CN107204841A - A kind of method that many S boxes of the block cipher for resisting differential power attack are realized - Google Patents

A kind of method that many S boxes of the block cipher for resisting differential power attack are realized Download PDF

Info

Publication number
CN107204841A
CN107204841A CN201710150435.8A CN201710150435A CN107204841A CN 107204841 A CN107204841 A CN 107204841A CN 201710150435 A CN201710150435 A CN 201710150435A CN 107204841 A CN107204841 A CN 107204841A
Authority
CN
China
Prior art keywords
boxes
displacement
random number
block cipher
differential power
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710150435.8A
Other languages
Chinese (zh)
Other versions
CN107204841B (en
Inventor
杨晓元
张帅伟
张敏情
钟卫东
韩益亮
周潭平
张卓
杨海滨
薛帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Engineering University of Chinese Peoples Armed Police Force
Original Assignee
Engineering University of Chinese Peoples Armed Police Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Engineering University of Chinese Peoples Armed Police Force filed Critical Engineering University of Chinese Peoples Armed Police Force
Priority to CN201710150435.8A priority Critical patent/CN107204841B/en
Publication of CN107204841A publication Critical patent/CN107204841A/en
Application granted granted Critical
Publication of CN107204841B publication Critical patent/CN107204841B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the method that a kind of many S boxes of block cipher for resisting differential power attack are realized, multiple parallel S boxes are changed first, obtain the displacement of 4 × 4S boxes, and the displacement of 4 × 4S boxes is numbered, then many S boxes randomization input technologies of block cipher are carried out to all 4 × 4S boxes displacements, so that the attacker of differential power attack can not Align Curves after acquisition power consumption profile according to related statistics difference method, therefore differential power attack is caused to fail, improve the security of block cipher realization, and this programme is only with the random number of the individual bits of g (n), reduced compared to other mask schemes a lot;Attack difficulty of the differential power attack in data processing greatly improved;In terms of speed, because original parallel S boxes are changed into the serial reusable S box frameworks of multidimensional by this programme, therefore can use pipelining technique so that speed is compared to original scheme reduction 30%.

Description

A kind of method that many S boxes of the block cipher for resisting differential power attack are realized
Technical field
Side-channel attack and defence theory and technology field in information safety system of the present invention, and in particular to one kind resists difference The method that many S boxes of block cipher of power consumption attack are realized.
Background technology
Differential power attack is to be directed to crypto chip by US Experts Paul Kocher one kind put forward first in 1999 Physical attacks, the program collects chip power consumption for producing when running block cipher first, then using power consumption with closing The correlation of key data, the method using statistics difference recovers key.Because it realizes the small advantage of efficiency high cost price, to letter The security of breath security system, which is brought, greatly to be threatened and challenges, and its correlation theory has developed recent two decades, is still so far The focus of expert's door research.
Along with the maturation that differential power attack is theoretical, many defense schemes are also arisen at the historic moment.Wherein there are two kinds to compare stream OK, the first is random mask technology, and the technology is that appropriate random number is inserted in cryptographic algorithm, is not changing encryption and decryption knot While fruit, random xor operation is carried out to the target critical data in differential power attack, so that critical data correspondence Power consumption change, reach protection key purpose;Second is to introduce noise technique, and the technology is in cipher circuit In artificial add noise so that attacker is reduced using the efficiency of differential power attack, or even can not recover key, reaches protection The purpose of key.
But both the above technology have one it is common the drawbacks of, that is, significantly increase the resource of hardware consumption or reduce fortune Speed is calculated, this also serious development that govern safety chip.Because S boxes are unique non-linear components in block cipher, its The 50%-70% that aggregate resource is accounted for the resource of post consumption is realized, meanwhile, because its non-linear property is also to cause in power consumption attack The reason for sensitive information being leaked, therefore how to realize that it is that the differential power consumption of research defence in recent years is attacked to be effectively protected to S boxes The emphasis hit.
The content of the invention
It is an object of the invention to provide the method that a kind of many S boxes of block cipher for resisting differential power attack are realized, so as to The realization of S boxes is improved to be effectively protected.
Therefore, the invention provides the method that a kind of many S boxes of block cipher for resisting differential power attack are realized, its feature It is, comprises the following steps:
Step one:A kind of block cipher is selected, multiple parallel S boxes are changed, n 4 × 4 S boxes is obtained and puts Change, and the displacement of 4 × 4 S boxes is carried out to number from 0 to n-1;
Specifically operating procedure is:
A, the S boxes of n independent parallel are converted into by the serial reusable S box frameworks S ' of a multidimensional by compression algorithm,
B, in S ' 4 × 4 S boxes displacement be numbered, i.e.,
Wherein, mn-1Represent the input of (n-1)th 4 bit S boxes displacement, Sn-1(mn-1) represent (n-1)th 4 bit S box and put The output changed, S ' represents the serial reusable S box frameworks of multidimensional.
Step 2:S box computings are carried out, a random number are produced, and select corresponding 4 × 4 S boxes displacement of random number;
Specifically operating procedure is:
1) circuit is carried out before S box computings, produces a random number R1, i.e.,
R1=(r1,r2,…rg(n)) (2)
Wherein, 0≤R1≤ n-1, g (n) represent 2 system bits corresponding to the number n of the S boxes of actual participation computing 4 × 4 Digit;
2) R is passed through1Value select corresponding entrance S ' 4 × 4 S boxes displacement, i.e., this is replaced intoWhereinRepresent 4 The result of × 4 S boxes displacement.
Step 3:Next random number is produced by random number more new algorithm, and selects 4 × 4S boxes corresponding with the random number Displacement;
I.e.:By random number R1Xor operation is carried out with the output that selected first 4 × 4 S boxes for entering S ' are replaced, is obtained The result arrived the random number R that alternatively next 4 × 4 S boxes are replaced2, i.e.,
Step 4:Repeat step three, if finding, 4 × 4 S boxes corresponding to newly-generated random number replace chosen mistake, So by newly-generated random number, xor operation is carried out by turn, obtains 1 bit number;
Specifically operating procedure is:
A) repeat step three, if finding newly-generated random number Ri4 × 4 corresponding S boxes replace chosen mistake, that Step b) is performed, until now newly-generated random number RiUntill 4 × 4 corresponding S boxes replace not selected mistake;
B) by RiXor operation is carried out by turn, obtains Ri *, i.e.,
Step 5:Selective discrimination function, reselects next 4 × 4 S boxes displacement, if being still the 4 of chosen mistake × 4 S boxes are replaced, then continue executing with step 5, non-selected mistake and rebound step before 4 × 4 S boxes displacement found is Three;
Concrete operations are:Select a distinguishing funotion f (Ri *)
If RiThe result R of xor operation is carried out by turni *During for " 0 ", then selection displacement Ri *During for " 1 " Then selection displacementIf being still 4 × 4 S boxes displacement of chosen mistake after selection, this step is continued executing with, The displacement of non-selected mistake before 4 × 4 S boxes displacement found is.
Step 6:Repeat step three is to step 5, until the displacement of all 4 × 4 S boxes all selects the beam that finishes.
Beneficial effects of the present invention:The many S boxes of this block cipher for resisting differential power attack that the present invention is provided are realized Method, take resource and prior art provide resist differential power attack method it is essentially identical, consume resource and merely add The 3% of total resources, but only with the random number of an individual bit of g (n), reduced a lot, greatly compared to other mask schemes Width improves attack difficulty of the differential power attack in data processing;Due to distinguishing funotion f (Ri *) randomness so that attack The power consumption profile length that person obtains S box critical datas every time is different, thus greatly improved DPA in the later stage to power consumption data pair Difficulty when neat.
The present invention is described in further details below with reference to accompanying drawing.
Brief description of the drawings
Fig. 1 is the flow chart of the method calculating process for many S boxes realizations of block cipher for resisting differential power attack.
The serial reusable S box frameworks S ' schematic diagrames of Fig. 2 multidimensional.
Register corresponding to Fig. 3 Sbox.
Fig. 4 Reg internal structures.
Fig. 5 trigger internal structures.
Embodiment
Reach technological means and effect that predetermined purpose is taken for the present invention is expanded on further, below in conjunction with accompanying drawing and reality Embodiment, architectural feature and its effect of example to the present invention are applied, is described in detail as follows.
Embodiment 1
It is effectively protected, is attacked the invention provides a kind of differential power consumption of resisting as shown in Figure 1 in order to improve the realization of S boxes The method that many S boxes of block cipher hit are realized, using pipelining, is added in the middle of the serial reusable S box frameworks of multidimensional Three-level register so that the speed of crypto-operation is too many compared to what original scheme will not decline, improves efficiency.
Utilize many S boxes randomization input technologies of block cipher so that the attacker of differential power attack can not obtain work( Aligned Curves after consumption curve according to related statistics difference method, therefore cause differential power attack to fail, improve packet The security that password is realized.
Specific scheme comprises the following steps:
Step one:A kind of block cipher is selected, multiple parallel S boxes are changed, the displacement of 4 × 4 S boxes is obtained, and The displacement of 4 × 4 S boxes is numbered from 0 to n-1 (change herein, according to Nikova theory, when input number of bits n >= When 4, such displacement just has security, and we note that in cryptography scheme till now, minimum S boxes are also all 4 × 4 Scale, therefore, this programme assumes that minimum in the S box frameworks produced to be replaced into 4 × 4 be logical);
Specifically operating procedure is:
A, the S boxes of n independent parallel are converted into by the serial reusable S box frameworks S ' of a multidimensional by compression algorithm,
B, in S ' 4 × 4 S boxes displacement be numbered, i.e.,
Wherein, mn-1Represent the input of (n-1)th 4 bit S boxes displacement, Sn-1(mn-1) represent (n-1)th 4 bit S box and put The output changed, S ' represents the serial reusable S box frameworks of multidimensional.
Step 2:Circuit carries out S box computings, produces a random number, and the span of random number is replaced in 4 × 4 S boxes In the range of being numbered, and select 4 × 4 S boxes displacement corresponding with random number;
Specifically operating procedure is:
1) circuit is carried out before S box computings, produces a random number R1, i.e.,
R1=(r1,r2,…rg(n)) (2)
Wherein, 0≤R1≤ n-1, g (n) represent 2 system bits corresponding to the number n of the S boxes of actual participation computing 4 × 4 Digit;
2) R is passed through1Value select corresponding entrance S ' 4 × 4 S boxes displacement, i.e., this is replaced intoWhereinRepresent 4 The result of × 4 S boxes displacement.
Step 3:Next random number is produced by random number more new algorithm, and selects 4 × 4S boxes corresponding with the random number Displacement;
I.e.:By random number R1Xor operation is carried out with the output that selected first 4 × 4 S boxes for entering S ' are replaced, is obtained The result arrived the random number R that alternatively next 4 × 4 S boxes are replaced2, i.e.,
Step 4:Repeat step three, if finding, 4 × 4 S boxes corresponding to newly-generated random number replace chosen mistake, So by newly-generated random number, xor operation is carried out by turn, obtains 1 bit number;
Specifically operating procedure is:
A) repeat step three, if finding newly-generated random number Ri4 × 4 corresponding S boxes replace chosen mistake, that Step b) is performed, until now newly-generated random number RiUntill 4 × 4 corresponding S boxes replace not selected mistake;
B) by RiXor operation is carried out by turn, obtains Ri *, i.e.,
Step 5:Selective discrimination function, reselects next 4 × 4 S boxes displacement, if being still the 4 of chosen mistake × 4 S boxes are replaced, then continue executing with step 5, non-selected mistake and rebound step before 4 × 4 S boxes displacement found is Three;
Concrete operations are:Select a distinguishing funotion f (Ri *)
If RiThe result R of xor operation is carried out by turni *During for " 0 ", then selection displacement Ri *During for " 1 " Then selection displacementIf being still 4 × 4 S boxes displacement of chosen mistake after selection, this step is continued executing with, The displacement of non-selected mistake before 4 × 4 S boxes displacement found is.
Step 6:Repeat step three is to step 5, until the displacement of all 4 × 4 S boxes all selects the beam that finishes.
The method that many S boxes of the block cipher for resisting differential power attack are realized has the following advantages that:
(1) this programme is reduced much only with the random number of the individual bits of g (n) compared to other mask schemes,
(2) due to distinguishing funotion f (Ri *) randomness so that attacker obtains the power consumption profile of S box critical datas every time Length is different, therefore the DPA difficulty when being alignd to power consumption data in the later stage greatly improved.
(3) in terms of resource, this programme is either also based on gate based on look-up tables'implementation and realized, with original realization side Case can't increase much compared to consumption resource.
(4) in terms of speed, because original parallel S boxes are changed into serial S boxes by this programme, therefore it can use PIPELINE methods so that speed can't be reduced too much compared to original scheme.
Embodiment 2
By taking block cipher DES as an example, the present invention is described in further details.
Although it is understood that the DES algorithms of 56bit keys are proved to be unsafe in many applications.But we know Road Triple-DES still has a wide range of applications in e-payment field, because it possesses 112bits key, by It is proved to be safe.
DES algorithms are the DSE arithmetic in cipher system, and be otherwise known as Data Encryption Standard, is U.S. in 1972 The DSE arithmetic AES that IBM Corporation of state develops.It is grouped in plain text by 64, key length 64, key is in fact Be 56 participate in DES computings (the 8th, 16,24,32,40,48,56,64 be check bit so that each key has odd number 1) encryption method for the method formation ciphertext group that plaintext group and the key step-by-step of 56 after being grouped are substituted or exchanged.
According to the content of DES algorithms, its S box is made up of parallel the S boxes of 86 × 4, and its 6 bit is defeated in each S boxes The 1st entered and the 6th is for determining that its 2nd to the 5th 4 bits constituted input enters in 44 × 4 displacements Which.Therefore, actually 86 × 4 S boxes are made up of 32 4 × 4 S boxes.We are calculated DES flow in scheme Method S boxes are realized, are comprised the following steps that:
1st, the S boxes of 86 × 4 in DES algorithms are converted into 32 4 × 4 S boxes, passed through using Bilgin multiplexing thought The S boxes of n independent parallel are converted into the serial reusable S box frameworks S ' of a multidimensional, the logic chart after conversion by compression algorithm As shown in Fig. 2 wherein GK, GL, F, Aij, Bij, CijFor known displacement, bibliography [1] is specifically replaced.
2nd, because 4 × 4 S boxes of actual participation DES algorithm S box computings have 8, therefore n=8, then g (n)=3.In order to Follow-up algorithm requirement is met, we carry out an amendment to g (n).
Make g (n) '=g (n)+1=4, therefore the random number R of generation1=(r1,r2,…rg(n)′)=(r1,r2,r3,r4), 0 ≤R1≤15。
3rd, R is set1'=(r2,r3,r4), pass through R1' value select first enter S ' 4 × 4 S boxes replace, i.e. the displacement For
4th, by random number R1Xor operation is carried out with the output that selected first 4 × 4 S boxes for entering S ' are replaced, is obtained Result alternatively next 4 × 4 S boxes displacement random number.
5th, repeat step 3,4, if finding newly-generated random number RiCorresponding 4 × 4 S boxes displacement was selected, that Perform step 6.
6th, by RiXor operation is carried out by turn, obtains Ri *.I.e.
7th, a distinguishing funotion f (R is selectedi *)
If RiThe result R of xor operation is carried out by turni *During for " 0 ", then selection displacementFor " 1 " Shi Zexuan Select displacementIf being still 4 × 4 S boxes displacement of chosen mistake after selection, this step is continued executing with, until 4 × 4 S boxes found replace the displacement of non-selected mistake and rebound step 3 before being.
8th, above step is repeated, until 84 × 4 S boxes displacements have all been selected and enter the serial reusable of multidimensional S box frameworks terminate.
Finally the security to the present invention program is illustrated.
This programme safety analysis
The theory of power consumption analysis
DPA power consumption attack targets are directed to the output of the register in cipher circuit corresponding to S boxes, with 4 × Exemplified by 4Sbox, if figure is specific circuit diagram, Fig. 3 power region are that attacker wants to collect the region of power consumption.
The region is made up of 4 1bit register, and one bit of each of which reg correspondences Sbox's is defeated Go out, reg internal structures such as Fig. 4.
One of reg is made up of a small amount of control device and a d type flip flop, as shown in figure 5, d type flip flop again by 6 NAND gates are constituted.
Therefore, when input D produces saltus step, then the CMOS having inside about 8 and door, 1 OR gate and a NOT gate is brilliant Body pipe produces instantaneous dynamic power consumption, and attacker can be attacked the equipment according to these power consumptions of collection using DPA.
This programme employs the technology of the S boxes of stochastic inputs 4 × 4 so that, must in the serial reusable S box frameworks of multidimensional Be possible to recover correct key when must guess key simultaneously with random number.It guesses key and the corresponding crucial number of random number According to as shown in table 1 with the possibility of power consumption number.
Guess key Guess random number Critical data Power consumption number
Possibility 1 Correctly Correctly It can determine that It can determine that
Possibility 2 Correctly Mistake At random At random
Possibility 3 Mistake Correctly At random At random
Possibility 4 Mistake Mistake At random At random
Table 1
Next the probability that attacker recovers key is calculated.The probability of a group key of hitting it is:1/16,4 × 4S boxes of hitting it Probability be:1/8, it is located in differential power attack, attacker is from n groups plaintext.
The possibility for analyzing key corresponding to i-th group of 4 × 4 S box is no more than (1/2)3(n+4)
Because generally n value is about between 1000~2000, it can thus be seen that only in differential power attack There is attacker while when guesing out key and random number, being possible to confirm correct key.But in later data processing, due to The present invention has used distinguishing funotion f (Ri *), so attacker wants to align, all aim curves are also extremely difficult.
Above content is to combine specific preferred embodiment further description made for the present invention, it is impossible to assert The specific implementation of the present invention is confined to these explanations.For general technical staff of the technical field of the invention, On the premise of not departing from present inventive concept, some simple deduction or replace can also be made, should all be considered as belonging to the present invention's Protection domain.
[1]Bilgin B,Knezevic M,Nikov V,et al.Compact Implementations of Multi-Sbox Designs[C]//International Conference on Smart Card Research and Advanced Applications. Springer International Publishing,2015:273-285。

Claims (6)

1. a kind of method that many S boxes of the block cipher for resisting differential power attack are realized, it is characterised in that comprise the following steps:
Step one:A kind of block cipher is selected, multiple parallel S boxes are changed, n 4 × 4S boxes displacements are obtained, and it is right The displacement of 4 × 4S boxes carries out 0 to n-1 and numbered;
Step 2:S box computings are carried out, a random number are produced, and select the corresponding 4 × 4S boxes displacement of random number;
Step 3:Next random number is produced by random number more new algorithm, and selects 4 × 4S boxes corresponding with the random number to put Change;
Step 4:Repeat step three, if finding, 4 × 4S boxes corresponding to newly-generated random number replace chosen mistake, then By newly-generated random number, xor operation is carried out by turn, obtains 1 bit number;
Step 5:Selective discrimination function, reselects next 4 × 4S boxes displacement, if being still 4 × 4S boxes of chosen mistake Displacement, then continue executing with step 5, non-selected mistake and rebound step 3 before the 4 × 4S boxes displacement found is;
Step 6:Repeat step three is to step 5, until the displacement of all 4 × 4S boxes all selects the beam that finishes.
2. a kind of method that many S boxes of the block cipher for resisting differential power attack are realized, it is characterised in that the step one is specific Operating procedure is:
A, the S boxes of n independent parallel are converted into by the serial reusable S box frameworks S ' of a multidimensional by compression algorithm,
B, in S ' 4 × 4S boxes displacement be numbered, i.e.,
Wherein, mn-1Represent the input of (n-1)th 4 bit S boxes displacement, Sn-1(mn-1) represent what (n-1)th 4 bit S box was replaced Output, S ' represents the serial reusable S box frameworks of multidimensional.
3. the method that a kind of new many S boxes of the block cipher for resisting differential power attack according to claim 1 are realized, its It is characterised by, the step 2 comprises the following steps:
1) carry out before S box computings, produce a random number R1, i.e.,
R1=(r1,r2,…rg(n)) (2)
Wherein, 0≤R1≤ n-1, g (n) represent 2 system number of bits corresponding to the number n of actual participation computing 4 × 4S boxes;
2) R is passed through1Value select corresponding entrance S ' 4 × 4S boxes displacement, i.e., this is replaced intoWhereinRepresent 4 × 4S boxes The result of displacement.
4. the method that a kind of new many S boxes of the block cipher for resisting differential power attack according to claim 1 are realized, its It is characterised by, the step 3 concrete operations are:
By random number R1Xor operation is carried out with the output that the selected first 4 × 4S box for entering S ' is replaced, obtained result is made To select the random number R of next 4 × 4S boxes displacement2, i.e.,
5. the method that a kind of new many S boxes of the block cipher for resisting differential power attack according to claim 1 are realized, its It is characterised by, the step 4 comprises the following steps:
A) repeat step three, if finding newly-generated random number RiCorresponding 4 × 4S boxes replace chosen mistake, then perform Step b), until now newly-generated random number RiUntill corresponding 4 × 4S boxes replace not selected mistake;
B) by RiXor operation is carried out by turn, obtains Ri *, i.e.,
6. the method that a kind of new many S boxes of the block cipher for resisting differential power attack according to claim 1 are realized, Characterized in that, the concrete operations of the step 5 are:Select a distinguishing funotion f (Ri *)
If RiThe result R of xor operation is carried out by turni *During for " 0 ", then selection displacementRi *Then selected during for " 1 " DisplacementIf being still 4 × 4S boxes displacement of chosen mistake after selection, this step is continued executing with, until finding 4 × 4S boxes displacement be before non-selected mistake displacement.
CN201710150435.8A 2017-03-14 2017-03-14 Method for realizing multiple S boxes of block cipher for resisting differential power attack Active CN107204841B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710150435.8A CN107204841B (en) 2017-03-14 2017-03-14 Method for realizing multiple S boxes of block cipher for resisting differential power attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710150435.8A CN107204841B (en) 2017-03-14 2017-03-14 Method for realizing multiple S boxes of block cipher for resisting differential power attack

Publications (2)

Publication Number Publication Date
CN107204841A true CN107204841A (en) 2017-09-26
CN107204841B CN107204841B (en) 2020-01-07

Family

ID=59904891

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710150435.8A Active CN107204841B (en) 2017-03-14 2017-03-14 Method for realizing multiple S boxes of block cipher for resisting differential power attack

Country Status (1)

Country Link
CN (1) CN107204841B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107222304A (en) * 2017-06-06 2017-09-29 河南大学 A kind of circuit structure of the parallel S boxes of many bodies
CN108737067A (en) * 2018-04-04 2018-11-02 中国电子科技集团公司第三十研究所 A kind of dividing method based on S boxes
CN110336656A (en) * 2019-06-04 2019-10-15 湖北大学 Binomial APN function and its generation method in a kind of peculiar sign finite field
CN110401627A (en) * 2019-01-31 2019-11-01 中国科学院软件研究所 A kind of resisting differential fault attacks security assessment method and system suitable for block cipher protection against infection
CN111339577A (en) * 2020-02-12 2020-06-26 南京师范大学 Construction method of S box with excellent DPA resistance

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070140478A1 (en) * 2005-12-15 2007-06-21 Yuichi Komano Encryption apparatus and encryption method
CN101866401A (en) * 2010-05-17 2010-10-20 武汉大学 Method for resisting side channel attacks by evolutive S boxes
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN103795527A (en) * 2014-03-03 2014-05-14 重庆大学 Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
CN104410490A (en) * 2014-12-16 2015-03-11 桂林电子科技大学 Method for protecting cryptographic S-box (substitution-box) through nonlinear extrusion

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070140478A1 (en) * 2005-12-15 2007-06-21 Yuichi Komano Encryption apparatus and encryption method
CN101866401A (en) * 2010-05-17 2010-10-20 武汉大学 Method for resisting side channel attacks by evolutive S boxes
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN103795527A (en) * 2014-03-03 2014-05-14 重庆大学 Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
CN104410490A (en) * 2014-12-16 2015-03-11 桂林电子科技大学 Method for protecting cryptographic S-box (substitution-box) through nonlinear extrusion

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BODHISATWA MAZUMDAR ; DEBDEEP MUKHOPADHYAY ; INDRANIL SENGUPTA: "Design for Security of Block Cipher S-Boxes to Resist Differential Power Attacks", 《2012 25TH INTERNATIONAL CONFERENCE ON VLSI DESIGN》 *
张帅伟,杨晓元,钟卫东,魏悦川: "一种针对分组密码S盒的组合侧信道攻击方法", 《计算机应用研究》 *
李浪: "分组密码芯片功耗攻击与防御问题研究", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107222304A (en) * 2017-06-06 2017-09-29 河南大学 A kind of circuit structure of the parallel S boxes of many bodies
CN108737067A (en) * 2018-04-04 2018-11-02 中国电子科技集团公司第三十研究所 A kind of dividing method based on S boxes
CN110401627A (en) * 2019-01-31 2019-11-01 中国科学院软件研究所 A kind of resisting differential fault attacks security assessment method and system suitable for block cipher protection against infection
CN110401627B (en) * 2019-01-31 2020-07-10 中国科学院软件研究所 Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection
CN110336656A (en) * 2019-06-04 2019-10-15 湖北大学 Binomial APN function and its generation method in a kind of peculiar sign finite field
CN111339577A (en) * 2020-02-12 2020-06-26 南京师范大学 Construction method of S box with excellent DPA resistance

Also Published As

Publication number Publication date
CN107204841B (en) 2020-01-07

Similar Documents

Publication Publication Date Title
CN107204841A (en) A kind of method that many S boxes of the block cipher for resisting differential power attack are realized
US9628265B2 (en) Encryption processing device and method capable of defending differential power analysis attack
CN103457719A (en) Side channel energy analysis method for SM3 cryptographic algorithm HMAC mode
CN103795527A (en) Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
CN104301095A (en) DES round operation method and circuit
CN102571331A (en) Cryptographic algorithm realization protecting method used for defending energy analysis attacks
CN105871536A (en) AES-algorithm-oriented power analysis attack resistant method based on random time delay
CN104639312B (en) A kind of method and device of the anti-Attacks of DES algorithms
CN102970132A (en) Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm
CN104410490B (en) The method of non-linear extruding protection password S boxes
Wang et al. Exploration of benes network in cryptographic processors: A random infection countermeasure for block ciphers against fault attacks
CN103916236A (en) Power attack prevention method oriented at AES algorithm and circuit achieving method thereof
CN104052595B (en) Cryptographic algorithm customizing method
Hu et al. An effective differential power attack method for advanced encryption standard
CN102970131A (en) Circuit structure for preventing power attacks on grouping algorithm
CN109347621B (en) Random delay S-box-based high-speed AES encryption circuit capable of defending collision attack
CN103636159B (en) Method for generating a random output bit sequence
CN108650072A (en) It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method
CN109936437B (en) power consumption attack resisting method based on d +1 order mask
CN103546277B (en) The DPA of a kind of smart card SM4 algorithm attacks and key recovery method and system
Tang et al. Toward reverse engineering on secret S-boxes in block ciphers
CN113438067A (en) Side channel attack method for compressed key guessing space
Chen et al. An Improved DPA Attack on DES with Forth and Back Random Round Algorithm.
Jahanbani et al. CPA on hardware implementation of COLM authenticated cipher and protect it with DOM masking scheme
CN106161004B (en) A kind of the side channel energy analysis method and device of HMAC-SM3 cryptographic algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant