CN109818732B - Dynamic path S box and AES encryption circuit capable of defending power consumption attack - Google Patents

Dynamic path S box and AES encryption circuit capable of defending power consumption attack Download PDF

Info

Publication number
CN109818732B
CN109818732B CN201910183699.2A CN201910183699A CN109818732B CN 109818732 B CN109818732 B CN 109818732B CN 201910183699 A CN201910183699 A CN 201910183699A CN 109818732 B CN109818732 B CN 109818732B
Authority
CN
China
Prior art keywords
unit
mapping matrix
circuit
mapping
random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910183699.2A
Other languages
Chinese (zh)
Other versions
CN109818732A (en
Inventor
张金宝
周芳
吴宁
葛芬
张肖强
黎建华
闫改珍
谢海燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Aeronautics and Astronautics
Original Assignee
Nanjing University of Aeronautics and Astronautics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Aeronautics and Astronautics filed Critical Nanjing University of Aeronautics and Astronautics
Priority to CN201910183699.2A priority Critical patent/CN109818732B/en
Publication of CN109818732A publication Critical patent/CN109818732A/en
Application granted granted Critical
Publication of CN109818732B publication Critical patent/CN109818732B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a dynamic path S box and an AES encryption circuit capable of defending power consumption attack, wherein the dynamic path S box comprises a random mapping unit and GF (2)8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit are arranged; the AES encryption circuit capable of defending against power consumption attack based on the dynamic path S box comprises NrA round conversion unit and a key expansion unit which adopt the dynamic path S box. In the invention, the data processing path of the dynamic path S box dynamically changes, so that the power consumption of the target AES circuit dynamically changes when processing the same group of data, and the correlation between the data processed by the circuit and the circuit key is damaged, thereby realizing the aim of defending against power consumption attack and improving the safety of the encryption circuit.

Description

Dynamic path S box and AES encryption circuit capable of defending power consumption attack
Technical Field
The invention relates to the technical field of cryptographic circuit implementation, in particular to a dynamic path S box and an AES (advanced encryption standard) encryption circuit capable of defending power consumption attack.
Background
Advanced Encryption Standard (AES), also known as Rijndael Encryption method, is designed by belgium cryptologists Joan Daemen and Vincent Rijmen, and is a new generation of block symmetric cryptographic algorithm established in 2001 by the national institute of standards and technology, which is used to replace the original Data Encryption Standard (DES). The AES cipher is an iterative, symmetric block cipher with a data block length of 128 bits and key lengths of 128, 192, and 256 bits. According to the three different key lengths, the encryption process needs to perform 10, 12 and 14 rounds of transformation operations respectively, wherein each round of transformation operation comprises four sub-operations of byte replacement, row shifting, column mixing and key addition except for the last round. To eliminate symmetry, the last round of transformation does not contain a column mix operation and a key addition operation is added before the first round of transformation.
According to different application requirements, the AES encryption circuit adopts different implementation architectures. Referring to fig. 3(a) and 3(b), AES encryption circuit implementation architectures may be generally divided into two types: a cyclic deployment configuration and a fully deployed configuration. In the cyclic deployment structure use Nk(1≤Nk≤Nr,Nr10/12/14) round transform units (including independent key addition operations), the loop unrolling structure requires less circuit area than the full unrolling structure, especially when N is the number of the round transform unitskWhen 1 (N)kAlso known as a full loop configuration when 1), the loop unrolling structure has a minimum circuit area. But the loop unrolling structure requires iteration
Figure BDA0001992146990000011
The final result can be obtained, and thus the data processing speed is low. The circular expansion structure is used in occasions requiring small circuit area and low data rate, such as wireless sensor networks, RFID and the like. The loop unrolling structure may also trade off circuit area and speed according to specific application requirements. The fully-unfolded structure uses NrThe circuit area of the round conversion circuit unit is large, but data does not need to be fed back, and the data processing speed is high. The full expansion structure can also accelerate the data processing speed by increasing the pipeline stage number. The fully expanded structure is suitable for high-speed data real-time processing occasions, such as real-time video signal transmission and the like.
Power consumption attacks, also known as Power Analysis (Power Analysis), are based on the correlation between the Power consumed by the cryptographic chip and the intermediate values of the key and algorithm. The large amount of CMOS logic in an integrated circuit causes power consumption to be related to the input and output transition states of the circuit, and more power consumption is consumed when the CMOS cells have signal transitions. In the power consumption attack process, a certain mapping relation needs to be established between the intermediate result of the encryption or decryption operation and the power consumption consumed by the cryptographic chip, so that the value of the key is estimated according to the power consumption data analysis. Currently, common Power attacks can be classified into Simple Power Attack (SPA), Differential Power Attack (DPA), and High-Order Differential Power Attack (HO-DPA). The power consumption attack is simple to realize, expensive professional equipment is not needed, and the key searching space is small, so that the power consumption attack is the most important and most common attack means in the bypass attack and is also a bypass attack technology which forms the most serious threat to a crypto chip.
For power consumption attack and the requirement of some extreme condition application environments on high reliability of equipment, the traditional defense approaches can be roughly divided into two categories: firstly, the fluctuation of a power consumption curve is reduced, and the useful information quantity is reduced, so that the signal-to-noise ratio is reduced; secondly, the purpose of reducing the signal to noise ratio is achieved by increasing random noise and redundant power consumption. Common power attack defense measures mainly include a random mask technology, a constant power consumption technology and the like.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a dynamic path S box and an AES encryption circuit capable of defending power consumption attack, which can solve the problem that the existing AES encryption circuit based on a composite domain S box cannot defend power consumption attack.
To solve the above technical problem, the present invention provides a dynamic path S box, including: random mapping unit, GF (2) connected in sequence8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit are arranged;
random mapping Unit, GF (2)8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit respectively perform mapping operation, composite domain inversion operation, inverse mapping operation and affine operation on input data; the output result of the affine unit is the encryption result of the dynamic path S box;
the binary random number AB is generated by a random number generator for controlling the selectors 1, GF (2) in the random mapping unit8) A selector 2 and a selector 3 in the domain dynamic inversion unit and an allocator in the random inverse mapping unit; the first bit of the binary random number AB, i.e. the random number a, is used to control the selector 2, and the last bit of the random number AB, i.e. the random number B, is used to control the selector 2.
Preferably, the input of the random mapping unit is an 8-bit data packet, and the random mapping unit comprises a mapping matrix 1, a mapping matrix 2, a mapping matrix 3, a mapping matrix 4 and a selector 1; the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 are respectively in one-to-one correspondence with the inverse mapping matrix 1, the inverse mapping matrix 2, the inverse mapping matrix 3 and the inverse mapping matrix 4 in the random inverse mapping unit;
when 8-bit data enters the random mapping unit, input data simultaneously enters the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 for processing; GF (2) which dynamically selects which mapping matrix the output result of which is the result of the random mapping unit and is fed into the dynamic path S box is controlled by a binary random number AB control selector 18) And a domain dynamic inversion unit.
Preferably, GF (2)8) The input data of the domain dynamic inversion unit is an 8-bit data packet output by the random mapping unit and comprises GF ((2)4)2) P and N circuits on a field, selectors 2, GF ((2)2)2) P and N circuits on a field, selectors 3, GF (2)2) A domain multiplication inverse circuit; wherein P represents an inverse transform based on a polynomial basis and N represents an inverse transform based on a normal basis;
when 8-bit data is inputted GF (2)8) In the domain dynamic inversion unit, input data simultaneously enter GF ((2)4)2) P and N circuits on a domain; two input ports of the selector 2 are respectively connected with GF ((2)4)2) The P circuit and the N circuit on the domain are connected; selection of GF by random number A control selector 2 ((2)4)2) Output result of P circuit or N circuit on field as GF ((2)2)2) Inputting a P circuit and an N circuit on a domain, wherein A is the first bit of a random number AB; selectingTwo input ports of the selector 3 are respectively connected with GF ((2)2)2) The P circuit and the N circuit on the domain are connected; the selector 3 is controlled by a random number B to select GF ((2)2)2) Output result of P circuit or N circuit on field as GF (2)2) The input of the inverse circuit is multiplied on the field, wherein B is the last bit of the random number AB; GF (2)2) The inverse domain multiplication circuit is a bit exchange circuit, and the output result is combined into 8-bit data as GF (2)8) And the result of the domain dynamic inversion unit is sent to a random inverse mapping unit of the dynamic path S box.
Preferably, the input of the random inverse mapping unit is GF (2)8) The 8-bit data packet output by the domain dynamic inversion unit comprises a distributor, an inverse mapping matrix 1, an inverse mapping matrix 2, an inverse mapping matrix 3 and an inverse mapping matrix 4; the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 in the random mapping unit are respectively in one-to-one correspondence with the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 in the random mapping unit;
when 8-bit data enters the random inverse mapping unit, input data firstly enters the distributor; the random number AB is a control signal of the distributor, and the random number AB is used for determining which inverse mapping matrix the signal is sent to for processing; the output result of the inverse mapping matrix is fed into the affine elements of the dynamic path S-box as the result of the random inverse mapping elements.
Correspondingly, an AES encryption circuit based on a dynamic path S-box that can defend against power consumption attacks is a fully expanded structure, and includes: n is a radical ofr(NrNumber of round conversion operations specified for AES standard) round conversion units using dynamic path S-boxes (round conversion 1, round conversion 2, …, round conversion Nr) And a key expansion unit; the input data of the 1 st round transformation unit is encrypted data obtained after an input plaintext is subjected to XOR with an initial key, and the input data of the rest round transformation units are output data of the previous round transformation unit; the initial key input key expansion unit performs key expansion to obtain a round key of the current round unit and inputs the round key into a key adding unit in the unit;
1 st to N thr-1 the wheel changing units are identical in structure and are all arranged according toA byte replacing unit, a row shifting unit, a column mixing unit and a key adding unit which are connected in a secondary way; n thrThe wheel conversion unit comprises a byte replacement unit, a row shift unit and a key addition unit which are connected in sequence, and does not comprise a column mixing unit;
the byte replacement unit adopts a dynamic path S box to realize a byte replacement function, and comprises 16 dynamic path S boxes connected in parallel;
the input data of the wheel conversion unit is divided into 16 8-bit data packets, and the data packets are respectively input into the 16 dynamic path S boxes to realize byte replacement operation; the output results of the 16 dynamic path S boxes are combined into 128-bit data, and the 128-bit data are used as the result of the byte replacement unit in the conversion unit of the wheel and are sent to the row shifting unit in the conversion unit of the wheel;
the line shifting unit processes the input 128-bit data according to the line shifting operation rule specified by the AES standard, and the result is input into the column mixing unit; the column mixing unit processes the input 128-bit data according to the column mixing operation rule specified by the AES standard, and the result is input into the key adding unit; the key adding unit outputs the input data and the round key after carrying out XOR; n thrAnd the output result of the wheel conversion unit is the ciphertext result of the encryption circuit.
The invention has the beneficial effects that: according to the dynamic path S box, the mapping matrix and the inverse mapping matrix are randomly selected, the dynamic inversion unit is designed, the circuit path of the S box is not fixed, and compared with the traditional S box, the dynamic path S box can process the same group of data, and the power consumption presents dynamic change; the byte replacement unit in the round conversion unit is based on a parallel dynamic path S box structure, and the dynamic path S box is used, so that the power consumption of the target circuit is dynamically changed when the same group of data is processed, the correlation between the data processed by the target circuit and the circuit key is damaged, and the power consumption attack is effectively prevented.
Drawings
Fig. 1 is a schematic structural diagram of a dynamic path S box according to the present invention.
Fig. 2 is a schematic diagram of an encryption circuit structure according to the present invention.
Fig. 3(a) is a schematic diagram of a loop expansion structure of the AES encryption circuit.
Fig. 3(b) is a schematic diagram of a fully-expanded structure of the AES encryption circuit.
FIG. 4 shows the present invention NrThe flow chart of the AES encryption circuit for encryption operation is shown in the figure 10.
FIG. 5 shows GF ((2) according to the present invention4)2) Inverse transformation schematic based on polynomial basis in the domain.
FIG. 6 shows GF ((2) according to the present invention4)2) Inverse transform schematic based on normal basis in the domain.
FIG. 7 shows GF ((2) according to the present invention2)2) Inverse transformation schematic based on polynomial basis in the domain.
FIG. 8 shows GF ((2) according to the present invention2)2) Inverse transform schematic based on normal basis in the domain.
Detailed Description
As shown in fig. 1, an AES encryption circuit based on dynamic path S-box that can defend against power consumption attack includes: random mapping Unit, GF (2)8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit.
The random mapping unit depicted in fig. 1 comprises a mapping matrix 1, a mapping matrix 2, a mapping matrix 3, a mapping matrix 4 and a selector 1.
GF (2) depicted in FIG. 18) Domain dynamic inversion unit comprising GF ((2)4)2) P-circuit (P stands for inverse transform based on polynomial basis) and N-circuit (N stands for inverse transform based on normal basis) on domain, selector 2, GF ((2)2)2) P and N circuits on a field, selectors 3, GF (2)2) An inverse domain multiplication circuit. Wherein, GF ((2)4)2) P-circuits and N-circuits on the field are shown in FIGS. 5 and 6, respectively, GF ((2)2)2) The P and N circuits on the domain are shown in fig. 7 and 8, respectively.
The random inverse mapping unit shown in fig. 1 includes a distributor, an inverse mapping matrix 1, an inverse mapping matrix 2, an inverse mapping matrix 3, and an inverse mapping matrix 4; when 8-bit binary data enters the dynamic path S box, input data simultaneously enters the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 for processing.
When the random number AB is 00, the selector 1 selects the operation result of the mapping matrix 1 as the output of the random mapping matrix, and inputs the selected result to GF (2)8) A domain dynamic inversion unit; the input 8-bit data enters GF ((2) at the same time4)2) P circuit and N circuit on the domain, the upper 4 bits and the lower 4 bits of the input data respectively represent bit ahAnd al(ii) a Two input ports of the selector 2 are respectively connected with GF ((2)4)2) The P circuit and the N circuit on the domain are connected; the selector 2 is controlled to select GF ((2) by setting the random number a to 04)2) The output result of the P circuit on the field (high 4 bit inverse and low 4 bit inverse) is GF ((2)2)2) Inputs to the P and N circuits on the domain; two input ports of the selector 3 are respectively connected with GF ((2)2)2) The P circuit and the N circuit on the domain are connected; the selector 3 is controlled to select GF ((2) by setting the random number B to 02)2) Output result of P circuit on field as GF (2)2) An input of a domain multiplication inverse circuit; GF (2)2) The inverse circuit is used as bit exchange circuit, and the output result is merged into 8 bits of data as GF (2)8) The result of the domain dynamic inversion unit is sent to a random inverse mapping unit of a dynamic path S box; the random number AB is 00, and the control distributor selects the inverse mapping matrix 1 as a next-stage circuit to process data; the output result of the inverse mapping matrix is used as the result of the random inverse mapping unit and is sent to the affine unit of the dynamic path S box; the output result of the affine element is the encryption result of the dynamic path S-box.
When the random number AB is 01, the selector 1 selects the operation result of the mapping matrix 2 as the output of the random mapping matrix, and inputs the selected result to GF (2)8) A domain dynamic inversion unit; the selector 2 is controlled to select GF ((2) by setting the random number a to 04)2) Output result of P circuit on field as GF ((2)2)2) Inputs to the P and N circuits on the domain; the selector 3 is controlled to select GF ((2) by setting the random number B to 12)2) Output result of N circuits on field as GF (2)2) An input of a domain multiplication inverse circuit; GF (2)2) Inverse multiplication on domainThe circuit is a bit exchange circuit, and finally the output result is merged into 8-bit data as GF (2)8) The result of the domain dynamic inversion unit is sent to a random inverse mapping unit of a dynamic path S box; the random number AB is 01, and the control distributor selects the inverse mapping matrix 2 as a next-stage circuit to process data; the output result of the inverse mapping matrix is used as the result of the random inverse mapping unit and is sent to the affine unit of the dynamic path S box; the output result of the affine element is the encryption result of the dynamic path S-box.
When the random number AB is 10, the selector 1 selects the operation result of the mapping matrix 3 as the output of the random mapping matrix, and inputs the selected result to GF (2)8) A domain dynamic inversion unit; the selector 2 is controlled to select GF ((2) by setting the random number a to 14)2) Output result of N circuit on field as GF ((2)2)2) Inputs to the P and N circuits on the domain; the selector 3 is controlled to select GF ((2) by setting the random number B to 02)2) Output result of P circuit on field as GF (2)2) An input of a domain multiplication inverse circuit; GF (2)2) The inverse circuit is used as bit exchange circuit, and the output result is merged into 8 bits of data as GF (2)8) The result of the domain dynamic inversion unit is sent to a random inverse mapping unit of a dynamic path S box; the random number AB is 10, and the control distributor selects the inverse mapping matrix 3 as a next-stage circuit to process data; the output result of the inverse mapping matrix is used as the result of the random inverse mapping unit and is sent to the affine unit of the dynamic path S box; the output result of the affine element is the encryption result of the dynamic path S-box.
When the random number AB is 11, the selector 1 selects the operation result of the mapping matrix 4 as the output of the random mapping matrix, and inputs the selected result to GF (2)8) A domain dynamic inversion unit; the selector 2 is controlled to select GF ((2) by setting the random number a to 14)2) Output result of N circuit on field as GF ((2)2)2) Inputs to the P and N circuits on the domain; the selector 3 is controlled to select GF ((2) by setting the random number B to 12)2) Output result of N circuits on field as GF (2)2) An input of a domain multiplication inverse circuit; GF (2)2) The domain multiplication inverse circuit is a bit exchange circuit, and finally, the domain multiplication inverse circuit is a bit exchange circuitThe output result is merged into 8-bit data as GF (2)8) The result of the domain dynamic inversion unit is sent to a random inverse mapping unit of a dynamic path S box; the random number AB is 11, and the control distributor selects the inverse mapping matrix 4 as a next-stage circuit to process data; the output result of the inverse mapping matrix is used as the result of the random inverse mapping unit and is sent to the affine unit of the dynamic path S box; the output result of the affine element is the encryption result of the dynamic path S-box.
And PP circuit (i.e. GF ((2))4)2) Field-selective P circuit, GF ((2)2)2) Select P circuits on domain) are represented as:
Figure BDA0001992146990000061
the mapping matrix 2 and the inverse mapping matrix 2 connected to the PN circuit are respectively expressed as:
Figure BDA0001992146990000071
the mapping matrix 3 and the inverse mapping matrix 3 connected to the NP circuit are respectively expressed as:
Figure BDA0001992146990000072
the mapping matrix 4 and the inverse mapping matrix 4 connected to the NN circuit are respectively expressed as:
Figure BDA0001992146990000073
referring to fig. 2, an AES encryption circuit capable of defending against power consumption attack, where an input plaintext and an output ciphertext are 128-bit data packets, a key is a key bit number specified by AES standard, the encryption circuit includes Nr(NrNumber of round conversion operations specified for AES standard) round conversion units using dynamic path S-boxes (round conversion 1, round conversion)Changing 2, …, round changing Nr) And a key expansion unit; the input data of the first round transformation unit is encrypted data obtained after the input plaintext is subjected to XOR with the initial key, and the input data of the other round transformation units are output data of the previous round transformation unit; and the initial key input key expansion unit performs key expansion to obtain a round key of the current round unit and inputs the round key into a key adding unit in the unit.
1 st to N thrThe 1-round wheel transformation units have the same structure and are composed of a byte replacement unit, a row shifting unit, a column mixing unit and a key adding unit which are connected in sequence; n thrThe wheel conversion unit comprises a byte replacement unit, a row shift unit and a key addition unit which are connected in sequence, and does not comprise a column mixing unit; the byte replacement unit realizes the byte replacement function through the dynamic path S box, and comprises 16 parallel dynamic path S boxes.
The input data of the wheel conversion unit is divided into 16 8-bit data packets, and the data packets are respectively input into the 16 dynamic path S boxes to realize byte replacement operation; the output results of the 16 dynamic path S boxes are combined into 128-bit data as the result of the byte replacement unit in the present round of conversion units and sent to the row shift unit in the present round of conversion units.
The line shifting unit processes the input 128-bit data according to the line shifting operation rule specified by the AES standard, and the result is input into the column mixing unit; the column mixing unit processes the input 128-bit data according to the column mixing operation rule specified by the AES standard, and the result is input into the key adding unit; the key adding unit outputs the input data and the round key after carrying out XOR; n thrAnd the output result of the wheel conversion unit is the ciphertext result of the encryption circuit.
Referring to FIG. 4, FIG. 4 is NrA flow chart of an AES encryption circuit for encryption operation when the time is 10. The input plaintext and the initial key are 128-bit data packets, firstly, the plaintext and the initial key are subjected to one round of key addition operation, then, the plaintext and the initial key enter a round transformation unit, and after 10 rounds of transformation operation are performed in total, a circuit outputs a final 128-bit data packet ciphertext.
Nr=10In the meantime, the AES encryption circuit adopts S boxes of different structures, and the characteristics shown in table 1 can be obtained. The implementation in the table refers to an implementation of the encryption circuit, where PP refers to choosing GF ((2)4)2) P-circuit and GF ((2) on field2)2) P-circuits in the field for performing the inverse of the multiplication, with the PN finger selecting GF ((2)4)2) P-circuit and GF ((2) on field2)2) N circuits on the field implement the multiplication inverse, NN meaning selection GF ((2)4)2) N circuits over field and GF ((2)2)2) N circuits on the field implement the multiplicative inverse, NP refers to choosing GF ((2)4)2) N circuits over field and GF ((2)2)2) The P circuits on the domain implement the inverse of the multiplication.
TABLE 1 AES ENCRYPTION CIRCUIT CHARACTERISTICS USING S-BOX WITH DIFFERENT STRUCTURES
Figure BDA0001992146990000081
In the invention, the data processing path of the dynamic path S box dynamically changes, so that the power consumption of the target AES circuit dynamically changes when processing the same group of data, and the correlation between the data processed by the circuit and the circuit key is damaged, thereby realizing the aim of defending against power consumption attack and improving the safety of the encryption circuit.

Claims (5)

1. A dynamic path S-box, comprising: random mapping unit, GF (2) connected in sequence8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit are arranged;
random mapping Unit, GF (2)8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit respectively perform mapping operation, composite domain inversion operation, inverse mapping operation and affine operation on input data; the output result of the affine unit is the encryption result of the dynamic path S box;
the binary random number AB is generated by a random number generator for controlling the selectors 1, GF (2) in the random mapping unit8) Selector 2 and selector 3 in domain dynamic inversion unit, allocation in random inverse mapping unitA machine; the first bit of the binary random number AB, i.e. the random number a, is used to control the selector 2, and the last bit of the random number AB, i.e. the random number B, is used to control the selector 3.
2. The dynamic path S-box of claim 1, wherein the input of the random mapping unit is an 8-bit data packet comprising mapping matrix 1, mapping matrix 2, mapping matrix 3, mapping matrix 4, and selector 1; the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 are respectively in one-to-one correspondence with the inverse mapping matrix 1, the inverse mapping matrix 2, the inverse mapping matrix 3 and the inverse mapping matrix 4 in the random inverse mapping unit;
when 8-bit data enters the random mapping unit, input data simultaneously enters the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 for processing; GF (2) which dynamically selects which mapping matrix the output result of which is the result of the random mapping unit and is fed into the dynamic path S box is controlled by a binary random number AB control selector 18) And a domain dynamic inversion unit.
3. The dynamic path S-box of claim 1, wherein GF (2)8) The input data of the domain dynamic inversion unit is an 8-bit data packet output by the random mapping unit and comprises GF ((2)4)2) P and N circuits on a field, selectors 2, GF ((2)2)2) P and N circuits on a field, selectors 3, GF (2)2) A domain multiplication inverse circuit; wherein P represents an inverse transform based on a polynomial basis and N represents an inverse transform based on a normal basis;
when 8-bit data is inputted GF (2)8) In the domain dynamic inversion unit, input data simultaneously enter GF ((2)4)2) P and N circuits on a domain; two input ports of the selector 2 are respectively connected with GF ((2)4)2) The P circuit and the N circuit on the domain are connected; selection of GF by random number A control selector 2 ((2)4)2) Output result of P circuit or N circuit on field as GF ((2)2)2) Inputting a P circuit and an N circuit on a domain, wherein A is the first bit of a random number AB; two input ports of the selector 3Are respectively reacted with GF ((2)2)2) The P circuit and the N circuit on the domain are connected; the selector 3 is controlled by a random number B to select GF ((2)2)2) Output result of P circuit or N circuit on field as GF (2)2) The input of the inverse circuit is multiplied on the field, wherein B is the last bit of the random number AB; GF (2)2) The inverse domain multiplication circuit is a bit exchange circuit, and the output result is combined into 8-bit data as GF (2)8) And the result of the domain dynamic inversion unit is sent to a random inverse mapping unit of the dynamic path S box.
4. The dynamic path S-box of claim 1, wherein the input to the random inverse mapping unit is GF (2)8) The 8-bit data packet output by the domain dynamic inversion unit comprises a distributor, an inverse mapping matrix 1, an inverse mapping matrix 2, an inverse mapping matrix 3 and an inverse mapping matrix 4; the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 in the random mapping unit are respectively in one-to-one correspondence with the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 in the random mapping unit;
when 8-bit data enters the random inverse mapping unit, input data firstly enters the distributor; the random number AB is a control signal of the distributor, and the random number AB is used for determining which inverse mapping matrix the signal is sent to for processing; the output result of the inverse mapping matrix is fed into the affine elements of the dynamic path S-box as the result of the random inverse mapping elements.
5. An AES encryption circuit capable of defending against power consumption attack based on a dynamic path S-box, the AES encryption circuit comprising: n is a radical ofrA round conversion unit and a key expansion unit using a dynamic path S-box, wherein NrThe number of round conversion operations specified by the AES standard; the input data of the 1 st round transformation unit is encrypted data obtained after an input plaintext is subjected to XOR with an initial key, and the input data of the rest round transformation units are output data of the previous round transformation unit; the initial key input key expansion unit performs key expansion to obtain a round key of the current round unit and inputs the round key into a key adding unit in the unit;
1 toN thrThe 1-round wheel transformation units have the same structure and are composed of a byte replacement unit, a row shifting unit, a column mixing unit and a key adding unit which are connected in sequence; n thrThe wheel conversion unit comprises a byte replacement unit, a row shift unit and a key addition unit which are connected in sequence;
the byte replacement unit adopts the dynamic path S box of claim 1 to realize the byte replacement function, and comprises 16 parallel dynamic path S boxes of claim 1;
the input data of the wheel conversion unit is divided into 16 8-bit data packets, and the data packets are respectively input into the 16 dynamic path S boxes to realize byte replacement operation; the output results of the 16 dynamic path S boxes are combined into 128-bit data, and the 128-bit data are used as the result of the byte replacement unit in the conversion unit of the wheel and are sent to the row shifting unit in the conversion unit of the wheel;
the line shifting unit processes the input 128-bit data according to the line shifting operation rule specified by the AES standard, and the result is input into the column mixing unit; the column mixing unit processes the input 128-bit data according to the column mixing operation rule specified by the AES standard, and the result is input into the key adding unit; the key adding unit outputs the input data and the round key after carrying out XOR; n thrAnd the output result of the wheel conversion unit is the ciphertext result of the encryption circuit.
CN201910183699.2A 2019-03-12 2019-03-12 Dynamic path S box and AES encryption circuit capable of defending power consumption attack Active CN109818732B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910183699.2A CN109818732B (en) 2019-03-12 2019-03-12 Dynamic path S box and AES encryption circuit capable of defending power consumption attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910183699.2A CN109818732B (en) 2019-03-12 2019-03-12 Dynamic path S box and AES encryption circuit capable of defending power consumption attack

Publications (2)

Publication Number Publication Date
CN109818732A CN109818732A (en) 2019-05-28
CN109818732B true CN109818732B (en) 2021-05-11

Family

ID=66608810

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910183699.2A Active CN109818732B (en) 2019-03-12 2019-03-12 Dynamic path S box and AES encryption circuit capable of defending power consumption attack

Country Status (1)

Country Link
CN (1) CN109818732B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244495B (en) * 2021-11-25 2023-07-18 南通大学 AES encryption circuit based on random mask infection mechanism

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719766A (en) * 2005-07-21 2006-01-11 北京中星微电子有限公司 Sbox module optimizing method and circuit in AES encryption and decryption circuit
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
CN109274482A (en) * 2018-08-24 2019-01-25 广东工业大学 A kind of aes algorithm hardware circuit implementation method based on the optimization of S box

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5229315B2 (en) * 2008-03-31 2013-07-03 富士通株式会社 Encryption device and built-in device equipped with a common key encryption function
US10103873B2 (en) * 2016-04-01 2018-10-16 Intel Corporation Power side-channel attack resistant advanced encryption standard accelerator processor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719766A (en) * 2005-07-21 2006-01-11 北京中星微电子有限公司 Sbox module optimizing method and circuit in AES encryption and decryption circuit
CN101009554A (en) * 2007-01-17 2007-08-01 华中科技大学 A byte replacement circuit for power consumption attack prevention
CN109274482A (en) * 2018-08-24 2019-01-25 广东工业大学 A kind of aes algorithm hardware circuit implementation method based on the optimization of S box

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《Architecture Design of High Efficient and Non-memory AES Crypto Core for WPAN》;Rong Jian Chen;《2009 Third International Conference on Network and System Security》;20091021;全文 *

Also Published As

Publication number Publication date
CN109818732A (en) 2019-05-28

Similar Documents

Publication Publication Date Title
CN107707343B (en) SP network structure lightweight block cipher realization method with consistent encryption and decryption
Satoh et al. Hardware-focused performance comparison for the standard block ciphers aes, camellia, and triple-des
CN111431697B (en) Novel method for realizing lightweight block cipher CORL
CN107204841B (en) Method for realizing multiple S boxes of block cipher for resisting differential power attack
CN109033892B (en) Round conversion multiplexing circuit based on synthetic matrix and AES decryption circuit
US10237066B1 (en) Multi-channel encryption and authentication
CN109150495B (en) Round conversion multiplexing circuit and AES decryption circuit thereof
CN109818732B (en) Dynamic path S box and AES encryption circuit capable of defending power consumption attack
CN109033847B (en) AES encryption operation unit, AES encryption circuit and encryption method thereof
CN108809627B (en) Round conversion multiplexing circuit and AES decryption circuit
CN109033893B (en) AES encryption unit based on synthetic matrix, AES encryption circuit and encryption method thereof
CN108566271B (en) Multiplexing round conversion circuit, AES encryption circuit and encryption method thereof
GN et al. Performance enhancement of Blowfish and CAST-128 algorithms and Security analysis of improved Blowfish algorithm using Avalanche effect
Rais et al. A novel FPGA implementation of AES-128 using reduced residue of prime numbers based S-Box
CN108989018B (en) AES encryption unit, AES encryption circuit and encryption method
Mestiri et al. Performances of the AES design in 0.18 μm CMOS technology
CN110059492B (en) AES encryption circuit capable of detecting errors based on double-path complementary structure
CN109033023B (en) Ordinary round conversion operation unit, ordinary round conversion circuit and AES encryption circuit
CN109150496B (en) AES encryption operation unit, AES encryption circuit and encryption method
WO2023040595A1 (en) Chip, and method for generating message authentication code
CN114244495B (en) AES encryption circuit based on random mask infection mechanism
US20180054307A1 (en) Encryption device
Mani et al. Modified DES using different keystreams based on primitive pythagorean triples
Nayana et al. VLSI implementation of AES Encryption/Decryption Algorithm using FPGA
CN109936440B (en) Multiplexing round conversion operation unit in AES decryption circuit and construction method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant