CN107204841B - Method for realizing multiple S boxes of block cipher for resisting differential power attack - Google Patents

Method for realizing multiple S boxes of block cipher for resisting differential power attack Download PDF

Info

Publication number
CN107204841B
CN107204841B CN201710150435.8A CN201710150435A CN107204841B CN 107204841 B CN107204841 B CN 107204841B CN 201710150435 A CN201710150435 A CN 201710150435A CN 107204841 B CN107204841 B CN 107204841B
Authority
CN
China
Prior art keywords
box
permutation
random number
boxes
bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710150435.8A
Other languages
Chinese (zh)
Other versions
CN107204841A (en
Inventor
杨晓元
张帅伟
张敏情
钟卫东
韩益亮
周潭平
张卓
杨海滨
薛帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Engineering University of Chinese Peoples Armed Police Force
Original Assignee
Engineering University of Chinese Peoples Armed Police Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Engineering University of Chinese Peoples Armed Police Force filed Critical Engineering University of Chinese Peoples Armed Police Force
Priority to CN201710150435.8A priority Critical patent/CN107204841B/en
Publication of CN107204841A publication Critical patent/CN107204841A/en
Application granted granted Critical
Publication of CN107204841B publication Critical patent/CN107204841B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]

Abstract

The invention relates to a method for realizing a block cipher multi-S-box for resisting differential power consumption attack, which comprises the steps of firstly converting a plurality of parallel S-boxes to obtain 4 multiplied by 4S-box replacement, numbering the 4 multiplied by 4S-box replacement, and then carrying out block cipher multi-S-box random input technology on all the 4 multiplied by 4S-box replacement, so that an attacker suffering from differential power consumption attack cannot align curves according to a related statistical difference method after acquiring a power consumption curve, thereby causing the failure of differential power consumption attack and improving the safety of block cipher realization; the attack difficulty of differential power attack in data processing is greatly improved; in the aspect of speed, because the scheme converts the original parallel S boxes into the multi-dimensional serial reusable S box framework, a pipeline method can be adopted, so that the speed is reduced by 30% compared with the original scheme.

Description

Method for realizing multiple S boxes of block cipher for resisting differential power attack
Technical Field
The invention relates to the technical field of side channel attack and defense theory in an information security system, in particular to a method for realizing a block cipher multi-S-box for resisting differential power attack.
Background
The differential power attack is a physical attack aiming at a cryptographic chip, which is firstly proposed by an American expert Paul Kocher in 1999, and the scheme firstly collects the power consumption generated when the chip runs a block cryptographic algorithm and then recovers a key by using a statistical differential method by utilizing the correlation between the power consumption and key data. Due to the advantages of high realization efficiency, high cost and low cost, great threats and challenges are brought to the safety of the information security system, and the related theories of the information security system are developed for nearly two decades and are still hot spots of specialized research.
With the maturity of the differential power attack theory, a plurality of defense schemes are generated. Two of the two are popular, the first is a random mask technology, which is to insert a proper random number into a cryptographic algorithm, and perform random exclusive or operation on target key data attacked by differential power consumption while not changing an encryption and decryption result, so that power consumption corresponding to the key data is changed, and a purpose of protecting a key is achieved; the second is to introduce a noise technology, which is to artificially add noise into a cryptographic algorithm circuit, so that an attacker can reduce the efficiency of differential power attack and even can not recover a key, thereby achieving the purpose of protecting the key.
However, the two technologies have a common disadvantage of significantly increasing the resources consumed by hardware or reducing the operation speed, which also severely restricts the development of the security chip. Because the S-box is the only nonlinear component in the block cipher, the resource consumed in the implementation of the S-box accounts for 50% -70% of the total resource, and meanwhile, because the nonlinearity of the S-box is also the reason for leaking sensitive information in the power consumption attack, how to implement effective protection for the S-box is the key point for researching and defending against the differential power consumption attack in recent years.
Disclosure of Invention
The invention aims to provide a method for realizing a plurality of S boxes of a block cipher for resisting differential power consumption attack so as to improve the effective protection of the S boxes.
Therefore, the invention provides a method for realizing a plurality of S boxes of block ciphers for resisting differential power consumption attack, which is characterized by comprising the following steps:
the method comprises the following steps: selecting a block cipher algorithm, converting a plurality of parallel S boxes to obtain n 4 multiplied by 4S box permutations, and numbering the 4 multiplied by 4S box permutations from 0 to n-1;
the specific operation steps are as follows:
A. n independent parallel S boxes are converted into a multi-dimensional serial reusable S box framework S' through a compression algorithm,
B. numbering the 4X 4S box permutations in S', i.e.
Figure GDA0002238502490000021
Wherein m isn-1Represents the input of the n-1 th 4-bit S-box permutation, Sn-1(mn-1) Represents the output of the n-1 th 4-bit S-box permutation, and S' represents the multi-dimensional serial reusable S-box framework.
Step two: performing S-box operation to generate a random number, and selecting 4 multiplied by 4S-box displacement corresponding to the random number;
the specific operation steps are as follows:
1) before the circuit performs S-box operation, a random number R is generated1I.e. by
R1=(r1,r2,…rg(n)) (2)
Wherein R is more than or equal to 01N-1 is not more than n, g (n) represents the 2-system bit number corresponding to the number n of the 4 multiplied by 4S boxes which actually participate in the operation;
2) by R1Is selected to correspond to a substitution of the 4 x 4S box into S', i.e. the substitution is
Figure GDA0002238502490000031
Wherein
Figure GDA0002238502490000032
Shows the results of 4 × 4S box permutation.
Step three: generating a next random number through a random number updating algorithm, and selecting a 4 multiplied by 4S box corresponding to the random number for replacement;
namely: random number R1Exclusive OR 'ed with the output of the selected first 4 x 4S box permutation into S', the result being taken as the random number R selecting the next 4 x 4S box permutation2I.e. by
Step four: repeating the third step, if the 4 × 4S box permutation corresponding to the newly generated random number is selected, performing exclusive or operation on the newly generated random number bit by bit to obtain a bit number of 1;
the specific operation steps are as follows:
a) repeating the third step, if newly generated random number R is foundiThe corresponding 4 x 4S box permutation has been selected, step b) is performed until the now newly generated random number RiUntil the corresponding 4 × 4S cassette replacement is not selected;
b) r is to beiCarrying out XOR operation bit by bit to obtain Ri *I.e. by
Figure GDA0002238502490000034
Step five: selecting a distinguishing function, reselecting the next 4 × 4S box permutation, if the next 4 × 4S box permutation is still the selected 4 × 4S box permutation, continuing to execute the step five until the found 4 × 4S box permutation is the previously unselected one, and jumping back to the step three;
the specific operation is as follows: selecting a discriminating function f (R)i *)
Figure GDA0002238502490000035
If R isiResult R of bitwise XOR operationi *If "0", then the permutation is selected
Figure GDA0002238502490000036
Ri *If "1", then the permutation is selected
Figure GDA0002238502490000041
If the selected 4 × 4S box permutation is still selected, the present step is continued until the found 4 × 4S box permutation is a permutation that has not been selected before.
Step six: and repeating the third step to the fifth step until all 4 multiplied by 4S box replacements are completely selected.
The invention has the beneficial effects that: the method for realizing the block cipher multi-S-box for resisting the differential power consumption attack occupies basically the same resources as the method for resisting the differential power consumption attack in the prior art, only 3 percent of total resources are increased in consumed resources, but only one random number of g (n) bits is adopted, compared with other mask schemes, the random number is greatly reduced, and the attack difficulty of the differential power consumption attack in data processing is greatly improved; due to the differentiating function f (R)i *) Due to the randomness of the method, the lengths of the power consumption curves of the key data of the S box obtained by an attacker every time are different, so that the difficulty of aligning the power consumption data in the later period of the DPA is greatly improved.
The present invention will be described in further detail below with reference to the accompanying drawings.
Drawings
Fig. 1 is a flowchart of a calculation process of a block cipher multi-S-box implementation method for resisting differential power consumption attack.
FIG. 2 is a schematic diagram of a multi-dimensional serial reusable S-box framework S'.
Fig. 3 illustrates registers corresponding to Sbox.
Fig. 4Reg internal structure.
Fig. 5 flip-flop internal structure.
Detailed Description
To further explain the technical means and effects of the present invention adopted to achieve the intended purpose, the following detailed description of the embodiments, structural features and effects of the present invention will be made with reference to the accompanying drawings and examples.
Example 1
In order to improve the effective protection of the S box, the invention provides a method for realizing the multi-S box of the block cipher for resisting the differential power consumption attack as shown in figure 1, and a pipeline technology is utilized, and a three-stage register is added in the middle of a multi-dimensional serial reusable S box frame, so that the speed of the cipher operation is not reduced too much compared with the original scheme, and the efficiency is improved.
By using the multi-S-box randomized input technology of the block cipher, an attacker of differential power consumption attack cannot align the curves according to a related statistical difference method after acquiring the power consumption curves, so that the differential power consumption attack fails, and the safety of realizing the block cipher is improved.
The specific scheme comprises the following steps:
the method comprises the following steps: selecting a block cipher algorithm, converting a plurality of parallel S boxes to obtain 4 × 4S box permutation, and numbering the 4 × 4S box permutation from 0 to n-1 (where, according to the Nikova theory, when the input bit number n ≧ 4, such permutation has security, and we note that in the current cipher scheme, the smallest S box is also 4 × 4 in scale, so this scheme assumes that the smallest permutation in the generated S box frame is 4 × 4 is logical);
the specific operation steps are as follows:
A. n independent parallel S boxes are converted into a multi-dimensional serial reusable S box framework S' through a compression algorithm,
B. numbering the 4X 4S box permutations in S', i.e.
Figure GDA0002238502490000051
Wherein m isn-1Represents the input of the n-1 th 4-bit S-box permutation, Sn-1(mn-1) Representing the output of the n-1 th 4-bit S-box permutation, S' representing the multi-dimensional serial multiplexingS-box frame.
Step two: the circuit carries out S box operation to generate a random number, the value range of the random number is in the number range of 4 multiplied by 4S box replacement, and 4 multiplied by 4S box replacement corresponding to the random number is selected;
the specific operation steps are as follows:
1) before the circuit performs S-box operation, a random number R is generated1I.e. by
R1=(r1,r2,…rg(n)) (2)
Wherein R is more than or equal to 01N-1 is not more than n, g (n) represents the 2-system bit number corresponding to the number n of the 4 multiplied by 4S boxes which actually participate in the operation;
2) by R1Is selected to correspond to a substitution of the 4 x 4S box into S', i.e. the substitution is
Figure GDA0002238502490000061
Wherein
Figure GDA0002238502490000062
Shows the results of 4 × 4S box permutation.
Step three: generating a next random number through a random number updating algorithm, and selecting a 4 multiplied by 4S box corresponding to the random number for replacement;
namely: random number R1Exclusive OR 'ed with the output of the selected first 4 x 4S box permutation into S', the result being taken as the random number R selecting the next 4 x 4S box permutation2I.e. by
Figure GDA0002238502490000063
Step four: repeating the third step, if the 4 × 4S box permutation corresponding to the newly generated random number is selected, performing exclusive or operation on the newly generated random number bit by bit to obtain a bit number of 1;
the specific operation steps are as follows:
a) repeating the third step, if newly generated random number R is foundiThe corresponding 4 x 4S box permutation has already been selected, thenStep b) is executed until the newly generated random number R is presentiUntil the corresponding 4 × 4S cassette replacement is not selected;
b) r is to beiCarrying out XOR operation bit by bit to obtain Ri *I.e. by
Figure GDA0002238502490000064
Step five: selecting a distinguishing function, reselecting the next 4 × 4S box permutation, if the next 4 × 4S box permutation is still the selected 4 × 4S box permutation, continuing to execute the step five until the found 4 × 4S box permutation is the previously unselected one, and jumping back to the step three;
the specific operation is as follows: selecting a discriminating function f (R)i *)
Figure GDA0002238502490000071
If R isiResult R of bitwise XOR operationi *If "0", then the permutation is selectedRi *If "1", then the permutation is selected
Figure GDA0002238502490000073
If the selected 4 × 4S box permutation is still selected, the present step is continued until the found 4 × 4S box permutation is a permutation that has not been selected before.
Step six: and repeating the third step to the fifth step until all 4 multiplied by 4S box replacements are completely selected.
The method for realizing the block cipher multi-S-box for resisting the differential power consumption attack has the following advantages:
(1) the scheme only adopts a random number of g (n) bits, is greatly reduced compared with other mask schemes,
(2) due to the differentiating function f (R)i *) Such that an attacker obtains S-box key data each timeThe power consumption curves are different in length, so that the difficulty of aligning the power consumption data in the later period of the DPA is greatly improved.
(3) In the aspect of resources, no matter the scheme is realized based on a lookup table or a logic gate, compared with the original implementation scheme, the resource consumption is not increased greatly.
(4) In the aspect of speed, because the original parallel S boxes are converted into the serial S boxes by the scheme, a PIPELINE method can be adopted, so that the speed is not reduced too much compared with the original scheme.
Example 2
The present invention will be described in further detail by taking the block cipher algorithm DES as an example.
Although we know that the DES algorithm for 56bit keys proves insecure in many applications. But Triple-DES is still known to have wide application in the field of electronic payments, since it has a key of 112bits and is therefore proven to be secure.
The DES algorithm is a symmetric cryptosystem in cryptosystems, which is also called as the american data encryption standard, and is a symmetric cryptosystem encryption algorithm developed by IBM corporation of america in 1972. The plaintext is grouped according to 64 bits, the key length is 64 bits, the key is actually 56 bits and participates in DES operation (8 th, 16 th, 24 th, 32 th, 40 th, 48 th, 56 th and 64 th bits are check bits, so that each key has an odd number of 1), and the plaintext group after grouping and the 56-bit key form an encryption method of a ciphertext group by a bit substitution or exchange method.
According to the content of the DES algorithm, the S-boxes are composed of 8S-boxes of 6 × 4 in parallel, and the 1 st and 6 th bits of the 6-bit input in each S-box are used to determine which of the 4 × 4 permutations the 4-bit input composed of the 2 nd bit to the 5 th bit enters. Thus, in practice 8 6 × 4S boxes are made up of 32 4 × 4S boxes. The DES algorithm S box is realized according to the flow in the scheme, and the specific steps are as follows:
1. 8S boxes of 6 × 4 in the DES algorithm are converted into 32S boxes of 4 × 4, n independent parallel S boxes are converted into a multi-dimensional serial reusable S box framework S' by a compression algorithm by using the multiplexing idea of Bilgin, and the converted logic diagram is shown in FIG. 2, wherein GK, GL,F,Aij,Bij,CijFor known permutations, specific permutation references [1]。
2. Since there are 8 4 × 4S boxes actually participating in the DES algorithm S box operation, so n is 8, then g (n) is 3. To meet the subsequent algorithm requirements, we make a correction to g (n).
Let g (n)' (g (n) +1 ═ 4, so the random number R is generated1=(r1,r2,…rg(n)′)=(r1,r2,r3,r4),0≤R1≤15。
3. Let R1′=(r2,r3,r4) Through R1The value of 'selects the first 4X 4S box substitution into S', i.e. the substitution is
Figure GDA0002238502490000081
4. Random number R1Exclusive or 'ing with the output of the selected first 4 x 4S box permutation into S' the result of which is taken as the random number to select the next 4 x 4S box permutation.
5. Repeating the steps 3 and 4, and if newly generated random number R is foundiThe corresponding 4 x 4S box permutation has already been selected, then step 6 is performed.
6. R is to beiCarrying out XOR operation bit by bit to obtain Ri *. Namely, it is
Figure GDA0002238502490000092
7. Selecting a discriminating function f (R)i *)
Figure GDA0002238502490000093
If R isiKnot with bitwise XOR operationFruit Ri *If "0", then the permutation is selected
Figure GDA0002238502490000094
If "1", then the permutation is selected
Figure GDA0002238502490000095
If the selected 4 × 4S box permutation is still selected, the present step is continued until the found 4 × 4S box permutation is the permutation which has not been selected before and jumps back to step 3.
8. The steps are repeated until all 8 4 × 4S box permutations are selected and the multidimensional serial reusable S box frame is entered.
Finally, the safety of the scheme of the invention is explained.
Safety analysis of the scheme
Theory of power consumption analysis
The DPA power consumption attack targets at the output of a register corresponding to an S-box in a cryptographic algorithm circuit, for example, 4 × 4Sbox, as shown in a specific circuit diagram, and the power region in fig. 3 is an area where an attacker wants to collect power consumption.
The region is composed of 4 registers with 1bit, each reg corresponds to the output of Sbox of one bit, and the internal structure of the reg is shown in FIG. 4.
One of regs is composed of a small number of control devices and a D flip-flop, which is composed of 6 nand gates as shown in fig. 5.
Therefore, when the input D generates a transition, the CMOS transistors inside about 8 and gates, 1 or gate and one not gate generate instantaneous dynamic power consumption, and an attacker can attack the device with DPA according to the collected power consumption.
The scheme adopts the technology of random input of 4 multiplied by 4S boxes, so that in a multidimensional serial reusable S box frame, the correct key can be recovered only when the key and the random number are guessed at the same time. The possibility of guessing the key data and power consumption values corresponding to the key and random numbers is shown in table 1.
Guessing a key Guessing random numbers Key data Value of power consumption
Possibility 1 Correction of Correction of Can determine Can determine
Possibility 2 Correction of Error(s) in Random Random
Possibility 3 Error(s) in Correction of Random Random
Possibility 4 Error(s) in Error(s) in Random Random
TABLE 1
The probability of the attacker recovering the key is then calculated. The probability of guessing a set of keys is: 1/16, guessing the probability of a 4 × 4S box: 1/8, in the differential power attack, the attacker chooses n sets of plaintext.
The probability of analyzing the key corresponding to the ith group of 4X 4S boxes is not more than (1/2)3(n+4)
Since the value of n is generally between 1000 and 2000 in the differential power attack, it can be seen that it is only possible for an attacker to confirm the correct key when guessing the key and the random number at the same time. However, in the later data processing, since the present invention uses the distinguishing function f (R)i *) It is also very difficult for an attacker to align all target curves.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.

Claims (2)

1. A method for realizing a plurality of S boxes of block ciphers for resisting differential power consumption attack is characterized by comprising the following steps:
the method comprises the following steps: selecting a block cipher algorithm, converting a plurality of parallel S boxes to obtain n 4 multiplied by 4S box permutations, and numbering the 4 multiplied by 4S box permutations from 0 to n-1;
step two: performing S-box operation to generate a random number, and selecting 4 multiplied by 4S-box displacement corresponding to the random number;
step three: generating a next random number through a random number updating algorithm, and selecting a 4 multiplied by 4S box corresponding to the random number for replacement;
step four: repeating the third step, if the 4 × 4S box permutation corresponding to the newly generated random number is selected, performing exclusive or operation on the newly generated random number bit by bit to obtain a bit number of 1;
step five: selecting a distinguishing function, reselecting the next 4 × 4S box permutation, if the next 4 × 4S box permutation is still the selected 4 × 4S box permutation, continuing to execute the step five until the found 4 × 4S box permutation is the previously unselected one, and jumping back to the step three;
step six: repeating the third step to the fifth step until all 4 multiplied by 4S boxes are completely replaced and selected;
the second step comprises the following steps:
1) before S-box operation, a random number R is generated1I.e. by
R1=(r1,r2,…rg(n)) (2)
Wherein R is more than or equal to 01N-1 is not more than n, g (n) represents the 2-system bit number corresponding to the number n of the 4 multiplied by 4S boxes which actually participate in the operation;
2) by R1Is selected to correspond to a substitution of the 4 x 4S box into S', i.e. the substitution is
Figure FDA0002189468390000021
Wherein
Figure FDA0002189468390000022
Represents the results of 4 × 4S box substitution;
the third step is specifically operated as follows:
random number R1Exclusive OR 'ed with the output of the selected first 4 x 4S box permutation into S', the result being taken as the random number R selecting the next 4 x 4S box permutation2I.e. by
The fourth step comprises the following steps:
a) repeating the third step, if newly generated random number R is foundiThe corresponding 4 x 4S box permutation has already been selected, step b) is performed until the newly generated one nowRandom number RiUntil the corresponding 4 × 4S cassette replacement is not selected;
b) r is to beiCarrying out XOR operation bit by bit to obtain Ri *I.e. by
Figure FDA0002189468390000024
The concrete operation of the step five is as follows: selecting a discriminating function f (R)i *)
Figure FDA0002189468390000025
If R isiResult R of bitwise XOR operationi *If "0", then the permutation is selected
Figure FDA0002189468390000026
Ri *If "1", then the permutation is selectedIf the selected 4 × 4S box permutation is still selected, the present step is continued until the found 4 × 4S box permutation is a permutation that has not been selected before.
2. The method for implementing a block cipher multiple S-boxes for defending against differential power consumption attacks according to claim 1, wherein the step one specific operation step is as follows:
A. n independent parallel S boxes are converted into a multi-dimensional serial reusable S box framework S' through a compression algorithm,
B. numbering the 4X 4S box permutations in S', i.e.
Figure FDA0002189468390000031
Wherein m isn-1Represents the input of the n-1 th 4-bit S-box permutation, Sn-1(mn-1) Represents the output of the n-1 th 4-bit S-box permutation, and S' represents the multi-dimensional serial reusable S-box framework.
CN201710150435.8A 2017-03-14 2017-03-14 Method for realizing multiple S boxes of block cipher for resisting differential power attack Active CN107204841B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710150435.8A CN107204841B (en) 2017-03-14 2017-03-14 Method for realizing multiple S boxes of block cipher for resisting differential power attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710150435.8A CN107204841B (en) 2017-03-14 2017-03-14 Method for realizing multiple S boxes of block cipher for resisting differential power attack

Publications (2)

Publication Number Publication Date
CN107204841A CN107204841A (en) 2017-09-26
CN107204841B true CN107204841B (en) 2020-01-07

Family

ID=59904891

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710150435.8A Active CN107204841B (en) 2017-03-14 2017-03-14 Method for realizing multiple S boxes of block cipher for resisting differential power attack

Country Status (1)

Country Link
CN (1) CN107204841B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107222304B (en) * 2017-06-06 2020-06-26 河南大学 Circuit structure of multi-body parallel S box
CN108737067B (en) * 2018-04-04 2021-04-27 中国电子科技集团公司第三十研究所 Segmentation method based on S box
CN110401627B (en) * 2019-01-31 2020-07-10 中国科学院软件研究所 Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection
CN110336656A (en) * 2019-06-04 2019-10-15 湖北大学 Binomial APN function and its generation method in a kind of peculiar sign finite field
CN111339577B (en) * 2020-02-12 2022-06-07 南京师范大学 Construction method of S box with excellent DPA resistance

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101866401A (en) * 2010-05-17 2010-10-20 武汉大学 Method for resisting side channel attacks by evolutive S boxes
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN103795527A (en) * 2014-03-03 2014-05-14 重庆大学 Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
CN104410490A (en) * 2014-12-16 2015-03-11 桂林电子科技大学 Method for protecting cryptographic S-box (substitution-box) through nonlinear extrusion

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007189659A (en) * 2005-12-15 2007-07-26 Toshiba Corp Encryption device, encryption method, and encryption program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101866401A (en) * 2010-05-17 2010-10-20 武汉大学 Method for resisting side channel attacks by evolutive S boxes
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN103795527A (en) * 2014-03-03 2014-05-14 重庆大学 Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
CN104410490A (en) * 2014-12-16 2015-03-11 桂林电子科技大学 Method for protecting cryptographic S-box (substitution-box) through nonlinear extrusion

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Bodhisatwa Mazumdar;Debdeep Mukhopadhyay;Indranil Sengupta.Design for Security of Block Cipher S-Boxes to Resist Differential Power Attacks.《2012 25th International Conference on VLSI Design》.2012,第113-118页. *
一种针对分组密码S盒的组合侧信道攻击方法;张帅伟,杨晓元,钟卫东,魏悦川;《计算机应用研究》;20160228;第33卷(第2期);第498-501页 *
分组密码芯片功耗攻击与防御问题研究;李浪;《中国博士学位论文全文数据库 信息科技辑》;20130715(第7期);第I138-5页 *

Also Published As

Publication number Publication date
CN107204841A (en) 2017-09-26

Similar Documents

Publication Publication Date Title
CN107204841B (en) Method for realizing multiple S boxes of block cipher for resisting differential power attack
Kumar et al. Development of modified AES algorithm for data security
US10050778B2 (en) Method and apparatus for efficiently implementing the advanced encryption standard
JP5229315B2 (en) Encryption device and built-in device equipped with a common key encryption function
EP2316189B1 (en) Method for generating a cipher-based message authentication code
CN107147487B (en) Symmetric key random block cipher
CN104301095A (en) DES round operation method and circuit
Amorado et al. Enhanced data encryption standard (DES) algorithm based on filtering and striding techniques
Hu et al. An effective differential power attack method for advanced encryption standard
KR101506499B1 (en) Method for encrypting with SEED applying mask
CN109936437B (en) power consumption attack resisting method based on d +1 order mask
KR100411684B1 (en) Method for the cryptographic conversion of binary data blocks
Gupta et al. Correlation power analysis of KASUMI and power resilience analysis of some equivalence classes of KASUMI S-boxes
CN109818732B (en) Dynamic path S box and AES encryption circuit capable of defending power consumption attack
CN110059492B (en) AES encryption circuit capable of detecting errors based on double-path complementary structure
CN113949500A (en) Attack method aiming at SM4 second-order energy analysis
CN112543094B (en) DES mask anti-side channel attack realization method based on multiple random numbers
Gauravaram et al. Side channel analysis of some hash based MACs: a response to SHA-3 requirements
CN114244495B (en) AES encryption circuit based on random mask infection mechanism
JP5500277B2 (en) Encryption device and built-in device equipped with a common key encryption function
Zhang et al. Research on improvement of des encryption algorithm
CN113691363B (en) AES & SM4 reconfigurable mask S box hardware circuit
Bai et al. Securing SMS4 cipher against differential power analysis and its VLSI implementation
Wei et al. An effective differential fault analysis on the Serpent cryptosystem in the Internet of Things
James et al. An Optimized Parallel Mix column and Sub bytes’ design in Lightweight Advanced Encryption Standard

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant