CN104301096B - AES takes turns operation method and circuit - Google Patents

AES takes turns operation method and circuit Download PDF

Info

Publication number
CN104301096B
CN104301096B CN201410537860.9A CN201410537860A CN104301096B CN 104301096 B CN104301096 B CN 104301096B CN 201410537860 A CN201410537860 A CN 201410537860A CN 104301096 B CN104301096 B CN 104301096B
Authority
CN
China
Prior art keywords
data
boxes
box
random number
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410537860.9A
Other languages
Chinese (zh)
Other versions
CN104301096A (en
Inventor
陈毅成
张明宇
吴水源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan ruinajie Semiconductor Co.,Ltd.
Original Assignee
SHENZHEN ZHONGKE XUNLIAN TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN ZHONGKE XUNLIAN TECHNOLOGY Co Ltd filed Critical SHENZHEN ZHONGKE XUNLIAN TECHNOLOGY Co Ltd
Priority to CN201410537860.9A priority Critical patent/CN104301096B/en
Publication of CN104301096A publication Critical patent/CN104301096A/en
Application granted granted Critical
Publication of CN104301096B publication Critical patent/CN104301096B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

AES wheel operation methods of the present invention and circuit, power consumption analysis is defendd using data masking and different S boxes circuit random alignments, in AES flows, include row displacement, row mixing and round key addition to the linear operation for pertaining only to place-exchange or simple Boolean calculation, sheltered using xor operation and recover data;To the S boxes of nonlinear operation, design the S boxes of different circuit structures, power consumption profile during these S box computings is different, when data pass through S boxes, by randomly choosing the arrangement of S boxes on data path so that in AES the computing of S boxes Power randomization.Have the beneficial effect that:1) attacker can not observe the truthful data of encryption process on data path, simultaneously because Power randomization, statistical analysis key also becomes extremely difficult;2) circuit structure of AES is not changed, algorithm is succinct, easy to implement;3) ability that AES circuits resist power consumption analysis attack can be increased substantially with less cost.

Description

AES takes turns operation method and circuit
Technical field
The present invention relates to the communications field, more particularly to a kind of AES wheel operation methods and circuit.
Background technology
Advanced Encryption Standard (Advanced Encryption Standard, AES), is American National Standard technical research Institute (National Institute of Standard and Technologies, NIST) is new in what is issued in November, 2001 Symmetric data encryption standard, have the characteristics that key settling time is extremely short, sensitivity is good, attack tolerant is strong.The block of AES Length is fixed as 128 bits, and key length can be then 128,192 or 256 bits, is that NIST is intended to substitution DES (Data Encryption Standard) 21 century encryption standard.
Aes algorithm is widely used in POS machine, smart card, computer network, storage system, and key is realized with this The secrecy of data.Aes algorithm considers the attack resisted mathematically when designing, but emerging bypass attack (Side Channel Attack) become the factor that must take into consideration.It is bypass for the unique successful attacks of AES untill 2006 Attack.
The AES of anti-power consumption attack is designed with two kinds of basic methods:A kind of is to use special circuit structure and logic shape Formula realizes AES, such as uses differential cascade switching logic (DCVSL, Differential Cascade Voltage Switch Logic), or dynamic digital logic (WDDL, Wave Dynamic Digital Logic) is fluctuated, and in layout design Skill, and random switching logic (RSL, Random Switching Logic) etc., Asynchronous circuit design are connected up using difference Also there is a good attack tolerant energy, the deficiency of this method is the domain storehouse for needing specially to design, its circuit area and extra Power consumption is all bigger.Another method is to use macking technique, and the intermediate result of encrypting and decrypting in AES is randomized, this Method can be realized using software on smart cards, can also be realized on circuit.In Encryption Algorithm computing, among each Value is all converted with some random number as mask so that power consumption information is not only related with key, but also with introducing with Machine number is related.This method implements simple and easy to do, does not depend on technique.The part masking and recovery of linear computing are all compared It is easier to, to the S boxes of nonlinear operation, this masking is then extremely difficult.
The content of the invention
In view of this, it is necessary to which a kind of AES wheel operation methods and circuit are provided.
The present invention provides a kind of AES wheels operation method, and this method comprises the following steps:
S1:Using random number X, the plaintext of any 128 is sheltered;
S2:It is breast wheel operation or end wheel operation to judge the data after masking, and keeps in the data, if it is middle to judge During wheel operation, step S3a is carried out;If judgement is end wheel operation, step S3b is carried out;
S3a:Computing E is extended to the random number X, obtains E (X);
S4:The E (X), round key and the S2 data kept in are carried out at the same time exclusive or, are obtained into the first S box arrays Value;
S5:To the value for entering the first S box arrays, S box computings are carried out, and the first S box array operations will be passed through The data exported afterwards, exclusive or is carried out with the random number X;
S6:The data for the data exported after the S boxes computing and the random number X obtain after exclusive or, into every trade Displacement and row mixing, and obtained data are back to step S2;
S3b:2nd S box arrays are entered to the data of step S2, carry out S box computings;
S7:The data that will be exported after the 2nd S box array operations, exclusive or is carried out with the random number X;
S8:The data and the random number X data obtained after exclusive or exported after the 2nd S box computings are carried out Row displacement, and the random number X is shifted into every trade, obtain S (X);
S9:The number for the data exported after last round key, the S boxes computing and the random number X obtain after exclusive or Exclusive or is carried out according to the data and the S (X) shifted into every trade, obtains final ciphertext, wherein, first and second described S Box array, by 4, randomly selected S boxes are formed from the S boxes of N kind difference circuit structures respectively, and N is the nature not less than 3 Number.
Wherein, the step S1 includes:
S11:Operand A on data path, by linear operation, it is K to obtain result, and K=f (A), wherein f, which are represented, to be added The intermediary operation of decrypting process;
S12:Using the random number X by exclusive or come computing, new operand B, B=A ⊕ X are produced, wherein ⊕ is represented Xor operation;
S13:A is replaced to carry out encryption and decryption computing with the new operand B, it is L, L=f (B)=f (A ⊕ to obtain result X);
S14:The random number X carries out above-mentioned same operation, and it is M, M=f (X) to obtain result.
Wherein, the step b includes:
B1. by 32 Bits Expandings it is 48 by the data after the masking by extended arithmetic E, and exports and include 86 Block, every piece include 4 corresponding input bits, and 2 adjacent blocks in adjacent position.
Wherein, the round key is one of several 128 sub-keys for being generated using key schedule from master key, institute State each sub-key and be used for 1 round trip processing.
Wherein, first and second described S box array, includes the S boxes of LUT, SOP, PPRM and DSE structure.
Wherein, first and second described S box array, by 4 respectively by random gate device from N kind difference circuit structures S boxes in randomly selected S boxes form.
Wherein, the step S5 includes:
S51:Each described S box, uses the nonlinear transformation provided in a manner of look-up table, enters S box arrays by described Value in 8 input bits of each block be converted into 8 carry-out bits.
The present invention also provides a kind of AES take turns computing circuit, the wheel computing circuit include masking block, data selecting module, Data register module, extended arithmetic module, the first XOR operation module, the first S boxes array, the second XOR operation module, first In-place computation module, the 2nd S boxes array, the 3rd XOR operation module, the second in-place computation module and the 4th XOR operation module, Wherein:
The masking block is used to use random number X, and the plaintext of any 128 is sheltered;
The data selecting module is used to judge that the data after masking are breast wheel operation or end wheel operation;
The data register module is used for the temporary data judged through the data selecting module;
The extended arithmetic module is used to be extended computing E to the random number X, obtains E (X);
The data that the breast wheel that the first XOR operation module is used to keep in the E (X), round key and S2 operates are same Shi Jinhang exclusive or, obtains the value into the first S box arrays;
The first S boxes array is used to, to the value for entering the first S box arrays, carry out S box computings;
The second XOR operation module is used for the data that will will be exported after the first S box array operations, with institute State random number X and carry out exclusive or;
The first in-place computation module is used to carry out the data exported after the S boxes computing with the random number X different The data obtained after or, shift and arrange mixing into every trade, and will shift into every trade and arrange mixed data and be back to the number According to selecting module;
The data register module is additionally operable to the data of the temporary end wheel operation judged through the data selecting module, on State data and enter the 2nd S box arrays;
The 2nd S boxes array is used for the data for the end wheel operation that computing judges through the data selecting module and output should Data;
The 3rd XOR operation module is used for the data that will be exported after the 2nd S box array operations, and described Random number X carries out exclusive or;
The second in-place computation module be used for the data that are exported after the 2nd S box computings and the random number X into The data obtained after row exclusive or are shifted into every trade, and the random number X is shifted into every trade, obtain S (X);
The 4th XOR operation module be used for the data that are exported after last round key, the S boxes computing with it is described random The data and the S (X) that the data that number X obtained after exclusive or are shifted into every trade carry out exclusive or, obtain final ciphertext, Wherein, first and second described S box array, by 4 randomly selected S boxes structures from the S boxes of N kind difference circuit structures respectively Into N is the natural number not less than 3.
Wherein, the S boxes of the different circuit structures, include the S boxes of SOP, PPRM and DSE structure.
AES wheel operation methods of the present invention and circuit, power consumption is defendd using data masking and different S boxes circuit random alignments Analysis, in AES flows, to pertain only to place-exchange or simple Boolean calculation linear operation include row displacement, row mixing and Round key addition, is sheltered using xor operation and is recovered data;To the S boxes of nonlinear operation, different circuits are designed The S boxes of structure, power consumption profile during these S box computings is different, when data pass through S boxes, by randomly choosing data path The arrangement of upper S boxes so that in AES the computing of S boxes Power randomization.Have the beneficial effect that:1) attacker is in data path On can not observe the truthful data of encryption process, simultaneously because Power randomization, statistical analysis key also becomes to be stranded very much It is difficult;2) circuit structure of AES is not changed, algorithm is succinct, easy to implement;3) AES electricity can be increased substantially with less cost Resist the ability of power consumption analysis attack in road.
Brief description of the drawings
Fig. 1 is the flow chart that AES of the present invention takes turns operation method, wherein, ⊕ symbologies exclusive or (XOR) operation in figure;
Fig. 2 is the step flow chart sheltered to the plaintext of any 128 using random number X;
Fig. 3 is the structure chart that AES of the present invention takes turns computing circuit;
Fig. 4 is the flow chart of the computations flow of AES of the present invention;
Fig. 5 is the data wheel computing schematic diagram of the end wheel of aes algorithm of the present invention;
Fig. 6 is first and second S box operating structure figure of the invention.
Embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is described in further detail.
AES of the present invention wheel operation method and circuit, by AES flows, to pertaining only to place-exchange or simple boolean The linear operation of computing, is sheltered using xor operation and is recovered data;To the S boxes of nonlinear operation, difference is designed Power consumption profile different S boxes when circuit structure, computing, when data pass through S boxes, by randomly choosing S on data path The arrangement of box so that in AES the computing of S boxes Power randomization.
The computations AES wheel operation methods of AES as shown in Figure 1, this method comprises the following steps:
S1:Using random number X, the plaintext of any 128 is sheltered;
Preferably, referring to Fig. 2, being the step flow chart sheltered to the plaintext of any 128 using random number X, Comprise the following steps:
S11:Operand A on data path, by linear operation, it is K to obtain result, and K=f (A), wherein f, which are represented, to be added The intermediary operation of decrypting process;
S12:Using the random number X by exclusive or come computing, new operand B, B=A ⊕ X are produced, wherein ⊕ is represented Xor operation;
S13:A is replaced to carry out encryption and decryption computing with the new operand B, it is L, L=f (B)=f (A ⊕ to obtain result X);
S14:The random number X carries out above-mentioned same operation, and it is M, M=f (X) to obtain result.
It is appreciated that when f is linear operation, position can be arbitrarily exchanged with xor operation, data B is counted after so sheltering Obtained result L needs simple and random number X f operation results M to carry out exclusive or, you can recovers correct result K;
L ⊕ M=f (A ⊕ X) ⊕ f (X)=f (A ⊕ X ⊕ X)=f (A)=K
S2:It is breast wheel operation or end wheel operation to judge the data after masking, and keeps in the data, if it is middle to judge During wheel operation, step S3a is carried out;If judgement is end wheel operation, step S3b is carried out;
S3a:Computing E is extended to the random number X, obtains E (X);
Specifically, by 32 Bits Expandings it is 48 by the data after the masking by extended arithmetic E, and exports and include 8 The block of 6, every piece includes adjacent position in 4 corresponding input bits, and 2 adjacent blocks.
S4:The E (X), round key and the S2 data kept in are carried out at the same time exclusive or, are obtained into the first S box arrays Value;
Preferably, the round key is one of several 128 sub-keys generated using key schedule from master key, Each sub-key is used for 1 round trip and handles.
S5:To the value for entering the first S box arrays, S box computings are carried out, and the first S box array operations will be passed through The data exported afterwards, exclusive or is carried out with the random number X;
S6:The data for the data exported after the S boxes computing and the random number X obtain after exclusive or, into every trade Displacement and row mixing, and obtained data are back to step S2;
S3b:2nd S box arrays are entered to the data of step S2, carry out S box computings;
Preferably, first and second described S box array, including LUT (Look UP Table), SOP (Sum Of Products), PPRM (Positive Polarity Reed-Muller), DSE (Decoder-Switch-Encoder) structure S boxes.
Preferably, each described S box, uses the nonlinear transformation provided in a manner of look-up table, enters S box battle arrays by described 8 input bits of each block are converted into 8 carry-out bits in the value of row.
S7:The data that will be exported after the 2nd S box array operations, exclusive or is carried out with the random number X;
S8:The data and the random number X data obtained after exclusive or exported after the 2nd S box computings are carried out Row displacement, and the random number X is shifted into every trade, obtain S (X);
S9:The number for the data exported after last round key, the S boxes computing and the random number X obtain after exclusive or Exclusive or is carried out according to the data and the S (X) shifted into every trade, obtains final ciphertext.
It is appreciated that S box computings are nonlinear operations, after entering first and second S box using the data sheltered, by nothing Method simply returns to correct operation result, and therefore, the present invention is using above-mentioned steps S11~step S14 to any 128 Sheltered in plain text.Before the data of masking carry out byte replacement operation, by exclusive or, recover its original result.Data are through the Sheltered again after one S box arrays, continue to carry out subsequent arithmetic with the data hidden.Handle in this way, whole AES computings stream Journey can be to be hidden and be recovered simply in a manner of xor operation.In byte replacing part using different circuit structures S boxes, these S boxes output result is consistent, but power consumption profile during computing is different.When data pass through S boxes, by selecting at random Select the arrangement of S boxes on data path so that every time the S boxes that pass through of cryptographic calculation be it is randomly selected, statistically from the point of view of, word Randomization form can be presented in the power consumption of section replacement operation.
Referring to Fig. 3, the structure chart of computing circuit is taken turns for AES of the present invention, including masking block 110, data selecting module 120th, data register module 130, extended arithmetic module 140, the first XOR operation module 150, the first S boxes array 160, second are different Or computing module 170, the first in-place computation module 180, the 2nd S boxes array 190, the 3rd XOR operation module 210, the second displacement 220 and the 4th XOR operation module 230 of computing module, wherein,
Masking block 110 is used to use random number X, and the plaintext of any 128 is sheltered;
Preferably, masking block 110 is to the operand A on data path, and by linear operation, it is K, K=f to obtain result (A), wherein f represents the intermediary operation of encryption process, then using the random number X by exclusive or come computing, produce new behaviour Count B, and B=A ⊕ X, wherein ⊕ represent xor operation, replace A to carry out encryption and decryption computing by using the new operand B, obtain It is L, L=f (B)=f (A ⊕ X) to result, the random number X carries out above-mentioned same operation, and it is M, M=f (X) to obtain result.
It is appreciated that when f is linear operation, position can be arbitrarily exchanged with xor operation, data B is counted after so sheltering Obtained result L needs simple and random number X f operation results M to carry out exclusive or, you can recovers correct result K;
L ⊕ M=f (A ⊕ X) ⊕ f (X)=f (A ⊕ X ⊕ X)=f (A)=K
Data selecting module 120 is used to judge that the data after masking are breast wheel operation or end wheel operation.Preferably, data It is breast wheel operation or end wheel data that selecting module 120 can be used for selecting data for data selector.It is appreciated that data are selected Module 120 is selected it is also an option that whether data are breast wheel operation.
Data register module 130 is used for the temporary data judged through the data selecting module.Preferably, data register mould Block 130 is used for the temporary data selected through data selecting module 120 for register.
Extended arithmetic module 140 is used to be extended computing E to the random number X, obtains E (X), wherein, E (X) is used for Eliminate the masking of random number X.
The data that the breast wheel that first XOR operation module 150 is used to keep in the E (X), round key and S2 operates are same Shi Jinhang exclusive or, obtains the value into the first S box arrays;
The first S boxes array 160 is used to, to the value for entering the first S box arrays, carry out S box computings;
The second XOR operation module 170 is used for the number that will will be exported after 160 computing of the first S boxes array According to random number X progress exclusive or;
The first in-place computation module 180 is used to carry out the data exported after the S boxes computing and the random number X The data obtained after exclusive or, shift and arrange mixing into every trade, and will shift and arrange into every trade mixed data be back to it is described Data selecting module 120;
The data register module 130 is additionally operable to the temporary end wheel operation judged through the data selecting module 120 Data, above-mentioned data enter the 2nd S boxes array 190;
The 2nd S boxes array 190 is used for the data for the end wheel operation that computing judges through the data selecting module 120 simultaneously Export the data;
The 3rd XOR operation module 210 is used for the data that will be exported after 190 computing of the 2nd S boxes array, Exclusive or is carried out with the random number X;
The second in-place computation module 220 is used for the data exported after the 2nd S box computings and the random number X The data obtained after exclusive or are shifted into every trade, and the random number X is shifted into every trade, obtain S (X);
The 4th XOR operation module 230 be used for the data that are exported after last round key, the S boxes computing with it is described with Machine number X carries out the data that obtained data after exclusive or shift into every trade and the S (X) carries out exclusive or, obtains final close Text, wherein, first and second described S box array, by 4 randomly selected S from the S boxes of N kind difference circuit structures respectively Box is formed, and N is the natural number not less than 3.
It is appreciated that first and second S box array can be merged into same S boxes array.
Specifically, refer to the AES that Fig. 4 is defence power consumption attack proposed by the present invention and take turns operating structure figure, data path Bit wide 128.During breast wheel computing, in plain text with random number X, XOR operation is carried out together.Data selecting module 120 is used for selecting Data are breast wheel operation or first run operation.Data register module 130 is used for temporal data, round key addition move on to S boxes it Preceding progress.E (X) is used for the masking for eliminating random number X, is random number X in the value of breast wheel, is passed through in breast wheel for random number X Space shifts and the result of row mixing.The improved S boxes array of data completes byte replacement operation, is shifting and is arranging into every trade Before mixing, exclusive or can be carried out with random number X, to carry out data masking.
Referring to Fig. 5, the data wheel computing schematic diagram for end wheel.After the improved S boxes array of data, with random number X Exclusive or, then data are into every trade shifting function.Meanwhile X also carries out shifting function, obtained result is S (X).Finally, end wheel is close Key, the data through space displacement and S (X) carry out exclusive or, obtain final ciphertext.
Fig. 6 is by taking 32 bits before data path (4 S boxes) as an example, illustrates the S box array junctions that can defend power consumption attack Structure.The implementation of S boxes can have many kinds, and the present invention have chosen LUT (Look UP Table), SOP (Sum Of Products), PPRM (Positive Polarity Reed-Muller), DSE (Decoder-Switch-Encoder) structure S boxes, its power consumption profile for redirecting of different circuit implementations is different.When data enter improved S boxes, according to random number Y, putting in order for this four S boxes is selected by randomly ordered device.The result of calculation of these four S boxes is identical, simply electricity Line structure is different, and the power consumption of generation also differs.After the completion of byte replaces calculating, data will be sent out by participating in the S boxes of computing.Its The data path of his three 32 bits can use similar circuit structure, and S box arrays are improved so as to form.
Stochastic inputs a large amount of plaintexts are needed when power consumption attack, some S box power consumption profile is observed.But by The computing of rotation is being carried out in the S boxes circuit of random 4 different structures of practicality so that power consumption profile can not area in the computing of S boxes Point, power consumption attack protection thus can be effectively implemented to non-linear unit S boxes.
AES wheel operation methods of the present invention and circuit, power consumption is defendd using data masking and different S boxes circuit random alignments Analysis, in AES flows, to pertain only to place-exchange or simple Boolean calculation linear operation include row displacement, row mixing and Round key addition, is sheltered using xor operation and is recovered data;To the S boxes of nonlinear operation, different circuits are designed The S boxes of structure, power consumption profile during these S box computings is different, when data pass through S boxes, by randomly choosing data path The arrangement of upper S boxes so that in AES the computing of S boxes Power randomization.Have the beneficial effect that:1) attacker is in data path On can not observe the truthful data of encryption process, simultaneously because Power randomization, statistical analysis key also becomes to be stranded very much It is difficult;2) circuit structure of AES is not changed, algorithm is succinct, easy to implement;3) AES electricity can be increased substantially with less cost Resist the ability of power consumption analysis attack in road.
Although the present invention is described with reference to current better embodiment, those skilled in the art should be able to manage Solution, above-mentioned better embodiment is only used for illustrating the present invention, is not used for limiting protection scope of the present invention, any in the present invention Spirit and spirit within, any modification for being done, equivalence replacement, improvements etc., should be included in the right guarantor of the present invention Within the scope of shield.

Claims (7)

1. a kind of AES takes turns operation method, it is characterised in that this method comprises the following steps:
S1:Using random number X, the plaintext of any 128 is sheltered;
S2:It is breast wheel operation or end wheel operation to judge the data after masking, and keeps in the data, if it is breast wheel behaviour to judge When making, step S3a is carried out;If judgement is end wheel operation, step S3b is carried out;
S3a:Computing E is extended to the random number X, obtains E (X);
S4:The E (X), round key and the S2 data kept in are carried out at the same time exclusive or, obtain the value into the first S box arrays;
S5:To the value for entering the first S box arrays, S box computings are carried out, and will be defeated after the first S box array operations The data gone out, exclusive or is carried out with the random number X;
S6:To the data exported after the S boxes computing and the data obtained after random number X progress exclusive or, shifted into every trade Mixed with row, and obtained data are back to step S2;
S3b:2nd S box arrays are entered to the data of step S2, carry out S box computings;
S7:The data that will be exported after the 2nd S box array operations, exclusive or is carried out with the random number X;
S8:The data and the random number X data obtained after exclusive or exported after the 2nd S box computings are moved into every trade Position, and the random number X is shifted into every trade, obtain S (X);
S9:The data that are exported after last round key, the S boxes computing and the random number X are carried out the data that are obtained after exclusive or into The data and the S (X) that every trade shifts carry out exclusive or, obtain final ciphertext, wherein, first and second S box array, By 4, randomly selected S boxes are formed from the S boxes of N kind difference circuit structures respectively, and N is the natural number not less than 3.
2. the method as described in claim 1, it is characterised in that the step S1 includes:
S11:Operand A on data path, by linear operation, it is K to obtain result, and K=f (A), wherein f represents encryption and decryption The intermediary operation of process;
S12:Using the random number X by exclusive or come computing, produce new operand B, B=A ⊕ X, wherein ⊕ and represent exclusive or Operation;
S13:A is replaced to carry out encryption and decryption computing with the new operand B, it is L, L=f (B)=f (A ⊕ X) to obtain result;
S14:The random number X carries out encryption and decryption computing, and it is M, M=f (X) to obtain result.
3. the method as described in claim 1, it is characterised in that the round key is what is generated using key schedule from master key One of several 128 sub-keys, each sub-key are used for 1 round trip and handle.
4. the method as described in claim 1, it is characterised in that first and second described S box array, including LUT, SOP, PPRM With the S boxes of DSE structures.
5. the method as described in claim 1, it is characterised in that the step S5 includes:
S51:Each S box, uses the nonlinear transformation provided in a manner of look-up table, by each block in the value for entering S box arrays 8 input bits be converted into 8 carry-out bits.
6. a kind of AES takes turns computing circuit, it is characterised in that the wheel computing circuit includes masking block, data selecting module, data Registration module, extended arithmetic module, the first XOR operation module, the first S boxes array, the second XOR operation module, the first displacement Computing module, the 2nd S boxes array, the 3rd XOR operation module, the second in-place computation module and the 4th XOR operation module, its In:
The masking block is used to use random number X, and the plaintext of any 128 is sheltered;
The data selecting module is used to judge that the data after masking are breast wheel operation or end wheel operation;
The data register module is used for the temporary data judged through the data selecting module;
The extended arithmetic module is used to be extended computing E to the random number X, obtains E (X);
The data that the breast wheel that the first XOR operation module is used to keep in the E (X), round key and S2 operates at the same time into Row exclusive or, obtains the value into the first S box arrays;
The first S boxes array is used to, to the value for entering the first S box arrays, carry out S box computings;
The second XOR operation module is used for the data that will will be exported after the first S box array operations, with it is described with Machine number X carries out exclusive or;
The first in-place computation module is used for after carrying out exclusive or with the random number X to the data exported after the S boxes computing Obtained data, shift and arrange mixing into every trade, and will shift and arrange mixed data into every trade and be back to the data choosing Select module;
The data register module is additionally operable to the data of the temporary end wheel operation judged through the data selecting module, end wheel behaviour The data of work enter the 2nd S box arrays;
The 2nd S boxes array is used for the data for the end wheel operation that computing judges through the data selecting module and exports the number According to;
The 3rd XOR operation module is used for the data that will be exported after the 2nd S box array operations, and described random Number X carries out exclusive or;
The second in-place computation module is used for after carrying out exclusive or with the random number X to the data exported after the 2nd S box computings Obtained data are shifted into every trade, and the random number X is shifted into every trade, obtain S (X);
The 4th XOR operation module be used for the data that are exported after last round key, the S boxes computing and the random number X into The data and the S (X) that the data obtained after row exclusive or are shifted into every trade carry out exclusive or, obtain final ciphertext, wherein, First and second described S box array, by 4, randomly selected S boxes are formed from the S boxes of N kind difference circuit structures respectively, N For the natural number not less than 3.
7. circuit as claimed in claim 6, it is characterised in that first and second described S box array, including LUT, SOP, PPRM With the S boxes of DSE structures.
CN201410537860.9A 2014-10-13 2014-10-13 AES takes turns operation method and circuit Active CN104301096B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410537860.9A CN104301096B (en) 2014-10-13 2014-10-13 AES takes turns operation method and circuit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410537860.9A CN104301096B (en) 2014-10-13 2014-10-13 AES takes turns operation method and circuit

Publications (2)

Publication Number Publication Date
CN104301096A CN104301096A (en) 2015-01-21
CN104301096B true CN104301096B (en) 2018-04-20

Family

ID=52320676

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410537860.9A Active CN104301096B (en) 2014-10-13 2014-10-13 AES takes turns operation method and circuit

Country Status (1)

Country Link
CN (1) CN104301096B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106383691A (en) * 2016-09-18 2017-02-08 北京智芯微电子科技有限公司 Random number generation method and random number generator
CN107483182B (en) * 2017-09-21 2020-08-21 东南大学 AES algorithm-oriented power attack resisting method based on out-of-order execution
CN109039608B (en) * 2018-08-24 2023-05-09 东南大学 8-bit AES circuit based on double S cores
CN111262685B (en) * 2020-01-17 2021-02-19 衡阳师范学院 Novel method and device for realizing Shield block cipher generated by secret key and readable storage medium
CN114172632B (en) * 2021-08-18 2023-09-08 北京中电华大电子设计有限责任公司 Method and device for improving AES encryption and decryption efficiency

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
EP2637349A2 (en) * 2012-03-06 2013-09-11 Kabushiki Kaisha Toshiba Cryptographic processing apparatus

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
EP2637349A2 (en) * 2012-03-06 2013-09-11 Kabushiki Kaisha Toshiba Cryptographic processing apparatus

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《Dynamic inhomogeneous S-Boxes in AES:a novel countermeasure against power analysis attacks》;chen yicheng,et.al;《High Technology Letters》;20081231;第14卷(第4期);第0-2节 *
《一种抗DPA攻击的DES设计》;孙骏等;《中国集成电路》;20060531;第3节 *

Also Published As

Publication number Publication date
CN104301096A (en) 2015-01-21

Similar Documents

Publication Publication Date Title
CN104301096B (en) AES takes turns operation method and circuit
US10567162B2 (en) Mask S-box, block ciphers algorithm device and corresponding construction process
JP5776113B2 (en) Cryptographic circuit protected from higher-order observational attacks
CN103905462B (en) Encryption processing device and method capable of defending differential power analysis attack
CN107547195A (en) Guard method and equipment from side Multiple Channel Analysis
CN105051677B (en) Mask is carried out with shared random bit
CN107690681B (en) For integrated circuit data path confidentiality and its technology of extension
Li et al. Differential fault analysis on the ARIA algorithm
Özkaynak et al. Security problems for a pseudorandom sequence generator based on the Chen chaotic system
EP2273472A1 (en) Coder equipped with common key code function and built-in equipment
CN104937537A (en) Cryptographic method comprising multiplication with a scalar or exponentiation
CN108123791A (en) A kind of implementation method and device of lightweight block cipher SCS
WO2003060691A2 (en) Arithmetic unit and method for carrying out an arithmetic operation with coded operands
CN102271038B (en) method for generating a bit vector
CN107070630A (en) A kind of fast and safely hardware configuration of aes algorithm
CN103684761B (en) Coding and decoding method
CN103595539A (en) Method for encrypting format-preserved numeric type personally identifiable information
CN106357380B (en) The mask method and device of SM4 algorithm
CN108476132A (en) Key for an encrypting operation sequence generates
CN104301095A (en) DES round operation method and circuit
CN103795527A (en) Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
CN102648600A (en) Low-complexity electronic circuit protected by customized masking
CN101848081A (en) S box and construction method thereof
CN108206736A (en) A kind of lightweight cryptographic algorithm HBcipher implementation methods and device
Hans et al. An extended Playfair Cipher using rotation and random swap patterns

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 518055 1407 floor, 14 floor, Fuguang business building, 1 Nanshan District Road, Taoyuan, Shenzhen, Guangdong

Patentee after: Shenzhen Bureau of Polytron Technologies Inc

Address before: 301, building six, building B, No.1 building, No.1 Industrial Road, Nanshan District, Guangdong, Shenzhen, 518067

Patentee before: Shenzhen Zhongke Xunlian Technology Co., Ltd

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210531

Address after: 430000 building 01, building 15, optical valley wisdom Park, No.7, financial port 1st Road, Donghu New Technology Development Zone, Wuhan City, Hubei Province

Patentee after: Wuhan ruinajie Semiconductor Co.,Ltd.

Address before: 518055 1407 floor, 14 floor, Fuguang business building, 1 Nanshan District Road, Taoyuan, Shenzhen, Guangdong

Patentee before: SHENZHEN ZHONGKE XUNLIAN TECHNOLOGY Co.,Ltd.