CN109190414B - Fully homomorphic confusion method for multiplier - Google Patents
Fully homomorphic confusion method for multiplier Download PDFInfo
- Publication number
- CN109190414B CN109190414B CN201810899862.0A CN201810899862A CN109190414B CN 109190414 B CN109190414 B CN 109190414B CN 201810899862 A CN201810899862 A CN 201810899862A CN 109190414 B CN109190414 B CN 109190414B
- Authority
- CN
- China
- Prior art keywords
- multiplier
- mod
- equal
- modulo
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
Abstract
The invention discloses a fully homomorphic obfuscating method for a multiplier, which comprises the steps of firstly carrying out fully homomorphic encryption on a multiplier and a multiplicand of the multiplier, then carrying out multiplication operation by using encrypted data, judging whether an input key is equal to a set correct key value or not when a key is input at a second input port of the multiplier, and carrying out decryption according to a judgment conclusion to obtain final product output; the advantages are that the multiplier and the multiplicand are encrypted in the same state, and the product is output in a mixed mode, so that the original data of the multiplier and the multiplicand are prevented from being stolen, an IP core of the multiplier is protected, and the safety of the multiplier in an integrated circuit is improved.
Description
Technical Field
The present invention relates to a homomorphic aliasing method, and more particularly, to a homomorphic aliasing method for a multiplier.
Background
As part of the arithmetic unit, multipliers are essential in digital circuit design. In a hardware circuit design, a multiplier may directly use a multiplication sign, and when logic synthesis is performed, an Intellectual Property (IP) core of the multiplier in a process library is called to complete multiplication. The multiplier, as an IP core in an integrated circuit, is reusable, so that it may be subject to various attacks, such as IP core piracy. The existing IP core protection is to hide the Function of a circuit by hardware confusion, i.e. changing the design of the IP core, for example, Zhang and others propose a hardware confusion method combining a Physical Unclonable Function (PUF) and a finite state machine to effectively protect the IP core of a Field-Programmable Gate Array (FPGA) Device, and implement a forced payment permission of Pay-Per-Device.
However, the traditional IP protection method rarely involves protection of the multiplier IP core, and also does not involve protection of the original input data of the multiplier, so when the multiplier performs multiplication, the multiplier and the multiplicand are operated by inputting the original data into the multiplier, and the original data is easily utilized by attacks such as hardware trojans and the like to maliciously modify a circuit or a design, thereby causing the whole circuit to abnormally operate or steal the whole circuit information. Therefore, how to effectively protect the operational data of the multiplier in the integrated circuit and the security of the IP core itself has become an urgent problem to be solved.
Disclosure of Invention
The invention aims to solve the technical problem of providing a homomorphic confusion method for a multiplier, which can carry out homomorphic encryption on a multiplier and a multiplicand and output product confusion, thereby avoiding the stealing of the original data of the multiplier and the multiplicand, protecting an IP core of the multiplier and improving the safety of the multiplier in an integrated circuit.
The technical scheme adopted by the invention for solving the technical problems is as follows: a method of homomorphic obfuscation for a multiplier comprising the steps of:
(1) the first input port of the multiplier is marked as a ', the second input port is marked as b', the product output port is marked as c ', the binary multiplier is marked as a', and a ″, is marked as anan-1…a2a1N is the number of bits of the binary multiplier, the binary multiplicand is denoted as b ", b ″m bm-1…b2b1M is the number of bits of the binary multiplicand, a bit binary key input into the multiplier through a second input port is set and is marked as KS, wherein l is an integer larger than 1;
(2) randomly generating two decimal variables r which are more than or equal to-2 and less than or equal to 2 by adopting a random function1And r2;
(3) Setting a binary digit of one bit in the multiplier, and using the binary digit of one bit as a correct secret key of the multiplier;
(4) and (3) recording the decimal number corresponding to the a 'as a, recording the decimal number corresponding to the b' as b, and performing fully homomorphic encryption on the a and the b, wherein the specific encryption process is as follows:
A. if m is equal to n, the data obtained by encrypting a is recorded as c1And recording the data obtained by encrypting b as c0The encryption is carried out according to the following steps:
a-1, determining whether n is equal to 1: if n is equal to 1, let c1=a+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+2r1)*(b+2r2)<p/2, is the sign of the multiply operation; if n is greater than 1, let c1=a+p*q+4nr1,c0=b+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+4nr1)*(b+4nr2)<p/2;
A-2, mixing1And c0Inputting the result into a multiplier to perform multiplication, and recording the result as c, c ═ c1*c0;
A-3, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the correct key of the multiplier:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether n is equal to 1: if n is equal to 1, modulo p and then modulo 2 by c to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at this time, out is (c mod p) mod 2, and mod is a modulo symbol; if n is more than 1, c is firstly modulo p and then 4 is carried outnTaking the modulus to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is (c mod p) mod 4n;
When the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, c firstly modulates p, then modulates 2 and finally inverts the n according to the bit to obtain decrypted data out output, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is — ((c mod p) mod 2) and-is an inverted symbol; if n is greater than 1, c is modulo p and then 4nAnd performing modulus operation and bit-wise negation to obtain decrypted data out, wherein the decrypted data out is the product of the output of the multiplier, and at the moment, out is — ((c mod p) mod 4n);
B. If n > m, the quotient of dividing n by m is recorded as k, the remainder is recorded as h, and a' is updated: if h is not equal to 0, the left most bit in a ″M-h 0 is complemented to obtain a ═ a(k+1)m…an+2an+1an an-1…a2a1Wherein a is(k+1)m…an+2an+10 … 00, if h is 0, a "remains unchanged; the quotient of dividing the current a' digit by m is marked as j, and am…a3a2a1The corresponding decimal is denoted D1, a2m…am+3am+2am+1The corresponding decimal is denoted D2, and so on, ajm…a(j-1)m+3a(j-1)m+2a(j-1)m+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
b-1, recording data obtained by encrypting Di as ciI is 1, 2, …, j, and the data obtained by encrypting b is recorded as c0;
B-2, judging whether m is equal to 1: if m is equal to 1, let ci=Di+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(b+2r2)<p/2; if m is greater than 1, let ci=Di+p*q+4mr1,c0=b+p*q+4mr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4mr1)*(b+4mr2)<p/2;
B-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0;
B-4, determining whether the one-bit binary key KS input by the second input port B' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, taking the modulus of C1, C2, C3, … and Cj respectively for p and then for 2 to obtain decrypted data, recording Ci as C' i,where c' i ═ Ci mod p) mod 2, mod is the modulo sign; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4mObtaining a modulus, obtaining decrypted data, and recording the data after Ci decryption as c 'i, wherein c' i is (Ci mod p) mod 4mMod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and modulo 2 are respectively performed by C1, C2, C3, … and Cj, and finally bitwise negation is performed to obtain decrypted data, and Ci decrypted data is recorded as C 'i, namely C' i is ═ to ((Ci mod p) mod 2), and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4m) Mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ … + c'1, outputting data out, which is the product of the multiplier output;
C. if n is<m, the quotient of m divided by n is recorded as k, the remainder is recorded as h, and b' is updated: if h is not equal to 0, n-h 0 s are complemented on the high position of b ″, namely the leftmost position, so that b ″, which is equal to b(k+1)n…bm+2bm+1bmbm-1…b2b1,b(k+1)n…bm+2bm+10 … 00, if h equals 0, then b "remains unchanged; the quotient of dividing the current b' digit by n is denoted as j, and bn…b3b2b1The corresponding decimal number is D1, b2n…bn+3bn+2bn+1The corresponding decimal is denoted D2, and so on, bjn…b(j-1)n+3b(j-1)n+2b(j-1)n+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
c-1, recording data obtained by encrypting Di as CiI is 1, 2, …, j, and data obtained by encrypting a is recorded as c0;
C-2, judging whether n is equal to 1: if n is equal to 1, let ci=Di+p*q+2r1,c0=a+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(a+2r2)<p/2; if n is greater than 1, let ci=Di+p*q+4nr1,c0=a+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4nr1)*(a+4nr2)<p/2;
C-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0;
C-4, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key is equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p and then modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and Ci is decrypted to be recorded as C 'i, wherein C' i is (Ci mod p) mod 2, and mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nTaking the modulus to obtain decrypted data c '1, c '2, c '3, …, c ' k, wherein c ' i is (Ci mod p) mod 4nMod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p, modulo 2, and finally bitwise negation are performed on C1, C2, C3, …, and Cj, respectively, to obtain decrypted data, and the decrypted data Ci is recorded as C 'i, that is, C' i ═ to ((Ci mod p) mod 2), mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4n) Mod is a modulo sign, then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, data out is output, which is the product of the multiplier output.
Compared with the prior art, the method has the advantages that the multiplier and the multiplicand of the multiplier are encrypted in a fully homomorphic way, and the encrypted data are used for multiplication, so that the original data of the multiplier and the multiplicand can be prevented from appearing; for side-channel attack, the multiplier chip processes the data after the multiplicand and the multiplicand are encrypted during working and is not the original data of the multiplicand and the multiplicand any more, the leaked power consumption or running time is related to the data after the multiplicand and the multiplicand are encrypted, the meaning represented by the original data of the multiplicand and the multiplicand cannot be reflected, the side-channel attack can be effectively prevented, the product output is controlled through the set correct key of the multiplier at the output port of the multiplier, the multiplied data can be decrypted in the same state and output only when the input one-bit binary key KS is the same as the set correct key of the multiplier, when an attacker does not know the correct key of the correct multiplier, the one-bit binary key KS is different from the set correct key of the multiplier, the multiplied data is decrypted in the same state and then output in reverse, and output confusion is realized, the correct key of the set multiplier is mastered by a designer and cannot be acquired by an attacker, so that the protection of hardware intellectual property is improved, and the problem of IP embezzlement can be effectively solved.
Drawings
FIG. 1 is a waveform diagram of an output of a multiplier operated with raw data;
FIG. 2 is a waveform diagram of the output of a multiplier operated by the inventive all-homomorphic aliasing method for multipliers.
Detailed Description
The invention is described in further detail below with reference to the accompanying examples.
Example (b): a method of homomorphic obfuscation for a multiplier comprising the steps of:
(1) the first input port of the multiplier is marked as a ', the second input port is marked as b', the product output port is marked as c ', the binary multiplier is marked as a', and a ″, is marked as anan-1…a2a1N is the number of bits of the binary multiplier, the binary multiplicand is denoted as b ", b ″m bm-1…b2b1M is the number of bits of the binary multiplicand, a bit binary key input into the multiplier through a second input port is set and is marked as KS, wherein l is an integer larger than 1;
(2) randomly generating two decimal variables r which are more than or equal to-2 and less than or equal to 2 by adopting a random function1And r2;
(3) Setting a binary digit of one bit in the multiplier, and using the binary digit of one bit as a correct secret key of the multiplier;
(4) and (3) recording the decimal number corresponding to the a 'as a, recording the decimal number corresponding to the b' as b, and performing fully homomorphic encryption on the a and the b, wherein the specific encryption process is as follows:
A. if m is equal to n, the data obtained by encrypting a is recorded as c1And recording the data obtained by encrypting b as c0The encryption is carried out according to the following steps:
a-1, determining whether n is equal to 1: if n is equal to 1, let c1=a+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+2r1)*(b+2r2)<p/2, is the sign of the multiply operation; if n is greater than 1, let c1=a+p*q+4nr1,c0=b+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+4nr1)*(b+4nr2)<p/2;
A-2, mixing1And c0Inputting the result into a multiplier to perform multiplication, and recording the result as c, c ═ c1*c0;
A-3, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the correct key of the multiplier:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether n is equal to 1: if n is equal to 1, modulo p and then modulo 2 by c to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at this time, out is (c mod p) mod 2, and mod is a modulo symbol; if n is more than 1, c is firstly modulo p and then 4 is carried outnTaking the modulus to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is (c mod p) mod 4n;
When the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, c is firstly modulo p, then modulo 2 and finally inverted according to bits to obtain decrypted data out output, the decrypted data out is the product of the output of the multiplier, and at the moment, out is — ((c mod p) mod 2) -is an inverted symbol; if n is greater than 1, c is modulo p and then 4nAnd performing modulus operation and bit-wise negation to obtain decrypted data out, wherein the decrypted data out is the product of the output of the multiplier, and at the moment, out is — ((c mod p) mod 4n);
B. If n > m, the quotient of dividing n by m is recorded as k, the remainder is recorded as h, and a' is updated: if h is not equal to 0, m-h 0's are complemented on the high position of a ″, namely the leftmost position, so that a ″, a ═ a(k+1)m…an+2an+1an an-1…a2a1Wherein a is(k+1)m…an+2an+10 … 00, if h is 0, a "remains unchanged; the quotient of dividing the current a' digit by m is marked as j, and am…a3a2a1The corresponding decimal is denoted D1, a2m…am+3am+2am+1The corresponding decimal is denoted D2, and so on, ajm…a(j-1)m+3a(j-1)m+2a(j-1)m+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
b-1, recording data obtained by encrypting Di as ciI is 1, 2, …, j, and the data obtained by encrypting b is recorded as c0;
B-2, judging whether m is equal to 1: if m is equal to 1, let ci=Di+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(b+2r2)<p/2; if m is greater than 1, let ci=Di+p*q+4mr1,c0=b+p*q+4mr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4mr1)*(b+4mr2)<p/2;
B-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0;
B-4, determining whether the one-bit binary key KS input by the second input port B' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and then modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and Ci decrypted data is recorded as C 'i, wherein C' i is (Ci mod p) mod 2, and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4mObtaining a modulus, obtaining decrypted data, and recording the data after Ci decryption as c 'i, wherein c' i is (Ci mod p) mod 4mMod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and modulo 2 are respectively performed by C1, C2, C3, … and Cj, and finally bitwise negation is performed to obtain decrypted data, and Ci decrypted data is recorded as C 'i, namely C' i is ═ to ((Ci mod p) mod 2), and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4m) Mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ … + c'1, outputting data out, which is the product of the multiplier output;
C. if n is<m, the quotient of m divided by n is recorded as k, the remainder is recorded as h, and b' is updated: if h is not equal to 0, n-h 0 s are complemented on the leftmost side of the b 'to obtain b'=b(k+1)n…bm+2bm+1bmbm-1…b2b1,b(k+1)n…bm+2bm+10 … 00, if h equals 0, then b "remains unchanged; the quotient of dividing the current b' digit by n is denoted as j, and bn…b3b2b1The corresponding decimal number is D1, b2n…bn+3bn+2bn+1The corresponding decimal is denoted D2, and so on, bjn…b(j-1)n+3b(j-1)n+2b(j-1)n+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
c-1, recording data obtained by encrypting Di as CiI is 1, 2, …, j, and data obtained by encrypting a is recorded as c0;
C-2, judging whether n is equal to 1: if n is equal to 1, let ci=Di+p*q+2r1,c0=a+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(a+2r2)<p/2; if n is greater than 1, let ci=Di+p*q+4nr1,c0=a+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4nr1)*(a+4nr2)<p/2;
C-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0;
C-4, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key is equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p and modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and the decrypted data is recorded as C 'i, wherein C' i is (Ci mod p) mod2, mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nTaking the modulus to obtain decrypted data c '1, c '2, c '3, …, c ' k, wherein c ' i is (Ci mod p) mod 4nMod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p, modulo 2, and finally bitwise negation are performed on C1, C2, C3, …, and Cj, respectively, to obtain decrypted data, and the decrypted data Ci is recorded as C 'i, that is, C' i ═ to ((Ci mod p) mod 2), mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4n) Mod is a modulo sign, then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, data out is output, which is the product of the multiplier output.
The output waveform of the multiplier operated by using the original data is shown in fig. 1, and the output waveform of the multiplier operated by using the homomorphic aliasing method for the multiplier of the invention is shown in fig. 2. In fig. 1, a "is a multiplier, b" is a multiplicand, and out is the product of the multiplier outputs. In FIG. 2, a "is the multiplier, b" is the multiplicand, out is the product of the multiplier outputs, r1And r2In FIG. 2, a binary number representation, c1In FIG. 2, c is represented by hexadecimal number0In FIG. 2, hexadecimal numbers are used for representation, c in FIG. 2, p and q in FIG. 2 are used for representation, a "and b"Using the same bit width, i.e., m-n-2, KS indicates that the l-bit binary key value input from the second input port b' of the multiplier is correct |! KS indicates that the key value input from the second input port b' of the multiplier is erroneous, where we have selected a 4-bit binary key. As can be seen from the analysis of fig. 1 and 2: when the multiplier adopts the homomorphic obfuscating method for the multiplier to operate, when the input 4-bit binary key is equal to the set correct 4-bit key value, the product out output by the multiplier is consistent with the product output by the multiplier in fig. 1, thereby showing that the homomorphic obfuscating method for the multiplier of the invention has correct logic function; when the input 4-bit binary key is not equal to the set correct 4-bit key value, the product out output by the multiplier is opposite to the product output by the multiplier in fig. 1, thereby showing that the fully homomorphic obfuscating method for the multiplier performs obfuscated output on the result output by the multiplier, and effectively protecting the operational data of the multiplier in the integrated circuit and the security of the IP core thereof.
Claims (1)
1. A method of homomorphic obfuscation for a multiplier comprising the steps of:
(1) the first input port of the multiplier is marked as a ', the second input port is marked as b', the product output port is marked as c ', the binary multiplier is marked as a', and a ″, is marked as anan-1 … a2a1N is the number of bits of the binary multiplier, the binary multiplicand is denoted as b ", b ″mbm-1 … b2b1M is the number of bits of the binary multiplicand, a bit binary key input into the multiplier through a second input port is set and is marked as KS, wherein l is an integer larger than 1;
(2) randomly generating two decimal variables r which are more than or equal to-2 and less than or equal to 2 by adopting a random function1And r2;
(3) Setting a binary digit of one bit in the multiplier, and using the binary digit of one bit as a correct secret key of the multiplier;
(4) and (3) recording the decimal number corresponding to the a 'as a, recording the decimal number corresponding to the b' as b, and performing fully homomorphic encryption on the a and the b, wherein the specific encryption process is as follows:
A. if m is equal to n, the data obtained by encrypting a is recorded as c1And recording the data obtained by encrypting b as c0The encryption is carried out according to the following steps:
a-1, determining whether n is equal to 1: if n is equal to 1, let c1=a+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+2r1)*(b+2r2)<p/2, is the sign of the multiply operation; if n is greater than 1, let c1=a+p*q+4nr1,c0=b+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+4nr1)*(b+4nr2)<p/2;
A-2, mixing1And c0Inputting the result into a multiplier to perform multiplication, and recording the result as c, c ═ c1*c0;
A-3, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the correct key of the multiplier:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether n is equal to 1: if n is equal to 1, modulo p and then modulo 2 by c to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at this time, out is (c mod p) mod 2, and mod is a modulo symbol; if n is more than 1, c is firstly modulo p and then 4 is carried outnTaking the modulus to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is (c mod p) mod 4n;
When the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, c firstly modulates p, then modulates 2 and finally inverts the n according to the bit to obtain decrypted data out output, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is — ((c mod p) mod 2) and-is an inverted symbol; if n is greater than 1, c is modulo p and then 4nAnd performing modulus operation and bit-wise negation to obtain decrypted data out, wherein the decrypted data out is the product of the output of the multiplier, and at the moment, out is — ((c mod p) mod 4n);
B. If n > m, the quotient of dividing n by m is recorded as k, the remainder is recorded as h, and a' is updated: if h is not equal to 0, m-h 0's are complemented on the high position of a ″, namely the leftmost position, so that a ″, a ═ a(k+1)m … an+2an+1an an-1 … a2a1Wherein a is(k+1)m … an+2an+10 … 00, if h is 0, a "remains unchanged; the quotient of dividing the current a' digit by m is marked as j, and am … a3a2a1The corresponding decimal is denoted D1, a2m … am+3am+2am+1The corresponding decimal is denoted D2, and so on, ajm … a(j-1)m+3 a(j-1)m+ 2a(j-1)m+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
b-1, recording data obtained by encrypting Di as ciI is 1, 2, …, j, and the data obtained by encrypting b is recorded as c0;
B-2, judging whether m is equal to 1: if m is equal to 1, let ci=Di+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(b+2r2)<p/2; if m is greater than 1, let ci=Di+p*q+4mr1,c0=b+p*q+4mr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4mr1)*(b+4mr2)<p/2;
B-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0;
B-4, determining whether the one-bit binary key KS input by the second input port B' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and then modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and Ci decrypted data is recorded as C 'i, wherein C' i is (Ci mod p) mod 2, and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4mObtaining a modulus, obtaining decrypted data, and recording the data after Ci decryption as c 'i, wherein c' i is (Ci mod p) mod 4mMod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and modulo 2 are respectively performed by C1, C2, C3, … and Cj, and finally bitwise negation is performed to obtain decrypted data, and Ci decrypted data is recorded as C 'i, namely C' i is ═ to ((Ci mod p) mod 2), and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4m) Mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ … + c'1, outputting data out, which is the product of the multiplier output;
C. if n is<m, the quotient of m divided by n is recorded as k, the remainder is recorded as h, and b' is updated: if h is not equal to 0, n-h 0 s are complemented on the high position of b ″, namely the leftmost position, so that b ″, which is equal to b(k+1)n…bm+2bm+1bmbm-1…b2b1,b(k+1)n…bm+2bm+10 … 00, if h equals 0, then b "remains unchanged; the quotient of dividing the current b' digit by n is denoted as j, and bn…b3b2b1The corresponding decimal number is D1, b2n…bn+3bn+2bn+1The corresponding decimal is denoted D2, and so on, bjn…b(j-1)n+3b(j-1)n+2b(j-1)n+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
c-1, recording data obtained by encrypting Di as CiI is 1, 2, …, j, and data obtained by encrypting a is recorded as c0;
C-2, judging whether n is equal to 1: if n is equal to 1, let ci=Di+p*q+2r1,c0=a+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(a+2r2)<p/2; if n is greater than 1, let ci=Di+p*q+4nr1,c0=a+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4nr1)*(a+4nr2)<p/2;
C-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0;
C-4, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key is equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p and then modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and Ci is decrypted to be recorded as C 'i, wherein C' i is (Ci mod p) mod 2, and mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j -2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nTaking the modulus to obtain decrypted data c '1, c '2, c '3, …, c ' k, wherein c ' i is (Ci mod p) mod 4nMod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p, modulo 2, and finally bitwise negation are performed on C1, C2, C3, …, and Cj, respectively, to obtain decrypted data, and the decrypted data Ci is recorded as C 'i, that is, C' i ═ to ((Ci mod p) mod 2), mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4n) Mod is a modulo sign, then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, data out is output, which is the product of the multiplier output.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810899862.0A CN109190414B (en) | 2018-08-09 | 2018-08-09 | Fully homomorphic confusion method for multiplier |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810899862.0A CN109190414B (en) | 2018-08-09 | 2018-08-09 | Fully homomorphic confusion method for multiplier |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109190414A CN109190414A (en) | 2019-01-11 |
CN109190414B true CN109190414B (en) | 2021-06-15 |
Family
ID=64921047
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810899862.0A Active CN109190414B (en) | 2018-08-09 | 2018-08-09 | Fully homomorphic confusion method for multiplier |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109190414B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111526000B (en) * | 2020-04-20 | 2023-08-18 | 北京电子科技学院 | Parallel part homomorphic encryption method and system based on confusion model projection |
CN113282970B (en) * | 2021-04-29 | 2022-05-27 | 温州大学 | Hardware confusion method for unlocking multiple hardware IP cores as required |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6026421A (en) * | 1997-11-26 | 2000-02-15 | Atmel Corporation | Apparatus for multiprecision integer arithmetic |
KR100458031B1 (en) * | 2003-03-14 | 2004-11-26 | 삼성전자주식회사 | Apparatus and method for performing a montgomery type modular multiplication |
US8781110B2 (en) * | 2007-06-30 | 2014-07-15 | Intel Corporation | Unified system architecture for elliptic-curve cryptography |
CN106452723B (en) * | 2016-12-13 | 2017-05-31 | 深圳市全同态科技有限公司 | Fully homomorphic encryption processing method based on modular operation |
CN107294698B (en) * | 2017-07-25 | 2019-11-26 | 西安电子科技大学 | The full homomorphic cryptography method that single ciphertext homomorphism calculates |
CN107634750B (en) * | 2017-08-03 | 2020-06-16 | 宁波大学 | Multi-bit multi-valued adiabatic multiplier with transmission gate structure |
CN107395371B (en) * | 2017-09-11 | 2020-07-07 | 中国电子科技集团公司第五十八研究所 | Data encryption in wireless sensor networks |
-
2018
- 2018-08-09 CN CN201810899862.0A patent/CN109190414B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN109190414A (en) | 2019-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Kanso et al. | A novel image encryption algorithm based on a 3D chaotic map | |
US11733966B2 (en) | Protection system and method | |
US20200244434A1 (en) | Differential power analysis resistant encryption and decryption functions | |
CN106487497B (en) | DPA protection for RIJNDAEL algorithm | |
KR100585119B1 (en) | Cryptographic apparatus and cryptographic method , and storage medium thereof | |
US9565018B2 (en) | Protecting cryptographic operations using conjugacy class functions | |
EP3143720A1 (en) | Differential power analysis countermeasures | |
WO2016200474A1 (en) | Techniques for integrated circuit data path confidentiality and extensions thereof | |
US20170063524A1 (en) | Protection of a rijndael algorithm | |
US9722778B1 (en) | Security variable scrambling | |
CN109190414B (en) | Fully homomorphic confusion method for multiplier | |
Kang et al. | Fast image encryption algorithm based on (n, m, k)-PCMLCA | |
Diab et al. | Cryptanalysis and improvement of the image cryptosystem reusing permutation matrix dynamically | |
EP3698262B1 (en) | Protecting modular inversion operation from external monitoring attacks | |
Kelber et al. | General design rules for chaos-based encryption systems | |
Chhabra et al. | Enhancing data security using obfuscated 128-bit AES algorithm-an active hardware obfuscation approach at RTL level | |
AU2012382467A1 (en) | A method of cryption | |
CN107534550B (en) | Cryptographic apparatus, cryptographic method, computing apparatus, and computer-readable storage medium | |
Tamimi et al. | A variable circular-shift image-encryption algorithm | |
Shibeeb et al. | A new chaotic image cryptosystem based on plaintext-associated mechanism and integrated confusion-diffusion operation | |
Jasim et al. | A hyper-chaotic system and adaptive substitution box (S-Box) for image encryption | |
Koteshwara et al. | Functional encryption of integrated circuits by key-based hybrid obfuscation | |
Suresh et al. | VLSI implementation of text to image encryption algorithm based on private key encryption | |
Chhabra et al. | Towards the enhancement of AES IP security using hardware obfuscation technique: A practical approach for secure data transmission in IoT | |
Fu et al. | Medical image protection using hyperchaos-based encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |