CN104301095A - DES round operation method and circuit - Google Patents
DES round operation method and circuit Download PDFInfo
- Publication number
- CN104301095A CN104301095A CN201410537830.8A CN201410537830A CN104301095A CN 104301095 A CN104301095 A CN 104301095A CN 201410537830 A CN201410537830 A CN 201410537830A CN 104301095 A CN104301095 A CN 104301095A
- Authority
- CN
- China
- Prior art keywords
- box
- data
- xor
- random number
- computing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention relates to a DES round operation method. The method includes the steps that in the DES procedure, for the linear operation only involving position exchange or simple Boolean operation, the Exclusive Or operation is adopted to conduct data masking and restoring; for S boxes of the linear operation, S boxes of different circuit structures and with different power consumption curves in the operation process are designed, and by randomly selecting the arrangement of the S boxes on a data path, the power consumption of operation of the S boxes in the DES is randomized. By means of the method, an attacker cannot observe the real data on the data path in the encryption and decryption processes, meanwhile, due to power consumption randomization, it is difficult to conduct statistics and analysis on secret keys, and the ability to defend the power consumption analysis attack of the DES circuit can be improved without changing the DES circuit structure and with the small cost.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of DES and take turns operation method and circuit.
Background technology
DES (Data Encryption Standard) is a kind of symmetric encipherment algorithm, within 1972, is developed by American I BM company.Expressly divide into groups by 64, long 64 of key, key is in fact 56 and participates in DES computing, and the method that the plaintext group after grouping and the key step-by-step of 56 substitute or exchange forms the encryption method of ciphertext group.It is most popular cipher key system, particularly in the safety of protection finance data.
DES algorithm is widely used at POS, ATM, magnetic card and smart card, realizes maintaining secrecy of critical data with this.But carry out in the process processed in input information and key, equipment meeting produce power consumption or electromagnetism spoke, these information are enough used to analyze and obtain confidential information.This attack method is called bypass attack (SideChannel Attack), it refers to some bypass message that the cryptographic system that assailant passes through to measure practical application is leaked in running, as the time, power consumption, electromagnetic radiation etc. of system, then through the analyzing and processing such as correlation analysis, statistical disposition, successfully the confidential information such as encryption key can be obtained.Wherein most threatening attack method is power consumption analysis.The method of conventional power consumption analysis has simple power consumption analysis (SPA, Simple Power Analysis), differential power consumption analysis (DPA, Differential Power Analysis), correlation power analysis (CPA, correlation power analysis).
In cmos circuit, account for the maximum dynamic power consumption of total energy consumption ratio and depend on the upset rate that all doors export.The dynamic power consumption of circuit can represent by following formula:
(probability of 0->1 and consumed power event when being clock change, is caused at this output in formula.CL is called equivalent capacity, and represent the average capacitance that per clock cycle, switch occurred, Vdd is supply power voltage, and f representative inputs the maximum possible speed changed, i.e. clock frequency.Can simplify and think that the total energy consumption of circuit and integrated overturn rate have certain proportional relation.
Power consumption analysis attack theoretical foundation make use of dynamic power consumption in (1) formula and, to the dependence of data processing, namely in ciphering process, wants consumed energy, and the energy consumed has small difference with the data difference processed.Determine that the data processed are 0 or 1 according to this difference, thus likely guess out the key used in cryptographic algorithm.
DES algorithm has 16 and takes turns computing, each corresponding 8 groups of sub-key of 8 S box armies of taking turns.When carrying out differential power consumption analysis, 48 bit sub-key participating in first round DES computing can be attacked, also can attack 48 keys that last takes turns DES computing.Once analyze the key that certain takes turns computing, 56 the most original DES keys can be gone out according to key algorithm development.To attack the S1 of DES box, the process that concrete DPA attacks is as follows:
(1) a large amount of plaintext of stochastic generation;
(2) these are encrypted expressly, and energy consumption curve when recording cryptographic operation, try to achieve the average of these curves;
(3) pay close attention to the output of first round S1 box, if the first bit exported is b, the first character joint of first round sub-key is guessed, and calculates the output of S1 box with itself and corresponding plaintext;
(4) according to the value of b, energy consumption curve is divided into two classes according to b=0 and b=1;
(5) calculate the average energy consumption curve of this two class, and the two is subtracted each other, try to achieve difference energy consumption curve;
(6) energy curve that step (2) and (5) generates is observed.If key conjecture is correct, so the grouping of step (4) is exactly correct, the average energy consumption curve generated with step (2) is presented larger difference by the difference energy consumption curve that step (5) generates, and will occur peak value in difference energy consumption curve.Therefore, by observing peak value, assailant judges that whether the conjecture of key is correct.
Defensive measure for power consumption analysis can be considered from aspects such as circuit structure, data flow and algorithm improvement.Such as adopt the circuit logic form that some is special, as WDDL (Wave Dynamic Digital Logic), asynchronous circuit, double track circuit etc., its principle be make as far as possible in circuit from the saltus step of 0 to 1 and from 1 to 0 the balancing energy that consumes of saltus step.But these class methods need custom-designed domain storehouse, its circuit area and extra power consumption all larger.In data path, insert random operation, increase the methods such as power consumption noise and also can adopt.In inter-process stream, introduce mask in addition is also conventional method.When cryptographic algorithm computing, each median converts with certain random number as mask, makes power consumption information not only relevant with key, and relevant to the random number introduced.This method implements simple and easy to do, does not rely on technique.The part of linear computing is sheltered and is recovered all than being easier to, to the S box of nonlinear operation, this shelter then very difficult.
Summary of the invention
In view of this, be necessary to provide a kind of DES to take turns operation method and circuit.
The invention provides a kind of DES and take turns operation method method, the method comprises the steps:
A. adopt random number X, the data that the half blocks of data Ri-1 round trip process of arbitrary 32 obtain are sheltered, i be less than 17 natural number;
B. extended arithmetic E is carried out to the data after sheltering, also extended arithmetic E is carried out to described random number X simultaneously, obtain E (X);
C. data, E (X) and round key that extended arithmetic E obtains are carried out to the data after sheltering carry out XOR simultaneously by described, obtain the value entering S box array;
D. to the described value entering S box array, carry out the computing of S box, described S box array, by 8 respectively from the S box of N kind different circuit structure the S box of Stochastic choice form, N be not less than 3 natural number;
E. the data will exported after the computing of described S box, carry out XOR with described random number X;
F. the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X, carry out in-place computation P, also carry out in-place computation P simultaneously to described random number X, obtain P (X);
G. the data that the data obtained after the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X being carried out in-place computation P, P (X) and another half blocks of data Li-1 round trip process of 32 obtain, carry out XOR simultaneously, obtain the value entering the process of Ri round trip.
Wherein, described step a comprises:
A1. to the data that the half blocks of data Ri-1 round trip process of arbitrary 32 obtains, the operand A namely on data path, through linear operation, obtaining result is R, R=OP (A), and wherein OP represents the intermediary operation of encryption process;
A2. adopt described random number X to carry out computing by XOR, produce new operand B, B=A ⊕ X, wherein ⊕ represents xor operation;
A3. replace A to carry out encryption and decryption computing with described new operand B, obtaining result is T, T=OP (B)=OP (A ⊕ X);
A4. described random number X carries out same operation, and obtaining result is S, S=OP (X).
Wherein, described step b comprises:
B1. by extended arithmetic E, be 48 by the data after described sheltering by 32 Bits Expanding, and export the block comprising 86, every block comprises 4 corresponding input positions, and the position be close in 2 adjacent blocks.
Wherein, described steps d comprises:
D1. each S box described, uses the nonlinear transformation provided in look-up table mode, converts 6 input positions of each piece in the value of the described S of entering box array to 4 carry-out bits.
Preferably, described steps d also comprises:
D2. each S box described, the data obtained after converting 6 input positions of each piece in the value of the described S of entering box array to 4 carry-out bits, are exported by MUX.
The present invention also provides a kind of DES to take turns computing circuit, comprises masking block, extended arithmetic module, the first XOR module, S box array, the second XOR module, in-place computation module, the 3rd XOR module, wherein:
Described masking block, for adopting random number X, is sheltered the data that the half blocks of data Ri-1 round trip process of arbitrary 32 obtain;
Described extended arithmetic module is used for carrying out extended arithmetic E to the data after sheltering, and also carries out extended arithmetic E simultaneously, obtain E (X) to described random number X;
Described first XOR module is used for carrying out to the data after sheltering data, E (X) and round key that extended arithmetic E obtains carry out XOR simultaneously by described, obtains the value entering S box array;
Described S box array is used for the described value entering S box array, carries out the computing of S box, described S box array, by 8 respectively from the S box of N kind different circuit structure the S box of Stochastic choice form, N be not less than 3 natural number;
Described second XOR module is used for the data will exported after the computing of described S box, carries out XOR with described random number X;
The data that described in-place computation module obtains after being used for carrying out XOR to the data exported after the computing of described S box and described random number X, carry out in-place computation P, also carry out in-place computation P simultaneously to described random number X, obtain P (X);
The data that the data that described 3rd XOR module obtains after being used for that the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X are carried out in-place computation P, P (X) and another half blocks of data Li-1 round trip process of 32 obtain, carry out XOR simultaneously, obtain the value entering the process of Ri round trip.
Wherein, the S box of described different circuit structures, comprises the S box of SOP, PPRM and DSE structure.
DES of the present invention takes turns operation method and circuit, by DES flow process, to the linear operation only relating to place-exchange or simple Boolean calculation, adopts xor operation to carry out sheltering and recovering data; To the S box of nonlinear operation, the S box that when designing different circuit structure, computing, power consumption profile is different, when data are through S box, by the arrangement of S box on Stochastic choice data path, thus makes the Power randomization of S box computing in DES.Beneficial effect is as follows: 1) assailant cannot observe the True Data of encryption process on data path, and simultaneously due to Power randomization, statistical analysis key also becomes very difficult; 2) do not change the circuit structure of DES, algorithm succinctly, easily realizes; 3) ability that DES circuit resists power consumption analysis attack can be increased substantially with less cost.
Accompanying drawing explanation
Fig. 1 is the flow chart that DES of the present invention takes turns operation method, wherein, and ⊕ symbology XOR (XOR) operation in figure;
Fig. 2 is the structure chart that DES of the present invention takes turns computing circuit;
Fig. 3 is the flow chart of the computations flow process of DES of the present invention;
Fig. 4 is the wheel calculation process flow chart of DES algorithm of the present invention;
Fig. 5 is the data structure diagram of the replacement process of S box of the present invention;
Fig. 6 is S1 box operating structure figure of the present invention.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is further detailed explanation.
DES of the present invention takes turns operation method and circuit, by DES flow process, to the linear operation only relating to place-exchange or simple Boolean calculation, adopts xor operation to carry out sheltering and recovering data; To the S box of nonlinear operation, the S box that when designing different circuit structure, computing, power consumption profile is different, when data are through S box, by the arrangement of S box on Stochastic choice data path, thus makes the Power randomization of S box computing in DES.
As shown in Figure 3, in the computations flow process of DES: have the processing procedure that 16 identical, be called wheel (round), and respectively once replace at head and the tail, be called IP and FP (or claiming IP-1, FP to be the inverse function of IP).Before main process round trip, data block is divided into the half block of two 32, and is processed separately.Data half block and certain sub-key process by F function.Then, after the output of a F function and another half block XOR, then combine also exchange sequence with half block originally, enter the process of next round trip.When in the end a round trip completes, two half blocks need not exchange sequence.
As shown in Figure 4, the operating process (it operates half block (32) at every turn) of F function (the appropriate function of Fei Si) is as follows:
Extension Operations E: the half block of 32 is expanded to 48 with expansion displacement (E in Fig. 1,4), it exports and comprises the block of 86, and every block comprises 4 corresponding input positions, adds the position be close in two adjacent blocks.
Mix with key: with xor operation, the result of expansion and a sub-key are mixed.Sub-key-each F for a round trip of 16 48 converts-utilizes key schedule and generates from master key.
S box computing: after mixing with sub-key, block is divided into the block of 86, then uses S box, processes.Each of 8 S boxes uses the nonlinear conversion provided in look-up table mode that its 6 input positions are become 4 carry-out bits.S box provides the core security of DES, if do not have S box, password can be linear, is easy to crack.
32 carry-out bits of in-place computation P:S box utilize fixing displacement, and P displacement is recombinated.This design is to export 4 of each S box after the expansion of next round trip, uses 4 different S boxes to process.
The DES of the defence power consumption attack that the present invention proposes takes turns operating structure, is before extended arithmetic E, adopt random number X to shelter Ri-1 data out, and random number X also carries out extended arithmetic simultaneously, obtains E (X).Before entering the S box array of improvement, the Ri-1 data obtained through extended arithmetic E out, and E (X), round key carries out XOR simultaneously, can obtain the value entering S box.After completing the computing of S box, the output data of 32 bits carry out XOR with random number X again, then carry out in-place computation P, random number X also carries out in-place computation P operation simultaneously, the result of gained is P (X), and the data of above-mentioned two P computings and Li-1 carry out XOR, are the value of next round Ri.
Consulting shown in Fig. 1, is the operation process chart that DES of the present invention takes turns operation method preferred embodiment.
Step S401, adopt random number X, the data that the half blocks of data Ri-1 round trip process of arbitrary 32 obtain are sheltered, i be less than 17 natural number.
In DES flow process, except S box, be linear operation, can hide with xor operation easily and recover.The covering method of linear segment is as follows:
(1): the operand A on data path, through linear operation, obtaining result is R; R=OP (A), wherein OP represents the intermediary operation of encryption process;
(2): adopt a random number X to carry out computing by XOR, produce new operand B; B=A ⊕ X, wherein ⊕ represents xor operation, and X is random number;
(3): replace A to carry out encryption and decryption computing with new operand B, obtaining result is T;
T=OP(B)=OP(A⊕X);
(4) random number X carries out same operation, and obtaining result is S; S=OP (X);
(5) when OP is linear operation, can switch any with xor operation, the result T calculated like this needs OP operation result S that is simple and random number X to carry out XOR, can recover correct result R;
T⊕S=OP(A⊕X)⊕OP(X)=OP(A⊕X⊕X)=OP(A)=R
Step S402, carries out extended arithmetic E to the data after sheltering, and performs step S4021 simultaneously, also carries out extended arithmetic E, obtain E (X) to described random number X.
Step S403, carries out to the data after sheltering data, E (X) and round key that extended arithmetic E obtains carry out XOR simultaneously by described, obtain the value entering S box array.
Step S404, to the described value entering S box array, carries out the computing of S box, described S box array, by 8 respectively from the S box of N kind different circuit structure the S box of Stochastic choice form, N be not less than 3 natural number.
The S box of DES is a table lookup operations, and 8 S boxes correspond respectively to 8 nonlinear substitution lists, are respectively S1, S2, S3, S4, S5, S6, S7, S8; The input of each S box is 6, and output is 4.Like this after the replacement of S box, 48 bit data that the expansion of E box generates are compressed into 32 bit data again.Before tabling look-up, 48 bit data of input are divided into 8 groups, often organize 6, then enter 8 S boxes respectively and calculate, as shown in Figure 5.
For S1, the S box array structure can defending power consumption attack is described.The truth table of S1 is as shown in table 1.
Table 1
The quick realization utilizing two-valued function to carry out S box by truth table also can be optimized different performance index.
As shown in Figure 6, the present invention have chosen the S box implementation of SOP (Sum Of Products), PPRM (Positive Polarity Reed-Muller), DSE (Decoder-Switch-Encoder) structure, and the power consumption profile of different its redirects of circuit implementations is different.When data enter the S1 box of improvement, the S1 box of any structure is selected to carry out computing by random gate device.After calculating completes, the S1 box participating in computing will be sent data by MUX.Other S2, S3, S4, S5, S6, S7, S8 all can adopt similar structure, thus composition improves S box array.
Need stochastic inputs a large amount of plaintext when power consumption attack, certain S box (such as S1) power consumption profile is observed.But because the computing of S1 box is carrying out computing at the circuit of random practicality 3 different structures, power consumption profile cannot be distinguished, so just effectively can implement power consumption attack protection to non-linear unit S box.
Because S box is nonlinear operation, after adopting the data of sheltering to enter S box, cannot simply return to correct operation result.Therefore, the present invention adopts method to be adopt data masking at linear segment, and step is as shown in the step of (1) in above-mentioned steps S401 ~ (5).The data of sheltering are through S box, its original result of temporary transient recovery, the S box of different circuit structure is adopted at S box arithmetic section, power consumption profile during these S box computings is different, data are through S box, by the arrangement of S box on Stochastic choice data path, thus make the Power randomization of S box computing.Data are sheltered through after S box again, continue to carry out subsequent arithmetic by the data of hiding.By such process, whole DES computing flow process can simply be undertaken hiding and recovering by the mode of xor operation.
Step S405, by the data exported after the computing of described S box, carries out XOR with described random number X.
Step S406, the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X, carry out in-place computation P, perform step 4061 simultaneously, also carry out in-place computation P, obtain P (X) to described random number X.
Step S407, the data that the data obtained after the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X are carried out in-place computation P, P (X) and another half blocks of data Li-1 round trip process of 32 obtain, carry out XOR simultaneously, obtain the value entering the process of Ri round trip.
Consulting shown in Fig. 2, is the structure chart that DES of the present invention takes turns computing circuit.Comprise masking block, extended arithmetic module, the first XOR module, S box array, the second XOR module, in-place computation module, the 3rd XOR module, wherein:
Described masking block, for adopting random number X, is sheltered the data that the half blocks of data Ri-1 round trip process of arbitrary 32 obtain;
Described extended arithmetic module is used for carrying out extended arithmetic E to the data after sheltering, and also carries out extended arithmetic E simultaneously, obtain E (X) to described random number X;
Described first XOR module is used for carrying out to the data after sheltering data, E (X) and round key that extended arithmetic E obtains carry out XOR simultaneously by described, obtains the value entering S box array;
Described S box array is used for the described value entering S box array, carries out the computing of S box, described S box array, by 8 respectively from the S box of N kind different circuit structure the S box of Stochastic choice form, N be not less than 3 natural number;
Described second XOR module is used for the data will exported after the computing of described S box, carries out XOR with described random number X;
The data that described in-place computation module obtains after being used for carrying out XOR to the data exported after the computing of described S box and described random number X, carry out in-place computation P, also carry out in-place computation P simultaneously to described random number X, obtain P (X);
The data that the data that described 3rd XOR module obtains after being used for that the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X are carried out in-place computation P, P (X) and another half blocks of data Li-1 round trip process of 32 obtain, carry out XOR simultaneously, obtain the value entering the process of Ri round trip.
Wherein, the S box of described different circuit structures, comprises the S box of SOP, PPRM and DSE structure.
DES of the present invention takes turns operation method and circuit, by DES flow process, to the linear operation only relating to place-exchange or simple Boolean calculation, adopts xor operation to carry out sheltering and recovering data; To the S box of nonlinear operation, the S box that when designing different circuit structure, computing, power consumption profile is different, when data are through S box, by the arrangement of S box on Stochastic choice data path, thus makes the Power randomization of S box computing in DES.Beneficial effect is as follows: 1) assailant cannot observe the True Data of encryption process on data path, and simultaneously due to Power randomization, statistical analysis key also becomes very difficult; 2) do not change the circuit structure of DES, algorithm succinctly, easily realizes; 3) ability that DES circuit resists power consumption analysis attack can be increased substantially with less cost.
Although the present invention is described with reference to current better embodiment; but those skilled in the art will be understood that; above-mentioned better embodiment is only used for the present invention is described; not be used for limiting protection scope of the present invention; any within the spirit and principles in the present invention scope; any modification of doing, equivalence replacement, improvement etc., all should be included within the scope of the present invention.
Claims (10)
1. DES takes turns an operation method, and it is characterized in that, the method comprises the steps:
A. adopt random number X, the data that the half blocks of data Ri-1 round trip process of arbitrary 32 obtain are sheltered, i be less than 17 natural number;
B. extended arithmetic E is carried out to the data after sheltering, also extended arithmetic E is carried out to described random number X simultaneously, obtain E (X);
C. data, E (X) and round key that extended arithmetic E obtains are carried out to the data after sheltering carry out XOR simultaneously by described, obtain the value entering S box array;
D. to the described value entering S box array, carry out the computing of S box, described S box array, by 8 respectively from the S box of N kind different circuit structure the S box of Stochastic choice form, N be not less than 3 natural number;
E. the data will exported after the computing of described S box, carry out XOR with described random number X;
F. the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X, carry out in-place computation P, also carry out in-place computation P simultaneously to described random number X, obtain P (X);
G. the data that the data obtained after the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X being carried out in-place computation P, P (X) and another half blocks of data Li-1 round trip process of 32 obtain, carry out XOR simultaneously, obtain the value entering the process of Ri round trip.
2. the method for claim 1, is characterized in that, described step a comprises:
A1. to the data that the half blocks of data Ri-1 round trip process of arbitrary 32 obtains, the operand A namely on data path, through linear operation, obtaining result is R, R=OP (A), and wherein OP represents the intermediary operation of encryption process;
A2. adopt described random number X to carry out computing by XOR, produce new operand B, B=A ⊕ X, wherein ⊕ represents xor operation;
A3. replace A to carry out encryption and decryption computing with described new operand B, obtaining result is T, T=OP (B)=OP (A ⊕ X);
A4. described random number X carries out same operation, and obtaining result is S, S=OP (X).
3. method as claimed in claim 1 or 2, it is characterized in that, described step b comprises:
B1. by extended arithmetic E, be 48 by the data after described sheltering by 32 Bits Expanding, and export the block comprising 86, every block comprises 4 corresponding input positions, and the position be close in 2 adjacent blocks.
4. method as claimed in claim 1 or 2, it is characterized in that, described round key is one of sub-key of 16 48 utilizing key schedule to generate from master key, and described each sub-key is used for 1 round trip process.
5. the method described in method as claimed in claim 1 or 2, is characterized in that the S box of described different circuit structures comprises the S box of SOP, PPRM and DSE structure.
6. method as claimed in claim 5, is characterized in that, described S box array, is made up of 8 S boxes respectively by random gate device Stochastic choice from the S box of the different circuit structure of N kind.
7. method as claimed in claim 1 or 2, it is characterized in that, described steps d comprises:
D1. each S box described, uses the nonlinear transformation provided in look-up table mode, converts 6 input positions of each piece in the value of the described S of entering box array to 4 carry-out bits.
8. method as claimed in claim 7, it is characterized in that, described steps d comprises:
D2. each S box described, is converted 6 input positions of each piece in the value of the described S of entering box array to the data obtained after 4 carry-out bits, is exported by MUX.
9. DES takes turns a computing circuit, and it is characterized in that, this is taken turns computing circuit and comprises masking block, extended arithmetic module, the first XOR module, S box array, the second XOR module, in-place computation module, the 3rd XOR module, wherein:
Described masking block, for adopting random number X, is sheltered the data that the half blocks of data Ri-1 round trip process of arbitrary 32 obtain;
Described extended arithmetic module is used for carrying out extended arithmetic E to the data after sheltering, and also carries out extended arithmetic E simultaneously, obtain E (X) to described random number X;
Described first XOR module is used for carrying out to the data after sheltering data, E (X) and round key that extended arithmetic E obtains carry out XOR simultaneously by described, obtains the value entering S box array;
Described S box array is used for the described value entering S box array, carries out the computing of S box, described S box array, by 8 respectively from the S box of N kind different circuit structure the S box of Stochastic choice form, N be not less than 3 natural number;
Described second XOR module is used for the data will exported after the computing of described S box, carries out XOR with described random number X;
The data that described in-place computation module obtains after being used for carrying out XOR to the data exported after the computing of described S box and described random number X, carry out in-place computation P, also carry out in-place computation P simultaneously to described random number X, obtain P (X);
The data that the data that described 3rd XOR module obtains after being used for that the data obtained after carrying out XOR to the data exported after the computing of described S box and described random number X are carried out in-place computation P, P (X) and another half blocks of data Li-1 round trip process of 32 obtain, carry out XOR simultaneously, obtain the value entering the process of Ri round trip.
10. circuit as claimed in claim 9, is characterized in that the S box of described different circuit structures comprises the S box of SOP, PPRM and DSE structure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410537830.8A CN104301095A (en) | 2014-10-13 | 2014-10-13 | DES round operation method and circuit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410537830.8A CN104301095A (en) | 2014-10-13 | 2014-10-13 | DES round operation method and circuit |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104301095A true CN104301095A (en) | 2015-01-21 |
Family
ID=52320675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410537830.8A Pending CN104301095A (en) | 2014-10-13 | 2014-10-13 | DES round operation method and circuit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104301095A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105281889A (en) * | 2015-11-16 | 2016-01-27 | 中国电子科技集团公司第三十研究所 | Algorithm recovering method and system based on side channel leakage |
| CN105656619A (en) * | 2016-02-02 | 2016-06-08 | 清华大学无锡应用技术研究院 | AES (Advanced Encryption Standard) encryption method and power attack resisting method based on the same |
| CN106330424A (en) * | 2015-06-17 | 2017-01-11 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device of password module based on SM3 algorithm |
| CN106383691A (en) * | 2016-09-18 | 2017-02-08 | 北京智芯微电子科技有限公司 | Random number generation method and random number generator |
| CN106877999A (en) * | 2017-01-17 | 2017-06-20 | 中国科学院信息工程研究所 | A kind of DES encryption and decryption key generator and key generation method |
| CN108134664A (en) * | 2016-12-01 | 2018-06-08 | 钦州市晶通科技有限公司 | A kind of implementation method of data encryption |
| CN110071927A (en) * | 2019-04-28 | 2019-07-30 | 苏州国芯科技股份有限公司 | A kind of information ciphering method, system and associated component |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040139340A1 (en) * | 2000-12-08 | 2004-07-15 | Johnson Harold J | System and method for protecting computer software from a white box attack |
| CN102752103A (en) * | 2012-07-26 | 2012-10-24 | 上海爱信诺航芯电子科技有限公司 | Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack |
-
2014
- 2014-10-13 CN CN201410537830.8A patent/CN104301095A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040139340A1 (en) * | 2000-12-08 | 2004-07-15 | Johnson Harold J | System and method for protecting computer software from a white box attack |
| CN102752103A (en) * | 2012-07-26 | 2012-10-24 | 上海爱信诺航芯电子科技有限公司 | Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack |
Non-Patent Citations (2)
| Title |
|---|
| CHEN YICHENG等: "《Dynamic inhomogeneous S-Boxes in AES: a novel countermeasure against power analysis attacks》", 《HIGH TECHNOLOGY LETTERS》 * |
| 孙骏等: "《一种抗DPA攻击的DES设计》", 《中国集成电路》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330424A (en) * | 2015-06-17 | 2017-01-11 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device of password module based on SM3 algorithm |
| CN106330424B (en) * | 2015-06-17 | 2019-11-05 | 上海复旦微电子集团股份有限公司 | The anti-attack method and device of crypto module based on SM3 algorithm |
| CN105281889A (en) * | 2015-11-16 | 2016-01-27 | 中国电子科技集团公司第三十研究所 | Algorithm recovering method and system based on side channel leakage |
| CN105281889B (en) * | 2015-11-16 | 2019-02-01 | 中国电子科技集团公司第三十研究所 | A kind of algorithm restoring method and system based on side channel leakage |
| CN105656619A (en) * | 2016-02-02 | 2016-06-08 | 清华大学无锡应用技术研究院 | AES (Advanced Encryption Standard) encryption method and power attack resisting method based on the same |
| CN105656619B (en) * | 2016-02-02 | 2019-02-26 | 清华大学无锡应用技术研究院 | A kind of AES encryption method and the anti-power consumption attack method based on it |
| CN106383691A (en) * | 2016-09-18 | 2017-02-08 | 北京智芯微电子科技有限公司 | Random number generation method and random number generator |
| CN108134664A (en) * | 2016-12-01 | 2018-06-08 | 钦州市晶通科技有限公司 | A kind of implementation method of data encryption |
| CN106877999A (en) * | 2017-01-17 | 2017-06-20 | 中国科学院信息工程研究所 | A kind of DES encryption and decryption key generator and key generation method |
| CN110071927A (en) * | 2019-04-28 | 2019-07-30 | 苏州国芯科技股份有限公司 | A kind of information ciphering method, system and associated component |
| CN110071927B (en) * | 2019-04-28 | 2021-09-14 | 苏州国芯科技股份有限公司 | Information encryption method, system and related components |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kumar et al. | Development of modified AES algorithm for data security | |
| Li et al. | Differential fault analysis on the ARIA algorithm | |
| CN106788974A (en) | Mask S boxes, packet key computing unit, device and corresponding building method | |
| JP5229315B2 (en) | Encryption device and built-in device equipped with a common key encryption function | |
| CN104301095A (en) | DES round operation method and circuit | |
| KR20180002069A (en) | A protection method and device against a side-channel analysis | |
| CN102648600B (en) | Low-complexity electronic circuit protected by customized masking | |
| Gross et al. | Ascon hardware implementations and side-channel evaluation | |
| JP2012516068A (en) | Cryptographic circuit protected from higher-order observational attacks | |
| CN102970132B (en) | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm | |
| CN101009554A (en) | A byte replacement circuit for power consumption attack prevention | |
| CN104618094B (en) | A kind of password Mask method strengthening anti-attack ability | |
| CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
| CN107204841B (en) | Method for realizing multiple S boxes of block cipher for resisting differential power attack | |
| Gafsi et al. | High securing cryptography system for digital image transmission | |
| KR100834096B1 (en) | Aria encryption method for countermeasuring higher order dpa | |
| Sani et al. | Creation of S-box based on a hierarchy of Julia sets: image encryption approach | |
| Huang et al. | Low area-overhead low-entropy masking scheme (LEMS) against correlation power analysis attack | |
| CN104301096A (en) | AES round operation method and circuit | |
| CN106936822B (en) | Mask implementation method and system for resisting high-order bypass analysis aiming at SMS4 | |
| CN108123792B (en) | Power consumption scrambling method of SM4 algorithm circuit | |
| CN108650072A (en) | It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method | |
| Lin et al. | A new Feistel-type white-box encryption scheme | |
| Ha et al. | Differential power analysis on block cipher ARIA | |
| Bonnerji et al. | COZMO-A new lightweight stream cipher |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150121 |
|
| RJ01 | Rejection of invention patent application after publication |