CN109818732B - Dynamic path S box and AES encryption circuit capable of defending power consumption attack - Google Patents
Dynamic path S box and AES encryption circuit capable of defending power consumption attack Download PDFInfo
- Publication number
- CN109818732B CN109818732B CN201910183699.2A CN201910183699A CN109818732B CN 109818732 B CN109818732 B CN 109818732B CN 201910183699 A CN201910183699 A CN 201910183699A CN 109818732 B CN109818732 B CN 109818732B
- Authority
- CN
- China
- Prior art keywords
- unit
- mapping matrix
- circuit
- mapping
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a dynamic path S box and an AES encryption circuit capable of defending power consumption attack, wherein the dynamic path S box comprises a random mapping unit and GF (2)8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit are arranged; the AES encryption circuit capable of defending against power consumption attack based on the dynamic path S box comprises NrA round conversion unit and a key expansion unit which adopt the dynamic path S box. In the invention, the data processing path of the dynamic path S box dynamically changes, so that the power consumption of the target AES circuit dynamically changes when processing the same group of data, and the correlation between the data processed by the circuit and the circuit key is damaged, thereby realizing the aim of defending against power consumption attack and improving the safety of the encryption circuit.
Description
Technical Field
The invention relates to the technical field of cryptographic circuit implementation, in particular to a dynamic path S box and an AES (advanced encryption standard) encryption circuit capable of defending power consumption attack.
Background
Advanced Encryption Standard (AES), also known as Rijndael Encryption method, is designed by belgium cryptologists Joan Daemen and Vincent Rijmen, and is a new generation of block symmetric cryptographic algorithm established in 2001 by the national institute of standards and technology, which is used to replace the original Data Encryption Standard (DES). The AES cipher is an iterative, symmetric block cipher with a data block length of 128 bits and key lengths of 128, 192, and 256 bits. According to the three different key lengths, the encryption process needs to perform 10, 12 and 14 rounds of transformation operations respectively, wherein each round of transformation operation comprises four sub-operations of byte replacement, row shifting, column mixing and key addition except for the last round. To eliminate symmetry, the last round of transformation does not contain a column mix operation and a key addition operation is added before the first round of transformation.
According to different application requirements, the AES encryption circuit adopts different implementation architectures. Referring to fig. 3(a) and 3(b), AES encryption circuit implementation architectures may be generally divided into two types: a cyclic deployment configuration and a fully deployed configuration. In the cyclic deployment structure use Nk(1≤Nk≤Nr,Nr10/12/14) round transform units (including independent key addition operations), the loop unrolling structure requires less circuit area than the full unrolling structure, especially when N is the number of the round transform unitskWhen 1 (N)kAlso known as a full loop configuration when 1), the loop unrolling structure has a minimum circuit area. But the loop unrolling structure requires iterationThe final result can be obtained, and thus the data processing speed is low. The circular expansion structure is used in occasions requiring small circuit area and low data rate, such as wireless sensor networks, RFID and the like. The loop unrolling structure may also trade off circuit area and speed according to specific application requirements. The fully-unfolded structure uses NrThe circuit area of the round conversion circuit unit is large, but data does not need to be fed back, and the data processing speed is high. The full expansion structure can also accelerate the data processing speed by increasing the pipeline stage number. The fully expanded structure is suitable for high-speed data real-time processing occasions, such as real-time video signal transmission and the like.
Power consumption attacks, also known as Power Analysis (Power Analysis), are based on the correlation between the Power consumed by the cryptographic chip and the intermediate values of the key and algorithm. The large amount of CMOS logic in an integrated circuit causes power consumption to be related to the input and output transition states of the circuit, and more power consumption is consumed when the CMOS cells have signal transitions. In the power consumption attack process, a certain mapping relation needs to be established between the intermediate result of the encryption or decryption operation and the power consumption consumed by the cryptographic chip, so that the value of the key is estimated according to the power consumption data analysis. Currently, common Power attacks can be classified into Simple Power Attack (SPA), Differential Power Attack (DPA), and High-Order Differential Power Attack (HO-DPA). The power consumption attack is simple to realize, expensive professional equipment is not needed, and the key searching space is small, so that the power consumption attack is the most important and most common attack means in the bypass attack and is also a bypass attack technology which forms the most serious threat to a crypto chip.
For power consumption attack and the requirement of some extreme condition application environments on high reliability of equipment, the traditional defense approaches can be roughly divided into two categories: firstly, the fluctuation of a power consumption curve is reduced, and the useful information quantity is reduced, so that the signal-to-noise ratio is reduced; secondly, the purpose of reducing the signal to noise ratio is achieved by increasing random noise and redundant power consumption. Common power attack defense measures mainly include a random mask technology, a constant power consumption technology and the like.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a dynamic path S box and an AES encryption circuit capable of defending power consumption attack, which can solve the problem that the existing AES encryption circuit based on a composite domain S box cannot defend power consumption attack.
To solve the above technical problem, the present invention provides a dynamic path S box, including: random mapping unit, GF (2) connected in sequence8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit are arranged;
random mapping Unit, GF (2)8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit respectively perform mapping operation, composite domain inversion operation, inverse mapping operation and affine operation on input data; the output result of the affine unit is the encryption result of the dynamic path S box;
the binary random number AB is generated by a random number generator for controlling the selectors 1, GF (2) in the random mapping unit8) A selector 2 and a selector 3 in the domain dynamic inversion unit and an allocator in the random inverse mapping unit; the first bit of the binary random number AB, i.e. the random number a, is used to control the selector 2, and the last bit of the random number AB, i.e. the random number B, is used to control the selector 2.
Preferably, the input of the random mapping unit is an 8-bit data packet, and the random mapping unit comprises a mapping matrix 1, a mapping matrix 2, a mapping matrix 3, a mapping matrix 4 and a selector 1; the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 are respectively in one-to-one correspondence with the inverse mapping matrix 1, the inverse mapping matrix 2, the inverse mapping matrix 3 and the inverse mapping matrix 4 in the random inverse mapping unit;
when 8-bit data enters the random mapping unit, input data simultaneously enters the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 for processing; GF (2) which dynamically selects which mapping matrix the output result of which is the result of the random mapping unit and is fed into the dynamic path S box is controlled by a binary random number AB control selector 18) And a domain dynamic inversion unit.
Preferably, GF (2)8) The input data of the domain dynamic inversion unit is an 8-bit data packet output by the random mapping unit and comprises GF ((2)4)2) P and N circuits on a field, selectors 2, GF ((2)2)2) P and N circuits on a field, selectors 3, GF (2)2) A domain multiplication inverse circuit; wherein P represents an inverse transform based on a polynomial basis and N represents an inverse transform based on a normal basis;
when 8-bit data is inputted GF (2)8) In the domain dynamic inversion unit, input data simultaneously enter GF ((2)4)2) P and N circuits on a domain; two input ports of the selector 2 are respectively connected with GF ((2)4)2) The P circuit and the N circuit on the domain are connected; selection of GF by random number A control selector 2 ((2)4)2) Output result of P circuit or N circuit on field as GF ((2)2)2) Inputting a P circuit and an N circuit on a domain, wherein A is the first bit of a random number AB; selectingTwo input ports of the selector 3 are respectively connected with GF ((2)2)2) The P circuit and the N circuit on the domain are connected; the selector 3 is controlled by a random number B to select GF ((2)2)2) Output result of P circuit or N circuit on field as GF (2)2) The input of the inverse circuit is multiplied on the field, wherein B is the last bit of the random number AB; GF (2)2) The inverse domain multiplication circuit is a bit exchange circuit, and the output result is combined into 8-bit data as GF (2)8) And the result of the domain dynamic inversion unit is sent to a random inverse mapping unit of the dynamic path S box.
Preferably, the input of the random inverse mapping unit is GF (2)8) The 8-bit data packet output by the domain dynamic inversion unit comprises a distributor, an inverse mapping matrix 1, an inverse mapping matrix 2, an inverse mapping matrix 3 and an inverse mapping matrix 4; the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 in the random mapping unit are respectively in one-to-one correspondence with the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 in the random mapping unit;
when 8-bit data enters the random inverse mapping unit, input data firstly enters the distributor; the random number AB is a control signal of the distributor, and the random number AB is used for determining which inverse mapping matrix the signal is sent to for processing; the output result of the inverse mapping matrix is fed into the affine elements of the dynamic path S-box as the result of the random inverse mapping elements.
Correspondingly, an AES encryption circuit based on a dynamic path S-box that can defend against power consumption attacks is a fully expanded structure, and includes: n is a radical ofr(NrNumber of round conversion operations specified for AES standard) round conversion units using dynamic path S-boxes (round conversion 1, round conversion 2, …, round conversion Nr) And a key expansion unit; the input data of the 1 st round transformation unit is encrypted data obtained after an input plaintext is subjected to XOR with an initial key, and the input data of the rest round transformation units are output data of the previous round transformation unit; the initial key input key expansion unit performs key expansion to obtain a round key of the current round unit and inputs the round key into a key adding unit in the unit;
1 st to N thr-1 the wheel changing units are identical in structure and are all arranged according toA byte replacing unit, a row shifting unit, a column mixing unit and a key adding unit which are connected in a secondary way; n thrThe wheel conversion unit comprises a byte replacement unit, a row shift unit and a key addition unit which are connected in sequence, and does not comprise a column mixing unit;
the byte replacement unit adopts a dynamic path S box to realize a byte replacement function, and comprises 16 dynamic path S boxes connected in parallel;
the input data of the wheel conversion unit is divided into 16 8-bit data packets, and the data packets are respectively input into the 16 dynamic path S boxes to realize byte replacement operation; the output results of the 16 dynamic path S boxes are combined into 128-bit data, and the 128-bit data are used as the result of the byte replacement unit in the conversion unit of the wheel and are sent to the row shifting unit in the conversion unit of the wheel;
the line shifting unit processes the input 128-bit data according to the line shifting operation rule specified by the AES standard, and the result is input into the column mixing unit; the column mixing unit processes the input 128-bit data according to the column mixing operation rule specified by the AES standard, and the result is input into the key adding unit; the key adding unit outputs the input data and the round key after carrying out XOR; n thrAnd the output result of the wheel conversion unit is the ciphertext result of the encryption circuit.
The invention has the beneficial effects that: according to the dynamic path S box, the mapping matrix and the inverse mapping matrix are randomly selected, the dynamic inversion unit is designed, the circuit path of the S box is not fixed, and compared with the traditional S box, the dynamic path S box can process the same group of data, and the power consumption presents dynamic change; the byte replacement unit in the round conversion unit is based on a parallel dynamic path S box structure, and the dynamic path S box is used, so that the power consumption of the target circuit is dynamically changed when the same group of data is processed, the correlation between the data processed by the target circuit and the circuit key is damaged, and the power consumption attack is effectively prevented.
Drawings
Fig. 1 is a schematic structural diagram of a dynamic path S box according to the present invention.
Fig. 2 is a schematic diagram of an encryption circuit structure according to the present invention.
Fig. 3(a) is a schematic diagram of a loop expansion structure of the AES encryption circuit.
Fig. 3(b) is a schematic diagram of a fully-expanded structure of the AES encryption circuit.
FIG. 4 shows the present invention NrThe flow chart of the AES encryption circuit for encryption operation is shown in the figure 10.
FIG. 5 shows GF ((2) according to the present invention4)2) Inverse transformation schematic based on polynomial basis in the domain.
FIG. 6 shows GF ((2) according to the present invention4)2) Inverse transform schematic based on normal basis in the domain.
FIG. 7 shows GF ((2) according to the present invention2)2) Inverse transformation schematic based on polynomial basis in the domain.
FIG. 8 shows GF ((2) according to the present invention2)2) Inverse transform schematic based on normal basis in the domain.
Detailed Description
As shown in fig. 1, an AES encryption circuit based on dynamic path S-box that can defend against power consumption attack includes: random mapping Unit, GF (2)8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit.
The random mapping unit depicted in fig. 1 comprises a mapping matrix 1, a mapping matrix 2, a mapping matrix 3, a mapping matrix 4 and a selector 1.
GF (2) depicted in FIG. 18) Domain dynamic inversion unit comprising GF ((2)4)2) P-circuit (P stands for inverse transform based on polynomial basis) and N-circuit (N stands for inverse transform based on normal basis) on domain, selector 2, GF ((2)2)2) P and N circuits on a field, selectors 3, GF (2)2) An inverse domain multiplication circuit. Wherein, GF ((2)4)2) P-circuits and N-circuits on the field are shown in FIGS. 5 and 6, respectively, GF ((2)2)2) The P and N circuits on the domain are shown in fig. 7 and 8, respectively.
The random inverse mapping unit shown in fig. 1 includes a distributor, an inverse mapping matrix 1, an inverse mapping matrix 2, an inverse mapping matrix 3, and an inverse mapping matrix 4; when 8-bit binary data enters the dynamic path S box, input data simultaneously enters the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 for processing.
When the random number AB is 00, the selector 1 selects the operation result of the mapping matrix 1 as the output of the random mapping matrix, and inputs the selected result to GF (2)8) A domain dynamic inversion unit; the input 8-bit data enters GF ((2) at the same time4)2) P circuit and N circuit on the domain, the upper 4 bits and the lower 4 bits of the input data respectively represent bit ahAnd al(ii) a Two input ports of the selector 2 are respectively connected with GF ((2)4)2) The P circuit and the N circuit on the domain are connected; the selector 2 is controlled to select GF ((2) by setting the random number a to 04)2) The output result of the P circuit on the field (high 4 bit inverse and low 4 bit inverse) is GF ((2)2)2) Inputs to the P and N circuits on the domain; two input ports of the selector 3 are respectively connected with GF ((2)2)2) The P circuit and the N circuit on the domain are connected; the selector 3 is controlled to select GF ((2) by setting the random number B to 02)2) Output result of P circuit on field as GF (2)2) An input of a domain multiplication inverse circuit; GF (2)2) The inverse circuit is used as bit exchange circuit, and the output result is merged into 8 bits of data as GF (2)8) The result of the domain dynamic inversion unit is sent to a random inverse mapping unit of a dynamic path S box; the random number AB is 00, and the control distributor selects the inverse mapping matrix 1 as a next-stage circuit to process data; the output result of the inverse mapping matrix is used as the result of the random inverse mapping unit and is sent to the affine unit of the dynamic path S box; the output result of the affine element is the encryption result of the dynamic path S-box.
When the random number AB is 01, the selector 1 selects the operation result of the mapping matrix 2 as the output of the random mapping matrix, and inputs the selected result to GF (2)8) A domain dynamic inversion unit; the selector 2 is controlled to select GF ((2) by setting the random number a to 04)2) Output result of P circuit on field as GF ((2)2)2) Inputs to the P and N circuits on the domain; the selector 3 is controlled to select GF ((2) by setting the random number B to 12)2) Output result of N circuits on field as GF (2)2) An input of a domain multiplication inverse circuit; GF (2)2) Inverse multiplication on domainThe circuit is a bit exchange circuit, and finally the output result is merged into 8-bit data as GF (2)8) The result of the domain dynamic inversion unit is sent to a random inverse mapping unit of a dynamic path S box; the random number AB is 01, and the control distributor selects the inverse mapping matrix 2 as a next-stage circuit to process data; the output result of the inverse mapping matrix is used as the result of the random inverse mapping unit and is sent to the affine unit of the dynamic path S box; the output result of the affine element is the encryption result of the dynamic path S-box.
When the random number AB is 10, the selector 1 selects the operation result of the mapping matrix 3 as the output of the random mapping matrix, and inputs the selected result to GF (2)8) A domain dynamic inversion unit; the selector 2 is controlled to select GF ((2) by setting the random number a to 14)2) Output result of N circuit on field as GF ((2)2)2) Inputs to the P and N circuits on the domain; the selector 3 is controlled to select GF ((2) by setting the random number B to 02)2) Output result of P circuit on field as GF (2)2) An input of a domain multiplication inverse circuit; GF (2)2) The inverse circuit is used as bit exchange circuit, and the output result is merged into 8 bits of data as GF (2)8) The result of the domain dynamic inversion unit is sent to a random inverse mapping unit of a dynamic path S box; the random number AB is 10, and the control distributor selects the inverse mapping matrix 3 as a next-stage circuit to process data; the output result of the inverse mapping matrix is used as the result of the random inverse mapping unit and is sent to the affine unit of the dynamic path S box; the output result of the affine element is the encryption result of the dynamic path S-box.
When the random number AB is 11, the selector 1 selects the operation result of the mapping matrix 4 as the output of the random mapping matrix, and inputs the selected result to GF (2)8) A domain dynamic inversion unit; the selector 2 is controlled to select GF ((2) by setting the random number a to 14)2) Output result of N circuit on field as GF ((2)2)2) Inputs to the P and N circuits on the domain; the selector 3 is controlled to select GF ((2) by setting the random number B to 12)2) Output result of N circuits on field as GF (2)2) An input of a domain multiplication inverse circuit; GF (2)2) The domain multiplication inverse circuit is a bit exchange circuit, and finally, the domain multiplication inverse circuit is a bit exchange circuitThe output result is merged into 8-bit data as GF (2)8) The result of the domain dynamic inversion unit is sent to a random inverse mapping unit of a dynamic path S box; the random number AB is 11, and the control distributor selects the inverse mapping matrix 4 as a next-stage circuit to process data; the output result of the inverse mapping matrix is used as the result of the random inverse mapping unit and is sent to the affine unit of the dynamic path S box; the output result of the affine element is the encryption result of the dynamic path S-box.
And PP circuit (i.e. GF ((2))4)2) Field-selective P circuit, GF ((2)2)2) Select P circuits on domain) are represented as:
the mapping matrix 2 and the inverse mapping matrix 2 connected to the PN circuit are respectively expressed as:
the mapping matrix 3 and the inverse mapping matrix 3 connected to the NP circuit are respectively expressed as:
the mapping matrix 4 and the inverse mapping matrix 4 connected to the NN circuit are respectively expressed as:
referring to fig. 2, an AES encryption circuit capable of defending against power consumption attack, where an input plaintext and an output ciphertext are 128-bit data packets, a key is a key bit number specified by AES standard, the encryption circuit includes Nr(NrNumber of round conversion operations specified for AES standard) round conversion units using dynamic path S-boxes (round conversion 1, round conversion)Changing 2, …, round changing Nr) And a key expansion unit; the input data of the first round transformation unit is encrypted data obtained after the input plaintext is subjected to XOR with the initial key, and the input data of the other round transformation units are output data of the previous round transformation unit; and the initial key input key expansion unit performs key expansion to obtain a round key of the current round unit and inputs the round key into a key adding unit in the unit.
1 st to N thrThe 1-round wheel transformation units have the same structure and are composed of a byte replacement unit, a row shifting unit, a column mixing unit and a key adding unit which are connected in sequence; n thrThe wheel conversion unit comprises a byte replacement unit, a row shift unit and a key addition unit which are connected in sequence, and does not comprise a column mixing unit; the byte replacement unit realizes the byte replacement function through the dynamic path S box, and comprises 16 parallel dynamic path S boxes.
The input data of the wheel conversion unit is divided into 16 8-bit data packets, and the data packets are respectively input into the 16 dynamic path S boxes to realize byte replacement operation; the output results of the 16 dynamic path S boxes are combined into 128-bit data as the result of the byte replacement unit in the present round of conversion units and sent to the row shift unit in the present round of conversion units.
The line shifting unit processes the input 128-bit data according to the line shifting operation rule specified by the AES standard, and the result is input into the column mixing unit; the column mixing unit processes the input 128-bit data according to the column mixing operation rule specified by the AES standard, and the result is input into the key adding unit; the key adding unit outputs the input data and the round key after carrying out XOR; n thrAnd the output result of the wheel conversion unit is the ciphertext result of the encryption circuit.
Referring to FIG. 4, FIG. 4 is NrA flow chart of an AES encryption circuit for encryption operation when the time is 10. The input plaintext and the initial key are 128-bit data packets, firstly, the plaintext and the initial key are subjected to one round of key addition operation, then, the plaintext and the initial key enter a round transformation unit, and after 10 rounds of transformation operation are performed in total, a circuit outputs a final 128-bit data packet ciphertext.
Nr=10In the meantime, the AES encryption circuit adopts S boxes of different structures, and the characteristics shown in table 1 can be obtained. The implementation in the table refers to an implementation of the encryption circuit, where PP refers to choosing GF ((2)4)2) P-circuit and GF ((2) on field2)2) P-circuits in the field for performing the inverse of the multiplication, with the PN finger selecting GF ((2)4)2) P-circuit and GF ((2) on field2)2) N circuits on the field implement the multiplication inverse, NN meaning selection GF ((2)4)2) N circuits over field and GF ((2)2)2) N circuits on the field implement the multiplicative inverse, NP refers to choosing GF ((2)4)2) N circuits over field and GF ((2)2)2) The P circuits on the domain implement the inverse of the multiplication.
TABLE 1 AES ENCRYPTION CIRCUIT CHARACTERISTICS USING S-BOX WITH DIFFERENT STRUCTURES
In the invention, the data processing path of the dynamic path S box dynamically changes, so that the power consumption of the target AES circuit dynamically changes when processing the same group of data, and the correlation between the data processed by the circuit and the circuit key is damaged, thereby realizing the aim of defending against power consumption attack and improving the safety of the encryption circuit.
Claims (5)
1. A dynamic path S-box, comprising: random mapping unit, GF (2) connected in sequence8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit are arranged;
random mapping Unit, GF (2)8) The domain dynamic inversion unit, the random inverse mapping unit and the affine unit respectively perform mapping operation, composite domain inversion operation, inverse mapping operation and affine operation on input data; the output result of the affine unit is the encryption result of the dynamic path S box;
the binary random number AB is generated by a random number generator for controlling the selectors 1, GF (2) in the random mapping unit8) Selector 2 and selector 3 in domain dynamic inversion unit, allocation in random inverse mapping unitA machine; the first bit of the binary random number AB, i.e. the random number a, is used to control the selector 2, and the last bit of the random number AB, i.e. the random number B, is used to control the selector 3.
2. The dynamic path S-box of claim 1, wherein the input of the random mapping unit is an 8-bit data packet comprising mapping matrix 1, mapping matrix 2, mapping matrix 3, mapping matrix 4, and selector 1; the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 are respectively in one-to-one correspondence with the inverse mapping matrix 1, the inverse mapping matrix 2, the inverse mapping matrix 3 and the inverse mapping matrix 4 in the random inverse mapping unit;
when 8-bit data enters the random mapping unit, input data simultaneously enters the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 for processing; GF (2) which dynamically selects which mapping matrix the output result of which is the result of the random mapping unit and is fed into the dynamic path S box is controlled by a binary random number AB control selector 18) And a domain dynamic inversion unit.
3. The dynamic path S-box of claim 1, wherein GF (2)8) The input data of the domain dynamic inversion unit is an 8-bit data packet output by the random mapping unit and comprises GF ((2)4)2) P and N circuits on a field, selectors 2, GF ((2)2)2) P and N circuits on a field, selectors 3, GF (2)2) A domain multiplication inverse circuit; wherein P represents an inverse transform based on a polynomial basis and N represents an inverse transform based on a normal basis;
when 8-bit data is inputted GF (2)8) In the domain dynamic inversion unit, input data simultaneously enter GF ((2)4)2) P and N circuits on a domain; two input ports of the selector 2 are respectively connected with GF ((2)4)2) The P circuit and the N circuit on the domain are connected; selection of GF by random number A control selector 2 ((2)4)2) Output result of P circuit or N circuit on field as GF ((2)2)2) Inputting a P circuit and an N circuit on a domain, wherein A is the first bit of a random number AB; two input ports of the selector 3Are respectively reacted with GF ((2)2)2) The P circuit and the N circuit on the domain are connected; the selector 3 is controlled by a random number B to select GF ((2)2)2) Output result of P circuit or N circuit on field as GF (2)2) The input of the inverse circuit is multiplied on the field, wherein B is the last bit of the random number AB; GF (2)2) The inverse domain multiplication circuit is a bit exchange circuit, and the output result is combined into 8-bit data as GF (2)8) And the result of the domain dynamic inversion unit is sent to a random inverse mapping unit of the dynamic path S box.
4. The dynamic path S-box of claim 1, wherein the input to the random inverse mapping unit is GF (2)8) The 8-bit data packet output by the domain dynamic inversion unit comprises a distributor, an inverse mapping matrix 1, an inverse mapping matrix 2, an inverse mapping matrix 3 and an inverse mapping matrix 4; the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 in the random mapping unit are respectively in one-to-one correspondence with the mapping matrix 1, the mapping matrix 2, the mapping matrix 3 and the mapping matrix 4 in the random mapping unit;
when 8-bit data enters the random inverse mapping unit, input data firstly enters the distributor; the random number AB is a control signal of the distributor, and the random number AB is used for determining which inverse mapping matrix the signal is sent to for processing; the output result of the inverse mapping matrix is fed into the affine elements of the dynamic path S-box as the result of the random inverse mapping elements.
5. An AES encryption circuit capable of defending against power consumption attack based on a dynamic path S-box, the AES encryption circuit comprising: n is a radical ofrA round conversion unit and a key expansion unit using a dynamic path S-box, wherein NrThe number of round conversion operations specified by the AES standard; the input data of the 1 st round transformation unit is encrypted data obtained after an input plaintext is subjected to XOR with an initial key, and the input data of the rest round transformation units are output data of the previous round transformation unit; the initial key input key expansion unit performs key expansion to obtain a round key of the current round unit and inputs the round key into a key adding unit in the unit;
1 toN thrThe 1-round wheel transformation units have the same structure and are composed of a byte replacement unit, a row shifting unit, a column mixing unit and a key adding unit which are connected in sequence; n thrThe wheel conversion unit comprises a byte replacement unit, a row shift unit and a key addition unit which are connected in sequence;
the byte replacement unit adopts the dynamic path S box of claim 1 to realize the byte replacement function, and comprises 16 parallel dynamic path S boxes of claim 1;
the input data of the wheel conversion unit is divided into 16 8-bit data packets, and the data packets are respectively input into the 16 dynamic path S boxes to realize byte replacement operation; the output results of the 16 dynamic path S boxes are combined into 128-bit data, and the 128-bit data are used as the result of the byte replacement unit in the conversion unit of the wheel and are sent to the row shifting unit in the conversion unit of the wheel;
the line shifting unit processes the input 128-bit data according to the line shifting operation rule specified by the AES standard, and the result is input into the column mixing unit; the column mixing unit processes the input 128-bit data according to the column mixing operation rule specified by the AES standard, and the result is input into the key adding unit; the key adding unit outputs the input data and the round key after carrying out XOR; n thrAnd the output result of the wheel conversion unit is the ciphertext result of the encryption circuit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183699.2A CN109818732B (en) | 2019-03-12 | 2019-03-12 | Dynamic path S box and AES encryption circuit capable of defending power consumption attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910183699.2A CN109818732B (en) | 2019-03-12 | 2019-03-12 | Dynamic path S box and AES encryption circuit capable of defending power consumption attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109818732A CN109818732A (en) | 2019-05-28 |
CN109818732B true CN109818732B (en) | 2021-05-11 |
Family
ID=66608810
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910183699.2A Active CN109818732B (en) | 2019-03-12 | 2019-03-12 | Dynamic path S box and AES encryption circuit capable of defending power consumption attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109818732B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114244495B (en) * | 2021-11-25 | 2023-07-18 | 南通大学 | AES encryption circuit based on random mask infection mechanism |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1719766A (en) * | 2005-07-21 | 2006-01-11 | 北京中星微电子有限公司 | Sbox module optimizing method and circuit in AES encryption and decryption circuit |
CN101009554A (en) * | 2007-01-17 | 2007-08-01 | 华中科技大学 | A byte replacement circuit for power consumption attack prevention |
CN109274482A (en) * | 2018-08-24 | 2019-01-25 | 广东工业大学 | A kind of aes algorithm hardware circuit implementation method based on the optimization of S box |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5229315B2 (en) * | 2008-03-31 | 2013-07-03 | 富士通株式会社 | Encryption device and built-in device equipped with a common key encryption function |
US10103873B2 (en) * | 2016-04-01 | 2018-10-16 | Intel Corporation | Power side-channel attack resistant advanced encryption standard accelerator processor |
-
2019
- 2019-03-12 CN CN201910183699.2A patent/CN109818732B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1719766A (en) * | 2005-07-21 | 2006-01-11 | 北京中星微电子有限公司 | Sbox module optimizing method and circuit in AES encryption and decryption circuit |
CN101009554A (en) * | 2007-01-17 | 2007-08-01 | 华中科技大学 | A byte replacement circuit for power consumption attack prevention |
CN109274482A (en) * | 2018-08-24 | 2019-01-25 | 广东工业大学 | A kind of aes algorithm hardware circuit implementation method based on the optimization of S box |
Non-Patent Citations (1)
Title |
---|
《Architecture Design of High Efficient and Non-memory AES Crypto Core for WPAN》;Rong Jian Chen;《2009 Third International Conference on Network and System Security》;20091021;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN109818732A (en) | 2019-05-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107707343B (en) | SP network structure lightweight block cipher realization method with consistent encryption and decryption | |
Satoh et al. | Hardware-focused performance comparison for the standard block ciphers aes, camellia, and triple-des | |
CN111431697B (en) | Novel method for realizing lightweight block cipher CORL | |
CN107204841B (en) | Method for realizing multiple S boxes of block cipher for resisting differential power attack | |
CN109033892B (en) | Round conversion multiplexing circuit based on synthetic matrix and AES decryption circuit | |
US10237066B1 (en) | Multi-channel encryption and authentication | |
CN109150495B (en) | Round conversion multiplexing circuit and AES decryption circuit thereof | |
CN109818732B (en) | Dynamic path S box and AES encryption circuit capable of defending power consumption attack | |
CN109033847B (en) | AES encryption operation unit, AES encryption circuit and encryption method thereof | |
CN108809627B (en) | Round conversion multiplexing circuit and AES decryption circuit | |
CN109033893B (en) | AES encryption unit based on synthetic matrix, AES encryption circuit and encryption method thereof | |
CN108566271B (en) | Multiplexing round conversion circuit, AES encryption circuit and encryption method thereof | |
GN et al. | Performance enhancement of Blowfish and CAST-128 algorithms and Security analysis of improved Blowfish algorithm using Avalanche effect | |
Rais et al. | A novel FPGA implementation of AES-128 using reduced residue of prime numbers based S-Box | |
CN108989018B (en) | AES encryption unit, AES encryption circuit and encryption method | |
Mestiri et al. | Performances of the AES design in 0.18 μm CMOS technology | |
CN110059492B (en) | AES encryption circuit capable of detecting errors based on double-path complementary structure | |
CN109033023B (en) | Ordinary round conversion operation unit, ordinary round conversion circuit and AES encryption circuit | |
CN109150496B (en) | AES encryption operation unit, AES encryption circuit and encryption method | |
WO2023040595A1 (en) | Chip, and method for generating message authentication code | |
CN114244495B (en) | AES encryption circuit based on random mask infection mechanism | |
US20180054307A1 (en) | Encryption device | |
Mani et al. | Modified DES using different keystreams based on primitive pythagorean triples | |
Nayana et al. | VLSI implementation of AES Encryption/Decryption Algorithm using FPGA | |
CN109936440B (en) | Multiplexing round conversion operation unit in AES decryption circuit and construction method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |