CN106656473A - Safe MAC calculation method and system of DES algorithm - Google Patents
Safe MAC calculation method and system of DES algorithm Download PDFInfo
- Publication number
- CN106656473A CN106656473A CN201611242353.8A CN201611242353A CN106656473A CN 106656473 A CN106656473 A CN 106656473A CN 201611242353 A CN201611242353 A CN 201611242353A CN 106656473 A CN106656473 A CN 106656473A
- Authority
- CN
- China
- Prior art keywords
- data
- encryption
- des
- share
- input data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a safe MAC calculation method and system of a DES algorithm. The method comprises the following steps: (1) blocking to-be-encrypted input data; (2) performing single DES encryption on the input data corresponding to the non-last block; (3) performing triple the DES encryption on the input data corresponding to the last block; (4) outputting a final encryption result; and in steps (2) and (3), when the input data corresponding to a key or a current block are written, the corresponding plaintext data are dispersed into two parts, namely Share _ 1 and Share _ 2, which are written in an xor manner. The system comprises a data preprocessing module, a first DES encryption module, a second DES encryption module and a data distribution module. According to the safe MAC calculation method and system disclosed by the invention, the plaintext is divided into two parts to prevent a card from suffering template attack in a key input process, thereby greatly improving the difficulty of side channel attacks and physical attacks and ensuring the integrity and reliability of the whole DES calculation process.
Description
Technical field
The present invention relates to password encryption technology, and in particular to a kind of MAC computational methods and system of safe DES algorithms.
Background technology
DES full name are Data Encryption Standard, i.e. data encryption standards, are a kind of use key encryptions
Block algorithm, is defined as federal data in 1977 and processes standard (FIPS) by the State Standard Bureau of Federal Government, and authorizes
Used in non-level of confidentiality government communication, subsequent algorithm widespread in the world.
It is related to MAC calculating in DES algorithms.MAC (Message Authentication Code) is message authentication
Code, is a kind of communication entity both sides use in cryptography authentication mechanism, it is ensured that a kind of instrument of message data integrality.Its structure
The method of making is proposed by M.Bellare, and security depends on Hash functions, therefore is also referred to as the Hash functions with key.Message is recognized
Card code is the value obtained based on key and eap-message digest, can be used for data source and sends out certification and completeness check.
The attack pattern that may be subject to using the card of DES algorithms is varied, and the purpose of attack is obtained in chip
Sensitive data.There is key directly to participate in computing in the MAC calculating process of DES algorithms, although to use during last block encryption
3DES encryption has higher level of security, but except other blocks of last block are all encrypted using 1DES, it is easy to use force
Acquisition key is cracked, is all the time the focus attacked in all kinds of chips, it is therefore desirable to fully with existing hardware
Under conditions of security mechanism, reasonable utilization software approach carries out necessary protection to the 1DES calculating process in DES-MAC calculating,
Ensure data safety during cryptographic calculation.
SCP cryptographic coprocessors are carried on Infineon's chip, can be used for des encryption calculating.Current DES-MAC was calculated
Cheng Zhong, is typically directly directly calculated key and be-encrypted data input SCP related registers, and intermediate data is with plaintext side
Formula participates in the data operation of next round, and without software protection measure the security of data operation is guaranteed, attacker uses routine
The attack meanses such as DFA, DPA, CPA, using the safety defect of hardware itself related key data can be obtained.
In existing some enhanced schemes of safety, in order to prevent DFA from attacking, calculated after ciphertext using SCP, it is right immediately
Ciphertext is done and once decrypt computing, checks whether decrypted result is consistent with the input data of cryptographic calculation, it is ensured that operation result is just
True property., this kind of scheme can increase to a certain extent the security of ciphering process, but this kind of safety shield function is more
Single, protection intensity is not enough, still there are other security breaches.
The content of the invention
For problems of the prior art, the invention provides a kind of MAC computational methods of safe DES algorithms and
System.The technical scheme is directed to the attack methods such as DFA, DPA, CPA conventional in DES-MAC calculating process, in calculating MAC
Potential leak is repaired, it is ensured that the data safety in ciphering process.
To achieve the above object of the invention, technical scheme is as follows:
A kind of MAC computational methods of safe DES algorithms, including:
(1) by input data piecemeal to be encrypted;
(2) single des encryption is carried out to the input data corresponding to non-final a piece;
(3) three des encryptions are carried out to the input data corresponding to last block;
(4) final encrypted result is exported;
In above-mentioned steps (2), (3), when writing key or the input data corresponding to current block, corresponding clear data point
Dissipating becomes Share_1 and Share_2 two parts, is write by XOR mode.
Further, the MAC computational methods of above-mentioned safe DES algorithms, by the input number corresponding to key or current block
According to clear data be separated into the method for Share_1 and Share_2 and be:Generate the random data conduct with plaintext equal length
Share_1;Clear data is carried out into xor operation with the random data, as Share_2.
Further, the MAC computational methods of above-mentioned safe DES algorithms, by the input number corresponding to key or current block
According to clear data be separated into the process of Share_1 and Share_2 and be:
Loop control variable is set and is initially 0, step is circulated when meeting cycling condition, described cycling condition is to follow
Ring control variables is less than clear data length;
Circulation step includes:The random number for producing a byte is put into Share_1 data groups, and by the random number and in plain text
Data corresponding with previous cycle control variables carry out XOR in data, and the result of generation is put into Share_2 data groups, follows
Ring control variables judges whether loop control variable meets cycling condition from increasing 1;
When loop control variable is unsatisfactory for cycling condition, Share_1 data groups are used as Share_1, Share_2 data groups
As Share_2.
Further, the MAC computational methods of above-mentioned safe DES algorithms, in step (2), carry out being adopted after single des encryption
Blind patterns carry out mask to encrypted result;
SCP register configurations are:
SCP_CFG=DEFAULT_SCP_CFG | SCP_CFG_EN_XOR_KEY;
SCP_CTRL=(handle->cipher_mode&0xff00)|FB_MODE_BLD.
Further, the MAC computational methods of above-mentioned safe DES algorithms, in step (2) and (3), carry out single des encryption
When writing the input data corresponding to key or current block with three des encryptions,
The Share_1 of corresponding data is write in corresponding register in the way of writing direct, configuration SCP registers are
XOR write mode, then the Share_2 data of corresponding data are write into corresponding register in the way of XOR.
Further, the MAC computational methods of above-mentioned safe DES algorithms, carry out also entering after single des encryption in step (2)
Row checking procedure;
The checking procedure includes:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with it is of the inverted another
Encrypted result data are compared, and abnormal operation is performed if differing twice.
Further, the MAC computational methods of above-mentioned safe DES algorithms, randomly select the forward direction and add in checking procedure
The execution sequence of close and reverse encryption.
Further, the MAC computational methods of above-mentioned safe DES algorithms, in checking procedure, carry out last time encryption
When, key is write and erase after corresponding registers corresponding key data.
Further, the MAC computational methods of above-mentioned safe DES algorithms, in step (2), are encrypted to input data
When:Many wheel cryptographic calculations are carried out, randomly select wherein one wheel carries out computing using real input data, remaining several wheel is using pseudo-
Data are carried out.
Additionally, present invention also offers the MAC computing systems of a kind of safe DES algorithm corresponding with said method,
Including:
Data preprocessing module, for by input data piecemeal to be encrypted;
First des encryption module, for XOR mode write key and it is non-final one piece corresponding to input data,
Carry out single des encryption;
Second des encryption module, for writing key and input data corresponding to last block in XOR mode, carries out three
Weight des encryption;
Data dispersed modules, for being dispersed into corresponding clear data before writing key or corresponding input data
Share_1 and Share_2 two parts.
Further, the MAC computing systems of above-mentioned safe DES algorithms, also include:
Correction verification module, for carrying out cryptographic check after single des encryption;The method of cryptographic check is:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with it is of the inverted another
Encrypted result data are compared, and abnormal operation is performed if differing twice.
Further, the MAC computing systems of above-mentioned safe DES algorithms, also include:
Control extension module, for control many wheel cryptographic calculations are carried out, and randomly select wherein one wheel using real input
Data carry out computing, and remaining several wheel is carried out using pseudo- data.
The invention has the advantages that:
1st, the present invention divides the key into two parts, write using XOR mode, it is to avoid card was input into carrying out key
The difficulty that the template that may be subject in journey is attacked, increased the difficulty that disturbance is attacked;
2nd, verified using the complement mode of DES, and be randomly assigned the order of the complement code participation computing of key and key,
Ensure the data integrity of ciphering process, increased the ability of card opposing disturbance attack and side-channel attack;
3rd, using dummy computings, actual encryption process is effectively covered, increased the difficulty of power consumption analysis.
Description of the drawings
Fig. 1 is the flow chart of MAC calculating process.
Fig. 2 is the clear data dispersion flow chart of the MAC computational methods of the DES algorithms of safety of the invention.
Fig. 3 be the MAC computational methods of the DES algorithms of safety of the invention triple des ciphering process in key A and key B
The flow chart of write corresponding registers.
Fig. 4 is the checking procedure flow process carried out after single des encryption of the MAC computational methods of the DES algorithms of safety of the invention
Figure.
Fig. 5 be the DES algorithms of safety of the invention MAC computational methods in true input data is covered using pseudo- data
The flow chart of lid.
Fig. 6 is the structured flowchart of the MAC computing systems of the DES algorithms of safety of the invention.
Specific embodiment
The present invention is described in detail with reference to the accompanying drawings and examples.
As shown in figure 1, the MAC computational methods (this example is based on IFX77 family chips) of the DES algorithms of prior art, bag
Include step in detail below:
(1) by input data according to preset format piecemeal, block number I, S101 are recorded;
With input addresses as be-encrypted data first address in the present embodiment, 8 bytes are one piece, according to the length of input data
Be-encrypted data is divided into I=(N-1)/8+1 blocks by degree N, and last block is filled out less than 8 bytes according to this area routine techniques means
Fill.
(2) counter Num initial values are set to 0, S102;
(3) Num < I-1 are judged, if then execution step (4), otherwise execution step (5), S103;
(4) key KeyA and the input data corresponding to current block, S104 are write;Carry out single des encryption, S105, encryption
As a result XOR is carried out with the input data corresponding to next piece, and using corresponding to operation result as described next piece
Input data, S106, Num are from increasing 1, S107;Return to step S103;
(5) input data corresponding to key KeyA, key KeyB and current block, S108 are then write;Carry out triple des to add
It is close, S109.
Mainly include that deblocking, single des encryption, block connect (by current block in the MAC calculating process of above-mentioned DES algorithms
Input data of the encrypted result of output with next piece does the input data after XOR as described next piece, completes described
Current block and described next piece of connection) and triple des encrypting step, wherein except triple des encryption has higher safe level
It is not easy to be broken outward, remaining flow process is both needed to safeguard protection.To solve the security breaches, the method for the present invention is in write data
When, the plaintext for being written into key and the input data corresponding to current block is dispersed into share_1 and share_2 two parts,
Write by XOR mode.
By taking IFX-M7794 chips as an example, as shown in Fig. 2 the plaintext of key or the corresponding input data of current block is disperseed
Method for Share_1 and Share_2 is:The random data of generation and plaintext equal length is used as Share_1 parts;Will be in plain text
Data carry out xor operation with the random data, used as Share_2 parts.Following manner can specifically be adopted:Circulation control is set
Variable B processed is initially 0, and step, S201 are circulated when meeting cycling condition;Cycling condition is:Loop control variable B is less than bright
Literary data length (num_bytes);Circulation step includes:The random number for producing a byte is put into Share_1 data groups,
S202, and the random number is carried out into XOR with data corresponding with previous cycle control variables in clear data, generation
As a result Share_2 data groups are put into, from increasing 1, S203, return to step S201 judges that loop control variable B is to loop control variable
It is no less than clear data length (num_bytes);
When loop control variable is unsatisfactory for cycling condition, Share_1 data groups are used as Share_1 parts, Share_2 numbers
According to group as Share_2 parts.
Through the map function of above-mentioned flow process, Share_1 and Share_2 carries out xor operation and can obtain key or current
The plaintext of the input data corresponding to block, by register configuration be XOR writing mode after, the input data being usually used is straight
Connect writing mode and replace with XOR mode and write.
Further, in above-mentioned steps (4), to carrying out during single des encryption using blind patterns, single des encryption is carried out
SCP register configurations are:
SCP_CFG=DEFAULT_SCP_CFG | SCP_CFG_EN_XOR_KEY;
SCP_CTRL=(handle->cipher_mode&0xff00)|FB_MODE_BLD.
Configure more than, SCP effectively covers the output result after every block encryption, prevents intermediate data with clear data
Reveal.
The process of data is write in the present embodiment with a scattered manner by taking triple encryptions as an example, concrete steps as shown in figure 3,
For:Configuration SCP registers are default value, S301, that is, mode of writing direct, by key A, key B Share_1 parts with direct
The mode of write is written in KeyA the and KeyB registers of SCP, S302;Configuration SCP registers are SCP_CFG_EN_XOR_
KEY patterns, S303, that is, be written into data carries out XOR and writes with data with existing in destination register;By key A, key B
Share_2 parts be respectively written into KeyA the and KeyB registers of SCP, S304 in the way of XOR write.
Further, carry out also carrying out checking procedure after single des encryption, including:Register parameters are set, positive adding is carried out
Close, encryption reads the positive encrypted result data after terminating;Register parameters are set, reverse encryption is carried out, end to be encrypted is waited
After read the reverse encryption result data;Relatively encrypted result data twice, the positive encrypted result data of comparison with it is of the inverted
Reverse encryption result data, the throw exception if differing twice.Randomly select the forward direction in checking procedure to encrypt and reverse
The carrying out order of encryption.In checking procedure, mask again is carried out after last time encryption.
The checking procedure of a specific embodiment of the invention as shown in figure 4, including:The parameter of setting SCP_CFG registers,
SCP registers are configured for XOR writing mode, S401;Toggle assignment 0 or 1, S402 are given at random;By toggle values with XOR
Mode writes corresponding registers (T0, T1 and cipher key register), and write input data starts to add to SCP_ENC_DATA registers
It is close, S403;Etc. end to be encrypted, encryption data data1, S4 are read;SCP registers are configured for XOR writing mode, S405;Instead
Turn corresponding registers (T0, T1 and cipher key register), write and identical input data in step S403 to SCP_ENC_DATA
Register, starts to encrypt, S406, and after second computations, corresponding data of erasing carries out cryptographic key protection, S407;Etc. to be added
Close result, reads encrypted result Data2, S408;Relatively Data1 and the result negated to Data2, verify if identical and pass through,
Abnormal operation is performed if difference, concrete operations are cumulative etc. including pintle hook lock, throw exception and marker bit.In above process, by
It is that the 0 of random assignment or 1, Data1 are likely to be positive encrypted result data it could also be possible that reverse encryption in toggle assignment
Result data;Nevertheless, Data2 is the complementary result data of data1, therefore, if normally, by the way that Data2 is taken
Encrypted result data after anti-must be identical with Data1.
Being mainly used in of register T0 and T1 carries out mask when encrypted result is exported to encrypted result, prevents output in plain text
Reveal.Data in T0 values and SCP_ENC_DATA can be done xor operation by hardware automatically before to input data encryption, therefore be walked
In rapid S406, T0 is inverted, and also corresponds to for inputData to have carried out reverse turn operation.
In step S406, the concrete grammar of reversion is that toggle values are negated, by toggle values of the inverted with XOR
Mode writes corresponding data register.When configuring SCP_CFG register parameters in above-mentioned steps, by returning of preventing DFA from attacking
Move back number of times register and be set to random number, increase power consumption analysis difficulty, DFA_CTR positions that also will be in SCP_CFG registers are matched somebody with somebody
Be set to the random value N of at least SCP_CFG_DFA_CTR_MIN (value be 8), represent carry out computing twice to last N wheels with
Check the correctness of computing, it is therefore an objective to prevent DFA from attacking.Complement mode is referred to:It is to be added that hypothesis has formula DES (D, K)=C, D
Ciphertext data, K is key, and C is encrypted result.If D is negated as~D, K is negated as~K, then necessarily have DES (~D ,~K)=
~C.Just calculate in the present embodiment, inverse in calculating process, using toggle values corresponding registers is assigned to twice, obtain complementary
Operation result.In this verification mode, will just calculate, inverse order is set to random, reaches the purpose for covering true calculating.Key
Mask at once after the completion of use, prevents energy leakage.
Further, each piece of input data ciphering process adopts dummy patterns.It is encrypted predominantly at each piece
Many wheel cryptographic calculations are carried out in journey, randomly select wherein one wheel carries out computing using real input data, remaining several wheel is adopted
Pseudo- data are carried out.Fig. 5 show a specific embodiment flow process:Number N is always taken turns in setting computing, random in N to determine true calculating position
Put (such as N=5, no more than 5 wheel number at random to the 3rd wheel be actual position (realPosition), then the 3rd wheel using
Real input data is encrypted computing, and other wheel numbers carry out pseudo- calculating using pseudo- data), set loop control variable
DummyCounter initial values are 1, S501;DummyCounter is not more than when number N is always taken turns in computing and enters circulation step, S502;
Circulation step:Judge whether current dummyCounter is actual position, if so, S503 then writes true input data,
S504, if it is not, then write pseudo- input data, S505 enters after write number (true input data or for input data) to the data
Row encryption, loop control variable dummyCounter returns S502 from increasing 1, S506, judges whether dummyCounter values are little
Number N is always taken turns in computing.So true calculating and checking computations process can be covered, increasing to be monitored by electromagnetism carries out data point
The complexity of analysis.
Accordingly, as shown in fig. 6, this specific embodiment additionally provides the MAC calculating process safety guarantor based on DES algorithms
Protecting system, including:
Data preprocessing module, for by input data according to preset format piecemeal;
Block link block, for after the first des encryption module carries out single des encryption, by encrypted result with next piece
Input data carries out XOR, using operation result as described next piece of input data;
First des encryption module, for XOR mode write key and it is non-final one piece corresponding to input data,
Carry out single des encryption;
Second des encryption module, for writing key and input data corresponding to last block in XOR mode, carries out three
Weight des encryption;
Data dispersed modules, for being dispersed into corresponding clear data before writing key or corresponding input data
Share_1 and Share_2 two parts.
The above-mentioned MAC calculating process safety systems based on DES algorithms, also include:
Correction verification module, for carrying out cryptographic check after single des encryption;The method of cryptographic check is:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with it is of the inverted another
Encrypted result data are compared, and abnormal operation is performed if differing twice, and concrete operations include pintle hook lock, throw exception and mark
Remember that position is added up.
In addition, for the difficulty for further increasing power consumption analysis, the MAC calculating process safety systems based on DES algorithms
Also include:
Control extension module, for control many wheel cryptographic calculations are carried out, and randomly select wherein one wheel using real input
Data carry out computing, and remaining several wheel is carried out using pseudo- data.By above-mentioned technical proposal, this patent provides more complete
The software and hardware Preservation tactics of DES-MAC calculating process, have reached following effect:
1st, two parts are divided the key into, write using XOR mode, it is to avoid card meets with key input process is carried out
Attacked by template, greatly increase the difficulty that disturbance is attacked.
2nd, using the compensating calculation of DES, and it is randomly assigned the order of the complement code participation computing of key and key, it is ensured that encryption
The data integrity of process, increased the ability that card opposing disturbance is attacked and electromagnetic signal is attacked.
3rd, using dummy computings, actual encryption process is covered, increases the difficulty of power consumption analysis.
4th, the present invention carries out mask protection using protecting to input data to intermediate result, and encryption flow is carried out
The method such as cover, the potential leak in calculating MAC is repaired, it is ensured that the data safety in ciphering process.
Obviously, those skilled in the art can carry out the essence of various changes and modification without deviating from the present invention to the present invention
God and scope.So, if these modifications and modification to the present invention belong to the model of the claims in the present invention and its equivalent technology
Within enclosing, then the present invention is also intended to comprising these changes and modification.
Claims (12)
1. a kind of MAC computational methods of safe DES algorithms, including:
(1) by input data piecemeal to be encrypted;
(2) single des encryption is carried out to the input data corresponding to non-final a piece;
(3) three des encryptions are carried out to the input data corresponding to last block;
(4) final encrypted result is exported;
In above-mentioned steps (2), (3), when writing key or the input data corresponding to current block, corresponding clear data is dispersed into
For Share_1 and Share_2 two parts, write by XOR mode.
2. as claimed in claim 1 MAC computational methods of the DES algorithms of safety, it is characterised in that key or current block institute is right
The clear data of the input data answered is separated into Share_1 and the method for Share_2 is:Generate random with plaintext equal length
Data are used as Share_1;Clear data is carried out into xor operation with the random data, as Share_2.
3. as claimed in claim 2 MAC computational methods of the DES algorithms of safety, it is characterised in that key or current block institute is right
The clear data of the input data answered is separated into Share_1 and the process of Share_2 is:
Loop control variable is set and is initially 0, step is circulated when meeting cycling condition, described cycling condition is circulation control
Variable processed is less than clear data length;
Circulation step includes:The random number for producing a byte is put into Share_1 data groups, and by the random number and clear data
In data corresponding with previous cycle control variables carry out XOR, the result of generation is put into Share_2 data groups, circulation control
Variable processed judges whether loop control variable meets cycling condition from increasing 1;
When loop control variable is unsatisfactory for cycling condition, Share_1 data groups are used as Share_1, Share_2 data group conducts
Share_2。
4. as claimed in claim 1 MAC computational methods of the DES algorithms of safety, it is characterised in that:In step (2), list is carried out
Mask is carried out to encrypted result using blind patterns after des encryption;
SCP register configurations are:
SCP_CFG=DEFAULT_SCP_CFG | SCP_CFG_EN_XOR_KEY;
SCP_CTRL=(handle->cipher_mode&0xff00)|FB_MODE_BLD.
5. as claimed in claim 4 MAC computational methods of the DES algorithms of safety, it is characterised in that:In step (2) and (3), enter
Row list des encryption and three des encryptions write key or current block corresponding to input data when, by phase in the way of writing direct
The Share_1 for answering data is write in corresponding register, and configuration SCP registers are XOR write mode, then in the way of XOR
The Share_2 data of corresponding data are write into corresponding register.
6. as described in any one of claim 1 to 5 safety DES algorithms MAC computational methods, it is characterised in that:In step (2)
Carry out also carrying out checking procedure after single des encryption;
The checking procedure includes:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with another encryption of the inverted
Result data is compared, and abnormal operation is performed if differing twice.
7. as claimed in claim 6 MAC computational methods of the DES algorithms of safety, it is characterised in that:Randomly select in checking procedure
The positive encryption and the execution sequence of reverse encryption.
8. as claimed in claim 6 MAC computational methods of the DES algorithms of safety, it is characterised in that:In checking procedure, carry out most
When once encrypting afterwards, key is write and erase after corresponding registers corresponding key data.
9. as claimed in claim 1 MAC computational methods of the DES algorithms of safety, it is characterised in that:In step (2), to being input into number
During according to carrying out single des encryption, many wheel cryptographic calculations are carried out, randomly selecting wherein one wheel and being transported using real input data
Calculate, remaining several wheel is carried out using pseudo- data.
10. a kind of MAC computing systems of safe DES algorithms, it is characterised in that include:
Data preprocessing module, for by input data piecemeal to be encrypted;
First des encryption module, for XOR mode write key and it is non-final one piece corresponding to input data, carry out list
Des encryption;
Second des encryption module, for writing key and input data corresponding to last block in XOR mode, is carried out triple
Des encryption;
Data dispersed modules, for corresponding clear data to be dispersed into Share_ before writing key or corresponding input data
1 and Share_2 two parts.
The MAC computing systems of 11. DES algorithms safe as claimed in claim 10, it is characterised in that also include:
Correction verification module, for carrying out cryptographic check after single des encryption;The method of cryptographic check is:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with another encryption of the inverted
Result data is compared, the throw exception if differing twice.
The MAC computing systems of 12. safe DES algorithms as described in claim 10 or 11, it is characterised in that also include:
Control extension module, for control many wheel cryptographic calculations are carried out, and randomly select wherein one wheel using real input data
Computing is carried out, remaining several wheel is carried out using pseudo- data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611242353.8A CN106656473B (en) | 2016-12-29 | 2016-12-29 | MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611242353.8A CN106656473B (en) | 2016-12-29 | 2016-12-29 | MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106656473A true CN106656473A (en) | 2017-05-10 |
CN106656473B CN106656473B (en) | 2023-04-18 |
Family
ID=58835473
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611242353.8A Active CN106656473B (en) | 2016-12-29 | 2016-12-29 | MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106656473B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109660328A (en) * | 2018-12-26 | 2019-04-19 | 中金金融认证中心有限公司 | Symmetric block encryption method, apparatus, equipment and medium |
CN111294199A (en) * | 2018-12-06 | 2020-06-16 | 新唐科技股份有限公司 | Encryption/decryption system, encryption device, decryption device, and encryption/decryption method |
CN112906070A (en) * | 2019-11-19 | 2021-06-04 | 硅实验室公司 | Block cipher side channel attack mitigation for security devices |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103188075A (en) * | 2013-02-01 | 2013-07-03 | 广州大学 | Secret key and true random number generator and method for generating secret key and true random number |
WO2015158821A1 (en) * | 2014-04-16 | 2015-10-22 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | System for executing code with blind hypervision mechanism |
-
2016
- 2016-12-29 CN CN201611242353.8A patent/CN106656473B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103188075A (en) * | 2013-02-01 | 2013-07-03 | 广州大学 | Secret key and true random number generator and method for generating secret key and true random number |
WO2015158821A1 (en) * | 2014-04-16 | 2015-10-22 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | System for executing code with blind hypervision mechanism |
Non-Patent Citations (3)
Title |
---|
STEVE BURNETT & STEPHEN PAINE著 冯登国 周永彬等译: "附录C 进一步的技术细节", 《密码工程实践指南》 * |
刘梦溪: "基于动态口令和云计算的支付密码服务系统的设计与实现", 《CNKI中国硕士学位论文全文数据库信息科技辑》 * |
杨坤: "向安全单元的多应用管理系统设计与实现", 《万方》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111294199A (en) * | 2018-12-06 | 2020-06-16 | 新唐科技股份有限公司 | Encryption/decryption system, encryption device, decryption device, and encryption/decryption method |
CN111294199B (en) * | 2018-12-06 | 2023-05-05 | 新唐科技股份有限公司 | Encryption/decryption system, encryption device, decryption device, and encryption/decryption method |
CN109660328A (en) * | 2018-12-26 | 2019-04-19 | 中金金融认证中心有限公司 | Symmetric block encryption method, apparatus, equipment and medium |
CN112906070A (en) * | 2019-11-19 | 2021-06-04 | 硅实验室公司 | Block cipher side channel attack mitigation for security devices |
CN112906070B (en) * | 2019-11-19 | 2024-04-16 | 硅实验室公司 | Integrated circuit and IoT devices with block cipher side channel attack mitigation and related methods |
Also Published As
Publication number | Publication date |
---|---|
CN106656473B (en) | 2023-04-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1708942B (en) | Secure implementation and utilization of device-specific security data | |
CN103716157B (en) | Grouped multiple-key encryption method and grouped multiple-key encryption device | |
US8595513B2 (en) | Method and system for protecting a cryptography device | |
CN108475237A (en) | Storage operation is encrypted | |
US9166800B2 (en) | Authentication method, authentication system, and authentication chip using common key cryptography | |
JPH10154976A (en) | Tamper-free system | |
KR20160104565A (en) | Communication system and communication device | |
CN109661792B (en) | Apparatus and method for calculating block cipher | |
EP3596876B1 (en) | Elliptic curve point multiplication device and method for signing a message in a white-box context | |
CN103988461A (en) | Device and method for decrypting data | |
KR20130012940A (en) | A method of counter-measuring against side-channel attacks | |
CN103404073B (en) | Protection for passive monitoring | |
CN108111524A (en) | Terminal data protection method and system based on private key dynamic generation mechanism | |
CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
KR20200022018A (en) | How to protect the encryption process using SBOX from high order side channel attacks | |
US7779272B2 (en) | Hardware cryptographic engine and encryption method | |
US9544132B2 (en) | Cryptographic method for protecting a key hardware register against fault attacks | |
CN104243137B (en) | The method of data handling system and initialization data processing system | |
US20120036371A1 (en) | Protection from cryptoanalytic side-channel attacks | |
EP3641219A1 (en) | Puf based securing of device update | |
CN106656473A (en) | Safe MAC calculation method and system of DES algorithm | |
EP3891925B1 (en) | A computation device using shared shares | |
US8958556B2 (en) | Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component | |
CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
Saha et al. | White-box cryptography based data encryption-decryption scheme for iot environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |