CN104734842A - Resisting method of circuit on side channel attack based on pseudo-operation - Google Patents

Resisting method of circuit on side channel attack based on pseudo-operation Download PDF

Info

Publication number
CN104734842A
CN104734842A CN201510112314.5A CN201510112314A CN104734842A CN 104734842 A CN104734842 A CN 104734842A CN 201510112314 A CN201510112314 A CN 201510112314A CN 104734842 A CN104734842 A CN 104734842A
Authority
CN
China
Prior art keywords
round
key
round key
sms4
pseudo
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510112314.5A
Other languages
Chinese (zh)
Other versions
CN104734842B (en
Inventor
刘军荣
王伟嘉
季欣华
李大为
罗鹏
莫凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Cryptography Administration Commercial Code Testing Center
Shanghai Jiaotong University
Shanghai Huahong Integrated Circuit Co Ltd
Original Assignee
State Cryptography Administration Commercial Code Testing Center
Shanghai Jiaotong University
Shanghai Huahong Integrated Circuit Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Cryptography Administration Commercial Code Testing Center, Shanghai Jiaotong University, Shanghai Huahong Integrated Circuit Co Ltd filed Critical State Cryptography Administration Commercial Code Testing Center
Priority to CN201510112314.5A priority Critical patent/CN104734842B/en
Publication of CN104734842A publication Critical patent/CN104734842A/en
Application granted granted Critical
Publication of CN104734842B publication Critical patent/CN104734842B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a resisting method of a circuit on the side channel attack based on the pseudo-operation, and belongs to the technical field of computer security. A round secret key sequence is composed by m pseudo-round secret keys and one real-round secret key to conduct the first round SMS4 encrypting calculation, a second round SMS4 encrypting calculation is conducted on the result of the first round SMS4 encrypting calculation with the participation of the real-round secret key, and a ciphertext is acquired. According to the resisting method of the circuit on the side channel attack based on the pseudo-operation, the position of the generated first round SMS4 encrypting calculation is random, and an attacker cannot align with a power-consumption curve, so that the attack cannot be realized; in addition, compared with an unprotected circuit, the energy consumption cannot exceed the two times of the original energy consumption.

Description

Circuits bypass based on pseudo-operation is attacked and is resisted method
Technical field
What the present invention relates to is a kind of technology of computer safety field, and specifically a kind of circuits bypass based on pseudo-operation is attacked and resisted method, is applicable to SMS4 scheduling algorithm.
Background technology
In reality, cryptographic system is normally with hardware or be that the software of the form of expression realizes with hardware, such as: smart card, RFID, password coprocessor, SoC crypto chip, cipher machine etc.Realize in environment in these cryptographic systems, assailant can observe and measure the information such as energy ezpenditure, electromagnetic radiation of cryptographic transformation, and the information utilizing these extra likely realizes than traditional mathematical analysis more effectively code breaking.People call the attack under this environment " bypass attack (Side Channel Attack) " usually.In the method for bypass attack, generally include simple power consumption analysis (SPA) and differential power consumption analysis (DPA).SPA attack is that the feature utilizing the feature of cryptographic algorithm and be reflected on power consumption profile, directly discloses key or associated sensitive information by a small amount of power consumption profile (corresponding a small amount of plaintext).DPA attack be by record encryption device to the power consumption profile when encryption of a large amount of different pieces of information or decryption oprerations, utilize statistical method from power consumption profile, recover key in encryption device.
The appearance of bypass attack method constitutes the large threat of tool to much present chip, therefore, has occurred the means of defence of a variety of bypass attack accordingly.Relatively more conventional guard technology has concealing technology and mask technology.The target of hiding strategy eliminates the power consumption of encryption device and the operation performed by equipment and the correlation between handled median.And mask technology is by randomized message and key, make the relation cannot setting up key and power consumption.In concealing technology, hiding wherein in free dimension, this comprises radom insertion pseudo-operation and out of order operation two kinds of hidden methods.Radom insertion pseudo-operation is before and after cryptographic algorithm performs and the operation of some vacations of radom insertion in performing.This method can destroy the alignment of true operation, makes greatly to reduce being subject to attack effect in bypass attack.Out of order operation is in some cryptographic algorithm, and the execution sequence of specific operation can change arbitrarily, thus can introduce randomness by the execution sequence changing these operations.
The shortcoming of mask means of defence is circuit area can be made to become very large for the mask of nonlinear operation (such as S box), and cost can be very high, and can not protect completely and reveal.And concealing technology is only reduction of the signal to noise ratio of leakage signal, fundamentally do not protect bypass attack.And the combination of the pseudo-operation that we design and out of order operation, true key really accomplished on the one hand to hide, also reduce signal to noise ratio on the one hand in addition, in addition, also can combine with mask technology uses, and can not produce what conflict.
SM4 be based on national standard GM/T 0002 ?the cryptographic algorithm of 2012 " SM4 block ciphers " (former SMS4 block cipher), this algorithm is symmetry algorithm, key length and block length are 128, and cryptographic algorithm and key schedule all adopt 32 to take turns nonlinear iteration structure.Decipherment algorithm is identical with the structure of cryptographic algorithm, and just the use order of round key is contrary, and decryption round key is the backward of encryption round key.
Through finding the retrieval of prior art, open (bulletin) the day 2014.01.29 of Chinese patent literature CN103546277A, the DPA disclosing a kind of smart card SM4 algorithm attacks and key recovery method and system, its method comprises the following steps: step one, to 4 taking turns and carry out DPA attack before SM4 algorithm for encryption process, obtain front 4 sub-keys of taking turns; Step 2, utilizes 4 respective loops obtained to recover SM4 key.The DPA adopting the method and system described in this technology can realize SM4 algorithm on smart card attacks, reduction SM4 encryption key, the anti-attack ability of SM4 algorithm on checking smart card.
Open (bulletin) the day 2013.07.31 of Chinese patent literature CN103227717A, disclose a kind of application selecting the input of round key XOR to carry out the channel energy analysis of SM4 cryptographic algorithm side, its core is to carry out in the channel energy analytic process of SM4 cryptographic algorithm side, S box or round function is selected to set up Hamming distance model as the point of attack, using the input of round key XOR as the front and continued state v1 of Hamming distance model, when S box is attacked, the successor states v2 of Hamming distance (HD (v1, v2)) model is that S box exports; When attacking round function, the successor states v2 of Hamming distance (HD (v1, v2)) model is round function input/output.
Open (bulletin) the day 2012.07.04 of Chinese patent literature CN102546157A, disclose a kind of random Hybrid Encryption system and its implementation of resisting energy spectrometer, this technological system is made up of pseudo random sequence PN128 generation module, S box update module, mask correction value generation module, expressly input register, pseudo random sequence PN64 generation module, gating circuit A, gating circuit B, SMS4 encrypting module, AES encryption module, Port Multiplier, ciphertext output register 11 parts.This technology proposes a kind of random Hybrid Encryption system and its implementation of resisting energy spectrometer first, by pseudo random sequence PN64, AES or the SMS4 algorithm based on mask technology is adopted to be encrypted to expressly random, during hardware algorithm realizes, all basic circuit unit are all realized by symmetric circuit, simple and differential power analysis are fundamentally stopped, encryption system has multiple-working mode, is applicable to different scene.But this technology explicitly calls for when some and uses single algorithm cannot process as when SMS4 algorithm, in addition, if just considered from hybrid protective (the not considering mask) angle of algorithm, this protection can not be eliminated DPA completely and attack, because we can make mistakes as a kind of noise using conjecture algorithm, therefore, this protectiving scheme is only the reduction of signal to noise ratio, adds the difficulty that DPA attacks.
Chinese patent literature CN102412963A and CN102360414A individually discloses a kind of encryption method with misleading function based on random sequence and a kind of encryption method misled revising pseudo random sequence, this technology can obtain pseudo-key, thus can cryptanalysis person be misled, this misleading is decided by internal layer key, in order to mislead arbitrarily, adopt long random sequence to produce sub-key, long random sequence can be produced by quantum-key distribution.Special processing mode is adopted for the mark in document, even if make the mark specified may occur in the text, still can not obscure.Need a keyword database when encryption, in it, infill layer utilizes database to carry out the expansion of keyword, and outer infill layer have employed traditional encryption method.Without the need to the support of database during the deciphering of this technology, avoid the problem of database synchronization.This technology all has in certain use value, particularly military affairs in various occasion encryption application.But this technology for be " coaxing and pestering unceasingly " attack method, protected by the readability of plaintext after misleading deciphering.This method does not have effect for bypass attack.
Summary of the invention
The present invention is directed to prior art above shortcomings, propose the attack of a kind of circuits bypass based on pseudo-operation and resist method.
The present invention is achieved by the following technical solutions:
The present invention relates to the attack of a kind of circuits bypass based on pseudo-operation and resist method, first round SMS4 computations is carried out with m pseudo-round key and 1 true round key composition round key sequence, and the first round SMS4 cryptographic calculation results participated in by true round key is carried out second and is taken turns SMS4 computations, obtains required ciphertext.
Described key wheel sequence is by round key random selecting circuit or upset at random in circuit trailing wheel crypto key memory by round key memory and select to obtain, and is specially:
1. generate m pseudo-round key and a true round key, then utilize round key memory to upset circuit at random and upset at random, and record the position of true round key, or
2. determine the sequence number K that true round key performs, and in round key sequence other m pseudo-round key by selecting to obtain in round key random selecting circuit trailing wheel crypto key memory.
Described first round SMS4 computations refers to: plaintext to be encrypted and the key in round key sequence are carried out round function iterative computation successively.
Described second takes turns SMS4 computations refers to: cryptographic calculation results true key in first round SMS4 computations participated in is as input, the round function that 32 iteration are carried out in circulation calculates, get last to take turns, namely the 32nd round function result of calculation of taking turns exports as ciphertext.
The present invention relates to a kind of system realizing said method, comprise: first round cycle wheel functional circuit module, first round round key selection circuit module, (m+1) individual round key register, the round function circuit module of SMS4, the round key generative circuit module of SMS4, wherein: first round cycle wheel functional circuit module is connected with the round function circuit module of SMS4 and transmits and truly takes turns operation result, (m+1) individual round key memory is connected with round key selection circuit and transmits true and false round key, the round key generative circuit of SMS4 is connected with the round function circuit module of SMS4 with (m+1) individual round key memory and transmits true round key.
Technique effect
Compared with prior art, the position of the first round true computing that the present invention generates is random, assailant cannot be alignd power consumption profile, thus cannot realize attacking.In addition the present invention is relative to unguarded circuit, and its energy consumption can not exceed the twice of proper energy consumption.
Accompanying drawing explanation
Fig. 1 is embodiment 1 schematic flow sheet;
In figure: R1, R2 are register, Count is the counter variable name that circulation performs first round operation.
Fig. 2 is that embodiment 1 arranges the logarithm that true and false round key adopts and to shuffle schematic diagram.
Fig. 3 is embodiment 2 schematic flow sheet;
In figure: R1, R2 are register, Count is the counter variable name that circulation performs first round operation.
Embodiment
Elaborate to embodiments of the invention below, the present embodiment is implemented under premised on technical solution of the present invention, give detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
Embodiment 1
As shown in Figure 1, N=m+1 in the present embodiment.N and m represents execution number of times and the false ring number of keys of the first round respectively.
The present embodiment implement device comprises: the round function generation module of SMS-Based 4, (m+1) individual round key memory, cycle wheel key circuit, round key memory upset circuit at random, wherein: first round round function be connected with round key holder and transmit, be connected between round function and transmit, round key holder upsets circuit at random with round key and is connected and transmits.
The round function generation module of described SMS-Based 4 is: i.e. normal SMS4 round function
Described round key memory is: the register of 32, to be used for the round key of storage 32
Circuit upset at random by described round key memory: then m pseudo-round key and real round key are put together utilizes round key memory to upset circuit at random to upset at random, record the position of true round key.
Described in upper, the present embodiment refers to that multiple exercise (N time) first round operates, and other 31 take turns Exactly-once, and the course of work that the present embodiment relates to said apparatus is as follows:
1. first need to preserve m pseudo-round key, these pseudo-round key need to have following characteristics: each byte that false ring double secret key is answered is different, and this is used for ensureing that the pseudo-round key for certain S box is different.
2. encrypt beginning, then m pseudo-round key and real round key are put together utilizes round key memory to upset circuit at random to upset at random, record the position (i.e. the moment of true round key execution) of true round key at every turn.
3. then start to perform N round function according to the round key upset at random successively, the result of each round function all will be preserved.
4. then get real round function result enter second take turns continue perform after computing.
Embodiment 2
As shown in Figure 3, N>m in the present embodiment.N and m represents execution number of times and the false ring number of keys of the first round respectively.
The present embodiment implement device comprises: the round function generation module of SMS-Based 4, (m+1) individual round key memory, cycle wheel key circuit, round key random selecting circuit, wherein: first round round function be connected with round key holder and transmit, be connected between round function and transmit, round key holder is connected with round key random selecting circuit and transmits.
Described round key random selecting circuit is: first locate the moment that true key performs, and the selection of other pseudo-round key can repeat at random to choose from optional pseudo-round key.
When the present embodiment and the differentiation of embodiment 1 are to operate the first round round key system of selection on different.The present embodiment selects the mode of round key to be the moment of first locating the execution of true round key, and the selection of other pseudo-round key can repeat at random to choose from optional pseudo-round key.
Effect analysis
The explanation that SMS4 pseudo-operation protectiving scheme opposing DPA attacks:
For hard-wired SMS4, due to the existence that key is obscured, the median in each register of taking turns and 32 round key have relation.Attacking to carry out common DPA, 32 round key must be guessed simultaneously, still can not reach under current Prerequisite, therefore at present for the bypass attack of this kind of hard-wired SMS4, known DPA method is all adopt to select mode expressly.
Adopt and select the DPA attack method of clear-text way to be merely able to the realization of attacking SMS4 from the first round.Above-described embodiment have employed the method for pseudo-operation, and make when assailant is when attacking the first round, for embodiment 1, in theory, it is the same for obtaining true key with the probability of pseudo-key.Therefore, real operation and pseudo-operation cannot be distinguished, accomplished that true key and pseudo-key are fully obscured.In addition, when the number (i.e. security parameter) of pseudo-operation equals 255 (maximum) time, now assailant cannot obtain any key information completely from DPA attacks, thus from theoretical and in fact resisted for the hard-wired DPA of SMS4.For embodiment 2, m=N – 1 also can be allowed, now, identical with embodiment 1 from probability, just difference to some extent in implementation.But also can regulate m, make m<N – 1, the probability now obtaining pseudo-round key is greater than the probability of true key on the contrary, creates a false impression to attack.
Another one protectiving scheme implicit in scheme is radom insertion pseudo-operation.Use location due to true round key is random, therefore, is equivalent to employ radom insertion pseudo-operation safeguard procedures.Radom insertion pseudo-operation will cause real operation cannot realize alignment.In the present embodiment, as long as the position that true operation performs meets equally distributed at random, so, true operation may only have 1/N that moment.This will reduce the signal to noise ratio of bypass attack greatly.

Claims (6)

1. the circuits bypass based on pseudo-operation is attacked and is resisted method, it is characterized in that, first round SMS4 computations is carried out with m pseudo-round key and 1 true round key composition round key sequence, and the first round SMS4 cryptographic calculation results participated in by true round key is carried out second and is taken turns SMS4 computations, obtains required ciphertext.
2. method according to claim 1, is characterized in that, described key wheel sequence is by round key random selecting circuit or upset at random in circuit trailing wheel crypto key memory by round key memory and select to obtain.
3. method according to claim 1 and 2, is characterized in that, described key wheel sequence obtains especially by any one mode following:
1. generate m pseudo-round key and a true round key, then utilize round key memory to upset circuit at random and upset at random, and record the position of true round key, or
2. determine the sequence number K that true round key performs, and in round key sequence other m pseudo-round key by selecting to obtain in round key random selecting circuit trailing wheel crypto key memory.
4. method according to claim 1, is characterized in that, described first round SMS4 computations refers to: plaintext to be encrypted and the key in round key sequence are carried out round function iterative computation successively.
5. method according to claim 1, it is characterized in that, described second takes turns SMS4 computations refers to: cryptographic calculation results true key in first round SMS4 computations participated in is as input, the round function that 32 iteration are carried out in circulation calculates, get last to take turns, namely the 32nd round function result of calculation of taking turns exports as ciphertext.
6. one kind realizes the system of method described in above-mentioned arbitrary claim, it is characterized in that, comprise: first round cycle wheel functional circuit module, first round round key selection circuit module, (m+1) individual round key register, the round function circuit module of SMS4, the round key generative circuit module of SMS4, wherein: first round cycle wheel functional circuit module is connected with the round function circuit module of SMS4 and transmits and truly takes turns operation result, (m+1) individual round key memory is connected with round key selection circuit and transmits true and false round key, the round key generative circuit of SMS4 is connected with the round function circuit module of SMS4 with (m+1) individual round key memory and transmits true round key.
CN201510112314.5A 2015-03-13 2015-03-13 Method is resisted in circuits bypass attack based on pseudo-operation Active CN104734842B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510112314.5A CN104734842B (en) 2015-03-13 2015-03-13 Method is resisted in circuits bypass attack based on pseudo-operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510112314.5A CN104734842B (en) 2015-03-13 2015-03-13 Method is resisted in circuits bypass attack based on pseudo-operation

Publications (2)

Publication Number Publication Date
CN104734842A true CN104734842A (en) 2015-06-24
CN104734842B CN104734842B (en) 2018-06-08

Family

ID=53458306

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510112314.5A Active CN104734842B (en) 2015-03-13 2015-03-13 Method is resisted in circuits bypass attack based on pseudo-operation

Country Status (1)

Country Link
CN (1) CN104734842B (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105897401A (en) * 2016-06-21 2016-08-24 上海观源信息科技有限公司 Bit-based universal differential power consumption analysis method and system
CN106817215A (en) * 2016-12-07 2017-06-09 清华大学 Supply network verification method on a kind of piece for bypass attack
CN107154843A (en) * 2017-05-18 2017-09-12 北京万协通信息技术有限公司 A kind of system for implementing hardware of the SM4 algorithms of anti-power consumption attack
CN107980212A (en) * 2017-09-06 2018-05-01 福建联迪商用设备有限公司 The encryption method and computer-readable recording medium of anti-DPA attacks
WO2018174819A1 (en) * 2017-03-20 2018-09-27 Nanyang Technological University Hardware security to countermeasure side-channel attacks
CN108650072A (en) * 2018-03-28 2018-10-12 杭州朔天科技有限公司 It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method
CN108737073A (en) * 2018-06-22 2018-11-02 北京智芯微电子科技有限公司 The method and apparatus that power analysis is resisted in block encryption operation
CN108847924A (en) * 2018-04-22 2018-11-20 平安科技(深圳)有限公司 Encryption method, device, computer equipment and storage medium
CN109039590A (en) * 2017-06-09 2018-12-18 深圳九磊科技有限公司 Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack
CN110263586A (en) * 2019-06-19 2019-09-20 广西师范大学 A kind of hardware security appraisal procedure of chaos cipher system
US11177933B2 (en) * 2019-03-24 2021-11-16 Google Llc Side channel timing attack mitigation in securing data in transit
US11258579B2 (en) * 2018-02-26 2022-02-22 Stmicroelectronics (Rousset) Sas Method and circuit for implementing a substitution table
US11265145B2 (en) 2018-02-26 2022-03-01 Stmicroelectronics (Rousset) Sas Method and device for performing substitution table operations
US11824969B2 (en) 2018-02-26 2023-11-21 Stmicroelectronics (Rousset) Sas Method and circuit for performing a substitution operation
CN117614608A (en) * 2024-01-22 2024-02-27 南京航空航天大学 NTT (network time Table) defense method for resisting energy analysis attack

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753357A (en) * 2005-08-18 2006-03-29 复旦大学 Differential power consumption analysis shield circuit for DES encrypted chip
CN101371480A (en) * 2005-11-21 2009-02-18 爱特梅尔公司 Encryption protection method
US20120069997A1 (en) * 2010-09-21 2012-03-22 Takeshi Kawabata Encription device and decryption device
CN102447556A (en) * 2010-10-14 2012-05-09 上海华虹集成电路有限责任公司 DES (data encryption standard) encryption method of resisting differential power analysis based on random offset
CN102970132A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm
CN103138917A (en) * 2013-01-25 2013-06-05 国家密码管理局商用密码检测中心 Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input
CN104202145A (en) * 2014-09-04 2014-12-10 成都信息工程学院 Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm
CN104301088A (en) * 2014-09-20 2015-01-21 北京电子科技学院 Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method
CN104333447A (en) * 2014-11-26 2015-02-04 上海爱信诺航芯电子科技有限公司 SM4 method capable of resisting energy analysis attack
CN104378196A (en) * 2014-11-07 2015-02-25 昆腾微电子股份有限公司 Method and device for safely executing encryption and decryption algorithm

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753357A (en) * 2005-08-18 2006-03-29 复旦大学 Differential power consumption analysis shield circuit for DES encrypted chip
CN101371480A (en) * 2005-11-21 2009-02-18 爱特梅尔公司 Encryption protection method
US20120069997A1 (en) * 2010-09-21 2012-03-22 Takeshi Kawabata Encription device and decryption device
CN102447556A (en) * 2010-10-14 2012-05-09 上海华虹集成电路有限责任公司 DES (data encryption standard) encryption method of resisting differential power analysis based on random offset
CN102970132A (en) * 2011-08-31 2013-03-13 北京中电华大电子设计有限责任公司 Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm
CN103138917A (en) * 2013-01-25 2013-06-05 国家密码管理局商用密码检测中心 Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input
CN104202145A (en) * 2014-09-04 2014-12-10 成都信息工程学院 Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm
CN104301088A (en) * 2014-09-20 2015-01-21 北京电子科技学院 Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method
CN104378196A (en) * 2014-11-07 2015-02-25 昆腾微电子股份有限公司 Method and device for safely executing encryption and decryption algorithm
CN104333447A (en) * 2014-11-26 2015-02-04 上海爱信诺航芯电子科技有限公司 SM4 method capable of resisting energy analysis attack

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105897401B (en) * 2016-06-21 2018-12-07 上海观源信息科技有限公司 General differential power consumption analysis method and system based on bit
CN105897401A (en) * 2016-06-21 2016-08-24 上海观源信息科技有限公司 Bit-based universal differential power consumption analysis method and system
CN106817215A (en) * 2016-12-07 2017-06-09 清华大学 Supply network verification method on a kind of piece for bypass attack
CN106817215B (en) * 2016-12-07 2019-09-20 清华大学 A kind of on piece supply network verification method for bypass attack
US11227071B2 (en) 2017-03-20 2022-01-18 Nanyang Technological University Hardware security to countermeasure side-channel attacks
WO2018174819A1 (en) * 2017-03-20 2018-09-27 Nanyang Technological University Hardware security to countermeasure side-channel attacks
CN107154843A (en) * 2017-05-18 2017-09-12 北京万协通信息技术有限公司 A kind of system for implementing hardware of the SM4 algorithms of anti-power consumption attack
CN109039590A (en) * 2017-06-09 2018-12-18 深圳九磊科技有限公司 Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack
CN107980212A (en) * 2017-09-06 2018-05-01 福建联迪商用设备有限公司 The encryption method and computer-readable recording medium of anti-DPA attacks
WO2019047062A1 (en) * 2017-09-06 2019-03-14 福建联迪商用设备有限公司 Anti-dpa attack encryption method and computer-readable storage medium
US11265145B2 (en) 2018-02-26 2022-03-01 Stmicroelectronics (Rousset) Sas Method and device for performing substitution table operations
US11824969B2 (en) 2018-02-26 2023-11-21 Stmicroelectronics (Rousset) Sas Method and circuit for performing a substitution operation
US11258579B2 (en) * 2018-02-26 2022-02-22 Stmicroelectronics (Rousset) Sas Method and circuit for implementing a substitution table
CN108650072A (en) * 2018-03-28 2018-10-12 杭州朔天科技有限公司 It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method
CN108650072B (en) * 2018-03-28 2021-04-20 杭州朔天科技有限公司 Anti-attack circuit implementation method of chip supporting multiple symmetric cryptographic algorithms
WO2019205407A1 (en) * 2018-04-22 2019-10-31 平安科技(深圳)有限公司 Encryption method and apparatus, and computer device and storage medium
CN108847924A (en) * 2018-04-22 2018-11-20 平安科技(深圳)有限公司 Encryption method, device, computer equipment and storage medium
CN108737073A (en) * 2018-06-22 2018-11-02 北京智芯微电子科技有限公司 The method and apparatus that power analysis is resisted in block encryption operation
US11177933B2 (en) * 2019-03-24 2021-11-16 Google Llc Side channel timing attack mitigation in securing data in transit
US11706015B2 (en) 2019-03-24 2023-07-18 Google Llc Side channel timing attack mitigation in securing data in transit
CN110263586A (en) * 2019-06-19 2019-09-20 广西师范大学 A kind of hardware security appraisal procedure of chaos cipher system
CN117614608A (en) * 2024-01-22 2024-02-27 南京航空航天大学 NTT (network time Table) defense method for resisting energy analysis attack
CN117614608B (en) * 2024-01-22 2024-04-16 南京航空航天大学 NTT (network time Table) defense method for resisting energy analysis attack

Also Published As

Publication number Publication date
CN104734842B (en) 2018-06-08

Similar Documents

Publication Publication Date Title
CN104734842A (en) Resisting method of circuit on side channel attack based on pseudo-operation
CN104734845B (en) Bypass attack means of defence based on full Encryption Algorithm pseudo-operation
US10439797B2 (en) Methods and devices against a side-channel analysis
KR102628466B1 (en) Block cryptographic method for encrypting/decrypting messages and cryptographic devices for implementing this method
EP3143720B1 (en) Differential power analysis countermeasures
CN102546157A (en) Random mixed encryption system for resisting energy analysis and implementation method thereof
CN103404073B (en) Protection for passive monitoring
US9544132B2 (en) Cryptographic method for protecting a key hardware register against fault attacks
CN104301095A (en) DES round operation method and circuit
Pan et al. One fault is all it needs: Breaking higher-order masking with persistent fault analysis
CN111224770B (en) Comprehensive protection method for resisting side channel and fault attack based on threshold technology
CN108737073B (en) Method and device for resisting energy analysis attack in block encryption operation
US8958556B2 (en) Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component
CN108123792B (en) Power consumption scrambling method of SM4 algorithm circuit
CN106936822B (en) Mask implementation method and system for resisting high-order bypass analysis aiming at SMS4
CN104240177A (en) Colored image encryption method based on chaotic system and fractional order Fourier transform
CN105897398A (en) Key protection method and system for use in DES (Data Encryption Standard) encryption process
Xu et al. Differential power analysis of 8-bit datapath AES for IoT applications
Hong et al. Hardware implementation for fending off side-channel attacks
Wadi et al. A low cost implementation of modified advanced encryption standard algorithm using 8085A microprocessor
Liu et al. Improving tag generation for memory data authentication in embedded processor systems
Putra et al. Security analysis of BC3 algorithm for differential power analysis attack
CN203180936U (en) DES device preventing differential power analysis (DPA)
Zhang et al. Correlation power analysis for AES encryption device
Zhang et al. New Countermeasures Against Differential Fault Attacks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant