CN104734845B - Bypass attack means of defence based on full Encryption Algorithm pseudo-operation - Google Patents
Bypass attack means of defence based on full Encryption Algorithm pseudo-operation Download PDFInfo
- Publication number
- CN104734845B CN104734845B CN201510133523.8A CN201510133523A CN104734845B CN 104734845 B CN104734845 B CN 104734845B CN 201510133523 A CN201510133523 A CN 201510133523A CN 104734845 B CN104734845 B CN 104734845B
- Authority
- CN
- China
- Prior art keywords
- key
- true
- pseudo
- sms4
- round
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
A kind of bypass attack means of defence based on full Encryption Algorithm pseudo-operation of computer security technical field, key sequence is formed with m pseudo- key and 1 true key and carries out multiple SMS4 computations, and the SMS4 cryptographic calculation results that true key participates in are obtained into required ciphertext.The position for the true operation that the present invention generates is random, makes attacker that can not be aligned power consumption profile, to cannot achieve attack.In addition, the use of pseudo- key can generate interference effect to bypass attack, so that bypass attack fails.This scheme is divided into the cryptochannel implementation protection that devices at full hardware is realized and software transfer mode is realized, can not be modified hardware for software transfer mode implementation and be protected without bypass attack.
Description
Technical field
It is specifically a kind of to be based on full Encryption Algorithm pseudo-operation the present invention relates to a kind of technology of computer safety field
Cryptochannel bypass attack means of defence, be applicable to SMS4 scheduling algorithm.
Background technique
In reality, cryptographic system is usually to realize using hardware or using hardware as the software of the form of expression, for example:Intelligence
Energy card, RFID, password coprocessor, SoC crypto chip, cipher machine etc..In the realization environment of these cryptographic systems, attacker
The information such as energy consumption, the electromagnetic radiation of cryptographic transformation can be observed and be measured, are possible to realize using these additional information
Code breaking more effectively than traditional mathematical analysis.Attack under this environment is usually known as " bypass attack (Side by people
Channel Attack)".In the method for bypass attack, simple power consumption analysis (SPA) and differential power consumption analysis are generally included
(DPA).SPA attack is to lead to too small amount of power consumption profile (corresponding a small amount of plaintext), utilizes the feature and its reflection of cryptographic algorithm
Feature on power consumption profile directly discloses key or associated sensitive information.DPA attack is by recording password
Equipment is encrypted to a large amount of different data or power consumption profile when decryption oprerations, is recovered from power consumption profile using statistical method close
Key in decoding apparatus.
The appearance of bypass attack method, which constitutes many present chips, has big threat, therefore, corresponding to occur
The means of defence of a variety of bypass attacks.More commonly used guard technology has concealing technology and mask technology.The mesh of hiding strategy
Mark is the power consumption for eliminating encryption device and the correlation between operation performed by equipment and handled median.And mask skill
Art is by randomized message and key, so that the relationship of key and power consumption can not be established.In concealing technology, wherein having time
Hiding in dimension, this includes two kinds of hidden methods of radom insertion pseudo-operation and out-of-order operation.Radom insertion pseudo-operation is close
Code algorithm executes the operation of some vacations of radom insertion in front and back and execution.This method can destroy the alignment of true operation,
So that attack effect substantially reduces in by bypass attack.Random ordering operation is in certain cryptographic algorithms, and specific operation is held
Row sequence can arbitrarily change, thus can introduce randomness by changing the execution sequence of these operations.
The shortcomings that mask means of defence, is that the mask for nonlinear operation (such as S box) can make circuit area become
Very big, cost can be very high, and can not protect and reveal completely.And concealing technology is only reduction of the noise of leakage signal
Than not protecting bypass attack fundamentally.And the combination of pseudo-operation and out-of-order operation that we design, it on the one hand will be true close
Key has been accomplished to hide really, and still further aspect also reduces signal-to-noise ratio, uses alternatively, it is also possible to combine with mask technology,
Any conflict will not be generated.
SM4 is based on national standard GM/T 0002-2012《SM4 block cipher》(former SMS4 block cipher)
Encryption Algorithm, which is symmetry algorithm, and key length and block length are 128, and Encryption Algorithm and cipher key spreading are calculated
Method all uses 32 wheel nonlinear iteration structures.Decipherment algorithm is identical as the structure of Encryption Algorithm, only the use sequence of round key
On the contrary, decryption round key is the backward of encryption round key.
After searching and discovering the prior art, Chinese patent literature CN103546277A discloses (bulletin) day
2014.01.29, disclose the DPA attack and key recovery method and system of a kind of smart card SM4 algorithm, method include with
Lower step:Step 1 carries out DPA attack to 4 wheels before SM4 algorithm for encryption process, obtains the sub-key of preceding 4 wheel;Step 2, benefit
Restore SM4 key with 4 obtained respective loops.SM4 on smart card may be implemented using method and system described in the technology to calculate
The DPA of method is attacked, and restores SM4 encryption key, verifies the anti-attack ability of SM4 algorithm on smart card.
Chinese patent literature CN103227717A discloses (bulletin) day 2013.07.31, discloses a kind of selection round key
Exclusive or input carries out the application of SM4 cryptographic algorithm side channel energy analysis, and core is to carry out SM4 cryptographic algorithm side channel energy
It measures in analytic process, S box or round function is selected to establish Hamming distance model as the point of attack, using the input of round key exclusive or as the Chinese
The front and continued state v1 of prescribed distance model, when attacking S box, the successor states v2 of Hamming distance (HD (v1, v2)) model is S
Box output;When attacking round function, the successor states v2 of Hamming distance (HD (v1, v2)) model be round function output/it is defeated
Enter.
Chinese patent literature CN102546157A discloses (bulletin) day 2012.07.04, discloses a kind of resistance energy point
The random Hybrid Encryption system and its implementation of analysis, the technological system are updated by pseudo-random sequence PN128 generation module, S box
Module, mask correction value generation module, plaintext input register, pseudo-random sequence PN64 generation module, gating circuit A, gating
11 circuit B, SMS4 encrypting module, AES encryption module, Port Multiplier, ciphertext output register parts form.The technology is for the first time
A kind of random Hybrid Encryption system and its implementation for resisting energy spectrometer is proposed, by pseudo-random sequence PN64, to bright
It is literary to be encrypted at random using AES the SMS4 algorithm based on mask technology, all basic circuits in hardware algorithm realization
Unit is realized by symmetric circuit, and simple and differential power analysis has fundamentally been prevented, and encryption system has a variety of work
Mode is suitable for different scenes.But the technology can not in the case where certain be distinctly claimed using single algorithm such as SMS4 algorithm
Processing, in addition, this protection can not completely eliminate if being hybrid protective (the not considering mask) angle from algorithm to consider
DPA attack, because we can malfunction conjecture algorithm as a kind of noise, this protectiving scheme is only the reduction of letter
It makes an uproar and compares, increase the difficulty of DPA attack.
Chinese patent literature CN102412963A and CN102360414A individually disclose a kind of based on random sequence
There is the encryption method for misleading function and a kind of encryption method misled that can correct pseudo-random sequence, which can be with
Pseudo- key is obtained, so as to mislead cryptanalysis person, this misleading is decided by internal layer key, any in order to carry out
Misleading, sub-key is generated using long random sequence, long random sequence can be generated by quantum-key distribution.For in document
Label use special processing mode so that even if it is defined label be likely to occur in the text, will not still obscure.Encryption
When need a keyword database, internal layer encryption carries out the expansion of keyword using database, and outer layer is encrypted and adopted
With traditional encryption method.Support without database when the technology is decrypted, the problem of avoiding database synchronization.The technology
Certain use value is all had in encryption application on various occasions, especially in military affairs.But the technology is directed to that " buffing is hard
Bubble " attack method, is protected by misleading the readability of the plaintext after decrypting.This method does not have effect for bypass attack.
Sometimes chip flow molding, cannot modify hardware at this time, need to consider how to come real from software transfer angle
Now protect the purpose of bypass attack.
Summary of the invention
The present invention In view of the above shortcomings of the prior art, proposes that a kind of bypass based on full Encryption Algorithm pseudo-operation is attacked
Means of defence is hit, algorithm is executed by pseudo- key and cracks difficulty to increase substantially.
The present invention is achieved by the following technical solutions:
The present invention relates to a kind of bypass attack means of defence based on full Encryption Algorithm pseudo-operation, entire calculating performs more
Secondary Encryption Algorithm operation, in this multiple cryptographic operation, key used in the calculating of SMS algorithm is from m pseudo- key
It is chosen in the series of key composed by 1 true key.Whole operation has obtained multiple encrypted result, and only once
The result is that ciphertext required for true.
The key sequence randomly selects circuit (or software i.e. software transfer mode is realized, similarly hereinafter) or logical by key
It crosses crypto key memory and upsets mechanism at random and select to obtain from crypto key memory, specially:
1. generate m pseudo- key and a true key, then upset at random using crypto key memory mechanism progress with
Machine is upset, and records the position of true key, or
2. determine the serial number K that true key executes, and other m puppets keys by key randomly select machine in key sequence
Structure selects to obtain from crypto key memory.
To in above two key sequence generation method, can only make first 32 of pseudo- key be true key difference,
Key storage space is saved with this, need to only reach the requirement for making the round key of the first round different.
The SMS4 computations refer to:Plaintext to be encrypted and each wheel round key of each generation are subjected to Encryption Algorithm
Round function iterative calculation.The round function the number of iterations of SMS4 algorithm is 32 times.
It is exported after 32 round function iterative calculation using the calculated result of true key as ciphertext.
The present invention relates to a kind of systems for realizing the above method, including:Round function circuit module, the key of SMS4 selects machine
The cycle wheel key generator circuitry module of structure module, (m+1) a crypto key memory, SMS4.Wherein:(m+1) a key memory
It is connected with key selection circuit and transmits true and false key, the key generator circuitry of SMS4 and the round function circuit module of SMS4 and (m
+ 1) a round key memory is connected and transmits true round key.
Technical effect
Compared with prior art, the present invention execute true SMS4 operation position it is random, make attacker that can not be aligned power consumption
Curve, to cannot achieve attack.In addition, algorithm is executed due to using pseudo- key, so that attempting to this protection chip
When attack, interference effect can be generated to bypass attack.
Detailed description of the invention
Fig. 1 is 1 flow diagram of embodiment.
Fig. 2 is that embodiment 1 arranges the logarithm that true and false round key uses and shuffles schematic diagram.(wherein sub-key indicates 128 bits
Preceding 32 bit of key)
Fig. 3 is 2 flow diagram of embodiment.
Fig. 4 is 3 flow diagram of embodiment.
Fig. 5 is 4 flow diagram of embodiment.
Specific embodiment
It elaborates below to the embodiment of the present invention, the present embodiment carries out under the premise of the technical scheme of the present invention
Implement, the detailed implementation method and specific operation process are given, but protection scope of the present invention is not limited to following implementation
Example.
Embodiment 1
As shown in Figure 1, N=m+1 in the present embodiment.N and m respectively indicates the execution number and puppet cipher key number of SMS4 algorithm
Amount.
The present embodiment realization device includes:The round function generation module of based on SMS 4,1 true key memory, m puppet
Crypto key memory, crypto key memory upset circuit, cycle wheel key generator circuitry at random, wherein:The round function of SMS4 and period
Round key generative circuit and transmit, key storage upsets that circuit is connected and transmits, key upsets circuit at random with key at random
It is connected with cycle wheel key generator circuitry.
The round function generation module of the based on SMS 4 is:I.e. normal SMS4 round function.
The true key memory of described 1 is:4 32 registers, to be used to store 128 keys.
Described m pseudo- crypto key memory be:M 32 registers, to be used to store m 32 pseudo- keys.
The round key memory upsets circuit at random:One is placed on first 32 of m pseudo- key and true key
It rises and then upsets circuit at random using crypto key memory and upset at random, record the position of true round key.And successively
Latter 96 keys for forming 128 together of 32 after upsetting and true key pass to cycle wheel key generator circuitry, raw
At round key.
According to upper described, the present embodiment, which refers to, is performed a plurality of times (n times) SMS4 algorithm, key therein can be true key or
First 32 of pseudo- key replacement true key, the course of work that the present embodiment is related to above-mentioned apparatus is as follows:
1. these pseudo- key needs have the characteristics that firstly the need of m pseudo- key is saved:The corresponding each word of pseudo- key
Section is different, this is used to guarantee that the round key for some S box when calculating the first round of SMS4 algorithm is different
's.
2. encryption starts every time, first 32 key storages of putting together and then utilize of m pseudo- key and true key
Device is upset circuit at random and is upset at random, and the position of true round key is recorded (at the time of i.e. true round key executes).
3. being then successively conveyed to the life of period round key according to latter 96 of 32 keys upset at random and true key
At circuit, start to execute n times SMS4 algorithm, wherein true result is stored in R1, pseudo-operation is stored in R2.
A cycle wheel key generator circuitry will be executed before executing round function generates epicycle round key.
4. finally taking the result in R1 as ciphertext.
Embodiment 2
As shown in figure 3, N in the present embodiment>m.N and m respectively indicates the execution number and puppet number of keys of SMS4 algorithm.
The present embodiment realization device includes:A key memory of round function generation module, (m+1) of based on SMS 4, period
Round key generative circuit, round key randomly select circuit, wherein:The round function module of SMS4 and cycle wheel key generator circuitry phase
Connect and transmit, period round function generation module is connected and is transmitted with key storage, pseudo- key storage and period key are random
Selecting circuit is connected and transmits.
The key randomly selects circuit:At the time of first positioning true key executes SMS4 algorithm, and it is other pseudo-
The selection of key be repeat to choose at random from optional pseudo- key, and take latter 96 of true key combine together 128 it is close
Key is transferred to cycle wheel key production module.
The present embodiment is the difference from embodiment 1 is that different in the selection method of key.The present embodiment selects key
Mode is at the time of first positioning true round key corresponding execution SMS4 algorithm, and other SMS4 using pseudo- key execute it is close
The selection of key is to repeat to choose at random from optional pseudo- key.
Embodiment 3
Embodiment 3 is software transfer mode, and the selection mode of key is same as Example 1.
The application scenarios of embodiment 3 are that hardware implementation cannot be changed, and are implemented and embodiment 1 by software transfer mode
The bypass attack protectiving scheme of effect same.
Embodiment 4
Embodiment 4 is software transfer mode, and the selection mode of key is same as Example 2.
The application scenarios of embodiment 4 are that hardware implementation cannot be changed, and are implemented and embodiment 2 by software transfer mode
The bypass attack protectiving scheme of effect same.
Effect analysis
SMS4 is complete, and algorithm puppet behaviour bypass attack makees the explanation that protectiving scheme resists DPA attack:
For hard-wired SMS4, due to the presence that key is obscured, median in the register of each round and
32 round key have relationship.To carry out common DPA attack, it is necessary to while guessing 32 round key, in current attack
Under the conditions of cannot still reach, therefore at present be directed to such hard-wired SMS4 bypass attack, it is known that DPA method all be use
Select the mode of plaintext.
It is merely able to attack the realization of SMS4 since the first round using the DPA attack method of selection clear-text way.Above-mentioned reality
The method that example uses pseudo-operation is applied, so that, for embodiment 1, theoretically coming when attacker is when attacking the first round
It says, it is the same for obtaining the probability of true key and pseudo- key.Therefore, it is impossible to distinguish true operation and pseudo-operation, accomplish
True key is sufficiently obscured with pseudo- key.In addition, when the number (i.e. security parameter) of pseudo-operation is equal to 255 (maximum),
Attacker can not obtain any key information from DPA attack completely at this time, thus from theoretical and actually resisted and be directed to
The hard-wired DPA of SMS4.For embodiment 2, m=N -1 can also be allowed, at this point, it is same as Example 1 from probability,
The only difference on implementation.But also adjustable m, so that m<N -1, the probability for obtaining pseudo- round key at this time are wanted instead
Greater than the probability of true key, create a false impression to attack.
Another protectiving scheme implied in scheme is radom insertion pseudo-operation.Position is used due to true round key
Be it is random, therefore, be equivalent to and used radom insertion pseudo-operation safeguard procedures.Radom insertion pseudo-operation will lead to true behaviour
It cannot achieve alignment.In the present embodiment, if the position that true operation executes be meet it is random equally distributed, then,
Possibility of the true operation at that moment only has 1/N.This will substantially reduce the signal-to-noise ratio of bypass attack.
Another advantage of protectiving scheme is that certain known flow sheetmoldings are not added with the chip of bypass attack protection,
This method can be used to realize protection, because a little kinds of safeguard procedures do not need modification hardware, it is only necessary to repeatedly call SMS4
The ciphering process of algorithm, and use different keys.
Claims (4)
1. a kind of bypass attack guard system based on full Encryption Algorithm pseudo-operation, which is characterized in that including:The round function of SMS4
Circuit, key selection circuit, m+1 cipher key register, SMS4 round key generative circuit, wherein:M+1 cipher key register with
Key selection circuit is connected and transmits true and false round key, the round key generative circuit of SMS4 and the round function circuit and m+1 of SMS4
A cipher key register is connected and transmits true key and pseudo- key;The system is formed close with m pseudo- key and 1 true key
Key sequence carries out multiple SMS4 computations, and the SMS4 cryptographic calculation results that true key participates in are obtained required ciphertext;
The key sequence is obtained especially by any one following mode:
1. generating m pseudo- key and a true key, then upset at random using key selection circuit, and is recorded true
The position of real key, or
2. determine true key execute serial number k, and in key sequence it is other m puppet keys by key randomly select circuit from
Selection obtains in crypto key memory, or
3. generating m pseudo- key and a true key, then upset its sequence at random using software realization mode, and record
The position of true key, or
4. determine the serial number k that true key executes, and other m pseudo- key randomly selecting by software realization in key sequence
Mode selects to obtain from crypto key memory.
2. system according to claim 1, characterized in that the key sequence is deposited by key selection circuit from key
Selection obtains in reservoir.
3. system according to claim 1, characterized in that the SMS4 computations refer to:By plaintext to be encrypted
Round function iterative calculation is successively carried out by the round key that round key generative circuit generates with key sequence, and true key is taken to hold
Capable result is exported as ciphertext.
4. system according to claim 1, characterized in that the SMS4 computations refer to:By plaintext to be encrypted
The result for being transferred to hardware cryptography circuit with key sequence, and true key being taken to execute is exported as ciphertext.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510133523.8A CN104734845B (en) | 2015-03-25 | 2015-03-25 | Bypass attack means of defence based on full Encryption Algorithm pseudo-operation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510133523.8A CN104734845B (en) | 2015-03-25 | 2015-03-25 | Bypass attack means of defence based on full Encryption Algorithm pseudo-operation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104734845A CN104734845A (en) | 2015-06-24 |
CN104734845B true CN104734845B (en) | 2018-11-23 |
Family
ID=53458308
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510133523.8A Active CN104734845B (en) | 2015-03-25 | 2015-03-25 | Bypass attack means of defence based on full Encryption Algorithm pseudo-operation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104734845B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209457B (en) * | 2016-07-14 | 2019-03-12 | 北京工业大学 | Cope with the method for secret protection and system of bypass attack in smart home environment |
CN107980212A (en) * | 2017-09-06 | 2018-05-01 | 福建联迪商用设备有限公司 | The encryption method and computer-readable recording medium of anti-DPA attacks |
CN108123792B (en) * | 2017-12-19 | 2021-05-18 | 武汉瑞纳捷电子技术有限公司 | Power consumption scrambling method of SM4 algorithm circuit |
US11218291B2 (en) | 2018-02-26 | 2022-01-04 | Stmicroelectronics (Rousset) Sas | Method and circuit for performing a substitution operation |
FR3078463A1 (en) | 2018-02-26 | 2019-08-30 | Stmicroelectronics (Rousset) Sas | METHOD AND DEVICE FOR REALIZING SUBSTITUTED TABLE OPERATIONS |
FR3078464A1 (en) * | 2018-02-26 | 2019-08-30 | Stmicroelectronics (Rousset) Sas | METHOD AND CIRCUIT FOR IMPLEMENTING A SUBSTITUTION TABLE |
CN108847924A (en) * | 2018-04-22 | 2018-11-20 | 平安科技(深圳)有限公司 | Encryption method, device, computer equipment and storage medium |
TWI675578B (en) * | 2018-12-06 | 2019-10-21 | 新唐科技股份有限公司 | Encryption and decryption system, encryption device, decryption device and encryption and decryption method |
CN109257395B (en) * | 2018-12-07 | 2020-10-23 | 四川长虹电器股份有限公司 | System for defending against side-channel attack |
CN113742759B (en) * | 2021-11-04 | 2022-02-22 | 国网浙江省电力有限公司 | Data encryption method and device for financial accounting system |
CN116743379B (en) * | 2023-08-11 | 2023-10-31 | 国网天津市电力公司电力科学研究院 | Encryption transmission scheme determining method for power network data |
CN117614608B (en) * | 2024-01-22 | 2024-04-16 | 南京航空航天大学 | NTT (network time Table) defense method for resisting energy analysis attack |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
CN102447556A (en) * | 2010-10-14 | 2012-05-09 | 上海华虹集成电路有限责任公司 | DES (data encryption standard) encryption method of resisting differential power analysis based on random offset |
CN102970132A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm |
CN103138917A (en) * | 2013-01-25 | 2013-06-05 | 国家密码管理局商用密码检测中心 | Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input |
CN104202145A (en) * | 2014-09-04 | 2014-12-10 | 成都信息工程学院 | Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm |
CN104378196A (en) * | 2014-11-07 | 2015-02-25 | 昆腾微电子股份有限公司 | Method and device for safely executing encryption and decryption algorithm |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5198526B2 (en) * | 2010-09-21 | 2013-05-15 | 株式会社東芝 | Encryption device and decryption device |
-
2015
- 2015-03-25 CN CN201510133523.8A patent/CN104734845B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
CN102447556A (en) * | 2010-10-14 | 2012-05-09 | 上海华虹集成电路有限责任公司 | DES (data encryption standard) encryption method of resisting differential power analysis based on random offset |
CN102970132A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm |
CN103138917A (en) * | 2013-01-25 | 2013-06-05 | 国家密码管理局商用密码检测中心 | Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input |
CN104202145A (en) * | 2014-09-04 | 2014-12-10 | 成都信息工程学院 | Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm |
CN104378196A (en) * | 2014-11-07 | 2015-02-25 | 昆腾微电子股份有限公司 | Method and device for safely executing encryption and decryption algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN104734845A (en) | 2015-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104734845B (en) | Bypass attack means of defence based on full Encryption Algorithm pseudo-operation | |
CN104734842B (en) | Method is resisted in circuits bypass attack based on pseudo-operation | |
US10439797B2 (en) | Methods and devices against a side-channel analysis | |
CN101371480B (en) | Encryption protection method | |
EP2329622B1 (en) | Message authentication code pre-computation with applications to secure memory | |
CN103413109B (en) | A kind of mutual authentication method of radio frequency identification system | |
US20150222421A1 (en) | Countermeasures against side-channel attacks on cryptographic algorithms | |
CN108521325B (en) | Side channel attack prevention method suitable for system data full life cycle | |
US10313128B2 (en) | Address-dependent key generator by XOR tree | |
CN108964872B (en) | Encryption method and device based on AES | |
CN107769910B (en) | DES (data encryption Standard) protection method and circuit for resisting side channel attack based on L atch PUF (physical unclonable function) | |
CN107005415A (en) | For encrypting/decrypting the block encryption method of message and realize the encryption device of this method | |
US9648026B2 (en) | Cryptographic method for securely exchanging messages and device and system for implementing this method | |
CN105406957B (en) | Encryption device confrontation is protected to realize attack | |
US11431491B2 (en) | Protection of the execution of cipher algorithms | |
CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
CN106664204A (en) | Differential power analysis countermeasures | |
CN102970132A (en) | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm | |
CN103404073A (en) | Protection against passive sniffing | |
CN108737073B (en) | Method and device for resisting energy analysis attack in block encryption operation | |
CN103023634A (en) | Data encryption standard (DES) device capable of preventing difference power analysis | |
CN106656473B (en) | MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm | |
Maleki et al. | New clone-detection approach for RFID-based supply chains | |
CN203180936U (en) | DES device preventing differential power analysis (DPA) | |
Liu et al. | Improving tag generation for memory data authentication in embedded processor systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |