CN107204841B - Method for realizing multiple S boxes of block cipher for resisting differential power attack - Google Patents
Method for realizing multiple S boxes of block cipher for resisting differential power attack Download PDFInfo
- Publication number
- CN107204841B CN107204841B CN201710150435.8A CN201710150435A CN107204841B CN 107204841 B CN107204841 B CN 107204841B CN 201710150435 A CN201710150435 A CN 201710150435A CN 107204841 B CN107204841 B CN 107204841B
- Authority
- CN
- China
- Prior art keywords
- box
- permutation
- random number
- boxes
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
Abstract
The invention relates to a method for realizing a block cipher multi-S-box for resisting differential power consumption attack, which comprises the steps of firstly converting a plurality of parallel S-boxes to obtain 4 multiplied by 4S-box replacement, numbering the 4 multiplied by 4S-box replacement, and then carrying out block cipher multi-S-box random input technology on all the 4 multiplied by 4S-box replacement, so that an attacker suffering from differential power consumption attack cannot align curves according to a related statistical difference method after acquiring a power consumption curve, thereby causing the failure of differential power consumption attack and improving the safety of block cipher realization; the attack difficulty of differential power attack in data processing is greatly improved; in the aspect of speed, because the scheme converts the original parallel S boxes into the multi-dimensional serial reusable S box framework, a pipeline method can be adopted, so that the speed is reduced by 30% compared with the original scheme.
Description
Technical Field
The invention relates to the technical field of side channel attack and defense theory in an information security system, in particular to a method for realizing a block cipher multi-S-box for resisting differential power attack.
Background
The differential power attack is a physical attack aiming at a cryptographic chip, which is firstly proposed by an American expert Paul Kocher in 1999, and the scheme firstly collects the power consumption generated when the chip runs a block cryptographic algorithm and then recovers a key by using a statistical differential method by utilizing the correlation between the power consumption and key data. Due to the advantages of high realization efficiency, high cost and low cost, great threats and challenges are brought to the safety of the information security system, and the related theories of the information security system are developed for nearly two decades and are still hot spots of specialized research.
With the maturity of the differential power attack theory, a plurality of defense schemes are generated. Two of the two are popular, the first is a random mask technology, which is to insert a proper random number into a cryptographic algorithm, and perform random exclusive or operation on target key data attacked by differential power consumption while not changing an encryption and decryption result, so that power consumption corresponding to the key data is changed, and a purpose of protecting a key is achieved; the second is to introduce a noise technology, which is to artificially add noise into a cryptographic algorithm circuit, so that an attacker can reduce the efficiency of differential power attack and even can not recover a key, thereby achieving the purpose of protecting the key.
However, the two technologies have a common disadvantage of significantly increasing the resources consumed by hardware or reducing the operation speed, which also severely restricts the development of the security chip. Because the S-box is the only nonlinear component in the block cipher, the resource consumed in the implementation of the S-box accounts for 50% -70% of the total resource, and meanwhile, because the nonlinearity of the S-box is also the reason for leaking sensitive information in the power consumption attack, how to implement effective protection for the S-box is the key point for researching and defending against the differential power consumption attack in recent years.
Disclosure of Invention
The invention aims to provide a method for realizing a plurality of S boxes of a block cipher for resisting differential power consumption attack so as to improve the effective protection of the S boxes.
Therefore, the invention provides a method for realizing a plurality of S boxes of block ciphers for resisting differential power consumption attack, which is characterized by comprising the following steps:
the method comprises the following steps: selecting a block cipher algorithm, converting a plurality of parallel S boxes to obtain n 4 multiplied by 4S box permutations, and numbering the 4 multiplied by 4S box permutations from 0 to n-1;
the specific operation steps are as follows:
A. n independent parallel S boxes are converted into a multi-dimensional serial reusable S box framework S' through a compression algorithm,
B. numbering the 4X 4S box permutations in S', i.e.
Wherein m isn-1Represents the input of the n-1 th 4-bit S-box permutation, Sn-1(mn-1) Represents the output of the n-1 th 4-bit S-box permutation, and S' represents the multi-dimensional serial reusable S-box framework.
Step two: performing S-box operation to generate a random number, and selecting 4 multiplied by 4S-box displacement corresponding to the random number;
the specific operation steps are as follows:
1) before the circuit performs S-box operation, a random number R is generated1I.e. by
R1=(r1,r2,…rg(n)) (2)
Wherein R is more than or equal to 01N-1 is not more than n, g (n) represents the 2-system bit number corresponding to the number n of the 4 multiplied by 4S boxes which actually participate in the operation;
2) by R1Is selected to correspond to a substitution of the 4 x 4S box into S', i.e. the substitution isWhereinShows the results of 4 × 4S box permutation.
Step three: generating a next random number through a random number updating algorithm, and selecting a 4 multiplied by 4S box corresponding to the random number for replacement;
namely: random number R1Exclusive OR 'ed with the output of the selected first 4 x 4S box permutation into S', the result being taken as the random number R selecting the next 4 x 4S box permutation2I.e. by
Step four: repeating the third step, if the 4 × 4S box permutation corresponding to the newly generated random number is selected, performing exclusive or operation on the newly generated random number bit by bit to obtain a bit number of 1;
the specific operation steps are as follows:
a) repeating the third step, if newly generated random number R is foundiThe corresponding 4 x 4S box permutation has been selected, step b) is performed until the now newly generated random number RiUntil the corresponding 4 × 4S cassette replacement is not selected;
b) r is to beiCarrying out XOR operation bit by bit to obtain Ri *I.e. by
Step five: selecting a distinguishing function, reselecting the next 4 × 4S box permutation, if the next 4 × 4S box permutation is still the selected 4 × 4S box permutation, continuing to execute the step five until the found 4 × 4S box permutation is the previously unselected one, and jumping back to the step three;
the specific operation is as follows: selecting a discriminating function f (R)i *)
If R isiResult R of bitwise XOR operationi *If "0", then the permutation is selectedRi *If "1", then the permutation is selectedIf the selected 4 × 4S box permutation is still selected, the present step is continued until the found 4 × 4S box permutation is a permutation that has not been selected before.
Step six: and repeating the third step to the fifth step until all 4 multiplied by 4S box replacements are completely selected.
The invention has the beneficial effects that: the method for realizing the block cipher multi-S-box for resisting the differential power consumption attack occupies basically the same resources as the method for resisting the differential power consumption attack in the prior art, only 3 percent of total resources are increased in consumed resources, but only one random number of g (n) bits is adopted, compared with other mask schemes, the random number is greatly reduced, and the attack difficulty of the differential power consumption attack in data processing is greatly improved; due to the differentiating function f (R)i *) Due to the randomness of the method, the lengths of the power consumption curves of the key data of the S box obtained by an attacker every time are different, so that the difficulty of aligning the power consumption data in the later period of the DPA is greatly improved.
The present invention will be described in further detail below with reference to the accompanying drawings.
Drawings
Fig. 1 is a flowchart of a calculation process of a block cipher multi-S-box implementation method for resisting differential power consumption attack.
FIG. 2 is a schematic diagram of a multi-dimensional serial reusable S-box framework S'.
Fig. 3 illustrates registers corresponding to Sbox.
Fig. 4Reg internal structure.
Fig. 5 flip-flop internal structure.
Detailed Description
To further explain the technical means and effects of the present invention adopted to achieve the intended purpose, the following detailed description of the embodiments, structural features and effects of the present invention will be made with reference to the accompanying drawings and examples.
Example 1
In order to improve the effective protection of the S box, the invention provides a method for realizing the multi-S box of the block cipher for resisting the differential power consumption attack as shown in figure 1, and a pipeline technology is utilized, and a three-stage register is added in the middle of a multi-dimensional serial reusable S box frame, so that the speed of the cipher operation is not reduced too much compared with the original scheme, and the efficiency is improved.
By using the multi-S-box randomized input technology of the block cipher, an attacker of differential power consumption attack cannot align the curves according to a related statistical difference method after acquiring the power consumption curves, so that the differential power consumption attack fails, and the safety of realizing the block cipher is improved.
The specific scheme comprises the following steps:
the method comprises the following steps: selecting a block cipher algorithm, converting a plurality of parallel S boxes to obtain 4 × 4S box permutation, and numbering the 4 × 4S box permutation from 0 to n-1 (where, according to the Nikova theory, when the input bit number n ≧ 4, such permutation has security, and we note that in the current cipher scheme, the smallest S box is also 4 × 4 in scale, so this scheme assumes that the smallest permutation in the generated S box frame is 4 × 4 is logical);
the specific operation steps are as follows:
A. n independent parallel S boxes are converted into a multi-dimensional serial reusable S box framework S' through a compression algorithm,
B. numbering the 4X 4S box permutations in S', i.e.
Wherein m isn-1Represents the input of the n-1 th 4-bit S-box permutation, Sn-1(mn-1) Representing the output of the n-1 th 4-bit S-box permutation, S' representing the multi-dimensional serial multiplexingS-box frame.
Step two: the circuit carries out S box operation to generate a random number, the value range of the random number is in the number range of 4 multiplied by 4S box replacement, and 4 multiplied by 4S box replacement corresponding to the random number is selected;
the specific operation steps are as follows:
1) before the circuit performs S-box operation, a random number R is generated1I.e. by
R1=(r1,r2,…rg(n)) (2)
Wherein R is more than or equal to 01N-1 is not more than n, g (n) represents the 2-system bit number corresponding to the number n of the 4 multiplied by 4S boxes which actually participate in the operation;
2) by R1Is selected to correspond to a substitution of the 4 x 4S box into S', i.e. the substitution isWhereinShows the results of 4 × 4S box permutation.
Step three: generating a next random number through a random number updating algorithm, and selecting a 4 multiplied by 4S box corresponding to the random number for replacement;
namely: random number R1Exclusive OR 'ed with the output of the selected first 4 x 4S box permutation into S', the result being taken as the random number R selecting the next 4 x 4S box permutation2I.e. by
Step four: repeating the third step, if the 4 × 4S box permutation corresponding to the newly generated random number is selected, performing exclusive or operation on the newly generated random number bit by bit to obtain a bit number of 1;
the specific operation steps are as follows:
a) repeating the third step, if newly generated random number R is foundiThe corresponding 4 x 4S box permutation has already been selected, thenStep b) is executed until the newly generated random number R is presentiUntil the corresponding 4 × 4S cassette replacement is not selected;
b) r is to beiCarrying out XOR operation bit by bit to obtain Ri *I.e. by
Step five: selecting a distinguishing function, reselecting the next 4 × 4S box permutation, if the next 4 × 4S box permutation is still the selected 4 × 4S box permutation, continuing to execute the step five until the found 4 × 4S box permutation is the previously unselected one, and jumping back to the step three;
the specific operation is as follows: selecting a discriminating function f (R)i *)
If R isiResult R of bitwise XOR operationi *If "0", then the permutation is selectedRi *If "1", then the permutation is selectedIf the selected 4 × 4S box permutation is still selected, the present step is continued until the found 4 × 4S box permutation is a permutation that has not been selected before.
Step six: and repeating the third step to the fifth step until all 4 multiplied by 4S box replacements are completely selected.
The method for realizing the block cipher multi-S-box for resisting the differential power consumption attack has the following advantages:
(1) the scheme only adopts a random number of g (n) bits, is greatly reduced compared with other mask schemes,
(2) due to the differentiating function f (R)i *) Such that an attacker obtains S-box key data each timeThe power consumption curves are different in length, so that the difficulty of aligning the power consumption data in the later period of the DPA is greatly improved.
(3) In the aspect of resources, no matter the scheme is realized based on a lookup table or a logic gate, compared with the original implementation scheme, the resource consumption is not increased greatly.
(4) In the aspect of speed, because the original parallel S boxes are converted into the serial S boxes by the scheme, a PIPELINE method can be adopted, so that the speed is not reduced too much compared with the original scheme.
Example 2
The present invention will be described in further detail by taking the block cipher algorithm DES as an example.
Although we know that the DES algorithm for 56bit keys proves insecure in many applications. But Triple-DES is still known to have wide application in the field of electronic payments, since it has a key of 112bits and is therefore proven to be secure.
The DES algorithm is a symmetric cryptosystem in cryptosystems, which is also called as the american data encryption standard, and is a symmetric cryptosystem encryption algorithm developed by IBM corporation of america in 1972. The plaintext is grouped according to 64 bits, the key length is 64 bits, the key is actually 56 bits and participates in DES operation (8 th, 16 th, 24 th, 32 th, 40 th, 48 th, 56 th and 64 th bits are check bits, so that each key has an odd number of 1), and the plaintext group after grouping and the 56-bit key form an encryption method of a ciphertext group by a bit substitution or exchange method.
According to the content of the DES algorithm, the S-boxes are composed of 8S-boxes of 6 × 4 in parallel, and the 1 st and 6 th bits of the 6-bit input in each S-box are used to determine which of the 4 × 4 permutations the 4-bit input composed of the 2 nd bit to the 5 th bit enters. Thus, in practice 8 6 × 4S boxes are made up of 32 4 × 4S boxes. The DES algorithm S box is realized according to the flow in the scheme, and the specific steps are as follows:
1. 8S boxes of 6 × 4 in the DES algorithm are converted into 32S boxes of 4 × 4, n independent parallel S boxes are converted into a multi-dimensional serial reusable S box framework S' by a compression algorithm by using the multiplexing idea of Bilgin, and the converted logic diagram is shown in FIG. 2, wherein GK, GL,F,Aij,Bij,CijFor known permutations, specific permutation references [1]。
2. Since there are 8 4 × 4S boxes actually participating in the DES algorithm S box operation, so n is 8, then g (n) is 3. To meet the subsequent algorithm requirements, we make a correction to g (n).
Let g (n)' (g (n) +1 ═ 4, so the random number R is generated1=(r1,r2,…rg(n)′)=(r1,r2,r3,r4),0≤R1≤15。
3. Let R1′=(r2,r3,r4) Through R1The value of 'selects the first 4X 4S box substitution into S', i.e. the substitution is
4. Random number R1Exclusive or 'ing with the output of the selected first 4 x 4S box permutation into S' the result of which is taken as the random number to select the next 4 x 4S box permutation.
5. Repeating the steps 3 and 4, and if newly generated random number R is foundiThe corresponding 4 x 4S box permutation has already been selected, then step 6 is performed.
6. R is to beiCarrying out XOR operation bit by bit to obtain Ri *. Namely, it is
7. Selecting a discriminating function f (R)i *)
If R isiKnot with bitwise XOR operationFruit Ri *If "0", then the permutation is selectedIf "1", then the permutation is selectedIf the selected 4 × 4S box permutation is still selected, the present step is continued until the found 4 × 4S box permutation is the permutation which has not been selected before and jumps back to step 3.
8. The steps are repeated until all 8 4 × 4S box permutations are selected and the multidimensional serial reusable S box frame is entered.
Finally, the safety of the scheme of the invention is explained.
Safety analysis of the scheme
Theory of power consumption analysis
The DPA power consumption attack targets at the output of a register corresponding to an S-box in a cryptographic algorithm circuit, for example, 4 × 4Sbox, as shown in a specific circuit diagram, and the power region in fig. 3 is an area where an attacker wants to collect power consumption.
The region is composed of 4 registers with 1bit, each reg corresponds to the output of Sbox of one bit, and the internal structure of the reg is shown in FIG. 4.
One of regs is composed of a small number of control devices and a D flip-flop, which is composed of 6 nand gates as shown in fig. 5.
Therefore, when the input D generates a transition, the CMOS transistors inside about 8 and gates, 1 or gate and one not gate generate instantaneous dynamic power consumption, and an attacker can attack the device with DPA according to the collected power consumption.
The scheme adopts the technology of random input of 4 multiplied by 4S boxes, so that in a multidimensional serial reusable S box frame, the correct key can be recovered only when the key and the random number are guessed at the same time. The possibility of guessing the key data and power consumption values corresponding to the key and random numbers is shown in table 1.
Guessing a key | Guessing random numbers | Key data | Value of power consumption | |
Possibility 1 | Correction of | Correction of | Can determine | Can determine |
Possibility 2 | Correction of | Error(s) in | Random | Random |
Possibility 3 | Error(s) in | Correction of | Random | Random |
Possibility 4 | Error(s) in | Error(s) in | Random | Random |
TABLE 1
The probability of the attacker recovering the key is then calculated. The probability of guessing a set of keys is: 1/16, guessing the probability of a 4 × 4S box: 1/8, in the differential power attack, the attacker chooses n sets of plaintext.
The probability of analyzing the key corresponding to the ith group of 4X 4S boxes is not more than (1/2)3(n+4)。
Since the value of n is generally between 1000 and 2000 in the differential power attack, it can be seen that it is only possible for an attacker to confirm the correct key when guessing the key and the random number at the same time. However, in the later data processing, since the present invention uses the distinguishing function f (R)i *) It is also very difficult for an attacker to align all target curves.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. For those skilled in the art to which the invention pertains, several simple deductions or substitutions can be made without departing from the spirit of the invention, and all shall be considered as belonging to the protection scope of the invention.
Claims (2)
1. A method for realizing a plurality of S boxes of block ciphers for resisting differential power consumption attack is characterized by comprising the following steps:
the method comprises the following steps: selecting a block cipher algorithm, converting a plurality of parallel S boxes to obtain n 4 multiplied by 4S box permutations, and numbering the 4 multiplied by 4S box permutations from 0 to n-1;
step two: performing S-box operation to generate a random number, and selecting 4 multiplied by 4S-box displacement corresponding to the random number;
step three: generating a next random number through a random number updating algorithm, and selecting a 4 multiplied by 4S box corresponding to the random number for replacement;
step four: repeating the third step, if the 4 × 4S box permutation corresponding to the newly generated random number is selected, performing exclusive or operation on the newly generated random number bit by bit to obtain a bit number of 1;
step five: selecting a distinguishing function, reselecting the next 4 × 4S box permutation, if the next 4 × 4S box permutation is still the selected 4 × 4S box permutation, continuing to execute the step five until the found 4 × 4S box permutation is the previously unselected one, and jumping back to the step three;
step six: repeating the third step to the fifth step until all 4 multiplied by 4S boxes are completely replaced and selected;
the second step comprises the following steps:
1) before S-box operation, a random number R is generated1I.e. by
R1=(r1,r2,…rg(n)) (2)
Wherein R is more than or equal to 01N-1 is not more than n, g (n) represents the 2-system bit number corresponding to the number n of the 4 multiplied by 4S boxes which actually participate in the operation;
2) by R1Is selected to correspond to a substitution of the 4 x 4S box into S', i.e. the substitution isWhereinRepresents the results of 4 × 4S box substitution;
the third step is specifically operated as follows:
random number R1Exclusive OR 'ed with the output of the selected first 4 x 4S box permutation into S', the result being taken as the random number R selecting the next 4 x 4S box permutation2I.e. by
The fourth step comprises the following steps:
a) repeating the third step, if newly generated random number R is foundiThe corresponding 4 x 4S box permutation has already been selected, step b) is performed until the newly generated one nowRandom number RiUntil the corresponding 4 × 4S cassette replacement is not selected;
b) r is to beiCarrying out XOR operation bit by bit to obtain Ri *I.e. by
The concrete operation of the step five is as follows: selecting a discriminating function f (R)i *)
If R isiResult R of bitwise XOR operationi *If "0", then the permutation is selectedRi *If "1", then the permutation is selectedIf the selected 4 × 4S box permutation is still selected, the present step is continued until the found 4 × 4S box permutation is a permutation that has not been selected before.
2. The method for implementing a block cipher multiple S-boxes for defending against differential power consumption attacks according to claim 1, wherein the step one specific operation step is as follows:
A. n independent parallel S boxes are converted into a multi-dimensional serial reusable S box framework S' through a compression algorithm,
B. numbering the 4X 4S box permutations in S', i.e.
Wherein m isn-1Represents the input of the n-1 th 4-bit S-box permutation, Sn-1(mn-1) Represents the output of the n-1 th 4-bit S-box permutation, and S' represents the multi-dimensional serial reusable S-box framework.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710150435.8A CN107204841B (en) | 2017-03-14 | 2017-03-14 | Method for realizing multiple S boxes of block cipher for resisting differential power attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710150435.8A CN107204841B (en) | 2017-03-14 | 2017-03-14 | Method for realizing multiple S boxes of block cipher for resisting differential power attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107204841A CN107204841A (en) | 2017-09-26 |
CN107204841B true CN107204841B (en) | 2020-01-07 |
Family
ID=59904891
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710150435.8A Active CN107204841B (en) | 2017-03-14 | 2017-03-14 | Method for realizing multiple S boxes of block cipher for resisting differential power attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107204841B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107222304B (en) * | 2017-06-06 | 2020-06-26 | 河南大学 | Circuit structure of multi-body parallel S box |
CN108737067B (en) * | 2018-04-04 | 2021-04-27 | 中国电子科技集团公司第三十研究所 | Segmentation method based on S box |
CN110401627B (en) * | 2019-01-31 | 2020-07-10 | 中国科学院软件研究所 | Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection |
CN110336656A (en) * | 2019-06-04 | 2019-10-15 | 湖北大学 | Binomial APN function and its generation method in a kind of peculiar sign finite field |
CN111339577B (en) * | 2020-02-12 | 2022-06-07 | 南京师范大学 | Construction method of S box with excellent DPA resistance |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101866401A (en) * | 2010-05-17 | 2010-10-20 | 武汉大学 | Method for resisting side channel attacks by evolutive S boxes |
CN103647638A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | DES masking method for resisting side-channel attack |
CN103795527A (en) * | 2014-03-03 | 2014-05-14 | 重庆大学 | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis |
CN104410490A (en) * | 2014-12-16 | 2015-03-11 | 桂林电子科技大学 | Method for protecting cryptographic S-box (substitution-box) through nonlinear extrusion |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007189659A (en) * | 2005-12-15 | 2007-07-26 | Toshiba Corp | Encryption device, encryption method, and encryption program |
-
2017
- 2017-03-14 CN CN201710150435.8A patent/CN107204841B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101866401A (en) * | 2010-05-17 | 2010-10-20 | 武汉大学 | Method for resisting side channel attacks by evolutive S boxes |
CN103647638A (en) * | 2013-12-03 | 2014-03-19 | 北京中电华大电子设计有限责任公司 | DES masking method for resisting side-channel attack |
CN103795527A (en) * | 2014-03-03 | 2014-05-14 | 重庆大学 | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis |
CN104410490A (en) * | 2014-12-16 | 2015-03-11 | 桂林电子科技大学 | Method for protecting cryptographic S-box (substitution-box) through nonlinear extrusion |
Non-Patent Citations (3)
Title |
---|
Bodhisatwa Mazumdar;Debdeep Mukhopadhyay;Indranil Sengupta.Design for Security of Block Cipher S-Boxes to Resist Differential Power Attacks.《2012 25th International Conference on VLSI Design》.2012,第113-118页. * |
一种针对分组密码S盒的组合侧信道攻击方法;张帅伟,杨晓元,钟卫东,魏悦川;《计算机应用研究》;20160228;第33卷(第2期);第498-501页 * |
分组密码芯片功耗攻击与防御问题研究;李浪;《中国博士学位论文全文数据库 信息科技辑》;20130715(第7期);第I138-5页 * |
Also Published As
Publication number | Publication date |
---|---|
CN107204841A (en) | 2017-09-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107204841B (en) | Method for realizing multiple S boxes of block cipher for resisting differential power attack | |
Kumar et al. | Development of modified AES algorithm for data security | |
US10050778B2 (en) | Method and apparatus for efficiently implementing the advanced encryption standard | |
JP5229315B2 (en) | Encryption device and built-in device equipped with a common key encryption function | |
EP2316189B1 (en) | Method for generating a cipher-based message authentication code | |
CN107147487B (en) | Symmetric key random block cipher | |
CN104301095A (en) | DES round operation method and circuit | |
Amorado et al. | Enhanced data encryption standard (DES) algorithm based on filtering and striding techniques | |
Hu et al. | An effective differential power attack method for advanced encryption standard | |
KR101506499B1 (en) | Method for encrypting with SEED applying mask | |
CN109936437B (en) | power consumption attack resisting method based on d +1 order mask | |
KR100411684B1 (en) | Method for the cryptographic conversion of binary data blocks | |
Gupta et al. | Correlation power analysis of KASUMI and power resilience analysis of some equivalence classes of KASUMI S-boxes | |
CN109818732B (en) | Dynamic path S box and AES encryption circuit capable of defending power consumption attack | |
CN110059492B (en) | AES encryption circuit capable of detecting errors based on double-path complementary structure | |
CN113949500A (en) | Attack method aiming at SM4 second-order energy analysis | |
CN112543094B (en) | DES mask anti-side channel attack realization method based on multiple random numbers | |
Gauravaram et al. | Side channel analysis of some hash based MACs: a response to SHA-3 requirements | |
CN114244495B (en) | AES encryption circuit based on random mask infection mechanism | |
JP5500277B2 (en) | Encryption device and built-in device equipped with a common key encryption function | |
Zhang et al. | Research on improvement of des encryption algorithm | |
CN113691363B (en) | AES & SM4 reconfigurable mask S box hardware circuit | |
Bai et al. | Securing SMS4 cipher against differential power analysis and its VLSI implementation | |
Wei et al. | An effective differential fault analysis on the Serpent cryptosystem in the Internet of Things | |
James et al. | An Optimized Parallel Mix column and Sub bytes’ design in Lightweight Advanced Encryption Standard |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |