CN104734842A - Resisting method of circuit on side channel attack based on pseudo-operation - Google Patents
Resisting method of circuit on side channel attack based on pseudo-operation Download PDFInfo
- Publication number
- CN104734842A CN104734842A CN201510112314.5A CN201510112314A CN104734842A CN 104734842 A CN104734842 A CN 104734842A CN 201510112314 A CN201510112314 A CN 201510112314A CN 104734842 A CN104734842 A CN 104734842A
- Authority
- CN
- China
- Prior art keywords
- round
- key
- round key
- sms4
- pseudo
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000004364 calculation method Methods 0.000 claims abstract description 10
- 230000006870 function Effects 0.000 claims description 27
- 238000005516 engineering process Methods 0.000 abstract description 18
- 238000005265 energy consumption Methods 0.000 abstract description 4
- 230000007123 defense Effects 0.000 abstract 1
- 238000004422 calculation algorithm Methods 0.000 description 22
- 238000004458 analytical method Methods 0.000 description 6
- 238000003780 insertion Methods 0.000 description 6
- 230000037431 insertion Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000009467 reduction Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000005670 electromagnetic radiation Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
一种计算机安全技术领域的基于伪操作的电路旁路攻击抵御方法,以m个伪轮密钥和1个真实轮密钥组成轮密钥序列进行第一轮SMS4加密计算,并将真实轮密钥参与的第一轮SMS4加密计算结果进行第二轮SMS4加密计算,得到所需密文。本发明生成的第一轮真实运算的位置随机,使攻击者无法对齐功耗曲线,从而无法实现攻击。此外本发明相对于无防护的电路,其能耗不会超过原能耗的两倍。
A circuit bypass attack defense method based on pseudo-operation in the field of computer security technology, using m pseudo-round keys and 1 real round key to form a round key sequence to perform the first round of SMS4 encryption calculation, and the real round key The result of the first round of SMS4 encryption calculation that the key participated in is used for the second round of SMS4 encryption calculation to obtain the required ciphertext. The position of the first round of real calculations generated by the present invention is random, so that the attacker cannot align the power consumption curve, so that the attack cannot be realized. In addition, compared with an unprotected circuit, the energy consumption of the present invention will not exceed twice the original energy consumption.
Description
Technical field
What the present invention relates to is a kind of technology of computer safety field, and specifically a kind of circuits bypass based on pseudo-operation is attacked and resisted method, is applicable to SMS4 scheduling algorithm.
Background technology
In reality, cryptographic system is normally with hardware or be that the software of the form of expression realizes with hardware, such as: smart card, RFID, password coprocessor, SoC crypto chip, cipher machine etc.Realize in environment in these cryptographic systems, assailant can observe and measure the information such as energy ezpenditure, electromagnetic radiation of cryptographic transformation, and the information utilizing these extra likely realizes than traditional mathematical analysis more effectively code breaking.People call the attack under this environment " bypass attack (Side Channel Attack) " usually.In the method for bypass attack, generally include simple power consumption analysis (SPA) and differential power consumption analysis (DPA).SPA attack is that the feature utilizing the feature of cryptographic algorithm and be reflected on power consumption profile, directly discloses key or associated sensitive information by a small amount of power consumption profile (corresponding a small amount of plaintext).DPA attack be by record encryption device to the power consumption profile when encryption of a large amount of different pieces of information or decryption oprerations, utilize statistical method from power consumption profile, recover key in encryption device.
The appearance of bypass attack method constitutes the large threat of tool to much present chip, therefore, has occurred the means of defence of a variety of bypass attack accordingly.Relatively more conventional guard technology has concealing technology and mask technology.The target of hiding strategy eliminates the power consumption of encryption device and the operation performed by equipment and the correlation between handled median.And mask technology is by randomized message and key, make the relation cannot setting up key and power consumption.In concealing technology, hiding wherein in free dimension, this comprises radom insertion pseudo-operation and out of order operation two kinds of hidden methods.Radom insertion pseudo-operation is before and after cryptographic algorithm performs and the operation of some vacations of radom insertion in performing.This method can destroy the alignment of true operation, makes greatly to reduce being subject to attack effect in bypass attack.Out of order operation is in some cryptographic algorithm, and the execution sequence of specific operation can change arbitrarily, thus can introduce randomness by the execution sequence changing these operations.
The shortcoming of mask means of defence is circuit area can be made to become very large for the mask of nonlinear operation (such as S box), and cost can be very high, and can not protect completely and reveal.And concealing technology is only reduction of the signal to noise ratio of leakage signal, fundamentally do not protect bypass attack.And the combination of the pseudo-operation that we design and out of order operation, true key really accomplished on the one hand to hide, also reduce signal to noise ratio on the one hand in addition, in addition, also can combine with mask technology uses, and can not produce what conflict.
SM4 be based on national standard GM/T 0002 ?the cryptographic algorithm of 2012 " SM4 block ciphers " (former SMS4 block cipher), this algorithm is symmetry algorithm, key length and block length are 128, and cryptographic algorithm and key schedule all adopt 32 to take turns nonlinear iteration structure.Decipherment algorithm is identical with the structure of cryptographic algorithm, and just the use order of round key is contrary, and decryption round key is the backward of encryption round key.
Through finding the retrieval of prior art, open (bulletin) the day 2014.01.29 of Chinese patent literature CN103546277A, the DPA disclosing a kind of smart card SM4 algorithm attacks and key recovery method and system, its method comprises the following steps: step one, to 4 taking turns and carry out DPA attack before SM4 algorithm for encryption process, obtain front 4 sub-keys of taking turns; Step 2, utilizes 4 respective loops obtained to recover SM4 key.The DPA adopting the method and system described in this technology can realize SM4 algorithm on smart card attacks, reduction SM4 encryption key, the anti-attack ability of SM4 algorithm on checking smart card.
Open (bulletin) the day 2013.07.31 of Chinese patent literature CN103227717A, disclose a kind of application selecting the input of round key XOR to carry out the channel energy analysis of SM4 cryptographic algorithm side, its core is to carry out in the channel energy analytic process of SM4 cryptographic algorithm side, S box or round function is selected to set up Hamming distance model as the point of attack, using the input of round key XOR as the front and continued state v1 of Hamming distance model, when S box is attacked, the successor states v2 of Hamming distance (HD (v1, v2)) model is that S box exports; When attacking round function, the successor states v2 of Hamming distance (HD (v1, v2)) model is round function input/output.
Open (bulletin) the day 2012.07.04 of Chinese patent literature CN102546157A, disclose a kind of random Hybrid Encryption system and its implementation of resisting energy spectrometer, this technological system is made up of pseudo random sequence PN128 generation module, S box update module, mask correction value generation module, expressly input register, pseudo random sequence PN64 generation module, gating circuit A, gating circuit B, SMS4 encrypting module, AES encryption module, Port Multiplier, ciphertext output register 11 parts.This technology proposes a kind of random Hybrid Encryption system and its implementation of resisting energy spectrometer first, by pseudo random sequence PN64, AES or the SMS4 algorithm based on mask technology is adopted to be encrypted to expressly random, during hardware algorithm realizes, all basic circuit unit are all realized by symmetric circuit, simple and differential power analysis are fundamentally stopped, encryption system has multiple-working mode, is applicable to different scene.But this technology explicitly calls for when some and uses single algorithm cannot process as when SMS4 algorithm, in addition, if just considered from hybrid protective (the not considering mask) angle of algorithm, this protection can not be eliminated DPA completely and attack, because we can make mistakes as a kind of noise using conjecture algorithm, therefore, this protectiving scheme is only the reduction of signal to noise ratio, adds the difficulty that DPA attacks.
Chinese patent literature CN102412963A and CN102360414A individually discloses a kind of encryption method with misleading function based on random sequence and a kind of encryption method misled revising pseudo random sequence, this technology can obtain pseudo-key, thus can cryptanalysis person be misled, this misleading is decided by internal layer key, in order to mislead arbitrarily, adopt long random sequence to produce sub-key, long random sequence can be produced by quantum-key distribution.Special processing mode is adopted for the mark in document, even if make the mark specified may occur in the text, still can not obscure.Need a keyword database when encryption, in it, infill layer utilizes database to carry out the expansion of keyword, and outer infill layer have employed traditional encryption method.Without the need to the support of database during the deciphering of this technology, avoid the problem of database synchronization.This technology all has in certain use value, particularly military affairs in various occasion encryption application.But this technology for be " coaxing and pestering unceasingly " attack method, protected by the readability of plaintext after misleading deciphering.This method does not have effect for bypass attack.
Summary of the invention
The present invention is directed to prior art above shortcomings, propose the attack of a kind of circuits bypass based on pseudo-operation and resist method.
The present invention is achieved by the following technical solutions:
The present invention relates to the attack of a kind of circuits bypass based on pseudo-operation and resist method, first round SMS4 computations is carried out with m pseudo-round key and 1 true round key composition round key sequence, and the first round SMS4 cryptographic calculation results participated in by true round key is carried out second and is taken turns SMS4 computations, obtains required ciphertext.
Described key wheel sequence is by round key random selecting circuit or upset at random in circuit trailing wheel crypto key memory by round key memory and select to obtain, and is specially:
1. generate m pseudo-round key and a true round key, then utilize round key memory to upset circuit at random and upset at random, and record the position of true round key, or
2. determine the sequence number K that true round key performs, and in round key sequence other m pseudo-round key by selecting to obtain in round key random selecting circuit trailing wheel crypto key memory.
Described first round SMS4 computations refers to: plaintext to be encrypted and the key in round key sequence are carried out round function iterative computation successively.
Described second takes turns SMS4 computations refers to: cryptographic calculation results true key in first round SMS4 computations participated in is as input, the round function that 32 iteration are carried out in circulation calculates, get last to take turns, namely the 32nd round function result of calculation of taking turns exports as ciphertext.
The present invention relates to a kind of system realizing said method, comprise: first round cycle wheel functional circuit module, first round round key selection circuit module, (m+1) individual round key register, the round function circuit module of SMS4, the round key generative circuit module of SMS4, wherein: first round cycle wheel functional circuit module is connected with the round function circuit module of SMS4 and transmits and truly takes turns operation result, (m+1) individual round key memory is connected with round key selection circuit and transmits true and false round key, the round key generative circuit of SMS4 is connected with the round function circuit module of SMS4 with (m+1) individual round key memory and transmits true round key.
Technique effect
Compared with prior art, the position of the first round true computing that the present invention generates is random, assailant cannot be alignd power consumption profile, thus cannot realize attacking.In addition the present invention is relative to unguarded circuit, and its energy consumption can not exceed the twice of proper energy consumption.
Accompanying drawing explanation
Fig. 1 is embodiment 1 schematic flow sheet;
In figure: R1, R2 are register, Count is the counter variable name that circulation performs first round operation.
Fig. 2 is that embodiment 1 arranges the logarithm that true and false round key adopts and to shuffle schematic diagram.
Fig. 3 is embodiment 2 schematic flow sheet;
In figure: R1, R2 are register, Count is the counter variable name that circulation performs first round operation.
Embodiment
Elaborate to embodiments of the invention below, the present embodiment is implemented under premised on technical solution of the present invention, give detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
Embodiment 1
As shown in Figure 1, N=m+1 in the present embodiment.N and m represents execution number of times and the false ring number of keys of the first round respectively.
The present embodiment implement device comprises: the round function generation module of SMS-Based 4, (m+1) individual round key memory, cycle wheel key circuit, round key memory upset circuit at random, wherein: first round round function be connected with round key holder and transmit, be connected between round function and transmit, round key holder upsets circuit at random with round key and is connected and transmits.
The round function generation module of described SMS-Based 4 is: i.e. normal SMS4 round function
Described round key memory is: the register of 32, to be used for the round key of storage 32
Circuit upset at random by described round key memory: then m pseudo-round key and real round key are put together utilizes round key memory to upset circuit at random to upset at random, record the position of true round key.
Described in upper, the present embodiment refers to that multiple exercise (N time) first round operates, and other 31 take turns Exactly-once, and the course of work that the present embodiment relates to said apparatus is as follows:
1. first need to preserve m pseudo-round key, these pseudo-round key need to have following characteristics: each byte that false ring double secret key is answered is different, and this is used for ensureing that the pseudo-round key for certain S box is different.
2. encrypt beginning, then m pseudo-round key and real round key are put together utilizes round key memory to upset circuit at random to upset at random, record the position (i.e. the moment of true round key execution) of true round key at every turn.
3. then start to perform N round function according to the round key upset at random successively, the result of each round function all will be preserved.
4. then get real round function result enter second take turns continue perform after computing.
Embodiment 2
As shown in Figure 3, N>m in the present embodiment.N and m represents execution number of times and the false ring number of keys of the first round respectively.
The present embodiment implement device comprises: the round function generation module of SMS-Based 4, (m+1) individual round key memory, cycle wheel key circuit, round key random selecting circuit, wherein: first round round function be connected with round key holder and transmit, be connected between round function and transmit, round key holder is connected with round key random selecting circuit and transmits.
Described round key random selecting circuit is: first locate the moment that true key performs, and the selection of other pseudo-round key can repeat at random to choose from optional pseudo-round key.
When the present embodiment and the differentiation of embodiment 1 are to operate the first round round key system of selection on different.The present embodiment selects the mode of round key to be the moment of first locating the execution of true round key, and the selection of other pseudo-round key can repeat at random to choose from optional pseudo-round key.
Effect analysis
The explanation that SMS4 pseudo-operation protectiving scheme opposing DPA attacks:
For hard-wired SMS4, due to the existence that key is obscured, the median in each register of taking turns and 32 round key have relation.Attacking to carry out common DPA, 32 round key must be guessed simultaneously, still can not reach under current Prerequisite, therefore at present for the bypass attack of this kind of hard-wired SMS4, known DPA method is all adopt to select mode expressly.
Adopt and select the DPA attack method of clear-text way to be merely able to the realization of attacking SMS4 from the first round.Above-described embodiment have employed the method for pseudo-operation, and make when assailant is when attacking the first round, for embodiment 1, in theory, it is the same for obtaining true key with the probability of pseudo-key.Therefore, real operation and pseudo-operation cannot be distinguished, accomplished that true key and pseudo-key are fully obscured.In addition, when the number (i.e. security parameter) of pseudo-operation equals 255 (maximum) time, now assailant cannot obtain any key information completely from DPA attacks, thus from theoretical and in fact resisted for the hard-wired DPA of SMS4.For embodiment 2, m=N – 1 also can be allowed, now, identical with embodiment 1 from probability, just difference to some extent in implementation.But also can regulate m, make m<N – 1, the probability now obtaining pseudo-round key is greater than the probability of true key on the contrary, creates a false impression to attack.
Another one protectiving scheme implicit in scheme is radom insertion pseudo-operation.Use location due to true round key is random, therefore, is equivalent to employ radom insertion pseudo-operation safeguard procedures.Radom insertion pseudo-operation will cause real operation cannot realize alignment.In the present embodiment, as long as the position that true operation performs meets equally distributed at random, so, true operation may only have 1/N that moment.This will reduce the signal to noise ratio of bypass attack greatly.
Claims (6)
1. the circuits bypass based on pseudo-operation is attacked and is resisted method, it is characterized in that, first round SMS4 computations is carried out with m pseudo-round key and 1 true round key composition round key sequence, and the first round SMS4 cryptographic calculation results participated in by true round key is carried out second and is taken turns SMS4 computations, obtains required ciphertext.
2. method according to claim 1, is characterized in that, described key wheel sequence is by round key random selecting circuit or upset at random in circuit trailing wheel crypto key memory by round key memory and select to obtain.
3. method according to claim 1 and 2, is characterized in that, described key wheel sequence obtains especially by any one mode following:
1. generate m pseudo-round key and a true round key, then utilize round key memory to upset circuit at random and upset at random, and record the position of true round key, or
2. determine the sequence number K that true round key performs, and in round key sequence other m pseudo-round key by selecting to obtain in round key random selecting circuit trailing wheel crypto key memory.
4. method according to claim 1, is characterized in that, described first round SMS4 computations refers to: plaintext to be encrypted and the key in round key sequence are carried out round function iterative computation successively.
5. method according to claim 1, it is characterized in that, described second takes turns SMS4 computations refers to: cryptographic calculation results true key in first round SMS4 computations participated in is as input, the round function that 32 iteration are carried out in circulation calculates, get last to take turns, namely the 32nd round function result of calculation of taking turns exports as ciphertext.
6. one kind realizes the system of method described in above-mentioned arbitrary claim, it is characterized in that, comprise: first round cycle wheel functional circuit module, first round round key selection circuit module, (m+1) individual round key register, the round function circuit module of SMS4, the round key generative circuit module of SMS4, wherein: first round cycle wheel functional circuit module is connected with the round function circuit module of SMS4 and transmits and truly takes turns operation result, (m+1) individual round key memory is connected with round key selection circuit and transmits true and false round key, the round key generative circuit of SMS4 is connected with the round function circuit module of SMS4 with (m+1) individual round key memory and transmits true round key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510112314.5A CN104734842B (en) | 2015-03-13 | 2015-03-13 | Method is resisted in circuits bypass attack based on pseudo-operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510112314.5A CN104734842B (en) | 2015-03-13 | 2015-03-13 | Method is resisted in circuits bypass attack based on pseudo-operation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104734842A true CN104734842A (en) | 2015-06-24 |
| CN104734842B CN104734842B (en) | 2018-06-08 |
Family
ID=53458306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510112314.5A Active CN104734842B (en) | 2015-03-13 | 2015-03-13 | Method is resisted in circuits bypass attack based on pseudo-operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104734842B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897401A (en) * | 2016-06-21 | 2016-08-24 | 上海观源信息科技有限公司 | Bit-based universal differential power consumption analysis method and system |
| CN106817215A (en) * | 2016-12-07 | 2017-06-09 | 清华大学 | Supply network verification method on a kind of piece for bypass attack |
| CN107154843A (en) * | 2017-05-18 | 2017-09-12 | 北京万协通信息技术有限公司 | A kind of system for implementing hardware of the SM4 algorithms of anti-power consumption attack |
| CN107980212A (en) * | 2017-09-06 | 2018-05-01 | 福建联迪商用设备有限公司 | The encryption method and computer-readable recording medium of anti-DPA attacks |
| WO2018174819A1 (en) * | 2017-03-20 | 2018-09-27 | Nanyang Technological University | Hardware security to countermeasure side-channel attacks |
| CN108650072A (en) * | 2018-03-28 | 2018-10-12 | 杭州朔天科技有限公司 | It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method |
| CN108737073A (en) * | 2018-06-22 | 2018-11-02 | 北京智芯微电子科技有限公司 | The method and apparatus that power analysis is resisted in block encryption operation |
| CN108847924A (en) * | 2018-04-22 | 2018-11-20 | 平安科技(深圳)有限公司 | Encryption method, device, computer equipment and storage medium |
| CN109039590A (en) * | 2017-06-09 | 2018-12-18 | 深圳九磊科技有限公司 | Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack |
| CN110263586A (en) * | 2019-06-19 | 2019-09-20 | 广西师范大学 | A kind of hardware security appraisal procedure of chaos cipher system |
| CN110795775A (en) * | 2018-08-03 | 2020-02-14 | 紫光同芯微电子有限公司 | A kind of encryption method and device for non-volatile memory in security chip |
| US11177933B2 (en) * | 2019-03-24 | 2021-11-16 | Google Llc | Side channel timing attack mitigation in securing data in transit |
| US11258579B2 (en) * | 2018-02-26 | 2022-02-22 | Stmicroelectronics (Rousset) Sas | Method and circuit for implementing a substitution table |
| US11265145B2 (en) | 2018-02-26 | 2022-03-01 | Stmicroelectronics (Rousset) Sas | Method and device for performing substitution table operations |
| US11824969B2 (en) | 2018-02-26 | 2023-11-21 | Stmicroelectronics (Rousset) Sas | Method and circuit for performing a substitution operation |
| CN117614608A (en) * | 2024-01-22 | 2024-02-27 | 南京航空航天大学 | NTT (network time Table) defense method for resisting energy analysis attack |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753357A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Differential power analysis shielding circuit applied to DES encryption chip |
| CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
| US20120069997A1 (en) * | 2010-09-21 | 2012-03-22 | Takeshi Kawabata | Encription device and decryption device |
| CN102447556A (en) * | 2010-10-14 | 2012-05-09 | 上海华虹集成电路有限责任公司 | DES encryption method for resisting differential power analysis based on random offset |
| CN102970132A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm |
| CN103138917A (en) * | 2013-01-25 | 2013-06-05 | 国家密码管理局商用密码检测中心 | Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input |
| CN104202145A (en) * | 2014-09-04 | 2014-12-10 | 成都信息工程学院 | Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm |
| CN104301088A (en) * | 2014-09-20 | 2015-01-21 | 北京电子科技学院 | Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method |
| CN104333447A (en) * | 2014-11-26 | 2015-02-04 | 上海爱信诺航芯电子科技有限公司 | SM4 method capable of resisting energy analysis attack |
| CN104378196A (en) * | 2014-11-07 | 2015-02-25 | 昆腾微电子股份有限公司 | Method and device for safely executing encryption and decryption algorithm |
-
2015
- 2015-03-13 CN CN201510112314.5A patent/CN104734842B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753357A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Differential power analysis shielding circuit applied to DES encryption chip |
| CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
| US20120069997A1 (en) * | 2010-09-21 | 2012-03-22 | Takeshi Kawabata | Encription device and decryption device |
| CN102447556A (en) * | 2010-10-14 | 2012-05-09 | 上海华虹集成电路有限责任公司 | DES encryption method for resisting differential power analysis based on random offset |
| CN102970132A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm |
| CN103138917A (en) * | 2013-01-25 | 2013-06-05 | 国家密码管理局商用密码检测中心 | Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input |
| CN104202145A (en) * | 2014-09-04 | 2014-12-10 | 成都信息工程学院 | Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm |
| CN104301088A (en) * | 2014-09-20 | 2015-01-21 | 北京电子科技学院 | Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method |
| CN104378196A (en) * | 2014-11-07 | 2015-02-25 | 昆腾微电子股份有限公司 | Method and device for safely executing encryption and decryption algorithm |
| CN104333447A (en) * | 2014-11-26 | 2015-02-04 | 上海爱信诺航芯电子科技有限公司 | SM4 method capable of resisting energy analysis attack |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897401A (en) * | 2016-06-21 | 2016-08-24 | 上海观源信息科技有限公司 | Bit-based universal differential power consumption analysis method and system |
| CN105897401B (en) * | 2016-06-21 | 2018-12-07 | 上海观源信息科技有限公司 | General differential power consumption analysis method and system based on bit |
| CN106817215A (en) * | 2016-12-07 | 2017-06-09 | 清华大学 | Supply network verification method on a kind of piece for bypass attack |
| CN106817215B (en) * | 2016-12-07 | 2019-09-20 | 清华大学 | A verification method for on-chip power supply network against side-channel attacks |
| WO2018174819A1 (en) * | 2017-03-20 | 2018-09-27 | Nanyang Technological University | Hardware security to countermeasure side-channel attacks |
| US11227071B2 (en) | 2017-03-20 | 2022-01-18 | Nanyang Technological University | Hardware security to countermeasure side-channel attacks |
| CN107154843A (en) * | 2017-05-18 | 2017-09-12 | 北京万协通信息技术有限公司 | A kind of system for implementing hardware of the SM4 algorithms of anti-power consumption attack |
| CN109039590A (en) * | 2017-06-09 | 2018-12-18 | 深圳九磊科技有限公司 | Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack |
| WO2019047062A1 (en) * | 2017-09-06 | 2019-03-14 | 福建联迪商用设备有限公司 | Anti-dpa attack encryption method and computer-readable storage medium |
| CN107980212A (en) * | 2017-09-06 | 2018-05-01 | 福建联迪商用设备有限公司 | The encryption method and computer-readable recording medium of anti-DPA attacks |
| US11258579B2 (en) * | 2018-02-26 | 2022-02-22 | Stmicroelectronics (Rousset) Sas | Method and circuit for implementing a substitution table |
| US11824969B2 (en) | 2018-02-26 | 2023-11-21 | Stmicroelectronics (Rousset) Sas | Method and circuit for performing a substitution operation |
| US11265145B2 (en) | 2018-02-26 | 2022-03-01 | Stmicroelectronics (Rousset) Sas | Method and device for performing substitution table operations |
| CN108650072A (en) * | 2018-03-28 | 2018-10-12 | 杭州朔天科技有限公司 | It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method |
| CN108650072B (en) * | 2018-03-28 | 2021-04-20 | 杭州朔天科技有限公司 | Anti-attack circuit implementation method of chip supporting multiple symmetric cryptographic algorithms |
| CN108847924A (en) * | 2018-04-22 | 2018-11-20 | 平安科技(深圳)有限公司 | Encryption method, device, computer equipment and storage medium |
| WO2019205407A1 (en) * | 2018-04-22 | 2019-10-31 | 平安科技(深圳)有限公司 | Encryption method and apparatus, and computer device and storage medium |
| CN108737073A (en) * | 2018-06-22 | 2018-11-02 | 北京智芯微电子科技有限公司 | The method and apparatus that power analysis is resisted in block encryption operation |
| CN110795775A (en) * | 2018-08-03 | 2020-02-14 | 紫光同芯微电子有限公司 | A kind of encryption method and device for non-volatile memory in security chip |
| US11177933B2 (en) * | 2019-03-24 | 2021-11-16 | Google Llc | Side channel timing attack mitigation in securing data in transit |
| US11706015B2 (en) | 2019-03-24 | 2023-07-18 | Google Llc | Side channel timing attack mitigation in securing data in transit |
| CN110263586A (en) * | 2019-06-19 | 2019-09-20 | 广西师范大学 | A kind of hardware security appraisal procedure of chaos cipher system |
| CN117614608A (en) * | 2024-01-22 | 2024-02-27 | 南京航空航天大学 | NTT (network time Table) defense method for resisting energy analysis attack |
| CN117614608B (en) * | 2024-01-22 | 2024-04-16 | 南京航空航天大学 | A NTT defense method against energy analysis attacks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104734842B (en) | 2018-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104734842A (en) | Resisting method of circuit on side channel attack based on pseudo-operation | |
| CN104734845B (en) | Bypass attack means of defence based on full Encryption Algorithm pseudo-operation | |
| KR102628466B1 (en) | Block cryptographic method for encrypting/decrypting messages and cryptographic devices for implementing this method | |
| CN107005404B (en) | Processor apparatus implementing executable white-box mask implementations of cryptographic algorithms | |
| US20170373832A1 (en) | Methods and devices against a side-channel analysis | |
| EP3143720B1 (en) | Differential power analysis countermeasures | |
| US11431491B2 (en) | Protection of the execution of cipher algorithms | |
| WO2015117144A1 (en) | Countermeasures against side-channel attacks on cryptographic algorithms using permutations | |
| CN107769910A (en) | A kind of anti-side channel analysis DES means of defences and circuit based on Latch PUF | |
| CN103404073B (en) | Protection for passive monitoring | |
| Pan et al. | One fault is all it needs: Breaking higher-order masking with persistent fault analysis | |
| US9544132B2 (en) | Cryptographic method for protecting a key hardware register against fault attacks | |
| CN104301095A (en) | DES round operation method and circuit | |
| WO2017173136A9 (en) | Key update for masked keys | |
| US8958556B2 (en) | Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component | |
| CN111224770B (en) | Comprehensive protection method for resisting side channel and fault attack based on threshold technology | |
| CN108737073B (en) | Method and device for resisting energy analysis attack in block encryption operation | |
| CN108123792B (en) | Power consumption scrambling method of SM4 algorithm circuit | |
| CN106936822B (en) | Mask implementation method and system for resisting high-order bypass analysis aiming at SMS4 | |
| CN105897398A (en) | Key protection method and system for use in DES (Data Encryption Standard) encryption process | |
| Wadi et al. | A low cost implementation of modified advanced encryption standard algorithm using 8085A microprocessor | |
| Hong et al. | Hardware implementation for fending off side-channel attacks | |
| Liu et al. | Improving tag generation for memory data authentication in embedded processor systems | |
| Zhang et al. | A fast image encryption scheme based on public image and chaos | |
| Zhang et al. | New Countermeasures against Differential Fault Attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |