CN109818732A - A kind of AES encryption circuit of dynamic route S box and defensive power consumption attack - Google Patents
A kind of AES encryption circuit of dynamic route S box and defensive power consumption attack Download PDFInfo
- Publication number
- CN109818732A CN109818732A CN201910183699.2A CN201910183699A CN109818732A CN 109818732 A CN109818732 A CN 109818732A CN 201910183699 A CN201910183699 A CN 201910183699A CN 109818732 A CN109818732 A CN 109818732A
- Authority
- CN
- China
- Prior art keywords
- unit
- circuit
- mapping matrix
- domain
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of dynamic route S box and the AES encryption circuit of defensive power consumption attack, dynamic route S box includes sequentially connected Random Maps unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit;The AES encryption circuit of defensive power consumption attack based on dynamic route S box includes NrA round transformation unit and key expansion unit using dynamic route S box.In the present invention, the data handling path dynamic change of dynamic route S box, so that dynamic change is presented in target AES circuit power consumption when handling same group of data, destroy the correlation handled by circuit between data and circuit key, to realize the target of defence power consumption attack, the safety of encrypted circuit is improved.
Description
Technical field
The present invention relates to cryptochannels to realize technical field, especially a kind of dynamic route S box and defensive power consumption attack
AES encryption circuit.
Background technique
Advanced Encryption Standard (Advanced Encryption Standard, AES), also known as Rijndael enciphered method, should
Algorithm is designed by Belgium cryptologist Joan Daemen and Vincent Rijmen, is by American National Standard and technology
A new generation's grouping symmetric cryptographic algorithm that research institute formulates for 2001, for replacing original data encryption standards (Data
Encryption Standard, DES).AES cryptographic algorithm is a kind of iteration, symmetric block ciphers algorithm, and data grouping is long
Degree is 128 bits, and key length has three kinds of 128,192 and 256 bit.According to these three different key lengths, ciphering process
It is respectively necessary for carry out 10,12 and 14 and takes turns round transformation operation, each round transformation operation includes byte replacement again, and row displacement arranges mixed
It closes and key adds four sub- operations, in addition to last wheel.In order to eliminate symmetry, last wheel round transformation does not include column mixing fortune
It calculates, and adds operation plus a secondary key before first round round transformation operation.
According to different application demands, AES encryption circuit uses different realization frameworks.Referring to Fig. 3 (a) and Fig. 3 (b),
AES encryption circuit realizes that framework generally can be divided into two kinds: loop unrolling structure and full deployed configuration.It is used in loop unrolling structure
Nk(1≤Nk≤Nr,Nr=10/12/14) a round transformation unit (including independent key adds operation), with full deployed configuration phase
Than loop unrolling structure needs smaller circuit area, especially works as Nk(N when=1kAlso known as complete alternation structure when=1), it follows
Ring deployed configuration has the smallest circuit area.But loop unrolling structure needs iterationIt is secondary just to obtain final result,
Therefore data processing speed is relatively low.Loop unrolling structure is for requiring circuit area small, the not high occasion of data rate, such as nothing
Line Sensor Network, RFID etc..Loop unrolling structure can also trade off circuit area and speed according to concrete application demand.Entirely
Deployed configuration has used NrA round transformation circuit unit, circuit area is big, but data do not need to feed back, and data processing speed is high.
Full deployed configuration can also accelerate data processing speed by way of increasing pipeline series.Full deployed configuration is suitable for height
Fast generating date occasion, such as real-time video signal transmission.
Power consumption attack, and can be described as power consumption analysis (Power Analysis), based on power consumption consumed by crypto chip
There are correlations between key and algorithm median.A large amount of utilizations of CMOS logic in integrated circuit, so that power consumption and circuit
Output and input transitional states correlation, more power consumptions can be then consumed when cmos cell has signal jump.In power consumption attack
In the process, it needs to establish certain mapping between the power consumption consumed by the intermediate result and crypto chip for encrypting or decrypting operation
Relationship, to deduce the value of key according to power consumption data analysis.Currently used power consumption attack can be divided into simple power consumption and attack
Hit (Simple Power Attack, SPA), differential power attack (Differential Power Attack, DPA) and high-order
Three kinds of differential power attack (High-Order Differential Power Attack, HO-DPA).Power consumption attack realizes letter
It is single, expensive professional equipment is not needed, and cipher key search space is smaller, therefore is most important, most common in bypass attack
Attack means, and the bypass attack technology that most serious threatens is constituted to crypto chip.
Requirement for power consumption attack and some extreme condition application environments to equipment high reliability, traditional defence
Approach can be roughly divided into two classes: first is that useful information amount is reduced, to reduce signal-to-noise ratio by the fluctuation for reducing power consumption profile;
Second is that achieving the purpose that reduce signal-to-noise ratio by increasing random noise and redundancy power consumption.Common power consumption attack defensive measure is main
There are random mask technology and the constant technology of power consumption etc..
Summary of the invention
Technical problem to be solved by the present invention lies in provide the AES of a kind of dynamic route S box and defensive power consumption attack
Encrypted circuit is able to solve the problem of existing AES encryption circuit based on compositum S box can not defend power consumption attack.
In order to solve the above technical problems, the present invention provides a kind of dynamic route S box, comprising: sequentially connected Random Maps
Unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit;
Random Maps unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit be to the number of input
According to carrying out respectively, map operation, compositum inversion operation, inverse mapping operates and affine operation;The output result of affine unit is
The encrypted result of state path S box;
Binary system random number AB is generated by tandom number generator, for controlling selector 1, the GF in Random Maps unit
(28) distributor in selector 2 and selector 3, random inverse mapping unit in the dynamic inversion unit of domain;Wherein, binary system with
The first place of machine number AB, that is, random number A is used to control selections device 2, and last bit, that is, random number B of random number AB is used to control selections device 2.
Preferably, the input of Random Maps unit is 8 data packets, including mapping matrix 1, mapping matrix 2, mapping matrix
3, mapping matrix 4 and selector 1;Wherein mapping matrix 1, mapping matrix 2, mapping matrix 3 and mapping matrix 4 respectively with it is random inverse
Inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping matrix 3 and inverse mapping matrix 4 in map unit correspond;
When 8 data enter Random Maps unit, input data enters mapping matrix 1, mapping matrix 2, mapping simultaneously
Matrix 3 and mapping matrix 4 are handled;It is which mapping matrix by 1 dynamic select of binary system random number AB control selections device
Output result as Random Maps unit result and be sent into the GF (2 of dynamic route S box8) domain dynamic inversion unit.
Preferably, (2 GF8) domain dynamic inversion unit input data be Random Maps unit output 8 data packets, packet
Include GF ((24)2) P circuit and N circuit, selector 2, GF ((2 on domain2)2) P circuit and N circuit, selector 3, GF on domain
(22) the superior ifft circuit in domain;Wherein, P indicates the transformation of inverting based on polynomial basis, and N indicates the transformation of inverting based on normal basis;
When 8 data input GF (28) domain dynamic inversion unit when, input data enters GF ((2 simultaneously4)2) P electricity on domain
Road and N circuit;Two input ports of selector 2 respectively with GF ((24)2) the P circuit on domain is connected with N circuit;By random
Number A control selections device 2 selects GF ((24)2) P circuit or N circuit on domain output result as GF ((22)2) P electricity on domain
The input on road and N circuit, wherein A is the first place of random number AB;Two input ports of selector 3 respectively with GF ((22)2) domain
On P circuit be connected with N circuit;GF ((2 is selected by random number B control selections device 32)2) P circuit on domain or N circuit it is defeated
Result is as GF (2 out2) the superior ifft circuit in domain input, wherein B be random number AB last bit;GF(22) the superior ifft circuit in domain is
Bit switched circuit, output result merges into 8 data, as GF (28) domain dynamic inversion unit result and be sent into dynamic
The random inverse mapping unit of path S box.
Preferably, the input of random inverse mapping unit is GF (28) domain dynamic inversion unit output 8 data packets, including
Distributor, inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping matrix 3 and inverse mapping matrix 4;Wherein inverse mapping matrix 1, inverse reflect
Penetrate matrix 2, inverse mapping matrix 3 and inverse mapping matrix 4 respectively in Random Maps unit mapping matrix 1, mapping matrix 2, reflect
It penetrates matrix 3 and mapping matrix 4 corresponds;
When 8 data enter random inverse mapping unit, input data initially enters distributor;Random number AB is distributor
Control signal, by random number AB determine signal be sent into which inverse mapping matrix handled;The output of inverse mapping matrix
As a result as the result of random inverse mapping unit and it is sent into the affine unit of dynamic route S box.
Correspondingly, a kind of AES encryption circuit of the defensive power consumption attack based on dynamic route S box, is full deployed configuration,
It include: Nr(NrFor the round transformation number of calculations of AES prescribed by standard) it is a using dynamic route S box round transformation unit (wheel become
Change 1, round transformation 2 ..., round transformation Nr) and key expansion unit;The input data of 1st round transformation unit be input in plain text with
The encryption data obtained after initial key exclusive or, the input data of remaining each round transformation unit is previous round transformation list
The output data of member;Initial key inputs key expansion unit and carries out cipher key spreading, obtains when the round key of wheel units and defeated
The key entered into the unit adds unit;
1st to Nr- 1 wheel round transformation cellular construction is identical, single by sequentially connected byte replacement unit, row displacement
Member, column mixed cell and key add unit to constitute;NrTaking turns round transformation unit includes sequentially connected byte replacement unit, row
Shift unit and key add unit, do not include column mixed cell;
Wherein, byte replacement unit realizes that byte replacement function, byte replacement unit include 16 using dynamic route S box
Dynamic route S box in parallel;
The input data of round transformation unit is divided into 16 8 data packets, and it is real to input 16 dynamic route S boxes respectively
Existing byte replacement operation;The output result of 16 dynamic route S boxes merges into 128 data, as in epicycle round transformation unit
The result of byte replacement unit and the row shift unit being sent into epicycle round transformation unit;
Row shift unit is handled 128 data of input according to the row shifting function rule of AES prescribed by standard,
As a result it is input to column mixed cell;Column mixed cell is according to the column hybrid manipulation rule of AES prescribed by standard to 128 of input
Data are handled, and are as a result input to key and are added unit;It is defeated after exclusive or that key adds unit to carry out the data of input and round key
Out;NrThe output result of wheel round transformation unit is the ciphertext result of the encrypted circuit.
The invention has the benefit that a kind of dynamic route S box proposed by the present invention, by random selection mapping matrix,
Inverse mapping matrix and design dynamic inversion unit, S box circuit paths are not fixed, and compared with traditional S box, handle same group
Dynamic change is presented in data power consumption;Byte replacement unit in round transformation unit is based on parallel dynamic route S box structure, by making
Objective circuit institute is destroyed so that dynamic change is presented in power consumption of the objective circuit when handling same group of data with dynamic route S box
Correlation between the data of processing and circuit key, and then effectively defend power consumption attack.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of dynamic route S box of the invention.
Fig. 2 is encrypted circuit construction schematic diagram of the invention.
Fig. 3 (a) is AES encryption circuit cycles deployed configuration schematic diagram.
Fig. 3 (b) is the full deployed configuration schematic diagram of AES encryption circuit.
Fig. 4 is N of the present inventionrAES encryption circuit carries out the flow diagram of cryptographic calculation when=10.
Fig. 5 is GF ((2 of the present invention4)2) inverting based on polynomial basis converts schematic diagram on domain.
Fig. 6 is GF ((2 of the present invention4)2) inverting based on normal basis converts schematic diagram on domain.
Fig. 7 is GF ((2 of the present invention2)2) inverting based on polynomial basis converts schematic diagram on domain.
Fig. 8 is GF ((2 of the present invention2)2) inverting based on normal basis converts schematic diagram on domain.
Specific embodiment
As shown in Figure 1, a kind of AES encryption circuit of the defensive power consumption attack based on dynamic route S box, comprising: random
Map unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit.
Random Maps unit described in Fig. 1, including mapping matrix 1, mapping matrix 2, mapping matrix 3,4 and of mapping matrix
Selector 1.
GF (2 described in Fig. 18) domain dynamic inversion unit, including GF ((24)2) (P is indicated based on multinomial for P circuit on domain
The transformation of inverting of formula base) and N circuit (N indicates the transformation of inverting based on normal basis), selector 2, GF ((22)2) P circuit on domain
With N circuit, selector 3, GF (22) the superior ifft circuit in domain.Wherein, ((2 GF4)2) P circuit on domain and N circuit respectively such as Fig. 5 and
Shown in Fig. 6, GF ((22)2) P circuit on domain and N circuit difference it is as shown in Figure 7 and Figure 8.
Random inverse mapping unit described in Fig. 1, including distributor, inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping square
Battle array 3 and inverse mapping matrix 4;When 8 bit binary datas enter dynamic route S box, input data enter simultaneously mapping matrix 1,
Mapping matrix 2, mapping matrix 3 and mapping matrix 4 are handled.
As random number AB=00, the operation result of 1 Choose for user matrix 1 of selector is as the defeated of Random Maps matrix
Out, it is input to GF (28) domain dynamic inversion unit;8 data of input enter GF ((2 simultaneously4)2) P circuit and N electricity on domain
High 4 and low 4 of road, input data respectively indicate an ahAnd al;Two input ports of selector 2 respectively with GF ((24)2)
P circuit on domain is connected with N circuit;By random number A=0, control selections device 2 selects GF ((24)2) P circuit on domain it is defeated
Out result (high 4 it is inverse and it is low 4 it is inverse) be used as GF ((22)2) P circuit and N circuit on domain input;Two of selector 3 are defeated
Inbound port respectively with GF ((22)2) the P circuit on domain is connected with N circuit;By random number B=0, control selections device 3 selects GF
((22)2) P circuit on domain output result as GF (22) the superior ifft circuit in domain input;GF(22) the superior ifft circuit in domain is
Output result is finally merged into 8 data, as GF (2 by bit switched circuit8) domain dynamic inversion unit result be sent into it is dynamic
The random inverse mapping unit of state path S box;Random number AB=00, control distributor select inverse mapping matrix 1 as next stage electricity
Road handles data;The output result of inverse mapping matrix as random inverse mapping unit result and be sent into dynamic route S
The affine unit of box;The output result of affine unit is the encrypted result of dynamic route S box.
As random number AB=01, the operation result of 1 Choose for user matrix 2 of selector is as the defeated of Random Maps matrix
Out, it is input to GF (28) domain dynamic inversion unit;By random number A=0, control selections device 2 selects GF ((24)2) P electricity on domain
The output result on road is as GF ((22)2) P circuit and N circuit on domain input;By random number B=1, control selections device 3 is selected
Select GF ((22)2) N circuit on domain output result as GF (22) the superior ifft circuit in domain input;GF(22) the superior inverse electricity in domain
Road is bit switched circuit, output result is finally merged into 8 data, as GF (28) result of domain dynamic inversion unit gives
Enter the random inverse mapping unit of dynamic route S box;Random number AB=01, control distributor select inverse mapping matrix 2 as next
Grade circuit handles data;The output result of inverse mapping matrix as random inverse mapping unit result and be sent into dynamic road
The affine unit of diameter S box;The output result of affine unit is the encrypted result of dynamic route S box.
As random number AB=10, the operation result of 1 Choose for user matrix 3 of selector is as the defeated of Random Maps matrix
Out, it is input to GF (28) domain dynamic inversion unit;By random number A=1, control selections device 2 selects GF ((24)2) N electricity on domain
The output result on road is as GF ((22)2) P circuit and N circuit on domain input;By random number B=0, control selections device 3 is selected
Select GF ((22)2) P circuit on domain output result as GF (22) the superior ifft circuit in domain input;GF(22) the superior inverse electricity in domain
Road is bit switched circuit, output result is finally merged into 8 data, as GF (28) result of domain dynamic inversion unit gives
Enter the random inverse mapping unit of dynamic route S box;Random number AB=10, control distributor select inverse mapping matrix 3 as next
Grade circuit handles data;The output result of inverse mapping matrix as random inverse mapping unit result and be sent into dynamic road
The affine unit of diameter S box;The output result of affine unit is the encrypted result of dynamic route S box.
As random number AB=11, the operation result of 1 Choose for user matrix 4 of selector is as the defeated of Random Maps matrix
Out, it is input to GF (28) domain dynamic inversion unit;By random number A=1, control selections device 2 selects GF ((24)2) N electricity on domain
The output result on road is as GF ((22)2) P circuit and N circuit on domain input;By random number B=1, control selections device 3 is selected
Select GF ((22)2) N circuit on domain output result as GF (22) the superior ifft circuit in domain input;GF(22) the superior inverse electricity in domain
Road is bit switched circuit, output result is finally merged into 8 data, as GF (28) result of domain dynamic inversion unit gives
Enter the random inverse mapping unit of dynamic route S box;Random number AB=11, control distributor select inverse mapping matrix 4 as next
Grade circuit handles data;The output result of inverse mapping matrix as random inverse mapping unit result and be sent into dynamic road
The affine unit of diameter S box;The output result of affine unit is the encrypted result of dynamic route S box.
With PP circuit (i.e. GF ((24)2) P circuit, GF ((2 are selected on domain2)2) P circuit is selected on domain) the mapping square of connection
Battle array 1 and inverse mapping matrix 1 respectively indicate are as follows:
It is respectively indicated with the mapping matrix 2 and inverse mapping matrix 2 of PN circuit connection are as follows:
It is respectively indicated with the mapping matrix 3 and inverse mapping matrix 3 of NP circuit connection are as follows:
It is respectively indicated with the mapping matrix 4 and inverse mapping matrix 4 of NN circuit connection are as follows:
Referring to fig. 2, a kind of AES encryption circuit of defensive power consumption attack, input is in plain text and output ciphertext is 128 digits
According to packet, key is AES prescribed by standard key digit, and encrypted circuit includes Nr(NrFor the round transformation operation of AES prescribed by standard
Quantity) a round transformation unit (round transformation 1, round transformation 2 ..., round transformation N using dynamic route S boxr) and cipher key spreading list
Member;The input data of first round transformation unit is the encryption data that input is obtained with initial key exclusive or later in plain text, remaining
The input data of each round transformation unit is the output data of previous round transformation unit;Initial key inputs key expansion unit
Cipher key spreading is carried out, the round key when wheel units is obtained and the key being input in the unit adds unit.
1st to Nr- 1 wheel round transformation cellular construction is identical, single by sequentially connected byte replacement unit, row displacement
Member, column mixed cell and key add unit to constitute;NrTaking turns round transformation unit includes sequentially connected byte replacement unit, row
Shift unit and key add unit, do not include column mixed cell;Wherein, byte replacement unit realizes word by dynamic route S box
Replacement function is saved, byte replacement unit includes 16 dynamic route S boxes in parallel.
The input data of round transformation unit is divided into 16 8 data packets, and it is real to input 16 dynamic route S boxes respectively
Existing byte replacement operation;The output result of 16 dynamic route S boxes merges into 128 data, as in epicycle round transformation unit
The result of byte replacement unit and the row shift unit being sent into epicycle round transformation unit.
Row shift unit is handled 128 data of input according to the row shifting function rule of AES prescribed by standard,
As a result it is input to column mixed cell;Column mixed cell is according to the column hybrid manipulation rule of AES prescribed by standard to 128 of input
Data are handled, and are as a result input to key and are added unit;It is defeated after exclusive or that key adds unit to carry out the data of input and round key
Out;NrThe output result of wheel round transformation unit is the ciphertext result of the encrypted circuit.
Referring to fig. 4, Fig. 4 NrAES encryption circuit carries out the flow chart of cryptographic calculation when=10.The plaintext of input and initial
Key is 128 data packets, first passes around the operation of an InvAddRoundKey, subsequently into round transformation unit, amounts to and carries out 10
After taking turns round transformation operation, 128 final data packet ciphertexts of circuit output.
NrWhen=10, AES encryption circuit uses different structure S box, available feature as shown in Table 1.It is realized in table
Mode refers to the way of realization of encrypted circuit, and wherein PP refers to selection GF ((24)2) P circuit and GF ((2 on domain2)2) on domain
P circuit realizes that multiplication is inverse, and PN refers to selection GF ((24)2) P circuit and GF ((2 on domain2)2) N circuit on domain realizes that multiplication is inverse,
NN refers to selection GF ((24)2) N circuit and GF ((2 on domain2)2) N circuit on domain realizes that multiplication is inverse, NP refers to selection GF ((24)2)
N circuit and GF ((2 on domain2)2) the P circuit on domain realizes that multiplication is inverse.
Table 1 uses the AES encryption circuit feature of different structure S box
In the present invention, the data handling path dynamic change of dynamic route S box, so that target AES circuit is same in processing
Dynamic change is presented in power consumption when group data, destroys the correlation handled by circuit between data and circuit key, thus
The target for realizing defence power consumption attack, improves the safety of encrypted circuit.
Claims (5)
1. a kind of dynamic route S box characterized by comprising sequentially connected Random Maps unit, GF (28) domain dynamic invert
Unit, random inverse mapping unit and affine unit;
Random Maps unit, GF (28) domain dynamic inversion unit, random inverse mapping unit and affine unit distinguish the data of input
Carry out map operation, compositum inversion operation, inverse mapping operation and affine operation;The output result of affine unit is dynamic route
The encrypted result of S box;
Binary system random number AB is generated by tandom number generator, for controlling the selector 1 in Random Maps unit, GF (28) domain
The distributor in selector 2 and selector 3, random inverse mapping unit in dynamic inversion unit;Wherein, binary system random number AB
First place, that is, random number A be used to control selections device 2, last bit, that is, random number B of random number AB is used to control selections device 2.
2. dynamic route S box as described in claim 1, which is characterized in that the input of Random Maps unit is 8 data packets,
Including mapping matrix 1, mapping matrix 2, mapping matrix 3, mapping matrix 4 and selector 1;Wherein mapping matrix 1, mapping matrix 2,
Mapping matrix 3 and mapping matrix 4 respectively with inverse mapping matrix 1, the inverse mapping matrix 2, inverse mapping square in random inverse mapping unit
Battle array 3 and inverse mapping matrix 4 correspond;
When 8 data enter Random Maps unit, input data enters mapping matrix 1, mapping matrix 2, mapping matrix 3 simultaneously
It is handled with mapping matrix 4;It is the output of which mapping matrix by 1 dynamic select of binary system random number AB control selections device
As a result as the result of Random Maps unit and it is sent into the GF (2 of dynamic route S box8) domain dynamic inversion unit.
3. dynamic route S box as described in claim 1, which is characterized in that GF (28) input data of domain dynamic inversion unit is
8 data packets of Random Maps unit output, including GF ((24)2) P circuit and N circuit, selector 2, GF ((2 on domain2)2)
P circuit and N circuit, selector 3, GF (2 on domain2) the superior ifft circuit in domain;Wherein, P indicates the change of inverting based on polynomial basis
It changes, N indicates the transformation of inverting based on normal basis;
When 8 data input GF (28) domain dynamic inversion unit when, input data enters GF ((2 simultaneously4)2) P circuit on domain and
N circuit;Two input ports of selector 2 respectively with GF ((24)2) the P circuit on domain is connected with N circuit;It is controlled by random number A
Selector 2 processed selects GF ((24)2) P circuit or N circuit on domain output result as GF ((22)2) P circuit and N on domain
The input of circuit, wherein A is the first place of random number AB;Two input ports of selector 3 respectively with GF ((22)2) P on domain
Circuit is connected with N circuit;GF ((2 is selected by random number B control selections device 32)2) P circuit or N circuit on domain output knot
Fruit is as GF (22) the superior ifft circuit in domain input, wherein B be random number AB last bit;GF(22) the superior ifft circuit in domain be bit
Switched circuit, output result merges into 8 data, as GF (28) domain dynamic inversion unit result and be sent into dynamic route
The random inverse mapping unit of S box.
4. dynamic route S box as described in claim 1, which is characterized in that the input of random inverse mapping unit is GF (28) domain is dynamic
8 data packets of state inversion unit output, including distributor, inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping matrix 3 and inverse
Mapping matrix 4;Wherein inverse mapping matrix 1, inverse mapping matrix 2, inverse mapping matrix 3 and inverse mapping matrix 4 respectively with Random Maps
Mapping matrix 1, mapping matrix 2, mapping matrix 3 and mapping matrix 4 in unit correspond;
When 8 data enter random inverse mapping unit, input data initially enters distributor;Random number AB is the control of distributor
Signal processed determines that signal is to be sent into which inverse mapping matrix is handled by random number AB;The output result of inverse mapping matrix
As random inverse mapping unit result and be sent into the affine unit of dynamic route S box.
5. a kind of AES encryption circuit of the defensive power consumption attack based on dynamic route S box characterized by comprising NrIt is a to adopt
With the round transformation unit and key expansion unit of dynamic route S box, wherein NrFor the round transformation operation of AES prescribed by standard
Quantity;The input data of 1st round transformation unit is the encryption data that input is obtained with initial key exclusive or later in plain text, remaining
The input data of each round transformation unit is the output data of previous round transformation unit;Initial key inputs cipher key spreading list
Member carries out cipher key spreading, obtains the round key when wheel units and the key being input in the unit adds unit;
1st to Nr- 1 wheel round transformation cellular construction is identical, mixed by sequentially connected byte replacement unit, row shift unit, column
It closes unit and key adds unit to constitute;NrWheel round transformation unit includes sequentially connected byte replacement unit, row displacement list
Member and key add unit;
Wherein, byte replacement unit realizes byte replacement function, byte replacement using dynamic route S box described in claim 1
Unit includes dynamic route S box described in 16 claims 1 in parallel;
The input data of round transformation unit is divided into 16 8 data packets, inputs 16 dynamic route S boxes respectively and realizes word
Save replacement operation;The output result of 16 dynamic route S boxes merges into 128 data, as byte in epicycle round transformation unit
The result of replacement unit and the row shift unit being sent into epicycle round transformation unit;
Row shift unit is handled 128 data of input according to the row shifting function rule of AES prescribed by standard, as a result
It is input to column mixed cell;Column mixed cell is according to the column hybrid manipulation rule of AES prescribed by standard to 128 data of input
It is handled, is as a result input to key and adds unit;Key exports after adding unit that the data of input are carried out exclusive or with round key;The
NrThe output result of wheel round transformation unit is the ciphertext result of the encrypted circuit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183699.2A CN109818732B (en) | 2019-03-12 | 2019-03-12 | Dynamic path S box and AES encryption circuit capable of defending power consumption attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183699.2A CN109818732B (en) | 2019-03-12 | 2019-03-12 | Dynamic path S box and AES encryption circuit capable of defending power consumption attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109818732A true CN109818732A (en) | 2019-05-28 |
CN109818732B CN109818732B (en) | 2021-05-11 |
Family
ID=66608810
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910183699.2A Active CN109818732B (en) | 2019-03-12 | 2019-03-12 | Dynamic path S box and AES encryption circuit capable of defending power consumption attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109818732B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114244495A (en) * | 2021-11-25 | 2022-03-25 | 南通大学 | AES encryption circuit based on random mask infection mechanism |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1719766A (en) * | 2005-07-21 | 2006-01-11 | 北京中星微电子有限公司 | Sbox module optimizing method and circuit in AES encryption and decryption circuit |
CN101009554A (en) * | 2007-01-17 | 2007-08-01 | 华中科技大学 | A byte replacement circuit for power consumption attack prevention |
US20110013769A1 (en) * | 2008-03-31 | 2011-01-20 | Fujitsu Limited | Encryption apparatus having common key encryption function and embedded apparatus |
US20170288855A1 (en) * | 2016-04-01 | 2017-10-05 | Intel Corporation | Power side-channel attack resistant advanced encryption standard accelerator processor |
CN109274482A (en) * | 2018-08-24 | 2019-01-25 | 广东工业大学 | A kind of aes algorithm hardware circuit implementation method based on the optimization of S box |
-
2019
- 2019-03-12 CN CN201910183699.2A patent/CN109818732B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1719766A (en) * | 2005-07-21 | 2006-01-11 | 北京中星微电子有限公司 | Sbox module optimizing method and circuit in AES encryption and decryption circuit |
CN101009554A (en) * | 2007-01-17 | 2007-08-01 | 华中科技大学 | A byte replacement circuit for power consumption attack prevention |
US20110013769A1 (en) * | 2008-03-31 | 2011-01-20 | Fujitsu Limited | Encryption apparatus having common key encryption function and embedded apparatus |
US20170288855A1 (en) * | 2016-04-01 | 2017-10-05 | Intel Corporation | Power side-channel attack resistant advanced encryption standard accelerator processor |
CN109274482A (en) * | 2018-08-24 | 2019-01-25 | 广东工业大学 | A kind of aes algorithm hardware circuit implementation method based on the optimization of S box |
Non-Patent Citations (1)
Title |
---|
RONG JIAN CHEN: "《Architecture Design of High Efficient and Non-memory AES Crypto Core for WPAN》", 《2009 THIRD INTERNATIONAL CONFERENCE ON NETWORK AND SYSTEM SECURITY》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114244495A (en) * | 2021-11-25 | 2022-03-25 | 南通大学 | AES encryption circuit based on random mask infection mechanism |
Also Published As
Publication number | Publication date |
---|---|
CN109818732B (en) | 2021-05-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107707343B (en) | SP network structure lightweight block cipher realization method with consistent encryption and decryption | |
CN106921487B (en) | Reconfigurable S-box circuit structure | |
Moldovyan et al. | A cipher based on data-dependent permutations | |
CN104639314A (en) | Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method | |
Gupta et al. | An enhanced AES algorithm using cascading method on 400 bits key size used in enhancing the safety of next generation internet of things (IOT) | |
CN105959107B (en) | A kind of lightweight SFN block cipher implementation method of new high safety | |
US10237066B1 (en) | Multi-channel encryption and authentication | |
CN109033892B (en) | Round conversion multiplexing circuit based on synthetic matrix and AES decryption circuit | |
CN109150495B (en) | Round conversion multiplexing circuit and AES decryption circuit thereof | |
CN109818732A (en) | A kind of AES encryption circuit of dynamic route S box and defensive power consumption attack | |
CN109150497A (en) | A kind of XTS-SM4 encrypted circuit of high-performance small area | |
CN108809627B (en) | Round conversion multiplexing circuit and AES decryption circuit | |
CN1833399B (en) | Rijndael block cipher apparatus and encryption/decryption method thereof | |
CN102857334B (en) | Method and device for realizing AES (advanced encryption standard) encryption and decryption | |
CN102780557B (en) | Method and device for AES (advanced encryption standard) encryption/decryption with selection gate optimization | |
TWI728933B (en) | Hybrid multistage algorithm encryption and decryption system, transmitting device thereof, and receiving device thereof | |
Soumya et al. | Design and implementation of Rijndael encryption algorithm based on FPGA | |
Sharma et al. | Comparative analysis of block key encryption algorithms | |
Thirer | A pipelined FPGA implementation of an encryption algorithm based on genetic algorithm | |
CN109639408A (en) | A kind of AES decryption multiplexing round transformation circuit structure | |
CN110059492B (en) | AES encryption circuit capable of detecting errors based on double-path complementary structure | |
Kumar et al. | FPGA Implementation of High Performance Hybrid Encryption Standard | |
CN102665202B (en) | Secure coprocessor circuit structure applied to ZigBee protocol and control method thereof | |
CN109962766A (en) | The implementation method of security service coprocessor based on IEEE802-15-4 standard | |
CN102665203B (en) | Circuit structure applied to ZigBee protocol security mechanism and control method for same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |