CN109190414B - Fully homomorphic confusion method for multiplier - Google Patents

Fully homomorphic confusion method for multiplier Download PDF

Info

Publication number
CN109190414B
CN109190414B CN201810899862.0A CN201810899862A CN109190414B CN 109190414 B CN109190414 B CN 109190414B CN 201810899862 A CN201810899862 A CN 201810899862A CN 109190414 B CN109190414 B CN 109190414B
Authority
CN
China
Prior art keywords
multiplier
mod
equal
modulo
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810899862.0A
Other languages
Chinese (zh)
Other versions
CN109190414A (en
Inventor
张跃军
潘钊
王佳伟
栾志存
李立威
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ningbo University
Original Assignee
Ningbo University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ningbo University filed Critical Ningbo University
Priority to CN201810899862.0A priority Critical patent/CN109190414B/en
Publication of CN109190414A publication Critical patent/CN109190414A/en
Application granted granted Critical
Publication of CN109190414B publication Critical patent/CN109190414B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Abstract

The invention discloses a fully homomorphic obfuscating method for a multiplier, which comprises the steps of firstly carrying out fully homomorphic encryption on a multiplier and a multiplicand of the multiplier, then carrying out multiplication operation by using encrypted data, judging whether an input key is equal to a set correct key value or not when a key is input at a second input port of the multiplier, and carrying out decryption according to a judgment conclusion to obtain final product output; the advantages are that the multiplier and the multiplicand are encrypted in the same state, and the product is output in a mixed mode, so that the original data of the multiplier and the multiplicand are prevented from being stolen, an IP core of the multiplier is protected, and the safety of the multiplier in an integrated circuit is improved.

Description

Fully homomorphic confusion method for multiplier
Technical Field
The present invention relates to a homomorphic aliasing method, and more particularly, to a homomorphic aliasing method for a multiplier.
Background
As part of the arithmetic unit, multipliers are essential in digital circuit design. In a hardware circuit design, a multiplier may directly use a multiplication sign, and when logic synthesis is performed, an Intellectual Property (IP) core of the multiplier in a process library is called to complete multiplication. The multiplier, as an IP core in an integrated circuit, is reusable, so that it may be subject to various attacks, such as IP core piracy. The existing IP core protection is to hide the Function of a circuit by hardware confusion, i.e. changing the design of the IP core, for example, Zhang and others propose a hardware confusion method combining a Physical Unclonable Function (PUF) and a finite state machine to effectively protect the IP core of a Field-Programmable Gate Array (FPGA) Device, and implement a forced payment permission of Pay-Per-Device.
However, the traditional IP protection method rarely involves protection of the multiplier IP core, and also does not involve protection of the original input data of the multiplier, so when the multiplier performs multiplication, the multiplier and the multiplicand are operated by inputting the original data into the multiplier, and the original data is easily utilized by attacks such as hardware trojans and the like to maliciously modify a circuit or a design, thereby causing the whole circuit to abnormally operate or steal the whole circuit information. Therefore, how to effectively protect the operational data of the multiplier in the integrated circuit and the security of the IP core itself has become an urgent problem to be solved.
Disclosure of Invention
The invention aims to solve the technical problem of providing a homomorphic confusion method for a multiplier, which can carry out homomorphic encryption on a multiplier and a multiplicand and output product confusion, thereby avoiding the stealing of the original data of the multiplier and the multiplicand, protecting an IP core of the multiplier and improving the safety of the multiplier in an integrated circuit.
The technical scheme adopted by the invention for solving the technical problems is as follows: a method of homomorphic obfuscation for a multiplier comprising the steps of:
(1) the first input port of the multiplier is marked as a ', the second input port is marked as b', the product output port is marked as c ', the binary multiplier is marked as a', and a ″, is marked as anan-1…a2a1N is the number of bits of the binary multiplier, the binary multiplicand is denoted as b ", b ″m bm-1…b2b1M is the number of bits of the binary multiplicand, a bit binary key input into the multiplier through a second input port is set and is marked as KS, wherein l is an integer larger than 1;
(2) randomly generating two decimal variables r which are more than or equal to-2 and less than or equal to 2 by adopting a random function1And r2
(3) Setting a binary digit of one bit in the multiplier, and using the binary digit of one bit as a correct secret key of the multiplier;
(4) and (3) recording the decimal number corresponding to the a 'as a, recording the decimal number corresponding to the b' as b, and performing fully homomorphic encryption on the a and the b, wherein the specific encryption process is as follows:
A. if m is equal to n, the data obtained by encrypting a is recorded as c1And recording the data obtained by encrypting b as c0The encryption is carried out according to the following steps:
a-1, determining whether n is equal to 1: if n is equal to 1, let c1=a+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+2r1)*(b+2r2)<p/2, is the sign of the multiply operation; if n is greater than 1, let c1=a+p*q+4nr1,c0=b+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+4nr1)*(b+4nr2)<p/2;
A-2, mixing1And c0Inputting the result into a multiplier to perform multiplication, and recording the result as c, c ═ c1*c0
A-3, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the correct key of the multiplier:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether n is equal to 1: if n is equal to 1, modulo p and then modulo 2 by c to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at this time, out is (c mod p) mod 2, and mod is a modulo symbol; if n is more than 1, c is firstly modulo p and then 4 is carried outnTaking the modulus to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is (c mod p) mod 4n
When the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, c firstly modulates p, then modulates 2 and finally inverts the n according to the bit to obtain decrypted data out output, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is — ((c mod p) mod 2) and-is an inverted symbol; if n is greater than 1, c is modulo p and then 4nAnd performing modulus operation and bit-wise negation to obtain decrypted data out, wherein the decrypted data out is the product of the output of the multiplier, and at the moment, out is — ((c mod p) mod 4n);
B. If n > m, the quotient of dividing n by m is recorded as k, the remainder is recorded as h, and a' is updated: if h is not equal to 0, the left most bit in a ″M-h 0 is complemented to obtain a ═ a(k+1)m…an+2an+1an an-1…a2a1Wherein a is(k+1)m…an+2an+10 … 00, if h is 0, a "remains unchanged; the quotient of dividing the current a' digit by m is marked as j, and am…a3a2a1The corresponding decimal is denoted D1, a2m…am+3am+2am+1The corresponding decimal is denoted D2, and so on, ajm…a(j-1)m+3a(j-1)m+2a(j-1)m+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
b-1, recording data obtained by encrypting Di as ciI is 1, 2, …, j, and the data obtained by encrypting b is recorded as c0
B-2, judging whether m is equal to 1: if m is equal to 1, let ci=Di+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(b+2r2)<p/2; if m is greater than 1, let ci=Di+p*q+4mr1,c0=b+p*q+4mr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4mr1)*(b+4mr2)<p/2;
B-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0
B-4, determining whether the one-bit binary key KS input by the second input port B' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, taking the modulus of C1, C2, C3, … and Cj respectively for p and then for 2 to obtain decrypted data, recording Ci as C' i,where c' i ═ Ci mod p) mod 2, mod is the modulo sign; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4mObtaining a modulus, obtaining decrypted data, and recording the data after Ci decryption as c 'i, wherein c' i is (Ci mod p) mod 4mMod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and modulo 2 are respectively performed by C1, C2, C3, … and Cj, and finally bitwise negation is performed to obtain decrypted data, and Ci decrypted data is recorded as C 'i, namely C' i is ═ to ((Ci mod p) mod 2), and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4m) Mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ … + c'1, outputting data out, which is the product of the multiplier output;
C. if n is<m, the quotient of m divided by n is recorded as k, the remainder is recorded as h, and b' is updated: if h is not equal to 0, n-h 0 s are complemented on the high position of b ″, namely the leftmost position, so that b ″, which is equal to b(k+1)n…bm+2bm+1bmbm-1…b2b1,b(k+1)n…bm+2bm+10 … 00, if h equals 0, then b "remains unchanged; the quotient of dividing the current b' digit by n is denoted as j, and bn…b3b2b1The corresponding decimal number is D1, b2n…bn+3bn+2bn+1The corresponding decimal is denoted D2, and so on, bjn…b(j-1)n+3b(j-1)n+2b(j-1)n+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
c-1, recording data obtained by encrypting Di as CiI is 1, 2, …, j, and data obtained by encrypting a is recorded as c0
C-2, judging whether n is equal to 1: if n is equal to 1, let ci=Di+p*q+2r1,c0=a+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(a+2r2)<p/2; if n is greater than 1, let ci=Di+p*q+4nr1,c0=a+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4nr1)*(a+4nr2)<p/2;
C-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0
C-4, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key is equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p and then modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and Ci is decrypted to be recorded as C 'i, wherein C' i is (Ci mod p) mod 2, and mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nTaking the modulus to obtain decrypted data c '1, c '2, c '3, …, c ' k, wherein c ' i is (Ci mod p) mod 4nMod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p, modulo 2, and finally bitwise negation are performed on C1, C2, C3, …, and Cj, respectively, to obtain decrypted data, and the decrypted data Ci is recorded as C 'i, that is, C' i ═ to ((Ci mod p) mod 2), mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4n) Mod is a modulo sign, then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, data out is output, which is the product of the multiplier output.
Compared with the prior art, the method has the advantages that the multiplier and the multiplicand of the multiplier are encrypted in a fully homomorphic way, and the encrypted data are used for multiplication, so that the original data of the multiplier and the multiplicand can be prevented from appearing; for side-channel attack, the multiplier chip processes the data after the multiplicand and the multiplicand are encrypted during working and is not the original data of the multiplicand and the multiplicand any more, the leaked power consumption or running time is related to the data after the multiplicand and the multiplicand are encrypted, the meaning represented by the original data of the multiplicand and the multiplicand cannot be reflected, the side-channel attack can be effectively prevented, the product output is controlled through the set correct key of the multiplier at the output port of the multiplier, the multiplied data can be decrypted in the same state and output only when the input one-bit binary key KS is the same as the set correct key of the multiplier, when an attacker does not know the correct key of the correct multiplier, the one-bit binary key KS is different from the set correct key of the multiplier, the multiplied data is decrypted in the same state and then output in reverse, and output confusion is realized, the correct key of the set multiplier is mastered by a designer and cannot be acquired by an attacker, so that the protection of hardware intellectual property is improved, and the problem of IP embezzlement can be effectively solved.
Drawings
FIG. 1 is a waveform diagram of an output of a multiplier operated with raw data;
FIG. 2 is a waveform diagram of the output of a multiplier operated by the inventive all-homomorphic aliasing method for multipliers.
Detailed Description
The invention is described in further detail below with reference to the accompanying examples.
Example (b): a method of homomorphic obfuscation for a multiplier comprising the steps of:
(1) the first input port of the multiplier is marked as a ', the second input port is marked as b', the product output port is marked as c ', the binary multiplier is marked as a', and a ″, is marked as anan-1…a2a1N is the number of bits of the binary multiplier, the binary multiplicand is denoted as b ", b ″m bm-1…b2b1M is the number of bits of the binary multiplicand, a bit binary key input into the multiplier through a second input port is set and is marked as KS, wherein l is an integer larger than 1;
(2) randomly generating two decimal variables r which are more than or equal to-2 and less than or equal to 2 by adopting a random function1And r2
(3) Setting a binary digit of one bit in the multiplier, and using the binary digit of one bit as a correct secret key of the multiplier;
(4) and (3) recording the decimal number corresponding to the a 'as a, recording the decimal number corresponding to the b' as b, and performing fully homomorphic encryption on the a and the b, wherein the specific encryption process is as follows:
A. if m is equal to n, the data obtained by encrypting a is recorded as c1And recording the data obtained by encrypting b as c0The encryption is carried out according to the following steps:
a-1, determining whether n is equal to 1: if n is equal to 1, let c1=a+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+2r1)*(b+2r2)<p/2, is the sign of the multiply operation; if n is greater than 1, let c1=a+p*q+4nr1,c0=b+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+4nr1)*(b+4nr2)<p/2;
A-2, mixing1And c0Inputting the result into a multiplier to perform multiplication, and recording the result as c, c ═ c1*c0
A-3, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the correct key of the multiplier:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether n is equal to 1: if n is equal to 1, modulo p and then modulo 2 by c to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at this time, out is (c mod p) mod 2, and mod is a modulo symbol; if n is more than 1, c is firstly modulo p and then 4 is carried outnTaking the modulus to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is (c mod p) mod 4n
When the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, c is firstly modulo p, then modulo 2 and finally inverted according to bits to obtain decrypted data out output, the decrypted data out is the product of the output of the multiplier, and at the moment, out is — ((c mod p) mod 2) -is an inverted symbol; if n is greater than 1, c is modulo p and then 4nAnd performing modulus operation and bit-wise negation to obtain decrypted data out, wherein the decrypted data out is the product of the output of the multiplier, and at the moment, out is — ((c mod p) mod 4n);
B. If n > m, the quotient of dividing n by m is recorded as k, the remainder is recorded as h, and a' is updated: if h is not equal to 0, m-h 0's are complemented on the high position of a ″, namely the leftmost position, so that a ″, a ═ a(k+1)m…an+2an+1an an-1…a2a1Wherein a is(k+1)m…an+2an+10 … 00, if h is 0, a "remains unchanged; the quotient of dividing the current a' digit by m is marked as j, and am…a3a2a1The corresponding decimal is denoted D1, a2m…am+3am+2am+1The corresponding decimal is denoted D2, and so on, ajm…a(j-1)m+3a(j-1)m+2a(j-1)m+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
b-1, recording data obtained by encrypting Di as ciI is 1, 2, …, j, and the data obtained by encrypting b is recorded as c0
B-2, judging whether m is equal to 1: if m is equal to 1, let ci=Di+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(b+2r2)<p/2; if m is greater than 1, let ci=Di+p*q+4mr1,c0=b+p*q+4mr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4mr1)*(b+4mr2)<p/2;
B-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0
B-4, determining whether the one-bit binary key KS input by the second input port B' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and then modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and Ci decrypted data is recorded as C 'i, wherein C' i is (Ci mod p) mod 2, and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4mObtaining a modulus, obtaining decrypted data, and recording the data after Ci decryption as c 'i, wherein c' i is (Ci mod p) mod 4mMod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and modulo 2 are respectively performed by C1, C2, C3, … and Cj, and finally bitwise negation is performed to obtain decrypted data, and Ci decrypted data is recorded as C 'i, namely C' i is ═ to ((Ci mod p) mod 2), and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4m) Mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ … + c'1, outputting data out, which is the product of the multiplier output;
C. if n is<m, the quotient of m divided by n is recorded as k, the remainder is recorded as h, and b' is updated: if h is not equal to 0, n-h 0 s are complemented on the leftmost side of the b 'to obtain b'=b(k+1)n…bm+2bm+1bmbm-1…b2b1,b(k+1)n…bm+2bm+10 … 00, if h equals 0, then b "remains unchanged; the quotient of dividing the current b' digit by n is denoted as j, and bn…b3b2b1The corresponding decimal number is D1, b2n…bn+3bn+2bn+1The corresponding decimal is denoted D2, and so on, bjn…b(j-1)n+3b(j-1)n+2b(j-1)n+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
c-1, recording data obtained by encrypting Di as CiI is 1, 2, …, j, and data obtained by encrypting a is recorded as c0
C-2, judging whether n is equal to 1: if n is equal to 1, let ci=Di+p*q+2r1,c0=a+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(a+2r2)<p/2; if n is greater than 1, let ci=Di+p*q+4nr1,c0=a+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4nr1)*(a+4nr2)<p/2;
C-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0
C-4, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key is equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p and modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and the decrypted data is recorded as C 'i, wherein C' i is (Ci mod p) mod2, mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nTaking the modulus to obtain decrypted data c '1, c '2, c '3, …, c ' k, wherein c ' i is (Ci mod p) mod 4nMod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p, modulo 2, and finally bitwise negation are performed on C1, C2, C3, …, and Cj, respectively, to obtain decrypted data, and the decrypted data Ci is recorded as C 'i, that is, C' i ═ to ((Ci mod p) mod 2), mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4n) Mod is a modulo sign, then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, data out is output, which is the product of the multiplier output.
The output waveform of the multiplier operated by using the original data is shown in fig. 1, and the output waveform of the multiplier operated by using the homomorphic aliasing method for the multiplier of the invention is shown in fig. 2. In fig. 1, a "is a multiplier, b" is a multiplicand, and out is the product of the multiplier outputs. In FIG. 2, a "is the multiplier, b" is the multiplicand, out is the product of the multiplier outputs, r1And r2In FIG. 2, a binary number representation, c1In FIG. 2, c is represented by hexadecimal number0In FIG. 2, hexadecimal numbers are used for representation, c in FIG. 2, p and q in FIG. 2 are used for representation, a "and b"Using the same bit width, i.e., m-n-2, KS indicates that the l-bit binary key value input from the second input port b' of the multiplier is correct |! KS indicates that the key value input from the second input port b' of the multiplier is erroneous, where we have selected a 4-bit binary key. As can be seen from the analysis of fig. 1 and 2: when the multiplier adopts the homomorphic obfuscating method for the multiplier to operate, when the input 4-bit binary key is equal to the set correct 4-bit key value, the product out output by the multiplier is consistent with the product output by the multiplier in fig. 1, thereby showing that the homomorphic obfuscating method for the multiplier of the invention has correct logic function; when the input 4-bit binary key is not equal to the set correct 4-bit key value, the product out output by the multiplier is opposite to the product output by the multiplier in fig. 1, thereby showing that the fully homomorphic obfuscating method for the multiplier performs obfuscated output on the result output by the multiplier, and effectively protecting the operational data of the multiplier in the integrated circuit and the security of the IP core thereof.

Claims (1)

1. A method of homomorphic obfuscation for a multiplier comprising the steps of:
(1) the first input port of the multiplier is marked as a ', the second input port is marked as b', the product output port is marked as c ', the binary multiplier is marked as a', and a ″, is marked as anan-1 … a2a1N is the number of bits of the binary multiplier, the binary multiplicand is denoted as b ", b ″mbm-1 … b2b1M is the number of bits of the binary multiplicand, a bit binary key input into the multiplier through a second input port is set and is marked as KS, wherein l is an integer larger than 1;
(2) randomly generating two decimal variables r which are more than or equal to-2 and less than or equal to 2 by adopting a random function1And r2
(3) Setting a binary digit of one bit in the multiplier, and using the binary digit of one bit as a correct secret key of the multiplier;
(4) and (3) recording the decimal number corresponding to the a 'as a, recording the decimal number corresponding to the b' as b, and performing fully homomorphic encryption on the a and the b, wherein the specific encryption process is as follows:
A. if m is equal to n, the data obtained by encrypting a is recorded as c1And recording the data obtained by encrypting b as c0The encryption is carried out according to the following steps:
a-1, determining whether n is equal to 1: if n is equal to 1, let c1=a+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+2r1)*(b+2r2)<p/2, is the sign of the multiply operation; if n is greater than 1, let c1=a+p*q+4nr1,c0=b+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(a+4nr1)*(b+4nr2)<p/2;
A-2, mixing1And c0Inputting the result into a multiplier to perform multiplication, and recording the result as c, c ═ c1*c0
A-3, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the correct key of the multiplier:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether n is equal to 1: if n is equal to 1, modulo p and then modulo 2 by c to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at this time, out is (c mod p) mod 2, and mod is a modulo symbol; if n is more than 1, c is firstly modulo p and then 4 is carried outnTaking the modulus to obtain decrypted data out, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is (c mod p) mod 4n
When the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, c firstly modulates p, then modulates 2 and finally inverts the n according to the bit to obtain decrypted data out output, wherein the decrypted data out is the product output by the multiplier, and at the moment, out is — ((c mod p) mod 2) and-is an inverted symbol; if n is greater than 1, c is modulo p and then 4nAnd performing modulus operation and bit-wise negation to obtain decrypted data out, wherein the decrypted data out is the product of the output of the multiplier, and at the moment, out is — ((c mod p) mod 4n);
B. If n > m, the quotient of dividing n by m is recorded as k, the remainder is recorded as h, and a' is updated: if h is not equal to 0, m-h 0's are complemented on the high position of a ″, namely the leftmost position, so that a ″, a ═ a(k+1)m … an+2an+1an an-1 … a2a1Wherein a is(k+1)m … an+2an+10 … 00, if h is 0, a "remains unchanged; the quotient of dividing the current a' digit by m is marked as j, and am … a3a2a1The corresponding decimal is denoted D1, a2m … am+3am+2am+1The corresponding decimal is denoted D2, and so on, ajm … a(j-1)m+3 a(j-1)m+ 2a(j-1)m+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
b-1, recording data obtained by encrypting Di as ciI is 1, 2, …, j, and the data obtained by encrypting b is recorded as c0
B-2, judging whether m is equal to 1: if m is equal to 1, let ci=Di+p*q+2r1,c0=b+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(b+2r2)<p/2; if m is greater than 1, let ci=Di+p*q+4mr1,c0=b+p*q+4mr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4mr1)*(b+4mr2)<p/2;
B-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0
B-4, determining whether the one-bit binary key KS input by the second input port B' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key KS is equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and then modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and Ci decrypted data is recorded as C 'i, wherein C' i is (Ci mod p) mod 2, and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4mObtaining a modulus, obtaining decrypted data, and recording the data after Ci decryption as c 'i, wherein c' i is (Ci mod p) mod 4mMod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key KS is not equal to the correct key of the multiplier, it is determined whether the value of m is equal to 1: if m is equal to 1, modulo p and modulo 2 are respectively performed by C1, C2, C3, … and Cj, and finally bitwise negation is performed to obtain decrypted data, and Ci decrypted data is recorded as C 'i, namely C' i is ═ to ((Ci mod p) mod 2), and mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if m is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4m) Mod is a modulo symbol; then out is c' j 2(j-1)m+c'(j-1)*2(j-2)m+…+c'2*2m+ … + c'1, outputting data out, which is the product of the multiplier output;
C. if n is<m, the quotient of m divided by n is recorded as k, the remainder is recorded as h, and b' is updated: if h is not equal to 0, n-h 0 s are complemented on the high position of b ″, namely the leftmost position, so that b ″, which is equal to b(k+1)n…bm+2bm+1bmbm-1…b2b1,b(k+1)n…bm+2bm+10 … 00, if h equals 0, then b "remains unchanged; the quotient of dividing the current b' digit by n is denoted as j, and bn…b3b2b1The corresponding decimal number is D1, b2n…bn+3bn+2bn+1The corresponding decimal is denoted D2, and so on, bjn…b(j-1)n+3b(j-1)n+2b(j-1)n+1And the corresponding decimal system is marked as Dj, and the encryption is carried out according to the following steps:
c-1, recording data obtained by encrypting Di as CiI is 1, 2, …, j, and data obtained by encrypting a is recorded as c0
C-2, judging whether n is equal to 1: if n is equal to 1, let ci=Di+p*q+2r1,c0=a+p*q+2r2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+2r1)*(a+2r2)<p/2; if n is greater than 1, let ci=Di+p*q+4nr1,c0=a+p*q+4nr2Wherein p is a positive odd number, q is a positive integer larger than p, and satisfies-p/2<(Di+4nr1)*(a+4nr2)<p/2;
C-3, mixing1,c2,c3,…,cjAre each independently of c0Inputting into a multiplier to perform multiplication, and ciAnd c0The result of the operation is denoted as Ci, i.e., Ci ═ ci*c0
C-4, determining whether the one-bit binary key KS input by the second input port b' of the multiplier is equal to the set correct one-bit binary key value:
when the input one-bit binary key is equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p and then modulo 2 are respectively taken for C1, C2, C3, … and Cj to obtain decrypted data, and Ci is decrypted to be recorded as C 'i, wherein C' i is (Ci mod p) mod 2, and mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j -2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nTaking the modulus to obtain decrypted data c '1, c '2, c '3, …, c ' k, wherein c ' i is (Ci mod p) mod 4nMod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier;
when the input one-bit binary key is not equal to the correct key of the multiplier, it is determined whether the value of n is equal to 1: if n is equal to 1, modulo p, modulo 2, and finally bitwise negation are performed on C1, C2, C3, …, and Cj, respectively, to obtain decrypted data, and the decrypted data Ci is recorded as C 'i, that is, C' i ═ to ((Ci mod p) mod 2), mod is a modulo symbol; then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, outputting data out, wherein the data out is the product output by the multiplier; if n is more than 1, taking the modulus of C1, C2, C3, … and Cj to p respectively and then taking 4nAnd modulus taking and bit negation are carried out finally to obtain decrypted data, and Ci decrypted data is recorded as c 'i, wherein c' i is- ((Ci mod p) mod 4n) Mod is a modulo sign, then out is c' j 2(j-1)n+c'(j-1)*2(j-2)n+…+c'2*2n+ c'1, data out is output, which is the product of the multiplier output.
CN201810899862.0A 2018-08-09 2018-08-09 Fully homomorphic confusion method for multiplier Active CN109190414B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810899862.0A CN109190414B (en) 2018-08-09 2018-08-09 Fully homomorphic confusion method for multiplier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810899862.0A CN109190414B (en) 2018-08-09 2018-08-09 Fully homomorphic confusion method for multiplier

Publications (2)

Publication Number Publication Date
CN109190414A CN109190414A (en) 2019-01-11
CN109190414B true CN109190414B (en) 2021-06-15

Family

ID=64921047

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810899862.0A Active CN109190414B (en) 2018-08-09 2018-08-09 Fully homomorphic confusion method for multiplier

Country Status (1)

Country Link
CN (1) CN109190414B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111526000B (en) * 2020-04-20 2023-08-18 北京电子科技学院 Parallel part homomorphic encryption method and system based on confusion model projection
CN113282970B (en) * 2021-04-29 2022-05-27 温州大学 Hardware confusion method for unlocking multiple hardware IP cores as required

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6026421A (en) * 1997-11-26 2000-02-15 Atmel Corporation Apparatus for multiprecision integer arithmetic
KR100458031B1 (en) * 2003-03-14 2004-11-26 삼성전자주식회사 Apparatus and method for performing a montgomery type modular multiplication
US8781110B2 (en) * 2007-06-30 2014-07-15 Intel Corporation Unified system architecture for elliptic-curve cryptography
CN106452723B (en) * 2016-12-13 2017-05-31 深圳市全同态科技有限公司 Fully homomorphic encryption processing method based on modular operation
CN107294698B (en) * 2017-07-25 2019-11-26 西安电子科技大学 The full homomorphic cryptography method that single ciphertext homomorphism calculates
CN107634750B (en) * 2017-08-03 2020-06-16 宁波大学 Multi-bit multi-valued adiabatic multiplier with transmission gate structure
CN107395371B (en) * 2017-09-11 2020-07-07 中国电子科技集团公司第五十八研究所 Data encryption in wireless sensor networks

Also Published As

Publication number Publication date
CN109190414A (en) 2019-01-11

Similar Documents

Publication Publication Date Title
Kanso et al. A novel image encryption algorithm based on a 3D chaotic map
US11733966B2 (en) Protection system and method
US20200244434A1 (en) Differential power analysis resistant encryption and decryption functions
CN106487497B (en) DPA protection for RIJNDAEL algorithm
KR100585119B1 (en) Cryptographic apparatus and cryptographic method , and storage medium thereof
US9565018B2 (en) Protecting cryptographic operations using conjugacy class functions
EP3143720A1 (en) Differential power analysis countermeasures
WO2016200474A1 (en) Techniques for integrated circuit data path confidentiality and extensions thereof
US20170063524A1 (en) Protection of a rijndael algorithm
US9722778B1 (en) Security variable scrambling
CN109190414B (en) Fully homomorphic confusion method for multiplier
Kang et al. Fast image encryption algorithm based on (n, m, k)-PCMLCA
Diab et al. Cryptanalysis and improvement of the image cryptosystem reusing permutation matrix dynamically
EP3698262B1 (en) Protecting modular inversion operation from external monitoring attacks
Kelber et al. General design rules for chaos-based encryption systems
Chhabra et al. Enhancing data security using obfuscated 128-bit AES algorithm-an active hardware obfuscation approach at RTL level
AU2012382467A1 (en) A method of cryption
CN107534550B (en) Cryptographic apparatus, cryptographic method, computing apparatus, and computer-readable storage medium
Tamimi et al. A variable circular-shift image-encryption algorithm
Shibeeb et al. A new chaotic image cryptosystem based on plaintext-associated mechanism and integrated confusion-diffusion operation
Jasim et al. A hyper-chaotic system and adaptive substitution box (S-Box) for image encryption
Koteshwara et al. Functional encryption of integrated circuits by key-based hybrid obfuscation
Suresh et al. VLSI implementation of text to image encryption algorithm based on private key encryption
Chhabra et al. Towards the enhancement of AES IP security using hardware obfuscation technique: A practical approach for secure data transmission in IoT
Fu et al. Medical image protection using hyperchaos-based encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant