CN109818732A - A kind of AES encryption circuit of dynamic route S box and defensive power consumption attack - Google Patents

A kind of AES encryption circuit of dynamic route S box and defensive power consumption attack Download PDF

Info

Publication number
CN109818732A
CN109818732A CN201910183699.2A CN201910183699A CN109818732A CN 109818732 A CN109818732 A CN 109818732A CN 201910183699 A CN201910183699 A CN 201910183699A CN 109818732 A CN109818732 A CN 109818732A
Authority
CN
China
Prior art keywords
unit
circuit
mapping matrix
domain
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910183699.2A
Other languages
Chinese (zh)
Other versions
CN109818732B (en
Inventor
张金宝
周芳
吴宁
葛芬
张肖强
黎建华
闫改珍
谢海燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Aeronautics and Astronautics
Original Assignee
Nanjing University of Aeronautics and Astronautics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Aeronautics and Astronautics filed Critical Nanjing University of Aeronautics and Astronautics
Priority to CN201910183699.2A priority Critical patent/CN109818732B/en
Publication of CN109818732A publication Critical patent/CN109818732A/en
Application granted granted Critical
Publication of CN109818732B publication Critical patent/CN109818732B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of dynamic route S box and the AES encryption circuit of defensive power consumption attack, dynamic route S box includes sequentially connected Random Maps unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit;The AES encryption circuit of defensive power consumption attack based on dynamic route S box includes NrA round transformation unit and key expansion unit using dynamic route S box.In the present invention, the data handling path dynamic change of dynamic route S box, so that dynamic change is presented in target AES circuit power consumption when handling same group of data, destroy the correlation handled by circuit between data and circuit key, to realize the target of defence power consumption attack, the safety of encrypted circuit is improved.

Description

A kind of AES encryption circuit of dynamic route S box and defensive power consumption attack
Technical field
The present invention relates to cryptochannels to realize technical field, especially a kind of dynamic route S box and defensive power consumption attack AES encryption circuit.
Background technique
Advanced Encryption Standard (Advanced Encryption Standard, AES), also known as Rijndael enciphered method, should Algorithm is designed by Belgium cryptologist Joan Daemen and Vincent Rijmen, is by American National Standard and technology A new generation's grouping symmetric cryptographic algorithm that research institute formulates for 2001, for replacing original data encryption standards (Data Encryption Standard, DES).AES cryptographic algorithm is a kind of iteration, symmetric block ciphers algorithm, and data grouping is long Degree is 128 bits, and key length has three kinds of 128,192 and 256 bit.According to these three different key lengths, ciphering process It is respectively necessary for carry out 10,12 and 14 and takes turns round transformation operation, each round transformation operation includes byte replacement again, and row displacement arranges mixed It closes and key adds four sub- operations, in addition to last wheel.In order to eliminate symmetry, last wheel round transformation does not include column mixing fortune It calculates, and adds operation plus a secondary key before first round round transformation operation.
According to different application demands, AES encryption circuit uses different realization frameworks.Referring to Fig. 3 (a) and Fig. 3 (b), AES encryption circuit realizes that framework generally can be divided into two kinds: loop unrolling structure and full deployed configuration.It is used in loop unrolling structure Nk(1≤Nk≤Nr,Nr=10/12/14) a round transformation unit (including independent key adds operation), with full deployed configuration phase Than loop unrolling structure needs smaller circuit area, especially works as Nk(N when=1kAlso known as complete alternation structure when=1), it follows Ring deployed configuration has the smallest circuit area.But loop unrolling structure needs iterationIt is secondary just to obtain final result, Therefore data processing speed is relatively low.Loop unrolling structure is for requiring circuit area small, the not high occasion of data rate, such as nothing Line Sensor Network, RFID etc..Loop unrolling structure can also trade off circuit area and speed according to concrete application demand.Entirely Deployed configuration has used NrA round transformation circuit unit, circuit area is big, but data do not need to feed back, and data processing speed is high. Full deployed configuration can also accelerate data processing speed by way of increasing pipeline series.Full deployed configuration is suitable for height Fast generating date occasion, such as real-time video signal transmission.
Power consumption attack, and can be described as power consumption analysis (Power Analysis), based on power consumption consumed by crypto chip There are correlations between key and algorithm median.A large amount of utilizations of CMOS logic in integrated circuit, so that power consumption and circuit Output and input transitional states correlation, more power consumptions can be then consumed when cmos cell has signal jump.In power consumption attack In the process, it needs to establish certain mapping between the power consumption consumed by the intermediate result and crypto chip for encrypting or decrypting operation Relationship, to deduce the value of key according to power consumption data analysis.Currently used power consumption attack can be divided into simple power consumption and attack Hit (Simple Power Attack, SPA), differential power attack (Differential Power Attack, DPA) and high-order Three kinds of differential power attack (High-Order Differential Power Attack, HO-DPA).Power consumption attack realizes letter It is single, expensive professional equipment is not needed, and cipher key search space is smaller, therefore is most important, most common in bypass attack Attack means, and the bypass attack technology that most serious threatens is constituted to crypto chip.
Requirement for power consumption attack and some extreme condition application environments to equipment high reliability, traditional defence Approach can be roughly divided into two classes: first is that useful information amount is reduced, to reduce signal-to-noise ratio by the fluctuation for reducing power consumption profile; Second is that achieving the purpose that reduce signal-to-noise ratio by increasing random noise and redundancy power consumption.Common power consumption attack defensive measure is main There are random mask technology and the constant technology of power consumption etc..
Summary of the invention
Technical problem to be solved by the present invention lies in provide the AES of a kind of dynamic route S box and defensive power consumption attack Encrypted circuit is able to solve the problem of existing AES encryption circuit based on compositum S box can not defend power consumption attack.
In order to solve the above technical problems, the present invention provides a kind of dynamic route S box, comprising: sequentially connected Random Maps Unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit;
Random Maps unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit be to the number of input According to carrying out respectively, map operation, compositum inversion operation, inverse mapping operates and affine operation;The output result of affine unit is The encrypted result of state path S box;
Binary system random number AB is generated by tandom number generator, for controlling selector 1, the GF in Random Maps unit (28) distributor in selector 2 and selector 3, random inverse mapping unit in the dynamic inversion unit of domain;Wherein, binary system with The first place of machine number AB, that is, random number A is used to control selections device 2, and last bit, that is, random number B of random number AB is used to control selections device 2.
Preferably, the input of Random Maps unit is 8 data packets, including mapping matrix 1, mapping matrix 2, mapping matrix 3, mapping matrix 4 and selector 1;Wherein mapping matrix 1, mapping matrix 2, mapping matrix 3 and mapping matrix 4 respectively with it is random inverse Inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping matrix 3 and inverse mapping matrix 4 in map unit correspond;
When 8 data enter Random Maps unit, input data enters mapping matrix 1, mapping matrix 2, mapping simultaneously Matrix 3 and mapping matrix 4 are handled;It is which mapping matrix by 1 dynamic select of binary system random number AB control selections device Output result as Random Maps unit result and be sent into the GF (2 of dynamic route S box8) domain dynamic inversion unit.
Preferably, (2 GF8) domain dynamic inversion unit input data be Random Maps unit output 8 data packets, packet Include GF ((24)2) P circuit and N circuit, selector 2, GF ((2 on domain2)2) P circuit and N circuit, selector 3, GF on domain (22) the superior ifft circuit in domain;Wherein, P indicates the transformation of inverting based on polynomial basis, and N indicates the transformation of inverting based on normal basis;
When 8 data input GF (28) domain dynamic inversion unit when, input data enters GF ((2 simultaneously4)2) P electricity on domain Road and N circuit;Two input ports of selector 2 respectively with GF ((24)2) the P circuit on domain is connected with N circuit;By random Number A control selections device 2 selects GF ((24)2) P circuit or N circuit on domain output result as GF ((22)2) P electricity on domain The input on road and N circuit, wherein A is the first place of random number AB;Two input ports of selector 3 respectively with GF ((22)2) domain On P circuit be connected with N circuit;GF ((2 is selected by random number B control selections device 32)2) P circuit on domain or N circuit it is defeated Result is as GF (2 out2) the superior ifft circuit in domain input, wherein B be random number AB last bit;GF(22) the superior ifft circuit in domain is Bit switched circuit, output result merges into 8 data, as GF (28) domain dynamic inversion unit result and be sent into dynamic The random inverse mapping unit of path S box.
Preferably, the input of random inverse mapping unit is GF (28) domain dynamic inversion unit output 8 data packets, including Distributor, inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping matrix 3 and inverse mapping matrix 4;Wherein inverse mapping matrix 1, inverse reflect Penetrate matrix 2, inverse mapping matrix 3 and inverse mapping matrix 4 respectively in Random Maps unit mapping matrix 1, mapping matrix 2, reflect It penetrates matrix 3 and mapping matrix 4 corresponds;
When 8 data enter random inverse mapping unit, input data initially enters distributor;Random number AB is distributor Control signal, by random number AB determine signal be sent into which inverse mapping matrix handled;The output of inverse mapping matrix As a result as the result of random inverse mapping unit and it is sent into the affine unit of dynamic route S box.
Correspondingly, a kind of AES encryption circuit of the defensive power consumption attack based on dynamic route S box, is full deployed configuration, It include: Nr(NrFor the round transformation number of calculations of AES prescribed by standard) it is a using dynamic route S box round transformation unit (wheel become Change 1, round transformation 2 ..., round transformation Nr) and key expansion unit;The input data of 1st round transformation unit be input in plain text with The encryption data obtained after initial key exclusive or, the input data of remaining each round transformation unit is previous round transformation list The output data of member;Initial key inputs key expansion unit and carries out cipher key spreading, obtains when the round key of wheel units and defeated The key entered into the unit adds unit;
1st to Nr- 1 wheel round transformation cellular construction is identical, single by sequentially connected byte replacement unit, row displacement Member, column mixed cell and key add unit to constitute;NrTaking turns round transformation unit includes sequentially connected byte replacement unit, row Shift unit and key add unit, do not include column mixed cell;
Wherein, byte replacement unit realizes that byte replacement function, byte replacement unit include 16 using dynamic route S box Dynamic route S box in parallel;
The input data of round transformation unit is divided into 16 8 data packets, and it is real to input 16 dynamic route S boxes respectively Existing byte replacement operation;The output result of 16 dynamic route S boxes merges into 128 data, as in epicycle round transformation unit The result of byte replacement unit and the row shift unit being sent into epicycle round transformation unit;
Row shift unit is handled 128 data of input according to the row shifting function rule of AES prescribed by standard, As a result it is input to column mixed cell;Column mixed cell is according to the column hybrid manipulation rule of AES prescribed by standard to 128 of input Data are handled, and are as a result input to key and are added unit;It is defeated after exclusive or that key adds unit to carry out the data of input and round key Out;NrThe output result of wheel round transformation unit is the ciphertext result of the encrypted circuit.
The invention has the benefit that a kind of dynamic route S box proposed by the present invention, by random selection mapping matrix, Inverse mapping matrix and design dynamic inversion unit, S box circuit paths are not fixed, and compared with traditional S box, handle same group Dynamic change is presented in data power consumption;Byte replacement unit in round transformation unit is based on parallel dynamic route S box structure, by making Objective circuit institute is destroyed so that dynamic change is presented in power consumption of the objective circuit when handling same group of data with dynamic route S box Correlation between the data of processing and circuit key, and then effectively defend power consumption attack.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of dynamic route S box of the invention.
Fig. 2 is encrypted circuit construction schematic diagram of the invention.
Fig. 3 (a) is AES encryption circuit cycles deployed configuration schematic diagram.
Fig. 3 (b) is the full deployed configuration schematic diagram of AES encryption circuit.
Fig. 4 is N of the present inventionrAES encryption circuit carries out the flow diagram of cryptographic calculation when=10.
Fig. 5 is GF ((2 of the present invention4)2) inverting based on polynomial basis converts schematic diagram on domain.
Fig. 6 is GF ((2 of the present invention4)2) inverting based on normal basis converts schematic diagram on domain.
Fig. 7 is GF ((2 of the present invention2)2) inverting based on polynomial basis converts schematic diagram on domain.
Fig. 8 is GF ((2 of the present invention2)2) inverting based on normal basis converts schematic diagram on domain.
Specific embodiment
As shown in Figure 1, a kind of AES encryption circuit of the defensive power consumption attack based on dynamic route S box, comprising: random Map unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit.
Random Maps unit described in Fig. 1, including mapping matrix 1, mapping matrix 2, mapping matrix 3,4 and of mapping matrix Selector 1.
GF (2 described in Fig. 18) domain dynamic inversion unit, including GF ((24)2) (P is indicated based on multinomial for P circuit on domain The transformation of inverting of formula base) and N circuit (N indicates the transformation of inverting based on normal basis), selector 2, GF ((22)2) P circuit on domain With N circuit, selector 3, GF (22) the superior ifft circuit in domain.Wherein, ((2 GF4)2) P circuit on domain and N circuit respectively such as Fig. 5 and Shown in Fig. 6, GF ((22)2) P circuit on domain and N circuit difference it is as shown in Figure 7 and Figure 8.
Random inverse mapping unit described in Fig. 1, including distributor, inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping square Battle array 3 and inverse mapping matrix 4;When 8 bit binary datas enter dynamic route S box, input data enter simultaneously mapping matrix 1, Mapping matrix 2, mapping matrix 3 and mapping matrix 4 are handled.
As random number AB=00, the operation result of 1 Choose for user matrix 1 of selector is as the defeated of Random Maps matrix Out, it is input to GF (28) domain dynamic inversion unit;8 data of input enter GF ((2 simultaneously4)2) P circuit and N electricity on domain High 4 and low 4 of road, input data respectively indicate an ahAnd al;Two input ports of selector 2 respectively with GF ((24)2) P circuit on domain is connected with N circuit;By random number A=0, control selections device 2 selects GF ((24)2) P circuit on domain it is defeated Out result (high 4 it is inverse and it is low 4 it is inverse) be used as GF ((22)2) P circuit and N circuit on domain input;Two of selector 3 are defeated Inbound port respectively with GF ((22)2) the P circuit on domain is connected with N circuit;By random number B=0, control selections device 3 selects GF ((22)2) P circuit on domain output result as GF (22) the superior ifft circuit in domain input;GF(22) the superior ifft circuit in domain is Output result is finally merged into 8 data, as GF (2 by bit switched circuit8) domain dynamic inversion unit result be sent into it is dynamic The random inverse mapping unit of state path S box;Random number AB=00, control distributor select inverse mapping matrix 1 as next stage electricity Road handles data;The output result of inverse mapping matrix as random inverse mapping unit result and be sent into dynamic route S The affine unit of box;The output result of affine unit is the encrypted result of dynamic route S box.
As random number AB=01, the operation result of 1 Choose for user matrix 2 of selector is as the defeated of Random Maps matrix Out, it is input to GF (28) domain dynamic inversion unit;By random number A=0, control selections device 2 selects GF ((24)2) P electricity on domain The output result on road is as GF ((22)2) P circuit and N circuit on domain input;By random number B=1, control selections device 3 is selected Select GF ((22)2) N circuit on domain output result as GF (22) the superior ifft circuit in domain input;GF(22) the superior inverse electricity in domain Road is bit switched circuit, output result is finally merged into 8 data, as GF (28) result of domain dynamic inversion unit gives Enter the random inverse mapping unit of dynamic route S box;Random number AB=01, control distributor select inverse mapping matrix 2 as next Grade circuit handles data;The output result of inverse mapping matrix as random inverse mapping unit result and be sent into dynamic road The affine unit of diameter S box;The output result of affine unit is the encrypted result of dynamic route S box.
As random number AB=10, the operation result of 1 Choose for user matrix 3 of selector is as the defeated of Random Maps matrix Out, it is input to GF (28) domain dynamic inversion unit;By random number A=1, control selections device 2 selects GF ((24)2) N electricity on domain The output result on road is as GF ((22)2) P circuit and N circuit on domain input;By random number B=0, control selections device 3 is selected Select GF ((22)2) P circuit on domain output result as GF (22) the superior ifft circuit in domain input;GF(22) the superior inverse electricity in domain Road is bit switched circuit, output result is finally merged into 8 data, as GF (28) result of domain dynamic inversion unit gives Enter the random inverse mapping unit of dynamic route S box;Random number AB=10, control distributor select inverse mapping matrix 3 as next Grade circuit handles data;The output result of inverse mapping matrix as random inverse mapping unit result and be sent into dynamic road The affine unit of diameter S box;The output result of affine unit is the encrypted result of dynamic route S box.
As random number AB=11, the operation result of 1 Choose for user matrix 4 of selector is as the defeated of Random Maps matrix Out, it is input to GF (28) domain dynamic inversion unit;By random number A=1, control selections device 2 selects GF ((24)2) N electricity on domain The output result on road is as GF ((22)2) P circuit and N circuit on domain input;By random number B=1, control selections device 3 is selected Select GF ((22)2) N circuit on domain output result as GF (22) the superior ifft circuit in domain input;GF(22) the superior inverse electricity in domain Road is bit switched circuit, output result is finally merged into 8 data, as GF (28) result of domain dynamic inversion unit gives Enter the random inverse mapping unit of dynamic route S box;Random number AB=11, control distributor select inverse mapping matrix 4 as next Grade circuit handles data;The output result of inverse mapping matrix as random inverse mapping unit result and be sent into dynamic road The affine unit of diameter S box;The output result of affine unit is the encrypted result of dynamic route S box.
With PP circuit (i.e. GF ((24)2) P circuit, GF ((2 are selected on domain2)2) P circuit is selected on domain) the mapping square of connection Battle array 1 and inverse mapping matrix 1 respectively indicate are as follows:
It is respectively indicated with the mapping matrix 2 and inverse mapping matrix 2 of PN circuit connection are as follows:
It is respectively indicated with the mapping matrix 3 and inverse mapping matrix 3 of NP circuit connection are as follows:
It is respectively indicated with the mapping matrix 4 and inverse mapping matrix 4 of NN circuit connection are as follows:
Referring to fig. 2, a kind of AES encryption circuit of defensive power consumption attack, input is in plain text and output ciphertext is 128 digits According to packet, key is AES prescribed by standard key digit, and encrypted circuit includes Nr(NrFor the round transformation operation of AES prescribed by standard Quantity) a round transformation unit (round transformation 1, round transformation 2 ..., round transformation N using dynamic route S boxr) and cipher key spreading list Member;The input data of first round transformation unit is the encryption data that input is obtained with initial key exclusive or later in plain text, remaining The input data of each round transformation unit is the output data of previous round transformation unit;Initial key inputs key expansion unit Cipher key spreading is carried out, the round key when wheel units is obtained and the key being input in the unit adds unit.
1st to Nr- 1 wheel round transformation cellular construction is identical, single by sequentially connected byte replacement unit, row displacement Member, column mixed cell and key add unit to constitute;NrTaking turns round transformation unit includes sequentially connected byte replacement unit, row Shift unit and key add unit, do not include column mixed cell;Wherein, byte replacement unit realizes word by dynamic route S box Replacement function is saved, byte replacement unit includes 16 dynamic route S boxes in parallel.
The input data of round transformation unit is divided into 16 8 data packets, and it is real to input 16 dynamic route S boxes respectively Existing byte replacement operation;The output result of 16 dynamic route S boxes merges into 128 data, as in epicycle round transformation unit The result of byte replacement unit and the row shift unit being sent into epicycle round transformation unit.
Row shift unit is handled 128 data of input according to the row shifting function rule of AES prescribed by standard, As a result it is input to column mixed cell;Column mixed cell is according to the column hybrid manipulation rule of AES prescribed by standard to 128 of input Data are handled, and are as a result input to key and are added unit;It is defeated after exclusive or that key adds unit to carry out the data of input and round key Out;NrThe output result of wheel round transformation unit is the ciphertext result of the encrypted circuit.
Referring to fig. 4, Fig. 4 NrAES encryption circuit carries out the flow chart of cryptographic calculation when=10.The plaintext of input and initial Key is 128 data packets, first passes around the operation of an InvAddRoundKey, subsequently into round transformation unit, amounts to and carries out 10 After taking turns round transformation operation, 128 final data packet ciphertexts of circuit output.
NrWhen=10, AES encryption circuit uses different structure S box, available feature as shown in Table 1.It is realized in table Mode refers to the way of realization of encrypted circuit, and wherein PP refers to selection GF ((24)2) P circuit and GF ((2 on domain2)2) on domain P circuit realizes that multiplication is inverse, and PN refers to selection GF ((24)2) P circuit and GF ((2 on domain2)2) N circuit on domain realizes that multiplication is inverse, NN refers to selection GF ((24)2) N circuit and GF ((2 on domain2)2) N circuit on domain realizes that multiplication is inverse, NP refers to selection GF ((24)2) N circuit and GF ((2 on domain2)2) the P circuit on domain realizes that multiplication is inverse.
Table 1 uses the AES encryption circuit feature of different structure S box
In the present invention, the data handling path dynamic change of dynamic route S box, so that target AES circuit is same in processing Dynamic change is presented in power consumption when group data, destroys the correlation handled by circuit between data and circuit key, thus The target for realizing defence power consumption attack, improves the safety of encrypted circuit.

Claims (5)

1. a kind of dynamic route S box characterized by comprising sequentially connected Random Maps unit, GF (28) domain dynamic invert Unit, random inverse mapping unit and affine unit;
Random Maps unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit distinguish the data of input Carry out map operation, compositum inversion operation, inverse mapping operation and affine operation;The output result of affine unit is dynamic route The encrypted result of S box;
Binary system random number AB is generated by tandom number generator, for controlling the selector 1 in Random Maps unit, GF (28) domain The distributor in selector 2 and selector 3, random inverse mapping unit in dynamic inversion unit;Wherein, binary system random number AB First place, that is, random number A be used to control selections device 2, last bit, that is, random number B of random number AB is used to control selections device 2.
2. dynamic route S box as described in claim 1, which is characterized in that the input of Random Maps unit is 8 data packets, Including mapping matrix 1, mapping matrix 2, mapping matrix 3, mapping matrix 4 and selector 1;Wherein mapping matrix 1, mapping matrix 2, Mapping matrix 3 and mapping matrix 4 respectively with inverse mapping matrix 1, the inverse mapping matrix 2, inverse mapping square in random inverse mapping unit Battle array 3 and inverse mapping matrix 4 correspond;
When 8 data enter Random Maps unit, input data enters mapping matrix 1, mapping matrix 2, mapping matrix 3 simultaneously It is handled with mapping matrix 4;It is the output of which mapping matrix by 1 dynamic select of binary system random number AB control selections device As a result as the result of Random Maps unit and it is sent into the GF (2 of dynamic route S box8) domain dynamic inversion unit.
3. dynamic route S box as described in claim 1, which is characterized in that GF (28) input data of domain dynamic inversion unit is 8 data packets of Random Maps unit output, including GF ((24)2) P circuit and N circuit, selector 2, GF ((2 on domain2)2) P circuit and N circuit, selector 3, GF (2 on domain2) the superior ifft circuit in domain;Wherein, P indicates the change of inverting based on polynomial basis It changes, N indicates the transformation of inverting based on normal basis;
When 8 data input GF (28) domain dynamic inversion unit when, input data enters GF ((2 simultaneously4)2) P circuit on domain and N circuit;Two input ports of selector 2 respectively with GF ((24)2) the P circuit on domain is connected with N circuit;It is controlled by random number A Selector 2 processed selects GF ((24)2) P circuit or N circuit on domain output result as GF ((22)2) P circuit and N on domain The input of circuit, wherein A is the first place of random number AB;Two input ports of selector 3 respectively with GF ((22)2) P on domain Circuit is connected with N circuit;GF ((2 is selected by random number B control selections device 32)2) P circuit or N circuit on domain output knot Fruit is as GF (22) the superior ifft circuit in domain input, wherein B be random number AB last bit;GF(22) the superior ifft circuit in domain be bit Switched circuit, output result merges into 8 data, as GF (28) domain dynamic inversion unit result and be sent into dynamic route The random inverse mapping unit of S box.
4. dynamic route S box as described in claim 1, which is characterized in that the input of random inverse mapping unit is GF (28) domain is dynamic 8 data packets of state inversion unit output, including distributor, inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping matrix 3 and inverse Mapping matrix 4;Wherein inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping matrix 3 and inverse mapping matrix 4 respectively with Random Maps Mapping matrix 1, mapping matrix 2, mapping matrix 3 and mapping matrix 4 in unit correspond;
When 8 data enter random inverse mapping unit, input data initially enters distributor;Random number AB is the control of distributor Signal processed determines that signal is to be sent into which inverse mapping matrix is handled by random number AB;The output result of inverse mapping matrix As random inverse mapping unit result and be sent into the affine unit of dynamic route S box.
5. a kind of AES encryption circuit of the defensive power consumption attack based on dynamic route S box characterized by comprising NrIt is a to adopt With the round transformation unit and key expansion unit of dynamic route S box, wherein NrFor the round transformation operation of AES prescribed by standard Quantity;The input data of 1st round transformation unit is the encryption data that input is obtained with initial key exclusive or later in plain text, remaining The input data of each round transformation unit is the output data of previous round transformation unit;Initial key inputs cipher key spreading list Member carries out cipher key spreading, obtains the round key when wheel units and the key being input in the unit adds unit;
1st to Nr- 1 wheel round transformation cellular construction is identical, mixed by sequentially connected byte replacement unit, row shift unit, column It closes unit and key adds unit to constitute;NrWheel round transformation unit includes sequentially connected byte replacement unit, row displacement list Member and key add unit;
Wherein, byte replacement unit realizes byte replacement function, byte replacement using dynamic route S box described in claim 1 Unit includes dynamic route S box described in 16 claims 1 in parallel;
The input data of round transformation unit is divided into 16 8 data packets, inputs 16 dynamic route S boxes respectively and realizes word Save replacement operation;The output result of 16 dynamic route S boxes merges into 128 data, as byte in epicycle round transformation unit The result of replacement unit and the row shift unit being sent into epicycle round transformation unit;
Row shift unit is handled 128 data of input according to the row shifting function rule of AES prescribed by standard, as a result It is input to column mixed cell;Column mixed cell is according to the column hybrid manipulation rule of AES prescribed by standard to 128 data of input It is handled, is as a result input to key and adds unit;Key exports after adding unit that the data of input are carried out exclusive or with round key;The NrThe output result of wheel round transformation unit is the ciphertext result of the encrypted circuit.
CN201910183699.2A 2019-03-12 2019-03-12 Dynamic path S box and AES encryption circuit capable of defending power consumption attack Active CN109818732B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910183699.2A CN109818732B (en) 2019-03-12 2019-03-12 Dynamic path S box and AES encryption circuit capable of defending power consumption attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910183699.2A CN109818732B (en) 2019-03-12 2019-03-12 Dynamic path S box and AES encryption circuit capable of defending power consumption attack

Publications (2)

Publication Number Publication Date
CN109818732A true CN109818732A (en) 2019-05-28
CN109818732B CN109818732B (en) 2021-05-11

Family

ID=66608810

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910183699.2A Active CN109818732B (en) 2019-03-12 2019-03-12 Dynamic path S box and AES encryption circuit capable of defending power consumption attack

Country Status (1)

Country Link
CN (1) CN109818732B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244495A (en) * 2021-11-25 2022-03-25 南通大学 AES encryption circuit based on random mask infection mechanism

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719766A (en) * 2005-07-21 2006-01-11 北京中星微电子有限公司 Sbox module optimizing method and circuit in AES encryption and decryption circuit
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
US20110013769A1 (en) * 2008-03-31 2011-01-20 Fujitsu Limited Encryption apparatus having common key encryption function and embedded apparatus
US20170288855A1 (en) * 2016-04-01 2017-10-05 Intel Corporation Power side-channel attack resistant advanced encryption standard accelerator processor
CN109274482A (en) * 2018-08-24 2019-01-25 广东工业大学 A kind of aes algorithm hardware circuit implementation method based on the optimization of S box

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719766A (en) * 2005-07-21 2006-01-11 北京中星微电子有限公司 Sbox module optimizing method and circuit in AES encryption and decryption circuit
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
US20110013769A1 (en) * 2008-03-31 2011-01-20 Fujitsu Limited Encryption apparatus having common key encryption function and embedded apparatus
US20170288855A1 (en) * 2016-04-01 2017-10-05 Intel Corporation Power side-channel attack resistant advanced encryption standard accelerator processor
CN109274482A (en) * 2018-08-24 2019-01-25 广东工业大学 A kind of aes algorithm hardware circuit implementation method based on the optimization of S box

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RONG JIAN CHEN: "《Architecture Design of High Efficient and Non-memory AES Crypto Core for WPAN》", 《2009 THIRD INTERNATIONAL CONFERENCE ON NETWORK AND SYSTEM SECURITY》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244495A (en) * 2021-11-25 2022-03-25 南通大学 AES encryption circuit based on random mask infection mechanism

Also Published As

Publication number Publication date
CN109818732B (en) 2021-05-11

Similar Documents

Publication Publication Date Title
CN107707343B (en) SP network structure lightweight block cipher realization method with consistent encryption and decryption
CN106921487B (en) Reconfigurable S-box circuit structure
Moldovyan et al. A cipher based on data-dependent permutations
CN104639314A (en) Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method
Gupta et al. An enhanced AES algorithm using cascading method on 400 bits key size used in enhancing the safety of next generation internet of things (IOT)
CN105959107B (en) A kind of lightweight SFN block cipher implementation method of new high safety
US10237066B1 (en) Multi-channel encryption and authentication
CN109033892B (en) Round conversion multiplexing circuit based on synthetic matrix and AES decryption circuit
CN109150495B (en) Round conversion multiplexing circuit and AES decryption circuit thereof
CN109818732A (en) A kind of AES encryption circuit of dynamic route S box and defensive power consumption attack
CN109150497A (en) A kind of XTS-SM4 encrypted circuit of high-performance small area
CN108809627B (en) Round conversion multiplexing circuit and AES decryption circuit
CN1833399B (en) Rijndael block cipher apparatus and encryption/decryption method thereof
CN102857334B (en) Method and device for realizing AES (advanced encryption standard) encryption and decryption
CN102780557B (en) Method and device for AES (advanced encryption standard) encryption/decryption with selection gate optimization
TWI728933B (en) Hybrid multistage algorithm encryption and decryption system, transmitting device thereof, and receiving device thereof
Soumya et al. Design and implementation of Rijndael encryption algorithm based on FPGA
Sharma et al. Comparative analysis of block key encryption algorithms
Thirer A pipelined FPGA implementation of an encryption algorithm based on genetic algorithm
CN109639408A (en) A kind of AES decryption multiplexing round transformation circuit structure
CN110059492B (en) AES encryption circuit capable of detecting errors based on double-path complementary structure
Kumar et al. FPGA Implementation of High Performance Hybrid Encryption Standard
CN102665202B (en) Secure coprocessor circuit structure applied to ZigBee protocol and control method thereof
CN109962766A (en) The implementation method of security service coprocessor based on IEEE802-15-4 standard
CN102665203B (en) Circuit structure applied to ZigBee protocol security mechanism and control method for same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant