CN104301096B - AES takes turns operation method and circuit - Google Patents
AES takes turns operation method and circuit Download PDFInfo
- Publication number
- CN104301096B CN104301096B CN201410537860.9A CN201410537860A CN104301096B CN 104301096 B CN104301096 B CN 104301096B CN 201410537860 A CN201410537860 A CN 201410537860A CN 104301096 B CN104301096 B CN 104301096B
- Authority
- CN
- China
- Prior art keywords
- data
- boxes
- box
- random number
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
AES wheel operation methods of the present invention and circuit, power consumption analysis is defendd using data masking and different S boxes circuit random alignments, in AES flows, include row displacement, row mixing and round key addition to the linear operation for pertaining only to place-exchange or simple Boolean calculation, sheltered using xor operation and recover data;To the S boxes of nonlinear operation, design the S boxes of different circuit structures, power consumption profile during these S box computings is different, when data pass through S boxes, by randomly choosing the arrangement of S boxes on data path so that in AES the computing of S boxes Power randomization.Have the beneficial effect that:1) attacker can not observe the truthful data of encryption process on data path, simultaneously because Power randomization, statistical analysis key also becomes extremely difficult;2) circuit structure of AES is not changed, algorithm is succinct, easy to implement;3) ability that AES circuits resist power consumption analysis attack can be increased substantially with less cost.
Description
Technical field
The present invention relates to the communications field, more particularly to a kind of AES wheel operation methods and circuit.
Background technology
Advanced Encryption Standard (Advanced Encryption Standard, AES), is American National Standard technical research
Institute (National Institute of Standard and Technologies, NIST) is new in what is issued in November, 2001
Symmetric data encryption standard, have the characteristics that key settling time is extremely short, sensitivity is good, attack tolerant is strong.The block of AES
Length is fixed as 128 bits, and key length can be then 128,192 or 256 bits, is that NIST is intended to substitution DES (Data
Encryption Standard) 21 century encryption standard.
Aes algorithm is widely used in POS machine, smart card, computer network, storage system, and key is realized with this
The secrecy of data.Aes algorithm considers the attack resisted mathematically when designing, but emerging bypass attack (Side
Channel Attack) become the factor that must take into consideration.It is bypass for the unique successful attacks of AES untill 2006
Attack.
The AES of anti-power consumption attack is designed with two kinds of basic methods:A kind of is to use special circuit structure and logic shape
Formula realizes AES, such as uses differential cascade switching logic (DCVSL, Differential Cascade Voltage Switch
Logic), or dynamic digital logic (WDDL, Wave Dynamic Digital Logic) is fluctuated, and in layout design
Skill, and random switching logic (RSL, Random Switching Logic) etc., Asynchronous circuit design are connected up using difference
Also there is a good attack tolerant energy, the deficiency of this method is the domain storehouse for needing specially to design, its circuit area and extra
Power consumption is all bigger.Another method is to use macking technique, and the intermediate result of encrypting and decrypting in AES is randomized, this
Method can be realized using software on smart cards, can also be realized on circuit.In Encryption Algorithm computing, among each
Value is all converted with some random number as mask so that power consumption information is not only related with key, but also with introducing with
Machine number is related.This method implements simple and easy to do, does not depend on technique.The part masking and recovery of linear computing are all compared
It is easier to, to the S boxes of nonlinear operation, this masking is then extremely difficult.
The content of the invention
In view of this, it is necessary to which a kind of AES wheel operation methods and circuit are provided.
The present invention provides a kind of AES wheels operation method, and this method comprises the following steps:
S1:Using random number X, the plaintext of any 128 is sheltered;
S2:It is breast wheel operation or end wheel operation to judge the data after masking, and keeps in the data, if it is middle to judge
During wheel operation, step S3a is carried out;If judgement is end wheel operation, step S3b is carried out;
S3a:Computing E is extended to the random number X, obtains E (X);
S4:The E (X), round key and the S2 data kept in are carried out at the same time exclusive or, are obtained into the first S box arrays
Value;
S5:To the value for entering the first S box arrays, S box computings are carried out, and the first S box array operations will be passed through
The data exported afterwards, exclusive or is carried out with the random number X;
S6:The data for the data exported after the S boxes computing and the random number X obtain after exclusive or, into every trade
Displacement and row mixing, and obtained data are back to step S2;
S3b:2nd S box arrays are entered to the data of step S2, carry out S box computings;
S7:The data that will be exported after the 2nd S box array operations, exclusive or is carried out with the random number X;
S8:The data and the random number X data obtained after exclusive or exported after the 2nd S box computings are carried out
Row displacement, and the random number X is shifted into every trade, obtain S (X);
S9:The number for the data exported after last round key, the S boxes computing and the random number X obtain after exclusive or
Exclusive or is carried out according to the data and the S (X) shifted into every trade, obtains final ciphertext, wherein, first and second described S
Box array, by 4, randomly selected S boxes are formed from the S boxes of N kind difference circuit structures respectively, and N is the nature not less than 3
Number.
Wherein, the step S1 includes:
S11:Operand A on data path, by linear operation, it is K to obtain result, and K=f (A), wherein f, which are represented, to be added
The intermediary operation of decrypting process;
S12:Using the random number X by exclusive or come computing, new operand B, B=A ⊕ X are produced, wherein ⊕ is represented
Xor operation;
S13:A is replaced to carry out encryption and decryption computing with the new operand B, it is L, L=f (B)=f (A ⊕ to obtain result
X);
S14:The random number X carries out above-mentioned same operation, and it is M, M=f (X) to obtain result.
Wherein, the step b includes:
B1. by 32 Bits Expandings it is 48 by the data after the masking by extended arithmetic E, and exports and include 86
Block, every piece include 4 corresponding input bits, and 2 adjacent blocks in adjacent position.
Wherein, the round key is one of several 128 sub-keys for being generated using key schedule from master key, institute
State each sub-key and be used for 1 round trip processing.
Wherein, first and second described S box array, includes the S boxes of LUT, SOP, PPRM and DSE structure.
Wherein, first and second described S box array, by 4 respectively by random gate device from N kind difference circuit structures
S boxes in randomly selected S boxes form.
Wherein, the step S5 includes:
S51:Each described S box, uses the nonlinear transformation provided in a manner of look-up table, enters S box arrays by described
Value in 8 input bits of each block be converted into 8 carry-out bits.
The present invention also provides a kind of AES take turns computing circuit, the wheel computing circuit include masking block, data selecting module,
Data register module, extended arithmetic module, the first XOR operation module, the first S boxes array, the second XOR operation module, first
In-place computation module, the 2nd S boxes array, the 3rd XOR operation module, the second in-place computation module and the 4th XOR operation module,
Wherein:
The masking block is used to use random number X, and the plaintext of any 128 is sheltered;
The data selecting module is used to judge that the data after masking are breast wheel operation or end wheel operation;
The data register module is used for the temporary data judged through the data selecting module;
The extended arithmetic module is used to be extended computing E to the random number X, obtains E (X);
The data that the breast wheel that the first XOR operation module is used to keep in the E (X), round key and S2 operates are same
Shi Jinhang exclusive or, obtains the value into the first S box arrays;
The first S boxes array is used to, to the value for entering the first S box arrays, carry out S box computings;
The second XOR operation module is used for the data that will will be exported after the first S box array operations, with institute
State random number X and carry out exclusive or;
The first in-place computation module is used to carry out the data exported after the S boxes computing with the random number X different
The data obtained after or, shift and arrange mixing into every trade, and will shift into every trade and arrange mixed data and be back to the number
According to selecting module;
The data register module is additionally operable to the data of the temporary end wheel operation judged through the data selecting module, on
State data and enter the 2nd S box arrays;
The 2nd S boxes array is used for the data for the end wheel operation that computing judges through the data selecting module and output should
Data;
The 3rd XOR operation module is used for the data that will be exported after the 2nd S box array operations, and described
Random number X carries out exclusive or;
The second in-place computation module be used for the data that are exported after the 2nd S box computings and the random number X into
The data obtained after row exclusive or are shifted into every trade, and the random number X is shifted into every trade, obtain S (X);
The 4th XOR operation module be used for the data that are exported after last round key, the S boxes computing with it is described random
The data and the S (X) that the data that number X obtained after exclusive or are shifted into every trade carry out exclusive or, obtain final ciphertext,
Wherein, first and second described S box array, by 4 randomly selected S boxes structures from the S boxes of N kind difference circuit structures respectively
Into N is the natural number not less than 3.
Wherein, the S boxes of the different circuit structures, include the S boxes of SOP, PPRM and DSE structure.
AES wheel operation methods of the present invention and circuit, power consumption is defendd using data masking and different S boxes circuit random alignments
Analysis, in AES flows, to pertain only to place-exchange or simple Boolean calculation linear operation include row displacement, row mixing and
Round key addition, is sheltered using xor operation and is recovered data;To the S boxes of nonlinear operation, different circuits are designed
The S boxes of structure, power consumption profile during these S box computings is different, when data pass through S boxes, by randomly choosing data path
The arrangement of upper S boxes so that in AES the computing of S boxes Power randomization.Have the beneficial effect that:1) attacker is in data path
On can not observe the truthful data of encryption process, simultaneously because Power randomization, statistical analysis key also becomes to be stranded very much
It is difficult;2) circuit structure of AES is not changed, algorithm is succinct, easy to implement;3) AES electricity can be increased substantially with less cost
Resist the ability of power consumption analysis attack in road.
Brief description of the drawings
Fig. 1 is the flow chart that AES of the present invention takes turns operation method, wherein, ⊕ symbologies exclusive or (XOR) operation in figure;
Fig. 2 is the step flow chart sheltered to the plaintext of any 128 using random number X;
Fig. 3 is the structure chart that AES of the present invention takes turns computing circuit;
Fig. 4 is the flow chart of the computations flow of AES of the present invention;
Fig. 5 is the data wheel computing schematic diagram of the end wheel of aes algorithm of the present invention;
Fig. 6 is first and second S box operating structure figure of the invention.
Embodiment
Below in conjunction with the accompanying drawings and specific embodiment the present invention is described in further detail.
AES of the present invention wheel operation method and circuit, by AES flows, to pertaining only to place-exchange or simple boolean
The linear operation of computing, is sheltered using xor operation and is recovered data;To the S boxes of nonlinear operation, difference is designed
Power consumption profile different S boxes when circuit structure, computing, when data pass through S boxes, by randomly choosing S on data path
The arrangement of box so that in AES the computing of S boxes Power randomization.
The computations AES wheel operation methods of AES as shown in Figure 1, this method comprises the following steps:
S1:Using random number X, the plaintext of any 128 is sheltered;
Preferably, referring to Fig. 2, being the step flow chart sheltered to the plaintext of any 128 using random number X,
Comprise the following steps:
S11:Operand A on data path, by linear operation, it is K to obtain result, and K=f (A), wherein f, which are represented, to be added
The intermediary operation of decrypting process;
S12:Using the random number X by exclusive or come computing, new operand B, B=A ⊕ X are produced, wherein ⊕ is represented
Xor operation;
S13:A is replaced to carry out encryption and decryption computing with the new operand B, it is L, L=f (B)=f (A ⊕ to obtain result
X);
S14:The random number X carries out above-mentioned same operation, and it is M, M=f (X) to obtain result.
It is appreciated that when f is linear operation, position can be arbitrarily exchanged with xor operation, data B is counted after so sheltering
Obtained result L needs simple and random number X f operation results M to carry out exclusive or, you can recovers correct result K;
L ⊕ M=f (A ⊕ X) ⊕ f (X)=f (A ⊕ X ⊕ X)=f (A)=K
S2:It is breast wheel operation or end wheel operation to judge the data after masking, and keeps in the data, if it is middle to judge
During wheel operation, step S3a is carried out;If judgement is end wheel operation, step S3b is carried out;
S3a:Computing E is extended to the random number X, obtains E (X);
Specifically, by 32 Bits Expandings it is 48 by the data after the masking by extended arithmetic E, and exports and include 8
The block of 6, every piece includes adjacent position in 4 corresponding input bits, and 2 adjacent blocks.
S4:The E (X), round key and the S2 data kept in are carried out at the same time exclusive or, are obtained into the first S box arrays
Value;
Preferably, the round key is one of several 128 sub-keys generated using key schedule from master key,
Each sub-key is used for 1 round trip and handles.
S5:To the value for entering the first S box arrays, S box computings are carried out, and the first S box array operations will be passed through
The data exported afterwards, exclusive or is carried out with the random number X;
S6:The data for the data exported after the S boxes computing and the random number X obtain after exclusive or, into every trade
Displacement and row mixing, and obtained data are back to step S2;
S3b:2nd S box arrays are entered to the data of step S2, carry out S box computings;
Preferably, first and second described S box array, including LUT (Look UP Table), SOP (Sum Of
Products), PPRM (Positive Polarity Reed-Muller), DSE (Decoder-Switch-Encoder) structure
S boxes.
Preferably, each described S box, uses the nonlinear transformation provided in a manner of look-up table, enters S box battle arrays by described
8 input bits of each block are converted into 8 carry-out bits in the value of row.
S7:The data that will be exported after the 2nd S box array operations, exclusive or is carried out with the random number X;
S8:The data and the random number X data obtained after exclusive or exported after the 2nd S box computings are carried out
Row displacement, and the random number X is shifted into every trade, obtain S (X);
S9:The number for the data exported after last round key, the S boxes computing and the random number X obtain after exclusive or
Exclusive or is carried out according to the data and the S (X) shifted into every trade, obtains final ciphertext.
It is appreciated that S box computings are nonlinear operations, after entering first and second S box using the data sheltered, by nothing
Method simply returns to correct operation result, and therefore, the present invention is using above-mentioned steps S11~step S14 to any 128
Sheltered in plain text.Before the data of masking carry out byte replacement operation, by exclusive or, recover its original result.Data are through the
Sheltered again after one S box arrays, continue to carry out subsequent arithmetic with the data hidden.Handle in this way, whole AES computings stream
Journey can be to be hidden and be recovered simply in a manner of xor operation.In byte replacing part using different circuit structures
S boxes, these S boxes output result is consistent, but power consumption profile during computing is different.When data pass through S boxes, by selecting at random
Select the arrangement of S boxes on data path so that every time the S boxes that pass through of cryptographic calculation be it is randomly selected, statistically from the point of view of, word
Randomization form can be presented in the power consumption of section replacement operation.
Referring to Fig. 3, the structure chart of computing circuit is taken turns for AES of the present invention, including masking block 110, data selecting module
120th, data register module 130, extended arithmetic module 140, the first XOR operation module 150, the first S boxes array 160, second are different
Or computing module 170, the first in-place computation module 180, the 2nd S boxes array 190, the 3rd XOR operation module 210, the second displacement
220 and the 4th XOR operation module 230 of computing module, wherein,
Masking block 110 is used to use random number X, and the plaintext of any 128 is sheltered;
Preferably, masking block 110 is to the operand A on data path, and by linear operation, it is K, K=f to obtain result
(A), wherein f represents the intermediary operation of encryption process, then using the random number X by exclusive or come computing, produce new behaviour
Count B, and B=A ⊕ X, wherein ⊕ represent xor operation, replace A to carry out encryption and decryption computing by using the new operand B, obtain
It is L, L=f (B)=f (A ⊕ X) to result, the random number X carries out above-mentioned same operation, and it is M, M=f (X) to obtain result.
It is appreciated that when f is linear operation, position can be arbitrarily exchanged with xor operation, data B is counted after so sheltering
Obtained result L needs simple and random number X f operation results M to carry out exclusive or, you can recovers correct result K;
L ⊕ M=f (A ⊕ X) ⊕ f (X)=f (A ⊕ X ⊕ X)=f (A)=K
Data selecting module 120 is used to judge that the data after masking are breast wheel operation or end wheel operation.Preferably, data
It is breast wheel operation or end wheel data that selecting module 120 can be used for selecting data for data selector.It is appreciated that data are selected
Module 120 is selected it is also an option that whether data are breast wheel operation.
Data register module 130 is used for the temporary data judged through the data selecting module.Preferably, data register mould
Block 130 is used for the temporary data selected through data selecting module 120 for register.
Extended arithmetic module 140 is used to be extended computing E to the random number X, obtains E (X), wherein, E (X) is used for
Eliminate the masking of random number X.
The data that the breast wheel that first XOR operation module 150 is used to keep in the E (X), round key and S2 operates are same
Shi Jinhang exclusive or, obtains the value into the first S box arrays;
The first S boxes array 160 is used to, to the value for entering the first S box arrays, carry out S box computings;
The second XOR operation module 170 is used for the number that will will be exported after 160 computing of the first S boxes array
According to random number X progress exclusive or;
The first in-place computation module 180 is used to carry out the data exported after the S boxes computing and the random number X
The data obtained after exclusive or, shift and arrange mixing into every trade, and will shift and arrange into every trade mixed data be back to it is described
Data selecting module 120;
The data register module 130 is additionally operable to the temporary end wheel operation judged through the data selecting module 120
Data, above-mentioned data enter the 2nd S boxes array 190;
The 2nd S boxes array 190 is used for the data for the end wheel operation that computing judges through the data selecting module 120 simultaneously
Export the data;
The 3rd XOR operation module 210 is used for the data that will be exported after 190 computing of the 2nd S boxes array,
Exclusive or is carried out with the random number X;
The second in-place computation module 220 is used for the data exported after the 2nd S box computings and the random number X
The data obtained after exclusive or are shifted into every trade, and the random number X is shifted into every trade, obtain S (X);
The 4th XOR operation module 230 be used for the data that are exported after last round key, the S boxes computing with it is described with
Machine number X carries out the data that obtained data after exclusive or shift into every trade and the S (X) carries out exclusive or, obtains final close
Text, wherein, first and second described S box array, by 4 randomly selected S from the S boxes of N kind difference circuit structures respectively
Box is formed, and N is the natural number not less than 3.
It is appreciated that first and second S box array can be merged into same S boxes array.
Specifically, refer to the AES that Fig. 4 is defence power consumption attack proposed by the present invention and take turns operating structure figure, data path
Bit wide 128.During breast wheel computing, in plain text with random number X, XOR operation is carried out together.Data selecting module 120 is used for selecting
Data are breast wheel operation or first run operation.Data register module 130 is used for temporal data, round key addition move on to S boxes it
Preceding progress.E (X) is used for the masking for eliminating random number X, is random number X in the value of breast wheel, is passed through in breast wheel for random number X
Space shifts and the result of row mixing.The improved S boxes array of data completes byte replacement operation, is shifting and is arranging into every trade
Before mixing, exclusive or can be carried out with random number X, to carry out data masking.
Referring to Fig. 5, the data wheel computing schematic diagram for end wheel.After the improved S boxes array of data, with random number X
Exclusive or, then data are into every trade shifting function.Meanwhile X also carries out shifting function, obtained result is S (X).Finally, end wheel is close
Key, the data through space displacement and S (X) carry out exclusive or, obtain final ciphertext.
Fig. 6 is by taking 32 bits before data path (4 S boxes) as an example, illustrates the S box array junctions that can defend power consumption attack
Structure.The implementation of S boxes can have many kinds, and the present invention have chosen LUT (Look UP Table), SOP (Sum Of
Products), PPRM (Positive Polarity Reed-Muller), DSE (Decoder-Switch-Encoder) structure
S boxes, its power consumption profile for redirecting of different circuit implementations is different.When data enter improved S boxes, according to random number
Y, putting in order for this four S boxes is selected by randomly ordered device.The result of calculation of these four S boxes is identical, simply electricity
Line structure is different, and the power consumption of generation also differs.After the completion of byte replaces calculating, data will be sent out by participating in the S boxes of computing.Its
The data path of his three 32 bits can use similar circuit structure, and S box arrays are improved so as to form.
Stochastic inputs a large amount of plaintexts are needed when power consumption attack, some S box power consumption profile is observed.But by
The computing of rotation is being carried out in the S boxes circuit of random 4 different structures of practicality so that power consumption profile can not area in the computing of S boxes
Point, power consumption attack protection thus can be effectively implemented to non-linear unit S boxes.
AES wheel operation methods of the present invention and circuit, power consumption is defendd using data masking and different S boxes circuit random alignments
Analysis, in AES flows, to pertain only to place-exchange or simple Boolean calculation linear operation include row displacement, row mixing and
Round key addition, is sheltered using xor operation and is recovered data;To the S boxes of nonlinear operation, different circuits are designed
The S boxes of structure, power consumption profile during these S box computings is different, when data pass through S boxes, by randomly choosing data path
The arrangement of upper S boxes so that in AES the computing of S boxes Power randomization.Have the beneficial effect that:1) attacker is in data path
On can not observe the truthful data of encryption process, simultaneously because Power randomization, statistical analysis key also becomes to be stranded very much
It is difficult;2) circuit structure of AES is not changed, algorithm is succinct, easy to implement;3) AES electricity can be increased substantially with less cost
Resist the ability of power consumption analysis attack in road.
Although the present invention is described with reference to current better embodiment, those skilled in the art should be able to manage
Solution, above-mentioned better embodiment is only used for illustrating the present invention, is not used for limiting protection scope of the present invention, any in the present invention
Spirit and spirit within, any modification for being done, equivalence replacement, improvements etc., should be included in the right guarantor of the present invention
Within the scope of shield.
Claims (7)
1. a kind of AES takes turns operation method, it is characterised in that this method comprises the following steps:
S1:Using random number X, the plaintext of any 128 is sheltered;
S2:It is breast wheel operation or end wheel operation to judge the data after masking, and keeps in the data, if it is breast wheel behaviour to judge
When making, step S3a is carried out;If judgement is end wheel operation, step S3b is carried out;
S3a:Computing E is extended to the random number X, obtains E (X);
S4:The E (X), round key and the S2 data kept in are carried out at the same time exclusive or, obtain the value into the first S box arrays;
S5:To the value for entering the first S box arrays, S box computings are carried out, and will be defeated after the first S box array operations
The data gone out, exclusive or is carried out with the random number X;
S6:To the data exported after the S boxes computing and the data obtained after random number X progress exclusive or, shifted into every trade
Mixed with row, and obtained data are back to step S2;
S3b:2nd S box arrays are entered to the data of step S2, carry out S box computings;
S7:The data that will be exported after the 2nd S box array operations, exclusive or is carried out with the random number X;
S8:The data and the random number X data obtained after exclusive or exported after the 2nd S box computings are moved into every trade
Position, and the random number X is shifted into every trade, obtain S (X);
S9:The data that are exported after last round key, the S boxes computing and the random number X are carried out the data that are obtained after exclusive or into
The data and the S (X) that every trade shifts carry out exclusive or, obtain final ciphertext, wherein, first and second S box array,
By 4, randomly selected S boxes are formed from the S boxes of N kind difference circuit structures respectively, and N is the natural number not less than 3.
2. the method as described in claim 1, it is characterised in that the step S1 includes:
S11:Operand A on data path, by linear operation, it is K to obtain result, and K=f (A), wherein f represents encryption and decryption
The intermediary operation of process;
S12:Using the random number X by exclusive or come computing, produce new operand B, B=A ⊕ X, wherein ⊕ and represent exclusive or
Operation;
S13:A is replaced to carry out encryption and decryption computing with the new operand B, it is L, L=f (B)=f (A ⊕ X) to obtain result;
S14:The random number X carries out encryption and decryption computing, and it is M, M=f (X) to obtain result.
3. the method as described in claim 1, it is characterised in that the round key is what is generated using key schedule from master key
One of several 128 sub-keys, each sub-key are used for 1 round trip and handle.
4. the method as described in claim 1, it is characterised in that first and second described S box array, including LUT, SOP, PPRM
With the S boxes of DSE structures.
5. the method as described in claim 1, it is characterised in that the step S5 includes:
S51:Each S box, uses the nonlinear transformation provided in a manner of look-up table, by each block in the value for entering S box arrays
8 input bits be converted into 8 carry-out bits.
6. a kind of AES takes turns computing circuit, it is characterised in that the wheel computing circuit includes masking block, data selecting module, data
Registration module, extended arithmetic module, the first XOR operation module, the first S boxes array, the second XOR operation module, the first displacement
Computing module, the 2nd S boxes array, the 3rd XOR operation module, the second in-place computation module and the 4th XOR operation module, its
In:
The masking block is used to use random number X, and the plaintext of any 128 is sheltered;
The data selecting module is used to judge that the data after masking are breast wheel operation or end wheel operation;
The data register module is used for the temporary data judged through the data selecting module;
The extended arithmetic module is used to be extended computing E to the random number X, obtains E (X);
The data that the breast wheel that the first XOR operation module is used to keep in the E (X), round key and S2 operates at the same time into
Row exclusive or, obtains the value into the first S box arrays;
The first S boxes array is used to, to the value for entering the first S box arrays, carry out S box computings;
The second XOR operation module is used for the data that will will be exported after the first S box array operations, with it is described with
Machine number X carries out exclusive or;
The first in-place computation module is used for after carrying out exclusive or with the random number X to the data exported after the S boxes computing
Obtained data, shift and arrange mixing into every trade, and will shift and arrange mixed data into every trade and be back to the data choosing
Select module;
The data register module is additionally operable to the data of the temporary end wheel operation judged through the data selecting module, end wheel behaviour
The data of work enter the 2nd S box arrays;
The 2nd S boxes array is used for the data for the end wheel operation that computing judges through the data selecting module and exports the number
According to;
The 3rd XOR operation module is used for the data that will be exported after the 2nd S box array operations, and described random
Number X carries out exclusive or;
The second in-place computation module is used for after carrying out exclusive or with the random number X to the data exported after the 2nd S box computings
Obtained data are shifted into every trade, and the random number X is shifted into every trade, obtain S (X);
The 4th XOR operation module be used for the data that are exported after last round key, the S boxes computing and the random number X into
The data and the S (X) that the data obtained after row exclusive or are shifted into every trade carry out exclusive or, obtain final ciphertext, wherein,
First and second described S box array, by 4, randomly selected S boxes are formed from the S boxes of N kind difference circuit structures respectively, N
For the natural number not less than 3.
7. circuit as claimed in claim 6, it is characterised in that first and second described S box array, including LUT, SOP, PPRM
With the S boxes of DSE structures.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410537860.9A CN104301096B (en) | 2014-10-13 | 2014-10-13 | AES takes turns operation method and circuit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410537860.9A CN104301096B (en) | 2014-10-13 | 2014-10-13 | AES takes turns operation method and circuit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104301096A CN104301096A (en) | 2015-01-21 |
| CN104301096B true CN104301096B (en) | 2018-04-20 |
Family
ID=52320676
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410537860.9A Active CN104301096B (en) | 2014-10-13 | 2014-10-13 | AES takes turns operation method and circuit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104301096B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106383691A (en) * | 2016-09-18 | 2017-02-08 | 北京智芯微电子科技有限公司 | Random number generation method and random number generator |
| CN107483182B (en) * | 2017-09-21 | 2020-08-21 | 东南大学 | AES algorithm-oriented power attack resisting method based on out-of-order execution |
| CN109039608B (en) * | 2018-08-24 | 2023-05-09 | 东南大学 | 8-bit AES circuit based on double S cores |
| CN111262685B (en) * | 2020-01-17 | 2021-02-19 | 衡阳师范学院 | Novel method and device for realizing Shield block cipher generated by secret key and readable storage medium |
| CN114172632B (en) * | 2021-08-18 | 2023-09-08 | 北京中电华大电子设计有限责任公司 | Method and device for improving AES encryption and decryption efficiency |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009554A (en) * | 2007-01-17 | 2007-08-01 | 华中科技大学 | A byte replacement circuit for power consumption attack prevention |
| EP2637349A2 (en) * | 2012-03-06 | 2013-09-11 | Kabushiki Kaisha Toshiba | Cryptographic processing apparatus |
-
2014
- 2014-10-13 CN CN201410537860.9A patent/CN104301096B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009554A (en) * | 2007-01-17 | 2007-08-01 | 华中科技大学 | A byte replacement circuit for power consumption attack prevention |
| EP2637349A2 (en) * | 2012-03-06 | 2013-09-11 | Kabushiki Kaisha Toshiba | Cryptographic processing apparatus |
Non-Patent Citations (2)
| Title |
|---|
| 《Dynamic inhomogeneous S-Boxes in AES:a novel countermeasure against power analysis attacks》;chen yicheng,et.al;《High Technology Letters》;20081231;第14卷(第4期);第0-2节 * |
| 《一种抗DPA攻击的DES设计》;孙骏等;《中国集成电路》;20060531;第3节 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104301096A (en) | 2015-01-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104301096B (en) | AES takes turns operation method and circuit | |
| US10567162B2 (en) | Mask S-box, block ciphers algorithm device and corresponding construction process | |
| Bakhshandeh et al. | An authenticated image encryption scheme based on chaotic maps and memory cellular automata | |
| CN103905462B (en) | Encryption processing device and method capable of defending differential power analysis attack | |
| CN105051677B (en) | Mask is carried out with shared random bit | |
| CN107070630B (en) | A kind of fast and safely hardware configuration of aes algorithm | |
| Li et al. | Differential fault analysis on the ARIA algorithm | |
| Özkaynak et al. | Security problems for a pseudorandom sequence generator based on the Chen chaotic system | |
| CN107547194A (en) | Guard method and equipment from side Multiple Channel Analysis | |
| EP2273472A1 (en) | Coder equipped with common key code function and built-in equipment | |
| CN107690681B (en) | For integrated circuit data path confidentiality and its technology of extension | |
| CN104937537A (en) | Cryptography method comprising operation of multiplication by scalar or exponentiation | |
| JP2012516068A (en) | Cryptographic circuit protected from higher-order observational attacks | |
| WO2003060691A2 (en) | Arithmetic unit and method for carrying out an arithmetic operation with coded operands | |
| CN108123791A (en) | A kind of implementation method and device of lightweight block cipher SCS | |
| Deshpande et al. | Efficient implementation of AES algorithm on FPGA | |
| CN102271038B (en) | method for generating a bit vector | |
| CN103595539A (en) | Method for encrypting format-preserved numeric type personally identifiable information | |
| CN103684761B (en) | Coding and decoding method | |
| CN108476132A (en) | Key for an encrypting operation sequence generates | |
| CN104301095A (en) | DES round operation method and circuit | |
| CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
| CN102648600A (en) | Low-complexity electronic circuit protected by customized masking | |
| CN106487497A (en) | DPA protection to RIJNDAEL algorithm | |
| CN101848081A (en) | S box and construction method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 518055 1407 floor, 14 floor, Fuguang business building, 1 Nanshan District Road, Taoyuan, Shenzhen, Guangdong Patentee after: Shenzhen Bureau of Polytron Technologies Inc Address before: 301, building six, building B, No.1 building, No.1 Industrial Road, Nanshan District, Guangdong, Shenzhen, 518067 Patentee before: Shenzhen Zhongke Xunlian Technology Co., Ltd |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210531 Address after: 430000 building 01, building 15, optical valley wisdom Park, No.7, financial port 1st Road, Donghu New Technology Development Zone, Wuhan City, Hubei Province Patentee after: Wuhan ruinajie Semiconductor Co.,Ltd. Address before: 518055 1407 floor, 14 floor, Fuguang business building, 1 Nanshan District Road, Taoyuan, Shenzhen, Guangdong Patentee before: SHENZHEN ZHONGKE XUNLIAN TECHNOLOGY Co.,Ltd. |