element;olAnd ohCovered to be described based on addition
Intermediate data in the finite field inversions module 2 of code.
As shown in figure 4, second includes the 3rd vectorial multiplier module 31, four-way based on addition mask affine transformation module 3
Measure the XOR module 33 of multiplier module 32 and the 7th.3rd vectorial multiplier module 31, for the 3rd data progress to input
Vector multiplication computing.4th vectorial multiplier module 32, vector multiplication computing is carried out for the second data to input, to export the
Five data.7th XOR module 33, is connected to the described 3rd vectorial multiplier module 31, and for according to the described 3rd vector
The operation result that multiplier module 31 is exported and the constant of input carry out XOR, to export the 4th data.
The mathematical modeling of 3rd vectorial multiplier module 31 is:a2*A1.The mathematical modeling of 4th vectorial multiplier module 32 is:
r2*A1.The mathematical modeling of 7th XOR module 33 is:a2*A1+C1.Wherein, a2And r2It is followed successively by the 3rd data and the second data.
The present invention have also been constructed a kind of data processing method for resisting Differential power attack analysis, and it uses SM4 algorithms to enter
Row data processing, as shown in figure 5, the data processing method comprises the following steps:
A, the mask data to input and mask carry out affine transformation computing, and export the first data and the second data;
B, the first data obtained to step A computings and the second data carry out finite field inversions computing, and export the 3rd data;
The 3rd data that C, the second data obtained to step A computings and step B computings are obtained carry out affine transformation computing,
And export the 4th data and the 5th data.
In stepb, in addition to:
B1, pass through first data and the second data calculation equation:
Wherein, ahFor the first data a high 4 bit, alLow 4 bit for being a for the first data, rhFor the second data r high 4 bit, rl
For the second data r low 4 bit, v is constant;
B2, the operation result d to step B1 carry out inversion operation, obtain d inverse element d-1;
B3, pass through ah、al、rh、rl、d-1Calculation equation:oh=ah(d-1+rl)+(d-1+rl)rh+ahrl+rhrl+rhAnd ol=
oh+(d-1+rh)al+(d-1+rh)rh+alrh+rl+rhrl+rh;
B4, the operation result o to step B3lAnd ohIsomorphism inverse mapping computing is carried out, to export the 3rd data, the 3rd number
According to output result be a GF (24) in element.
Step A includes with the affine transformation computing in step C:Data to input carry out vector multiplication computing respectively;If
The data of input are the result of mask, then output vector multiplying;If the data of input are mask data, to vector multiplication
The result of computing carries out XOR with outside input constant, and exports the result of XOR.
The foregoing is only the preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and
Any modification, equivalent substitution or improvement made in principle etc., should be included within the scope of the present invention.
Claims (3)
1. a kind of data handling system for resisting Differential power attack analysis, including the S boxes using SM4 algorithms, its feature
It is, the S boxes include:
First is based on addition mask affine transformation module (1), and affine transformation fortune is carried out for the mask data to input and mask
Calculate, and export the first data and the second data;
Finite field inversions module (2) based on addition mask, for being based on addition mask affine transformation module (1) to described first
The first data and the second data of output carry out finite field inversions computing, and export the 3rd data;
Second is based on addition mask affine transformation module (3), for being based on addition mask affine transformation module (1) to described first
Second data of output and the 3rd data of finite field inversions module (2) output based on addition mask carry out affine transformation
Computing, and export the 4th data and the 5th data;
Described first is included based on addition mask affine transformation module (1):
Primary vector multiplier module (11), vector multiplication computing is carried out for the mask data to input;
Secondary vector multiplier module (12), carries out vector multiplication computing, to export the second data for the mask to input;
First XOR module (13), is connected to the primary vector multiplier module (11), and for according to described first to
Measure the result of calculation of multiplier module (11) output and carry out XOR with the constant of input, to export the first data;
The mathematical modeling of the primary vector multiplier module (11) is:a1*A1;
The mathematical modeling of the secondary vector multiplier module (12) is:r1*A1;
The mathematical modeling of the first XOR module (13) is:a1*A1+C1;
Wherein, a1And r1It is followed successively by the mask data and mask of input;
Constant C1=(1,1,0,0,1,0,1,1);
The mathematical modeling of the finite field inversions module (2) based on addition mask is:
oh=ah(d-1+rl)+(d-1+rl)rh+ahrl+rhrl+rh,
And ol=oh+(d-1+rh)al+(d-1+rh)rh+alrh+rl+rhrl+rh;
Wherein, ahFor the first data a high 4 bit, alFor the first data a low 4 bit, rhFor the second data r high 4 bit,
rlFor the second data r low 4 bit, v is constant;d-1For intermediate data d inverse element;olAnd ohAddition mask is based on to be described
Finite field inversions module (2) in intermediate data;
The finite field inversions module (2) based on addition mask includes:
First isomorphism mapping block (201), for carrying out isomorphism mapping to first data;
Second isomorphism mapping block (202), for carrying out isomorphism mapping to second data;
3rd isomorphism mapping block (203), the operation result for being exported according to the first isomorphism mapping block (201) is carried out
Isomorphism maps;
4th isomorphism mapping block (204), the operation result for being exported according to the first isomorphism mapping block (201) is carried out
Isomorphism maps;
5th isomorphism mapping block (205), the operation result for being exported according to the second isomorphism mapping block (202) is carried out
Isomorphism maps;
6th isomorphism mapping block (206), the operation result for being exported according to the second isomorphism mapping block (202) is carried out
Isomorphism maps;
First constant multiplying module (212), for entering to the operation result that the 3rd isomorphism mapping block (203) exports
Row constant multiplying;
First square operation module (208), the operation result for being exported according to the 3rd isomorphism mapping block (203) is carried out
Square operation;
Second square operation module (209), the operation result for being exported according to the 6th isomorphism mapping block (206) is carried out
Square operation;
3rd square operation module (211), the operation result for being exported according to the first square operation module (208) is carried out
Square operation;
4th square of computing module (215), the operation result for being exported according to the 5th isomorphism mapping block (205) is carried out
Square operation;
First multiplying module (210), for according to the 3rd isomorphism mapping block (203) and the 4th isomorphism mapping
The operation result of module (204) output carries out vector multiplication computing;
Second multiplying module (213), the operation result for being exported according to the 5th isomorphism mapping block (205) is carried out
Vector multiplication computing;
3rd multiplying module (214), for according to the 4th isomorphism mapping block (204) and the 6th isomorphism mapping block
(206) operation result of output carries out vector multiplication computing;
4th multiplying module (216), for according to the 5th isomorphism mapping block (205) and the 6th isomorphism mapping block
(206) operation result of output carries out vector multiplication computing;
Second constant multiplying module (217), for the operation result exported according to the second square operation module (209)
Carry out vector multiplication computing;
Second XOR module (218), for according to the first multiplying module (210), the second multiplying module
(213), the 3rd multiplying module (214), the 4th multiplying module (216), the second constant multiplying module (217),
First constant multiplying module (212), the 3rd square operation module (211) and the 4th square of computing module (215) output
Operation result carry out XOR;
Inversion operation module (219), the operation result for being exported according to the second XOR module (218) is inverted
Computing;
3rd XOR module (220), for according to the inversion operation module (219) and the 4th isomorphism mapping block
(204) operation result of output carries out XOR;
4th XOR module (221), for according to the first square operation module (208) and the 3rd XOR
The operation result of module (220) output carries out XOR;
6th multiplying module (222), for according to the first square operation module (208) and the 3rd XOR
The operation result of module (220) output carries out vector multiplication computing;
7th multiplying module (223), for according to the second isomorphism mapping block (202) and the 3rd XOR
The operation result of module (220) output carries out vector multiplication computing;
8th multiplying module (224), for according to the 4th isomorphism mapping block (204) and the 4th XOR
The operation result of module (221) output carries out vector multiplication computing;
9th multiplying module (225), for according to the 4th XOR module (221) and the 6th multiplying
The operation result of module (222) output carries out vector multiplication computing;
5th XOR module (226), for according to the first multiplying module (210), the 3rd multiplying module
(214), the 6th multiplying module (222), the 7th multiplying module (223) and the first square operation module
(208) operation result of output carries out XOR;
6th XOR module (227), for according to the second multiplying module (213), the 8th multiplying
Module (224), the 9th multiplying module (225), the 3rd XOR module (220), the 4th XOR mould
Block (221) and the operation result of the 5th XOR module (226) output carry out XOR;
First isomorphism inverse mapping module (228), the operation result for being exported according to the 6th XOR module (227) enters
Row isomorphism inverse mapping computing;
Second isomorphism inverse mapping module (229), the operation result for being exported according to the 5th XOR module (226) enters
Row isomorphism inverse mapping computing;
3rd isomorphism inverse mapping module (230), for according to the first isomorphism inverse mapping module (228) and second isomorphism
The operation result of inverse mapping module (229) output carries out isomorphism inverse mapping computing to export the 3rd data;
Described second is included based on addition mask affine transformation module (3):
3rd vectorial multiplier module (31), vector multiplication computing is carried out for the 3rd data to input;
4th vectorial multiplier module (32), carries out vector multiplication computing, to export the 5th data for the second data to input;
7th XOR module (33), is connected to the described 3rd vectorial multiplier module (31), and for according to the three-dimensional
Measure the operation result of multiplier module (31) output and carry out XOR with the constant of input, to export the 4th data.
2. the data handling system of resistance Differential power attack analysis according to claim 1, it is characterised in that described the
The mathematical modeling of three vectorial multiplier modules (31) is:a2*A1;
The mathematical modeling of the 4th vectorial multiplier module (32) is:r2*A1;
The mathematical modeling of the 7th XOR module (33) is:a2*A1+C1;
Wherein, a2For the 3rd data, the second data r takes r2。
3. a kind of data processing method for resisting Differential power attack analysis, it uses SM4 algorithms to carry out data processing, its feature
It is, the data processing method comprises the following steps:
A, the mask data to input and mask carry out affine transformation computing, and export the first data and the second data;
B, first data obtained to step A computings and second data carry out finite field inversions computing, and export the
Three data;
The 3rd data that C, second data and step B computings that are obtained to step A computings are obtained carry out affine transformation
Computing, and export the 4th data and the 5th data;
Affine transformation computing in the step A and the step C includes:Data to input carry out vector multiplication fortune respectively
Calculate;If the data of input are mask, the result of output vector multiplying;If input data be mask data, to
The result and outside input constant for measuring multiplying carry out XOR, and export the result of XOR;
The step B includes:
B1, pass through first data and the second data calculation equation:Wherein, ahFor the first data a high 4 bit, alFor the first data
A low 4 bit, rhFor the second data r high 4 bit, rlFor the second data r low 4 bit, v is constant;
B2, the operation result d to step B1 carry out inversion operation, obtain d inverse element d-1;
B3, pass through ah、al、rh、rl、d-1Calculation equation:oh=ah(d-1+rl)+(d-1+rl)rh+ahrl+rhrl+rhAnd ol=oh+(d-1+rh)al+(d-1+rh)rh+alrh+rl+rhrl+rh;
B4, the operation result o to step B3lAnd ohIsomorphism inverse mapping computing is carried out, to export the 3rd data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410086766.6A CN103888247B (en) | 2014-03-10 | 2014-03-10 | Resist the data handling system and its data processing method of Differential power attack analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410086766.6A CN103888247B (en) | 2014-03-10 | 2014-03-10 | Resist the data handling system and its data processing method of Differential power attack analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103888247A CN103888247A (en) | 2014-06-25 |
| CN103888247B true CN103888247B (en) | 2017-09-22 |
Family
ID=50956975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410086766.6A Expired - Fee Related CN103888247B (en) | 2014-03-10 | 2014-03-10 | Resist the data handling system and its data processing method of Differential power attack analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103888247B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161002A (en) * | 2015-04-01 | 2016-11-23 | 上海华虹集成电路有限责任公司 | A kind of method of SM4 cryptochannel opposing side Multiple Channel Analysis |
| US9870810B2 (en) | 2016-05-18 | 2018-01-16 | Sidense Corp. | Method and system for power signature suppression in memory devices |
| CN106452726B (en) * | 2016-06-22 | 2020-04-07 | 深圳华视微电子有限公司 | S-shaped box and construction method thereof |
| CN106656465B (en) * | 2016-12-08 | 2019-09-06 | 上海爱信诺航芯电子科技有限公司 | A kind of the addition mask hardware implementation method and circuit of resisting energy analysis attacks |
| CN108234107B (en) * | 2016-12-21 | 2022-11-22 | 国民技术股份有限公司 | S-box transformation method and device with affine mask |
| CN106788974B (en) * | 2016-12-22 | 2020-04-28 | 深圳国微技术有限公司 | Mask S box, grouping key calculation unit, device and corresponding construction method |
| CN106788978B (en) * | 2016-12-30 | 2020-04-21 | 桂林电子科技大学 | Argument decomposition threshold mask method |
| CN107689863A (en) * | 2017-09-05 | 2018-02-13 | 成都三零嘉微电子有限公司 | A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask |
| CN107800530B (en) * | 2017-11-28 | 2020-09-18 | 聚辰半导体股份有限公司 | S-box mask method of SMS4 |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009554A (en) * | 2007-01-17 | 2007-08-01 | 华中科技大学 | A byte replacement circuit for power consumption attack prevention |
| CN101197660A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Encrypting method and chip for anti-attack standard encryption criterion |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007189659A (en) * | 2005-12-15 | 2007-07-26 | Toshiba Corp | Encryption device, encryption method, and encryption program |
| US7970129B2 (en) * | 2007-04-19 | 2011-06-28 | Spansion Llc | Selection of a lookup table with data masked with a combination of an additive and multiplicative mask |
-
2014
- 2014-03-10 CN CN201410086766.6A patent/CN103888247B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197660A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Encrypting method and chip for anti-attack standard encryption criterion |
| CN101009554A (en) * | 2007-01-17 | 2007-08-01 | 华中科技大学 | A byte replacement circuit for power consumption attack prevention |
Non-Patent Citations (1)
| Title |
|---|
| 抗攻击的SMS4密码算法集成电路设计研究;徐艳华;《中国优秀硕士学位论文全文数据库 信息科技辑》;20100715(第7期);正文第58-61页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103888247A (en) | 2014-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103888247B (en) | Resist the data handling system and its data processing method of Differential power attack analysis | |
| CN104396181B (en) | system and method for generating and protecting cryptographic key | |
| Wang et al. | Secure two-factor lightweight authentication protocol using self-certified public key cryptography for multi-server 5G networks | |
| CN104506313B (en) | A kind of quantum key distribution secrecy Enhancement Method for supporting extensive dynamic change | |
| CN101951314B (en) | Design method of S-box in symmetric password encryption | |
| CN103259662B (en) | A kind of new allograph based on Integer Decomposition problem and verification method | |
| CN104270247A (en) | Efficient generic Hash function authentication scheme suitable for quantum cryptography system | |
| CN106357380B (en) | The mask method and device of SM4 algorithm | |
| CN103580863B (en) | Communication safety control method, device and Internet of things node | |
| Man et al. | An image segmentation encryption algorithm based on hybrid chaotic system | |
| CN107769910A (en) | A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF | |
| CN106788980A (en) | Safe encryption method in a kind of matrix multiplication sub-contract management towards cloud computing | |
| CN103607276B (en) | Grouping encryption method of the anti-known-plaintext ciphertext based on random function to attack | |
| Nagaraj et al. | Image encryption using elliptic curve cryptograhy and matrix | |
| WO2017049790A1 (en) | Online/offline signature system and method based on multivariate cryptography | |
| Huqing et al. | Research on zero-knowledge proof protocol | |
| CN109861826A (en) | A kind of implementation method that bi-directional proxy is signed again and device | |
| CN106656465B (en) | A kind of the addition mask hardware implementation method and circuit of resisting energy analysis attacks | |
| Wang et al. | A power analysis on SMS4 using the chosen plaintext method | |
| CN103427980B (en) | A kind of ofdm system safety of physical layer algorithm based on two-matrix transformation | |
| CN103780794A (en) | Image encryption improved method based on chaotic system | |
| CN103166965A (en) | Multi-source network coding pollution defense method based on subspace attributes | |
| CN108650072A (en) | It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method | |
| CN104618098A (en) | Cryptographic construction method and system for set member relation determination | |
| Zhou | Image encryption technology research based on neural network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200914 Address after: 518000, Shenzhen, Guangdong, Futian District Futian street, China Road, excellent Merlin Center Plaza (North District) 4, 1205 Patentee after: CHINA-VISION INTELLIGENT CARD READER Co.,Ltd. Address before: 518000 Guangdong Province, Shenzhen city Futian District Mei Hua Lu Shen Hua Science and Technology Industrial Park, 1 floor East Building 4 A Patentee before: CHINA VISION MICROELECTRONIC Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170922 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |