CN106656473A - Safe MAC calculation method and system of DES algorithm - Google Patents

Safe MAC calculation method and system of DES algorithm Download PDF

Info

Publication number
CN106656473A
CN106656473A CN201611242353.8A CN201611242353A CN106656473A CN 106656473 A CN106656473 A CN 106656473A CN 201611242353 A CN201611242353 A CN 201611242353A CN 106656473 A CN106656473 A CN 106656473A
Authority
CN
China
Prior art keywords
data
encryption
des
share
input data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611242353.8A
Other languages
Chinese (zh)
Other versions
CN106656473B (en
Inventor
冯知非
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing WatchSmart Technologies Co Ltd
Original Assignee
Beijing WatchSmart Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchSmart Technologies Co Ltd filed Critical Beijing WatchSmart Technologies Co Ltd
Priority to CN201611242353.8A priority Critical patent/CN106656473B/en
Publication of CN106656473A publication Critical patent/CN106656473A/en
Application granted granted Critical
Publication of CN106656473B publication Critical patent/CN106656473B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention discloses a safe MAC calculation method and system of a DES algorithm. The method comprises the following steps: (1) blocking to-be-encrypted input data; (2) performing single DES encryption on the input data corresponding to the non-last block; (3) performing triple the DES encryption on the input data corresponding to the last block; (4) outputting a final encryption result; and in steps (2) and (3), when the input data corresponding to a key or a current block are written, the corresponding plaintext data are dispersed into two parts, namely Share _ 1 and Share _ 2, which are written in an xor manner. The system comprises a data preprocessing module, a first DES encryption module, a second DES encryption module and a data distribution module. According to the safe MAC calculation method and system disclosed by the invention, the plaintext is divided into two parts to prevent a card from suffering template attack in a key input process, thereby greatly improving the difficulty of side channel attacks and physical attacks and ensuring the integrity and reliability of the whole DES calculation process.

Description

A kind of MAC computational methods and system of safe DES algorithms
Technical field
The present invention relates to password encryption technology, and in particular to a kind of MAC computational methods and system of safe DES algorithms.
Background technology
DES full name are Data Encryption Standard, i.e. data encryption standards, are a kind of use key encryptions Block algorithm, is defined as federal data in 1977 and processes standard (FIPS) by the State Standard Bureau of Federal Government, and authorizes Used in non-level of confidentiality government communication, subsequent algorithm widespread in the world.
It is related to MAC calculating in DES algorithms.MAC (Message Authentication Code) is message authentication Code, is a kind of communication entity both sides use in cryptography authentication mechanism, it is ensured that a kind of instrument of message data integrality.Its structure The method of making is proposed by M.Bellare, and security depends on Hash functions, therefore is also referred to as the Hash functions with key.Message is recognized Card code is the value obtained based on key and eap-message digest, can be used for data source and sends out certification and completeness check.
The attack pattern that may be subject to using the card of DES algorithms is varied, and the purpose of attack is obtained in chip Sensitive data.There is key directly to participate in computing in the MAC calculating process of DES algorithms, although to use during last block encryption 3DES encryption has higher level of security, but except other blocks of last block are all encrypted using 1DES, it is easy to use force Acquisition key is cracked, is all the time the focus attacked in all kinds of chips, it is therefore desirable to fully with existing hardware Under conditions of security mechanism, reasonable utilization software approach carries out necessary protection to the 1DES calculating process in DES-MAC calculating, Ensure data safety during cryptographic calculation.
SCP cryptographic coprocessors are carried on Infineon's chip, can be used for des encryption calculating.Current DES-MAC was calculated Cheng Zhong, is typically directly directly calculated key and be-encrypted data input SCP related registers, and intermediate data is with plaintext side Formula participates in the data operation of next round, and without software protection measure the security of data operation is guaranteed, attacker uses routine The attack meanses such as DFA, DPA, CPA, using the safety defect of hardware itself related key data can be obtained.
In existing some enhanced schemes of safety, in order to prevent DFA from attacking, calculated after ciphertext using SCP, it is right immediately Ciphertext is done and once decrypt computing, checks whether decrypted result is consistent with the input data of cryptographic calculation, it is ensured that operation result is just True property., this kind of scheme can increase to a certain extent the security of ciphering process, but this kind of safety shield function is more Single, protection intensity is not enough, still there are other security breaches.
The content of the invention
For problems of the prior art, the invention provides a kind of MAC computational methods of safe DES algorithms and System.The technical scheme is directed to the attack methods such as DFA, DPA, CPA conventional in DES-MAC calculating process, in calculating MAC Potential leak is repaired, it is ensured that the data safety in ciphering process.
To achieve the above object of the invention, technical scheme is as follows:
A kind of MAC computational methods of safe DES algorithms, including:
(1) by input data piecemeal to be encrypted;
(2) single des encryption is carried out to the input data corresponding to non-final a piece;
(3) three des encryptions are carried out to the input data corresponding to last block;
(4) final encrypted result is exported;
In above-mentioned steps (2), (3), when writing key or the input data corresponding to current block, corresponding clear data point Dissipating becomes Share_1 and Share_2 two parts, is write by XOR mode.
Further, the MAC computational methods of above-mentioned safe DES algorithms, by the input number corresponding to key or current block According to clear data be separated into the method for Share_1 and Share_2 and be:Generate the random data conduct with plaintext equal length Share_1;Clear data is carried out into xor operation with the random data, as Share_2.
Further, the MAC computational methods of above-mentioned safe DES algorithms, by the input number corresponding to key or current block According to clear data be separated into the process of Share_1 and Share_2 and be:
Loop control variable is set and is initially 0, step is circulated when meeting cycling condition, described cycling condition is to follow Ring control variables is less than clear data length;
Circulation step includes:The random number for producing a byte is put into Share_1 data groups, and by the random number and in plain text Data corresponding with previous cycle control variables carry out XOR in data, and the result of generation is put into Share_2 data groups, follows Ring control variables judges whether loop control variable meets cycling condition from increasing 1;
When loop control variable is unsatisfactory for cycling condition, Share_1 data groups are used as Share_1, Share_2 data groups As Share_2.
Further, the MAC computational methods of above-mentioned safe DES algorithms, in step (2), carry out being adopted after single des encryption Blind patterns carry out mask to encrypted result;
SCP register configurations are:
SCP_CFG=DEFAULT_SCP_CFG | SCP_CFG_EN_XOR_KEY;
SCP_CTRL=(handle->cipher_mode&0xff00)|FB_MODE_BLD.
Further, the MAC computational methods of above-mentioned safe DES algorithms, in step (2) and (3), carry out single des encryption When writing the input data corresponding to key or current block with three des encryptions,
The Share_1 of corresponding data is write in corresponding register in the way of writing direct, configuration SCP registers are XOR write mode, then the Share_2 data of corresponding data are write into corresponding register in the way of XOR.
Further, the MAC computational methods of above-mentioned safe DES algorithms, carry out also entering after single des encryption in step (2) Row checking procedure;
The checking procedure includes:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with it is of the inverted another Encrypted result data are compared, and abnormal operation is performed if differing twice.
Further, the MAC computational methods of above-mentioned safe DES algorithms, randomly select the forward direction and add in checking procedure The execution sequence of close and reverse encryption.
Further, the MAC computational methods of above-mentioned safe DES algorithms, in checking procedure, carry out last time encryption When, key is write and erase after corresponding registers corresponding key data.
Further, the MAC computational methods of above-mentioned safe DES algorithms, in step (2), are encrypted to input data When:Many wheel cryptographic calculations are carried out, randomly select wherein one wheel carries out computing using real input data, remaining several wheel is using pseudo- Data are carried out.
Additionally, present invention also offers the MAC computing systems of a kind of safe DES algorithm corresponding with said method, Including:
Data preprocessing module, for by input data piecemeal to be encrypted;
First des encryption module, for XOR mode write key and it is non-final one piece corresponding to input data, Carry out single des encryption;
Second des encryption module, for writing key and input data corresponding to last block in XOR mode, carries out three Weight des encryption;
Data dispersed modules, for being dispersed into corresponding clear data before writing key or corresponding input data Share_1 and Share_2 two parts.
Further, the MAC computing systems of above-mentioned safe DES algorithms, also include:
Correction verification module, for carrying out cryptographic check after single des encryption;The method of cryptographic check is:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with it is of the inverted another Encrypted result data are compared, and abnormal operation is performed if differing twice.
Further, the MAC computing systems of above-mentioned safe DES algorithms, also include:
Control extension module, for control many wheel cryptographic calculations are carried out, and randomly select wherein one wheel using real input Data carry out computing, and remaining several wheel is carried out using pseudo- data.
The invention has the advantages that:
1st, the present invention divides the key into two parts, write using XOR mode, it is to avoid card was input into carrying out key The difficulty that the template that may be subject in journey is attacked, increased the difficulty that disturbance is attacked;
2nd, verified using the complement mode of DES, and be randomly assigned the order of the complement code participation computing of key and key, Ensure the data integrity of ciphering process, increased the ability of card opposing disturbance attack and side-channel attack;
3rd, using dummy computings, actual encryption process is effectively covered, increased the difficulty of power consumption analysis.
Description of the drawings
Fig. 1 is the flow chart of MAC calculating process.
Fig. 2 is the clear data dispersion flow chart of the MAC computational methods of the DES algorithms of safety of the invention.
Fig. 3 be the MAC computational methods of the DES algorithms of safety of the invention triple des ciphering process in key A and key B The flow chart of write corresponding registers.
Fig. 4 is the checking procedure flow process carried out after single des encryption of the MAC computational methods of the DES algorithms of safety of the invention Figure.
Fig. 5 be the DES algorithms of safety of the invention MAC computational methods in true input data is covered using pseudo- data The flow chart of lid.
Fig. 6 is the structured flowchart of the MAC computing systems of the DES algorithms of safety of the invention.
Specific embodiment
The present invention is described in detail with reference to the accompanying drawings and examples.
As shown in figure 1, the MAC computational methods (this example is based on IFX77 family chips) of the DES algorithms of prior art, bag Include step in detail below:
(1) by input data according to preset format piecemeal, block number I, S101 are recorded;
With input addresses as be-encrypted data first address in the present embodiment, 8 bytes are one piece, according to the length of input data Be-encrypted data is divided into I=(N-1)/8+1 blocks by degree N, and last block is filled out less than 8 bytes according to this area routine techniques means Fill.
(2) counter Num initial values are set to 0, S102;
(3) Num < I-1 are judged, if then execution step (4), otherwise execution step (5), S103;
(4) key KeyA and the input data corresponding to current block, S104 are write;Carry out single des encryption, S105, encryption As a result XOR is carried out with the input data corresponding to next piece, and using corresponding to operation result as described next piece Input data, S106, Num are from increasing 1, S107;Return to step S103;
(5) input data corresponding to key KeyA, key KeyB and current block, S108 are then write;Carry out triple des to add It is close, S109.
Mainly include that deblocking, single des encryption, block connect (by current block in the MAC calculating process of above-mentioned DES algorithms Input data of the encrypted result of output with next piece does the input data after XOR as described next piece, completes described Current block and described next piece of connection) and triple des encrypting step, wherein except triple des encryption has higher safe level It is not easy to be broken outward, remaining flow process is both needed to safeguard protection.To solve the security breaches, the method for the present invention is in write data When, the plaintext for being written into key and the input data corresponding to current block is dispersed into share_1 and share_2 two parts, Write by XOR mode.
By taking IFX-M7794 chips as an example, as shown in Fig. 2 the plaintext of key or the corresponding input data of current block is disperseed Method for Share_1 and Share_2 is:The random data of generation and plaintext equal length is used as Share_1 parts;Will be in plain text Data carry out xor operation with the random data, used as Share_2 parts.Following manner can specifically be adopted:Circulation control is set Variable B processed is initially 0, and step, S201 are circulated when meeting cycling condition;Cycling condition is:Loop control variable B is less than bright Literary data length (num_bytes);Circulation step includes:The random number for producing a byte is put into Share_1 data groups, S202, and the random number is carried out into XOR with data corresponding with previous cycle control variables in clear data, generation As a result Share_2 data groups are put into, from increasing 1, S203, return to step S201 judges that loop control variable B is to loop control variable It is no less than clear data length (num_bytes);
When loop control variable is unsatisfactory for cycling condition, Share_1 data groups are used as Share_1 parts, Share_2 numbers According to group as Share_2 parts.
Through the map function of above-mentioned flow process, Share_1 and Share_2 carries out xor operation and can obtain key or current The plaintext of the input data corresponding to block, by register configuration be XOR writing mode after, the input data being usually used is straight Connect writing mode and replace with XOR mode and write.
Further, in above-mentioned steps (4), to carrying out during single des encryption using blind patterns, single des encryption is carried out SCP register configurations are:
SCP_CFG=DEFAULT_SCP_CFG | SCP_CFG_EN_XOR_KEY;
SCP_CTRL=(handle->cipher_mode&0xff00)|FB_MODE_BLD.
Configure more than, SCP effectively covers the output result after every block encryption, prevents intermediate data with clear data Reveal.
The process of data is write in the present embodiment with a scattered manner by taking triple encryptions as an example, concrete steps as shown in figure 3, For:Configuration SCP registers are default value, S301, that is, mode of writing direct, by key A, key B Share_1 parts with direct The mode of write is written in KeyA the and KeyB registers of SCP, S302;Configuration SCP registers are SCP_CFG_EN_XOR_ KEY patterns, S303, that is, be written into data carries out XOR and writes with data with existing in destination register;By key A, key B Share_2 parts be respectively written into KeyA the and KeyB registers of SCP, S304 in the way of XOR write.
Further, carry out also carrying out checking procedure after single des encryption, including:Register parameters are set, positive adding is carried out Close, encryption reads the positive encrypted result data after terminating;Register parameters are set, reverse encryption is carried out, end to be encrypted is waited After read the reverse encryption result data;Relatively encrypted result data twice, the positive encrypted result data of comparison with it is of the inverted Reverse encryption result data, the throw exception if differing twice.Randomly select the forward direction in checking procedure to encrypt and reverse The carrying out order of encryption.In checking procedure, mask again is carried out after last time encryption.
The checking procedure of a specific embodiment of the invention as shown in figure 4, including:The parameter of setting SCP_CFG registers, SCP registers are configured for XOR writing mode, S401;Toggle assignment 0 or 1, S402 are given at random;By toggle values with XOR Mode writes corresponding registers (T0, T1 and cipher key register), and write input data starts to add to SCP_ENC_DATA registers It is close, S403;Etc. end to be encrypted, encryption data data1, S4 are read;SCP registers are configured for XOR writing mode, S405;Instead Turn corresponding registers (T0, T1 and cipher key register), write and identical input data in step S403 to SCP_ENC_DATA Register, starts to encrypt, S406, and after second computations, corresponding data of erasing carries out cryptographic key protection, S407;Etc. to be added Close result, reads encrypted result Data2, S408;Relatively Data1 and the result negated to Data2, verify if identical and pass through, Abnormal operation is performed if difference, concrete operations are cumulative etc. including pintle hook lock, throw exception and marker bit.In above process, by It is that the 0 of random assignment or 1, Data1 are likely to be positive encrypted result data it could also be possible that reverse encryption in toggle assignment Result data;Nevertheless, Data2 is the complementary result data of data1, therefore, if normally, by the way that Data2 is taken Encrypted result data after anti-must be identical with Data1.
Being mainly used in of register T0 and T1 carries out mask when encrypted result is exported to encrypted result, prevents output in plain text Reveal.Data in T0 values and SCP_ENC_DATA can be done xor operation by hardware automatically before to input data encryption, therefore be walked In rapid S406, T0 is inverted, and also corresponds to for inputData to have carried out reverse turn operation.
In step S406, the concrete grammar of reversion is that toggle values are negated, by toggle values of the inverted with XOR Mode writes corresponding data register.When configuring SCP_CFG register parameters in above-mentioned steps, by returning of preventing DFA from attacking Move back number of times register and be set to random number, increase power consumption analysis difficulty, DFA_CTR positions that also will be in SCP_CFG registers are matched somebody with somebody Be set to the random value N of at least SCP_CFG_DFA_CTR_MIN (value be 8), represent carry out computing twice to last N wheels with Check the correctness of computing, it is therefore an objective to prevent DFA from attacking.Complement mode is referred to:It is to be added that hypothesis has formula DES (D, K)=C, D Ciphertext data, K is key, and C is encrypted result.If D is negated as~D, K is negated as~K, then necessarily have DES (~D ,~K)= ~C.Just calculate in the present embodiment, inverse in calculating process, using toggle values corresponding registers is assigned to twice, obtain complementary Operation result.In this verification mode, will just calculate, inverse order is set to random, reaches the purpose for covering true calculating.Key Mask at once after the completion of use, prevents energy leakage.
Further, each piece of input data ciphering process adopts dummy patterns.It is encrypted predominantly at each piece Many wheel cryptographic calculations are carried out in journey, randomly select wherein one wheel carries out computing using real input data, remaining several wheel is adopted Pseudo- data are carried out.Fig. 5 show a specific embodiment flow process:Number N is always taken turns in setting computing, random in N to determine true calculating position Put (such as N=5, no more than 5 wheel number at random to the 3rd wheel be actual position (realPosition), then the 3rd wheel using Real input data is encrypted computing, and other wheel numbers carry out pseudo- calculating using pseudo- data), set loop control variable DummyCounter initial values are 1, S501;DummyCounter is not more than when number N is always taken turns in computing and enters circulation step, S502; Circulation step:Judge whether current dummyCounter is actual position, if so, S503 then writes true input data, S504, if it is not, then write pseudo- input data, S505 enters after write number (true input data or for input data) to the data Row encryption, loop control variable dummyCounter returns S502 from increasing 1, S506, judges whether dummyCounter values are little Number N is always taken turns in computing.So true calculating and checking computations process can be covered, increasing to be monitored by electromagnetism carries out data point The complexity of analysis.
Accordingly, as shown in fig. 6, this specific embodiment additionally provides the MAC calculating process safety guarantor based on DES algorithms Protecting system, including:
Data preprocessing module, for by input data according to preset format piecemeal;
Block link block, for after the first des encryption module carries out single des encryption, by encrypted result with next piece Input data carries out XOR, using operation result as described next piece of input data;
First des encryption module, for XOR mode write key and it is non-final one piece corresponding to input data, Carry out single des encryption;
Second des encryption module, for writing key and input data corresponding to last block in XOR mode, carries out three Weight des encryption;
Data dispersed modules, for being dispersed into corresponding clear data before writing key or corresponding input data Share_1 and Share_2 two parts.
The above-mentioned MAC calculating process safety systems based on DES algorithms, also include:
Correction verification module, for carrying out cryptographic check after single des encryption;The method of cryptographic check is:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with it is of the inverted another Encrypted result data are compared, and abnormal operation is performed if differing twice, and concrete operations include pintle hook lock, throw exception and mark Remember that position is added up.
In addition, for the difficulty for further increasing power consumption analysis, the MAC calculating process safety systems based on DES algorithms Also include:
Control extension module, for control many wheel cryptographic calculations are carried out, and randomly select wherein one wheel using real input Data carry out computing, and remaining several wheel is carried out using pseudo- data.By above-mentioned technical proposal, this patent provides more complete The software and hardware Preservation tactics of DES-MAC calculating process, have reached following effect:
1st, two parts are divided the key into, write using XOR mode, it is to avoid card meets with key input process is carried out Attacked by template, greatly increase the difficulty that disturbance is attacked.
2nd, using the compensating calculation of DES, and it is randomly assigned the order of the complement code participation computing of key and key, it is ensured that encryption The data integrity of process, increased the ability that card opposing disturbance is attacked and electromagnetic signal is attacked.
3rd, using dummy computings, actual encryption process is covered, increases the difficulty of power consumption analysis.
4th, the present invention carries out mask protection using protecting to input data to intermediate result, and encryption flow is carried out The method such as cover, the potential leak in calculating MAC is repaired, it is ensured that the data safety in ciphering process.
Obviously, those skilled in the art can carry out the essence of various changes and modification without deviating from the present invention to the present invention God and scope.So, if these modifications and modification to the present invention belong to the model of the claims in the present invention and its equivalent technology Within enclosing, then the present invention is also intended to comprising these changes and modification.

Claims (12)

1. a kind of MAC computational methods of safe DES algorithms, including:
(1) by input data piecemeal to be encrypted;
(2) single des encryption is carried out to the input data corresponding to non-final a piece;
(3) three des encryptions are carried out to the input data corresponding to last block;
(4) final encrypted result is exported;
In above-mentioned steps (2), (3), when writing key or the input data corresponding to current block, corresponding clear data is dispersed into For Share_1 and Share_2 two parts, write by XOR mode.
2. as claimed in claim 1 MAC computational methods of the DES algorithms of safety, it is characterised in that key or current block institute is right The clear data of the input data answered is separated into Share_1 and the method for Share_2 is:Generate random with plaintext equal length Data are used as Share_1;Clear data is carried out into xor operation with the random data, as Share_2.
3. as claimed in claim 2 MAC computational methods of the DES algorithms of safety, it is characterised in that key or current block institute is right The clear data of the input data answered is separated into Share_1 and the process of Share_2 is:
Loop control variable is set and is initially 0, step is circulated when meeting cycling condition, described cycling condition is circulation control Variable processed is less than clear data length;
Circulation step includes:The random number for producing a byte is put into Share_1 data groups, and by the random number and clear data In data corresponding with previous cycle control variables carry out XOR, the result of generation is put into Share_2 data groups, circulation control Variable processed judges whether loop control variable meets cycling condition from increasing 1;
When loop control variable is unsatisfactory for cycling condition, Share_1 data groups are used as Share_1, Share_2 data group conducts Share_2。
4. as claimed in claim 1 MAC computational methods of the DES algorithms of safety, it is characterised in that:In step (2), list is carried out Mask is carried out to encrypted result using blind patterns after des encryption;
SCP register configurations are:
SCP_CFG=DEFAULT_SCP_CFG | SCP_CFG_EN_XOR_KEY;
SCP_CTRL=(handle->cipher_mode&0xff00)|FB_MODE_BLD.
5. as claimed in claim 4 MAC computational methods of the DES algorithms of safety, it is characterised in that:In step (2) and (3), enter Row list des encryption and three des encryptions write key or current block corresponding to input data when, by phase in the way of writing direct The Share_1 for answering data is write in corresponding register, and configuration SCP registers are XOR write mode, then in the way of XOR The Share_2 data of corresponding data are write into corresponding register.
6. as described in any one of claim 1 to 5 safety DES algorithms MAC computational methods, it is characterised in that:In step (2) Carry out also carrying out checking procedure after single des encryption;
The checking procedure includes:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with another encryption of the inverted Result data is compared, and abnormal operation is performed if differing twice.
7. as claimed in claim 6 MAC computational methods of the DES algorithms of safety, it is characterised in that:Randomly select in checking procedure The positive encryption and the execution sequence of reverse encryption.
8. as claimed in claim 6 MAC computational methods of the DES algorithms of safety, it is characterised in that:In checking procedure, carry out most When once encrypting afterwards, key is write and erase after corresponding registers corresponding key data.
9. as claimed in claim 1 MAC computational methods of the DES algorithms of safety, it is characterised in that:In step (2), to being input into number During according to carrying out single des encryption, many wheel cryptographic calculations are carried out, randomly selecting wherein one wheel and being transported using real input data Calculate, remaining several wheel is carried out using pseudo- data.
10. a kind of MAC computing systems of safe DES algorithms, it is characterised in that include:
Data preprocessing module, for by input data piecemeal to be encrypted;
First des encryption module, for XOR mode write key and it is non-final one piece corresponding to input data, carry out list Des encryption;
Second des encryption module, for writing key and input data corresponding to last block in XOR mode, is carried out triple Des encryption;
Data dispersed modules, for corresponding clear data to be dispersed into Share_ before writing key or corresponding input data 1 and Share_2 two parts.
The MAC computing systems of 11. DES algorithms safe as claimed in claim 10, it is characterised in that also include:
Correction verification module, for carrying out cryptographic check after single des encryption;The method of cryptographic check is:
Register parameters are set, positive encryption is carried out, encryption reads the positive encrypted result data after terminating;
Register parameters are set, reverse encryption is carried out, encryption reads the reverse encryption result data after terminating;
Above-mentioned positive encryption and reverse encryption are encrypted twice, take wherein one time encrypted result data with another encryption of the inverted Result data is compared, the throw exception if differing twice.
The MAC computing systems of 12. safe DES algorithms as described in claim 10 or 11, it is characterised in that also include:
Control extension module, for control many wheel cryptographic calculations are carried out, and randomly select wherein one wheel using real input data Computing is carried out, remaining several wheel is carried out using pseudo- data.
CN201611242353.8A 2016-12-29 2016-12-29 MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm Active CN106656473B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611242353.8A CN106656473B (en) 2016-12-29 2016-12-29 MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611242353.8A CN106656473B (en) 2016-12-29 2016-12-29 MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm

Publications (2)

Publication Number Publication Date
CN106656473A true CN106656473A (en) 2017-05-10
CN106656473B CN106656473B (en) 2023-04-18

Family

ID=58835473

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611242353.8A Active CN106656473B (en) 2016-12-29 2016-12-29 MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm

Country Status (1)

Country Link
CN (1) CN106656473B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109660328A (en) * 2018-12-26 2019-04-19 中金金融认证中心有限公司 Symmetric block encryption method, apparatus, equipment and medium
CN111294199A (en) * 2018-12-06 2020-06-16 新唐科技股份有限公司 Encryption/decryption system, encryption device, decryption device, and encryption/decryption method
CN112906070A (en) * 2019-11-19 2021-06-04 硅实验室公司 Block cipher side channel attack mitigation for security devices

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188075A (en) * 2013-02-01 2013-07-03 广州大学 Secret key and true random number generator and method for generating secret key and true random number
WO2015158821A1 (en) * 2014-04-16 2015-10-22 Commissariat A L'energie Atomique Et Aux Energies Alternatives System for executing code with blind hypervision mechanism

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188075A (en) * 2013-02-01 2013-07-03 广州大学 Secret key and true random number generator and method for generating secret key and true random number
WO2015158821A1 (en) * 2014-04-16 2015-10-22 Commissariat A L'energie Atomique Et Aux Energies Alternatives System for executing code with blind hypervision mechanism

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
STEVE BURNETT & STEPHEN PAINE著 冯登国 周永彬等译: "附录C 进一步的技术细节", 《密码工程实践指南》 *
刘梦溪: "基于动态口令和云计算的支付密码服务系统的设计与实现", 《CNKI中国硕士学位论文全文数据库信息科技辑》 *
杨坤: "向安全单元的多应用管理系统设计与实现", 《万方》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111294199A (en) * 2018-12-06 2020-06-16 新唐科技股份有限公司 Encryption/decryption system, encryption device, decryption device, and encryption/decryption method
CN111294199B (en) * 2018-12-06 2023-05-05 新唐科技股份有限公司 Encryption/decryption system, encryption device, decryption device, and encryption/decryption method
CN109660328A (en) * 2018-12-26 2019-04-19 中金金融认证中心有限公司 Symmetric block encryption method, apparatus, equipment and medium
CN112906070A (en) * 2019-11-19 2021-06-04 硅实验室公司 Block cipher side channel attack mitigation for security devices
CN112906070B (en) * 2019-11-19 2024-04-16 硅实验室公司 Integrated circuit and IoT devices with block cipher side channel attack mitigation and related methods

Also Published As

Publication number Publication date
CN106656473B (en) 2023-04-18

Similar Documents

Publication Publication Date Title
CN1708942B (en) Secure implementation and utilization of device-specific security data
CN103716157B (en) Grouped multiple-key encryption method and grouped multiple-key encryption device
US8595513B2 (en) Method and system for protecting a cryptography device
CN108475237A (en) Storage operation is encrypted
US9166800B2 (en) Authentication method, authentication system, and authentication chip using common key cryptography
JPH10154976A (en) Tamper-free system
KR20160104565A (en) Communication system and communication device
CN109661792B (en) Apparatus and method for calculating block cipher
EP3596876B1 (en) Elliptic curve point multiplication device and method for signing a message in a white-box context
CN103988461A (en) Device and method for decrypting data
KR20130012940A (en) A method of counter-measuring against side-channel attacks
CN103404073B (en) Protection for passive monitoring
CN108111524A (en) Terminal data protection method and system based on private key dynamic generation mechanism
CN103795527A (en) Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
KR20200022018A (en) How to protect the encryption process using SBOX from high order side channel attacks
US7779272B2 (en) Hardware cryptographic engine and encryption method
US9544132B2 (en) Cryptographic method for protecting a key hardware register against fault attacks
CN104243137B (en) The method of data handling system and initialization data processing system
US20120036371A1 (en) Protection from cryptoanalytic side-channel attacks
EP3641219A1 (en) Puf based securing of device update
CN106656473A (en) Safe MAC calculation method and system of DES algorithm
EP3891925B1 (en) A computation device using shared shares
US8958556B2 (en) Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component
CN105933117A (en) Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage
Saha et al. White-box cryptography based data encryption-decryption scheme for iot environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant