CN107689863A - A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask - Google Patents

A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask Download PDF

Info

Publication number
CN107689863A
CN107689863A CN201710788468.5A CN201710788468A CN107689863A CN 107689863 A CN107689863 A CN 107689863A CN 201710788468 A CN201710788468 A CN 201710788468A CN 107689863 A CN107689863 A CN 107689863A
Authority
CN
China
Prior art keywords
mask
circuit
gate
protection circuit
xor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710788468.5A
Other languages
Chinese (zh)
Inventor
李军
饶金涛
何卫国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHENGDU SANLINGJIA MICROELECTRONIC Co Ltd
Original Assignee
CHENGDU SANLINGJIA MICROELECTRONIC Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHENGDU SANLINGJIA MICROELECTRONIC Co Ltd filed Critical CHENGDU SANLINGJIA MICROELECTRONIC Co Ltd
Priority to CN201710788468.5A priority Critical patent/CN107689863A/en
Publication of CN107689863A publication Critical patent/CN107689863A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Logic Circuits (AREA)

Abstract

The invention discloses the protection circuit that a kind of arithmetic addition mask turns Boolean XOR mask, if A is the sensitive data for needing to be blanked, M is random number mask, and input signal is T and M, and circuit forms as follows:T is respectively connected to the first NOT gate and the input of Parallel Prefix Adder;Another input of access Parallel Prefix Adder after M the second NOT gates of access;Every grade of carry-out of Parallel Prefix Adder and the output of the first NOT gate are respectively connected to XOR gate, XOR gate output final resultThe protection circuit of the present invention only includes simple combinational logic circuit, the Parallel Implementation conversion of logic, on the other hand reduces the complexity of circuit, effectively reduces circuit area and cost.The circuit applies the principle of Parallel Prefix Adder in the change-over circuit, the execution efficiency of circuit can be effectively improved, the conversion of the security logic of no median leakage is realized in the protection circuit, can the effectively power analysis to preventing side-channel, EMP attack N analysis.

Description

A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask
Technical field
The present invention relates to energy, EMP attack N guard technology, circuit design technique, and in particular to a kind of arithmetic addition mask Turn the protection circuit of Boolean XOR mask, in the case where noenergy is revealed, arithmetic mask is converted into boolean's mask so that number According to the energy expenditure and sensitive median of transfer process leakage without dependence, the energy for being effectively protected sensitive information is let out Dew, electromagnetic leakage etc., logical construction is simple, area occupied is small, while the circuit can be applicable to safety protection of chip field.
Background technology
Side-channel attack technology is the by-passing signal that make use of encryption device to reveal in the process of running, such as time, electricity Magnetic, power consumption etc., these signals are all the information that encryption device leaks in the process of running, and attack method is simply hidden, no Easily it is found.Statistical basic skills and leakage information are combined by this technology, so as to extract the sensitivity of encryption device Information, such as key of encryption device encryption etc..The species of the bypass message used according to attacker can be by side-channel attack It is divided into timing attack, Attacks, EMP attack N, fault analysis etc..In recent years, Attacks and EMP attack N obtain Swift and violent development.In research field, it is most that successful attack example occur in Attacks and EMP attack N.This two class is mainly The energy or the electromagnetic signal of radiation consumed in the process of running using crypto chip, and combine data dependence and operation phase Close the technology of breaking cryptographic keys.Its corresponding attack method have simple energy attack, differential power attack, correlation Attacks, High-order Attacks etc..
These attack technologies propose stern challenge for the design and manufacture of encryption device, and the core of encryption device is just Crypto chip, thus realize security protection crypto chip be ensure encryption device safe premise.For the core of safety Piece design, many security protections are that designing technique is also proposed one after another, safety protection technique mainly include hide defense technique and Mask defense technique, at present mask defense technique use more universal, the technical characterstic of mask defence is need not to change password The circuit characteristic of chip, defence is realized in algorithm rank, even if dependence be present in the energy expenditure of crypto chip and data, But mask technology can cover the dependence of energy expenditure and sensitive median, so as to serve the effect of security protection.
Two kinds of common mask modes are boolean's mask and arithmetic mask.In boolean's mask, median and mask are carried out XOR, i.e.,And in arithmetic mask, median and mask use add operation or multiplication to transport Calculate, add computing usually using mould.For example,N selection is according to different cryptographic algorithms. And some algorithms are based on the two kinds of computings of Boolean calculation and arithmetical operation, it is therefore desirable to using two kinds of different mask technology, Patent of the present invention is converted into Boolean XOR mask just for arithmetic addition mask.
It is the referenced patent CN using boolean's arithmetic as basic basis that traditional arithmetic addition mask, which is converted to boolean's mask, In 104852795, using the method for background mathematics, arithmetic addition mask is converted into Boolean XOR mask, it is known that A+r, r, calculateCorresponding specific algorithm is as follows: For arbitrary γ, Wherein K=32, have to arbitrary K
Complexity is high in realization for the method, while have also been introduced extra random number γ, adds complexity, increases simultaneously Memory space is added.
The content of the invention
In order to overcome the disadvantages mentioned above of prior art, the present invention proposes one kind and is easily achieved, the small combination of area occupied Logical transition circuit, arithmetic addition mask is effectively converted into Boolean XOR mask, solves arithmetic addition in the prior art Change into the problem of boolean's mask complexity is high, area occupied is big.
The technical solution adopted for the present invention to solve the technical problems is:A kind of arithmetic addition mask turns Boolean XOR mask Protection circuit, if A is to need the sensitive data that is blanked, M is mask, by input signal A+M be respectively connected to the first NOT gate and Parallel Prefix Adder, input signal M access Parallel Prefix Adder, the output of Parallel Prefix Adder after accessing the second NOT gate Output with the first NOT gate accesses XOR gate.
Compared with prior art, the positive effect of the present invention is:
The protection circuit of the present invention only includes simple combinational logic circuit, the Parallel Implementation conversion of logic, the opposing party Face reduces the complexity of circuit, effectively reduces circuit area and cost.The circuit is by the principle application of Parallel Prefix Adder In the change-over circuit, the execution efficiency of circuit can be effectively improved, the safety of no median leakage is realized in the protection circuit The conversion of logic, it can effectively support the power analysis of preventing side-channel.
Brief description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
The electrical block diagram of Fig. 1 present invention.
Embodiment
Angle of the present invention from Design of Digital Circuit, it is proposed that a kind of arithmetic addition is converted to the circuit of boolean's mask.Profit Converting circuit structure is built with simple gate circuit, specific circuit structure is as shown in Figure 1.Specific thinking is as follows:Assuming that A To need the sensitive data being blanked, M is mask.When implementing boolean's mask, orderWhen implementing addition mask, Q is made =A+M mod 2n- 1, CoutFor carry, there is Q=(A+M) mod 2n-1
=(Cout*2n)+(A+M)mod 2n))mod 2n-1
=(Cout+(A+M)mod 2n))mod 2n-1
=(A+M)+Coutmod 2n
A, M, T, Q are n-bit data, are expressed as
A=(an-1an-2....a1a0)
M=(mn-1mn-2....m1m0)
T=(tn-1tn-2....t1t0)
Q=(qn-1qn-2....q1q0)
Wherein ai,mi,ti,qi∈ GF (2), i=0,1 ... .n-1, CoutFor carry
Formula more than can be seen that Q and first subtract M, and sensitive data A will be revealed, and further derive, by formula weight on this Bit-level circuit is turned to, is madeFurther hadWherein ci-1For I level carries, willThe expression formula that addition mask turns boolean's mask is substituted into, is obtained
Come the carry of parallel computation i-stage, c below with the principle of Parallel Prefix Adderi=gi|(pi&ci-1), c-1= Cout,gi, piTo implementWhen ith bit final carry and carry propagation position, I=0,1,2 ... n-1. are can be found that on bit-level circuit is transformed into, due to eliminating XOR miComputing, to original plus Method operating structure is destroyed, i.e., algorithm is not carried out (Q-M) mod 2 in itselfn- 1 operation, and the data being now blanked A, it there will not be, so as to realize the conversion logic of safe mask from circuit.Detailed design procedure is as follows:
Input:A+M,M
Output:
(1) calculate
(2) the carry c per one-level is calculated using Parallel Prefix Adder principlei
(3) for (i=0;i<32;i++)
In transfer process more than, the computing of each step is all without the sensitive median A of leakage.
Circuit diagram as shown in figure 1, there is two NOT gates in the circuit, an XOR gate, and Parallel Prefix The cellular construction of carry operations, the first step allow two input T and M to enter NOT gate computing, and second step is by M results of the inverted and T It is input in Parallel Prefix Adder carry computation unit, calculates carry signal, the 3rd step, carry signal and T are negated As a result it is i.e. available to carry out XOR

Claims (5)

1. a kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask, it is characterised in that:If A is quick to need to be blanked Feel data, M is random number mask, and input signal is T and M, and input signal T is respectively connected to the first NOT gate and Parallel Prefix Adder Input, input signal M access the second NOT gate after access Parallel Prefix Adder another input, Parallel Prefix addition Each grade of carry-out of device and the output access XOR gate of the first NOT gate, and export final result.
2. a kind of arithmetic addition mask according to claim 1 turns the protection circuit of Boolean XOR mask, it is characterised in that: First NOT gate carries out inverse to input signal A+M and obtained
3. a kind of arithmetic addition mask according to claim 2 turns the protection circuit of Boolean XOR mask, it is characterised in that: Second NOT gate carries out inverse to input signal M and obtained
4. a kind of arithmetic addition mask according to claim 3 turns the protection circuit of Boolean XOR mask, it is characterised in that: The Parallel Prefix Adder to input signal A+M andCarry out carry computation and obtain each grade of carry signal.
5. a kind of arithmetic addition mask according to claim 4 turns the protection circuit of Boolean XOR mask, it is characterised in that: The XOR gate to carry signal andXOR is carried out to be exported
CN201710788468.5A 2017-09-05 2017-09-05 A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask Pending CN107689863A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710788468.5A CN107689863A (en) 2017-09-05 2017-09-05 A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710788468.5A CN107689863A (en) 2017-09-05 2017-09-05 A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask

Publications (1)

Publication Number Publication Date
CN107689863A true CN107689863A (en) 2018-02-13

Family

ID=61155122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710788468.5A Pending CN107689863A (en) 2017-09-05 2017-09-05 A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask

Country Status (1)

Country Link
CN (1) CN107689863A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112650470A (en) * 2019-10-11 2021-04-13 意法半导体(格勒诺布尔2)公司 Apparatus and method for extraction and insertion of binary words
CN112955864A (en) * 2018-10-29 2021-06-11 密码研究公司 Constant time secure arithmetic to boolean mask conversion
CN113839769A (en) * 2021-09-27 2021-12-24 刘昀宸 Method for preventing side channel attack, arithmetic logic unit and processor

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5402506A (en) * 1991-10-15 1995-03-28 Pixel Semiconductor, Inc. Apparatus for quantizing pixel information to an output video display space
CN1648967A (en) * 2004-01-07 2005-08-03 三星电子株式会社 Cryptographic apparatus, cryptographic method, and storage medium thereof
CN101006677A (en) * 2004-06-18 2007-07-25 萨热姆防务安全公司 Method and device for carrying out a cryptographic calculation
GB2443358A (en) * 2005-01-27 2008-04-30 Samsung Electronics Co Ltd Cryptographic logic circuits and method of performing logic operations
CN103066994A (en) * 2012-12-28 2013-04-24 邓玉琴 XNOR gate unit circuit
CN103460178A (en) * 2011-03-30 2013-12-18 英特尔公司 SIMD integer addition including mathematical operation on masks
CN103888247A (en) * 2014-03-10 2014-06-25 深圳华视微电子有限公司 Data processing system resistant to differential power attack analysis and data processing method thereof
CN104852795A (en) * 2015-05-05 2015-08-19 国家密码管理局商用密码检测中心 ZUC sequential cryptographic algorithm mask protection method for Boolean masks as round numbers
CN104967509A (en) * 2015-05-05 2015-10-07 国家密码管理局商用密码检测中心 ZUC sequence cipher algorithm mask protection method of which the round output is arithmetic mask
CN106330424A (en) * 2015-06-17 2017-01-11 上海复旦微电子集团股份有限公司 Anti-attack method and device of password module based on SM3 algorithm
CN106656465A (en) * 2016-12-08 2017-05-10 上海爱信诺航芯电子科技有限公司 Energy analysis attack resistant addition mask hardware implementation method and circuit

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5402506A (en) * 1991-10-15 1995-03-28 Pixel Semiconductor, Inc. Apparatus for quantizing pixel information to an output video display space
CN1648967A (en) * 2004-01-07 2005-08-03 三星电子株式会社 Cryptographic apparatus, cryptographic method, and storage medium thereof
CN101006677A (en) * 2004-06-18 2007-07-25 萨热姆防务安全公司 Method and device for carrying out a cryptographic calculation
GB2443358A (en) * 2005-01-27 2008-04-30 Samsung Electronics Co Ltd Cryptographic logic circuits and method of performing logic operations
CN103460178A (en) * 2011-03-30 2013-12-18 英特尔公司 SIMD integer addition including mathematical operation on masks
CN103066994A (en) * 2012-12-28 2013-04-24 邓玉琴 XNOR gate unit circuit
CN103888247A (en) * 2014-03-10 2014-06-25 深圳华视微电子有限公司 Data processing system resistant to differential power attack analysis and data processing method thereof
CN104852795A (en) * 2015-05-05 2015-08-19 国家密码管理局商用密码检测中心 ZUC sequential cryptographic algorithm mask protection method for Boolean masks as round numbers
CN104967509A (en) * 2015-05-05 2015-10-07 国家密码管理局商用密码检测中心 ZUC sequence cipher algorithm mask protection method of which the round output is arithmetic mask
CN106330424A (en) * 2015-06-17 2017-01-11 上海复旦微电子集团股份有限公司 Anti-attack method and device of password module based on SM3 algorithm
CN106656465A (en) * 2016-12-08 2017-05-10 上海爱信诺航芯电子科技有限公司 Energy analysis attack resistant addition mask hardware implementation method and circuit

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112955864A (en) * 2018-10-29 2021-06-11 密码研究公司 Constant time secure arithmetic to boolean mask conversion
CN112650470A (en) * 2019-10-11 2021-04-13 意法半导体(格勒诺布尔2)公司 Apparatus and method for extraction and insertion of binary words
CN113839769A (en) * 2021-09-27 2021-12-24 刘昀宸 Method for preventing side channel attack, arithmetic logic unit and processor
CN113839769B (en) * 2021-09-27 2023-08-22 刘昀宸 Method for preventing side channel attack, arithmetic logic unit and processor

Similar Documents

Publication Publication Date Title
Mozaffari-Kermani et al. Reliable and error detection architectures of Pomaranch for false-alarm-sensitive cryptographic applications
CN102752103B (en) Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack
CN100583739C (en) Cryptographic apparatus, cryptographic method, and storage medium thereof
CN105846814B (en) For the building method of the quantum current distribution of encryption technology field multiplying
CN103916236B (en) Power attack prevention method oriented at AES algorithm and circuit achieving method thereof
CN107689863A (en) A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask
Srikanth et al. The enhancement of security measures in advanced encryption standard using double precision floating point multiplication model
Hadayeghparast et al. High-speed post-quantum cryptoprocessor based on RISC-V architecture for IoT
Zhang et al. An efficient differential fault attack against SIMON key schedule
Ye et al. An optimized design for compact masked AES S-box based on composite field and common subexpression elimination algorithm
Singh et al. Compact and Secure S-Box Implementations of AES—A Review
Zhang et al. Securing the AES cryptographic circuit against both power and fault attacks
Wei et al. A small first-order DPA resistant AES implementation with no fresh randomness
CN107508663A (en) A kind of Boolean XOR mask turns the protection circuit of arithmetic addition mask
Zhao et al. Side channel security oriented evaluation and protection on hardware implementations of kyber
Ho et al. A DPA-resistant asynchronous-logic NoC router with dual-supply-voltage-scaling for multicore cryptographic applications
CN106897628B (en) Safety processing device and method for preventing channel information of added number side from being leaked
Kavand et al. Securing hardware through reconfigurable nano-structures
Singh et al. Report on Cryptographic Hardware Design using Vedic Mathematics
Ghosal et al. Differential fault analysis attack-tolerant hardware implementation of AES
Keren et al. IPM-RED: combining higher-order masking with robust error detection
Yan et al. An anti-power attack circuit design for block cipher
Peng et al. A Hardware/Software Collaborative SM4 Implementation Resistant to Side-channel Attacks on ARM-FPGA Embedded SoC
Wang et al. Differential power analysis attack and countermeasures on MCrypton
Dwivedi et al. Post-Quantum Lightweight Encryption Algorithm for Internet of Things Devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180213

RJ01 Rejection of invention patent application after publication