CN110299990B - QUAD stream cipher generating device combining disorder and mask - Google Patents
QUAD stream cipher generating device combining disorder and mask Download PDFInfo
- Publication number
- CN110299990B CN110299990B CN201910447340.1A CN201910447340A CN110299990B CN 110299990 B CN110299990 B CN 110299990B CN 201910447340 A CN201910447340 A CN 201910447340A CN 110299990 B CN110299990 B CN 110299990B
- Authority
- CN
- China
- Prior art keywords
- monomial
- subscript
- quadratic equation
- value
- values
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The application discloses a QUAD stream cipher generating device combining disorder and mask, which generates a plurality of monomial subscript values in a multivariable quadratic equation set by generating the monomial subscript values in disorder, sequentially acquires the encrypted values of the monomial subscript values according to the generating sequence of the monomial subscript values, accumulates the encrypted values of the monomial subscripts belonging to the same multivariable quadratic equation into a register to generate a QUAD stream cipher, so that the same key information generated by electronic equipment with the device appears at different moments, thereby reducing the correlation between a power consumption curve of register storage operation and the key information, and performs XOR encryption on the key or plaintext by adopting randomized mask, further encrypts the intermediate result of the multivariable quadratic equation, namely each monomial, thereby avoiding side channel leakage when each monomial is written into the register, and further resisting side channel attack, the security of the secret key is effectively improved.
Description
Technical Field
The application relates to the technical field of information security, in particular to a QUAD stream password generating device combining disorder and a mask.
Background
QUAD is a set of provably secure stream ciphers constructed based on a multivariate quadratic system of equations over a finite field. The multivariate quadratic equation can be expressed as follows:
Q(x)=∑1≤i≤j≤nαijxixj+∑1≤i≤nβijxi+γ
side channel attack (SCA for short), also called bypass attack, is a method for attacking an encrypted device against side channel information leakage such as time consumption, power consumption or electromagnetic radiation in the operation process of the encrypted electronic device. This attack method poses a serious threat to cryptographic devices.
In a traditional method for dealing with side channel attack, each monomial in a plurality of multivariate quadratic equations is usually calculated directly according to the same sequence during encryption, and the calculation results of each monomial are accumulated and then temporarily stored in a register to generate a QUAD stream password so as to resist side channel attack. However, if an attacker analyzes the power consumption of the storage operation of the corresponding register of each multivariate quadratic equation, the key information (xj information) can be obtained, and the cryptographic algorithm is further broken.
In order to solve the problems, in the prior art, each monomial in a plurality of multivariable quadratic equations is directly calculated according to the same sequence during encryption, the calculation result of each monomial is accumulated and then temporarily stored in a register, and then the side channel attack is resisted in a mode of constructing a QUAD stream password through the accumulated result. However, when the prior art is adopted to defend side channel attacks, it is found that after the starting monomial numbers are selected, the calculation among the polynomials is still fixed and sequential, and an attacker still has the possibility of aligning the polynomial calculation to obtain key information by exhausting the initial subscript, thereby threatening the security of the cryptographic algorithm.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present application is to provide a QUAD stream cipher generation apparatus combining disorder and a mask to generate a higher security QUAD stream cipher, thereby effectively resisting side channel attack.
In order to solve the above problem, an embodiment of the present application provides a QUAD stream cipher generating apparatus combining scrambling and masking, including:
the disorder subscript controller is used for extracting a multivariable quadratic equation set comprising n variables r multivariable quadratic equations so as to enable the multivariable quadratic equation set to generate a plurality of monomial subscript values (i, j, k) based on the thread where the sliding window is located in a disorder manner; wherein j is more than or equal to 1 and less than or equal to n, k is more than or equal to 1 and less than or equal to r, and r is an even number;
a monomial generator for sequentially obtaining a plurality of monomials of the multivariate quadratic equation set according to a generation order of each monomial subscript value (i, j, k)Wherein the content of the first and second substances,for the plaintext, xiIs a secret key;
a mask type multiplier for mask-encrypting each of the monomials based on the obtaining order of the monomials to sequentially generate an encrypted value of each of the monomialsWherein m isjIs a random mask;
each register is used for obtaining the encrypted values of the monomials belonging to the same multivariable quadratic equation and accumulating the encrypted values in sequence to generate a QUAD stream password; and the multivariable quadratic equations correspond to the registers one by one.
Further, the out-of-order subscript controller is configured to generate a plurality of monomial subscript values (i, j, k) out of order according to the cycle jitter of the sliding window, and specifically includes:
step S11, generating a sliding window with the size of L according to the n variables, and dividing each monomial subscript into a plurality of windows based on the size of the sliding window; wherein if n is an even number, the length L is n, and each polynomial subscript is divided into r × (n +1)/2 windows; if n is an odd number, the length L is n +1, and each polynomial subscript is divided into r × n/2 windows;
step S12 is to randomly generate an initial value L by setting the window number of the window to w 1 and the internal iteration number of the window to L1sThen, randomly generating an initial value i ═ i of the monomial subscripts,j=js,k=ksAnd assigns j to j + Ls-1, performing step S13;
step S13, judging whether the assigned j is larger than n; if yes, go to step S14; otherwise, go to step S17;
step S14, assigning i to i +1, and judging whether the assigned i is larger than n; if yes, go to step S15; otherwise, go to step S16;
step S15, assigning i to i% n, and judging whether k is smaller than r; if yes, assigning k to k +1, and executing step S16; otherwise, assigning k to 1, and executing step S16;
step S16, j is assigned as j- (n-i +1), and step S13 is executed;
step S17, generating a monomial subscript value, and judging whether L is larger than L; if yes, generating a monomial subscript value in the multivariate quadratic equation; otherwise, when w is less than the number of windows, assigning w as w +1, assigning j as j + L, and then executing step S13; wherein, L is more than or equal to 1s≤L/2,1≤is≤js≤n,1≤ks≤r。
Further, the out-of-order subscript controller is configured to generate a plurality of monomial subscript values (i, j, k) out of order according to the cycle jitter of the sliding window, and further includes:
when w in the step S17 is greater than or equal to the number of windows, executing step S18;
step S18, assigning w to 1, assigning l to l +1, and judging whether the assigned l is an odd number; if yes, go to step S19; otherwise, after j is assigned as j + L + L/2, executing step S13;
step S19, determining LsWhether it is less than L/2; if yes, j is assigned as j + L/2+1, LsAssigned a value of LsAfter +1, step S13 is executed; otherwise, j is assigned to j +1, LsAfter the value is assigned to 1, step S13 is performed.
Further, the mask type multiplier is specifically configured to:
acquiring a plurality of random masks, carrying out XOR encryption on the random masks and the keys in a one-to-one correspondence manner, and sequentially generating the acquiring sequence of the monomials according to the plurality of encrypted keys, the random masks and the plaintext based on the acquiring sequence of the monomialsEncrypted value
Further, the mask type multiplier includes:
a first multiplier for obtainingAnd mi×mj(ii) a Wherein the content of the first and second substances,andas a mask type key, mjIs the random mask;
a first XOR calculator for dividing mjAndis subjected to XOR operation to obtainThen, willAndperforming an XOR operation to obtain
A third difference or calculator forAndperforming XOR operation to obtain the encryption value of the single termWherein the content of the first and second substances,
further, the register is specifically configured to:
and obtaining the encrypted values of the monomials belonging to the same multivariable quadratic equation, sequentially accumulating, and performing exclusive OR operation on the final accumulation result and a plurality of masks bit by bit to generate a QUAD stream password.
Further, the stream cipher corresponding to each multivariate quadratic equation is:
the embodiment of the application has the following beneficial effects:
according to the QUAD stream password generating device combining disorder and the mask, a plurality of monomial subscript values in a multivariable quadratic equation set are generated in a mode of generating the monomial subscript values in disorder, after the encryption values of the monomials are sequentially acquired according to the generating sequence of the monomial subscript values, the encryption values of the monomials belonging to the same multivariable quadratic equation are accumulated to a register, and a QUAD stream password is generated. Compared with the prior art, the method and the device have the advantages that the calculation sequence of each monomial is disordered, the same key information generated by the electronic equipment with the device appears at different moments, so that the correlation between the power consumption curve of the register storage operation and the key information is reduced, the key or the plaintext is subjected to exclusive-or encryption by adopting the randomized mask, the intermediate result of the multivariable quadratic equation, namely each monomial is encrypted, the side channel leakage when each monomial is written into the register is avoided, the side channel attack is resisted, and the security of the key is effectively improved.
Drawings
FIG. 1 is a schematic diagram of a QUAD stream cipher generation apparatus with a combination of out-of-order and masking according to an embodiment of the present application;
FIG. 2 is a schematic flow diagram of the out-of-order subscript controller generating a plurality of single-term subscript values out-of-order;
FIG. 3 is yet another flow diagram of the out-of-order subscript controller generating a plurality of single-term subscript values out-of-order;
FIG. 4 is a schematic diagram of a mask type multiplier;
fig. 5 is a flowchart of an implementation of a mask type multiplier to obtain a mono-polynomial encrypted value.
Fig. 6 is a schematic structural diagram of a QUAD stream cipher generating device combining scrambling and masking according to still another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a schematic structural diagram of a QUAD stream cipher generating apparatus combining scrambling and masking according to an embodiment of the present application is shown. The method comprises the following steps:
the disorder subscript controller 1 is used for extracting a multivariable quadratic equation set comprising n variables r multivariable quadratic equations so as to enable the multivariable quadratic equation set to generate a plurality of monomial subscript values (i, j, k) in a disorder manner based on the thread where the sliding window is located.
Wherein j is more than or equal to 1 and less than or equal to n, k is more than or equal to 1 and less than or equal to r, and r is an even number.
Preferably, the number of the polynomial subscript values (i, j, k) generated out of order is rn (n + 1)/2.
In the present embodiment, after the out-of-order subscript controller 1 generates each monomial subscript value (i, j, k), the variable x is output according to the generated subscript valuei、xiAnd coefficient ofFor subsequent composition into a single-term.
A monomial generator 2 for sequentially obtaining a plurality of monomials of the multivariate quadratic equation set according to the generation order of the subscript value (i, j, k) of each monomial
Wherein the content of the first and second substances,for the plaintext, xiIs a key, or,is a secret key, xiIs in the clear.
In the present embodiment, the monomial generator 2 outputs the variable x output by the out-of-order subscript controller 1i、xjAnd coefficient ofIs multiplied and then output, therebyObtaining a monomial
Preferably, the number of monomials in the multivariate quadratic system is r × n (n + 1)/2.
A mask multiplier 3 for mask-encrypting the monomials based on the obtaining order of the monomials to generate the encrypted value of each monomial in turn
Wherein m isjIs the random mask.
Specifically, a plurality of random masks are obtained, the random masks and a plurality of keys are subjected to XOR encryption in a one-to-one correspondence manner, and the encrypted values of the polynomials are sequentially generated based on the obtaining sequence of the polynomials according to the plurality of encrypted keys, the random masks and the plaintexts
And each register 4 is used for acquiring the encrypted values of the monomials belonging to the same multivariable quadratic equation and accumulating the encrypted values in sequence to generate the QUAD stream password.
The multivariable quadratic equation corresponds to the register 3 one by one.
Specifically, the register 4 is specifically configured to obtain the encrypted values of the polynomials belonging to the same multivariate quadratic equation, sequentially accumulate the encrypted values, and perform an exclusive or operation on the final accumulation result and the masks bit by bit to generate a QUAD stream password.
In this embodiment, the register 4 is used to encrypt the jth polynomialWhen accumulation is carried out, the accumulated value Q of the current encryption values of a plurality of monomials is addedkCryptographic value with jth polynomialAccumulation is performed so that the accumulated value stored in the register 4 is updated toWhen the out-of-order subscript controller 1 generates the last subscript, and after all the monomials are calculated, if n is an odd number, the register 4 carries out bit-by-bit and mask operation on the final accumulated valuePerforming an XOR operationIf n is even, the register 4 bitwise sums the final accumulated value with a maskPerforming an XOR operationAnd finally obtaining a result which is the ciphertext.
In this embodiment, the stream cipher corresponding to each multivariate quadratic equation is:
wherein the multivariate quadratic equation randomly generates different initial values of the monomial subscripts (i)s,js,ks) And then, calculating according to the formula so as to obtain the corresponding stream cipher of each multivariable quadratic equation.
It should be noted that, by calculating a multivariable quadratic system of r equations over a finite fieldTo realize encryption of key and plaintext. Wherein, ifIs a plaintext, then xiIs a secret key; if it isIs a secret key, then xiIs in the clear. In this embodiment, in calculating each multivariate quadratic equation in the multivariate quadratic equation set, the individual monomials in each multivariate quadratic equation are randomly perturbedOrder of calculation of (2) making the monomials in different multivariate quadratic equationsThe calculation orders of the first and second polynomials are different, and mask encryption operation is carried out on each polynomial, so that each polynomial is encrypted, and side channel leakage when each polynomial is stored in a register is avoided.
When a multivariable quadratic equation set is calculated, the disorder subscript controller 1 generates r multiplied by n (n +1)/2 monomial subscript values (i, j, k) in a disorder way, namely, the monomial subscript values of the multivariable quadratic equations are reordered, so that the order of the monomial subscript values of each multivariable quadratic equation is different. Wherein r × n (n +1)/2 monomial subscript values (i, j, k) encompass all monomial subscript values in the multivariate quadratic system. Calculating each monomial formula according to the generation sequence of the index value of each monomial formula of the multivariable quadratic equation setAnd then, calculating to obtain the encrypted value of each monomial in the multivariate quadratic equation by adopting a mask algorithm. Each time a cryptographic value of a monomial is computed, the cryptographic value of the monomial is accumulated into a register. After all the monomial encrypted values are accumulated, the stream cipher corresponding to the multivariable quadratic equation can be obtained. The calculation results of r equations in the multivariable quadratic equation set are respectively and correspondingly stored in r registers.
Each multivariable quadratic equation has an n x (n +1)/2 term monomial expression, and after the order of the monomial expressions is disturbed, an attacker wants to pass through r registersThe power consumption analysis of (1) to obtain the key or the plaintext information needs to consider n/2 × a (n +1)/2, n (n +1)/2) ═ n/2 × (n +1)/2) |! There are possibilities to analyze and thus it is difficult to realize an attack on the side channel. And when the encryption value of each monomial is added to the register in sequence, the values written into the register are all mask-type values, so that no x exists in the whole calculation processi、xjAnd xi×xjAnd the side channel leakage is prevented, so that an attacker cannot acquire key or plaintext information through power consumption analysis of a register, and the attack on the side channel is more difficult to realize.
It should be noted that the QUAD stream password generating apparatus combining the disorder and the mask provided by the embodiment of the present invention is generally applied to a multi-end interactive system. The intermediate value of the data is subjected to mask protection, the calculation sequences of the monomials in each multivariate quadratic equation are different, and the sequences accumulated in the memory are different, so that an attacker is prevented from obtaining the key information by analyzing the power consumption of the memory.
Further, referring to fig. 2, it is a schematic flow chart of the out-of-order subscript controller for generating a plurality of single-term subscript values out-of-order. In this embodiment, the generating the plurality of single-term subscript values out of order by the out-of-order subscript controller 1 specifically includes:
and step S11, initializing the size L of the sliding window according to the n variables, and dividing each polynomial subscript into a plurality of windows based on the size of the sliding window.
Wherein if n is an even number, the length L is n, and each polynomial subscript is divided into r × (n +1)/2 windows; if n is an odd number, the length L is n +1 and each polynomial subscript is divided into r × n/2 windows.
Step S12 is to randomly generate an initial value L by setting the window number of the window to w 1 and the internal iteration number of the window to L1sThen, randomly generating an initial value i ═ i of the monomial subscripts,j=js,k=ksAnd assigns j to j + Ls-1, performing step S13.
Step S13, judging whether the assigned j is larger than n; if yes, go to step S14; otherwise, step S17 is executed.
Step S14, assigning i to i +1, and judging whether the assigned i is larger than n; if yes, go to step S15; otherwise, step S16 is executed.
Step S15, assigning i to i% n, and judging whether k is smaller than r; if yes, assigning k to k +1, and executing step S16; otherwise, k is assigned to 1, and step S16 is performed.
Step S16, assigning j to j- (n-i +1), and executing step S13.
Step S17, generating a monomial subscript value, and judging whether L is larger than L; if yes, generating a monomial subscript value in the multivariate quadratic equation; otherwise, when w is less than the window number, w is assigned as w +1, and j is assigned as j + L, then step S13 is executed.
Wherein, L is more than or equal to 1s≤L/2,1≤is≤js≤n,1≤ks≤r。
Further, referring to fig. 3, it is another schematic flow chart of the out-of-order subscript controller generating a plurality of single-term subscript values out-of-order. In this embodiment, in addition to the steps shown in fig. 2, the method further includes:
in step S17, when w is equal to or greater than the number of windows, step S18 is executed.
Step S18, assigning w to 1, assigning l to l +1, and judging whether the assigned l is an odd number; if yes, go to step S19; otherwise, after j is assigned as j + L + L/2, step S13 is executed.
Step S19, determining LsWhether it is less than L/2; if yes, j is assigned as j + L/2+1, LsAssigned a value of LsAfter +1, step S13 is executed; otherwise, j is assigned to j +1, LsAfter the value is assigned to 1, step S13 is performed.
It should be noted that all the monomials in the multivariate quadratic system are completely scrambled to best resist the side channel attack. Meanwhile, in order to reduce the calculation time and storage cost and avoid consuming a large amount of resources, the initial calculation sequence in each multivariable quadratic equation is only disturbed, and each multivariable quadratic equation starts from different initial monomials according to the cycle jitter of a sliding windowAnd calculating, and then calculating cycle run-out. For example, r polynomial equations are calculated, the polynomial subscript generator 2 generates a random polynomial initial subscript value (5,5,1), and a random initial value L s2, then a from the first multivariate quadratic equation2 11x1x1All the monomials of the r multivariate quadratic equations are initially computed step-wise, etc. The QUAD stream password generating device combining disorder and the mask enables the same operation of the secret key and the plaintext in different multivariable quadratic equations to be hidden in different clock cycles, cannot be observed through the power consumption curve characteristics of the memory, is simple and efficient, and is beneficial to the efficient realization of software and hardware.
Further, referring to fig. 4, a schematic diagram of a structure of the mask type multiplier in fig. 1 is shown. The method comprises the following steps:
a first XOR calculator 23 for dividing mjAndis subjected to XOR operation to obtainThen, willAndperforming an XOR operation to obtain
A third difference or calculator 25 forAndperforming XOR operation to obtain the encryption value of the single termWherein the content of the first and second substances,
in this embodiment, the flow of performing the mask multiplier to obtain the encrypted value of the monomial may be as shown in fig. 5.
Further, referring to fig. 6, it is a schematic flow chart of a QUAD stream cipher generating apparatus combining scrambling and masking according to still another embodiment of the present application.
Including an out-of-order subscript controller 31, a mask register 32, a mask-type key register 33, a mask-type multiplier 34, an adder 35, a decider 36, an exclusive or calculator 37, and a result register 38. In calculating the multivariate quadratic equation, the disorder subscript controller 31 randomly generates the monomial subscript values i, j, and k, wherein the multivariate quadratic equation set has r multivariate quadratic equations, and the randomly generated initial monomial subscript value is is、jsAnd ks. The mask register 32 is used to store n masks that are randomly generated. The mask type variable register 33 acquires a variable X in the multivariate quadratic equation, and xors the acquired variable X with the mask M, thereby acquiring a mask type variable Xm. Mask type multiplier 34 receives mask type variable outputted from mask type variable register 33Andmasks mi and mj output from mask register 32, and coefficientsAnd after outputting the encrypted value of the polynomial after the calculation, accumulates the encrypted value of the polynomial into the result register 38. The determiner 36 adds the encrypted value of the kth polynomial in the result register 38, determines whether the internal iteration number of the window is larger than the size of the sliding window, if not, determines that the value is 0, adds the value in the result register 38 and the encrypted value of the (k-1) th polynomial, and writes the added value into the result register 38; if yes, it is determined as 1, and if n is an odd number, the value in result register 38 is compared withExclusive or operation is performed by exclusive or calculator 37; when n is an even number, the value in result register 38 is ANDedExclusive or operation is performed by exclusive or calculator 37; the value output in result register 38 after the exclusive or operation is the ciphertext. After the calculation of r multivariable quadratic equations is completed, encryption is realized.
The embodiment of the application provides a QUAD stream password generating device combining disorder and mask, a plurality of monomial subscript values in a multivariable quadratic equation set are generated in a mode of generating the monomial subscript values in disorder, after the encryption values of the monomials are sequentially acquired according to the generation sequence of the monomial subscript values, the encryption values of the monomials belonging to the same multivariable quadratic equation are accumulated in a register, and a QUAD stream password is generated. Compared with the prior art, the method and the device have the advantages that the calculation sequence of each monomial is disordered, the same key information generated by the electronic equipment with the device appears at different moments, so that the correlation between the power consumption curve of the register storage operation and the key information is reduced, the key or the plaintext is subjected to exclusive-or encryption by adopting the randomized mask, the intermediate result of the multivariable quadratic equation, namely each monomial is encrypted, the side channel leakage when each monomial is written into the register is avoided, the side channel attack is resisted, and the security of the key is effectively improved.
The foregoing is a preferred embodiment of the present application, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations are also regarded as the protection scope of the present application.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
Claims (6)
1. A QUAD stream cipher generating apparatus combining scrambling and masking, comprising:
the disorder subscript controller is used for extracting a multivariable quadratic equation set comprising n variables r multivariable quadratic equations so as to enable the multivariable quadratic equation set to generate a plurality of monomial subscript values (i, j, k) based on the thread where the sliding window is located in a disorder manner; wherein j is more than or equal to 1 and less than or equal to n, k is more than or equal to 1 and less than or equal to r, and r is an even number;
a monomial generator for sequentially obtaining a plurality of monomials of the multivariate quadratic equation set according to a generation order of each monomial subscript value (i, j, k)Wherein the content of the first and second substances,for the plaintext, xiIs a secret key;
a mask type multiplier for mask-encrypting each of the monomials based on the obtaining order of the monomials to sequentially generate an encrypted value of each of the monomialsWherein m isjIs a random mask;
each register is used for obtaining the encrypted values of the monomials belonging to the same multivariable quadratic equation and accumulating the encrypted values in sequence to generate a QUAD stream password; the multivariable quadratic equation corresponds to the register one by one;
wherein, the out-of-order subscript controller is configured to generate a plurality of monomial subscript values (i, j, k) out of order according to the cycle jitter of the sliding window, and specifically includes:
step S11, generating a sliding window with the size of L according to the n variables, and dividing each monomial subscript into a plurality of windows based on the size of the sliding window; wherein if n is an even number, the length L is n, and each polynomial subscript is divided into r × (n +1)/2 windows; if n is an odd number, the length L is n +1, and each polynomial subscript is divided into r × n/2 windows;
step S12 is to randomly generate an initial value L by setting the window number of the window to w 1 and the internal iteration number of the window to L1sThen, randomly generating an initial value i ═ i of the monomial subscripts,j=js,k=ksAnd assigns j to j + Ls-1, performing step S13;
step S13, judging whether the assigned j is larger than n; if yes, go to step S14; otherwise, go to step S17;
step S14, assigning i to i +1, and judging whether the assigned i is larger than n; if yes, go to step S15; otherwise, go to step S16;
step S15, assigning i to i% n, and judging whether k is smaller than r; if yes, assigning k to k +1, and executing step S16; otherwise, assigning k to 1, and executing step S16;
step S16, j is assigned as j- (n-i +1), and step S13 is executed;
step S17, generating a monomial subscript value, and judging whether L is larger than L; if yes, generating a monomial subscript value in the multivariate quadratic equation; otherwise, when w is less than the number of windows, assigning w as w +1, assigning j as j + L, and then executing step S13; wherein, L is more than or equal to 1s≤L/2,1≤is≤js≤n,1≤ks≤r。
2. The apparatus for generating a QUAD stream cipher combining out-of-order and masking according to claim 1, wherein said out-of-order subscript controller is configured to generate a plurality of monomial subscript values (i, j, k) out-of-order according to a cycle jitter of said sliding window, further comprising:
when w in the step S17 is greater than or equal to the number of windows, executing step S18;
step S18, assigning w to 1, assigning l to l +1, and judging whether the assigned l is an odd number; if yes, go to step S19; otherwise, after j is assigned as j + L + L/2, executing step S13;
step S19, determining LsWhether it is less than L/2; if so, thenAssign j to j + L/2+1, assign LsAssigned a value of LsAfter +1, step S13 is executed; otherwise, j is assigned to j +1, LsAfter the value is assigned to 1, step S13 is performed.
3. The apparatus for QUAD stream cipher generation with combined out-of-order and masking according to claim 1, wherein said masked-type multiplier is specifically configured to:
acquiring a plurality of random masks, carrying out XOR encryption on the random masks and the keys in a one-to-one correspondence manner, and sequentially generating an encrypted value of each monomial expression according to the plurality of encrypted keys, the random masks and the plaintext after encryption and based on the acquisition sequence of the monomials
4. The combined out-of-order and masked QUAD stream cipher generation apparatus of claim 1, wherein said masked multiplier includes:
a first multiplier for obtainingAnd mi×mj(ii) a Wherein the content of the first and second substances,andas a mask type key, mjIs the random mask;
a first XOR calculator for dividing mjAndis subjected to XOR operation to obtainThen, willAndperforming an XOR operation to obtain
5. the apparatus for QUAD stream cipher generation with out-of-order and masking according to claim 1, wherein said register is specifically configured to:
and obtaining the encrypted values of the monomials belonging to the same multivariable quadratic equation, sequentially accumulating, and performing exclusive OR operation on the final accumulation result and a plurality of masks bit by bit to generate a QUAD stream password.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910447340.1A CN110299990B (en) | 2019-05-27 | 2019-05-27 | QUAD stream cipher generating device combining disorder and mask |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910447340.1A CN110299990B (en) | 2019-05-27 | 2019-05-27 | QUAD stream cipher generating device combining disorder and mask |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110299990A CN110299990A (en) | 2019-10-01 |
CN110299990B true CN110299990B (en) | 2021-11-02 |
Family
ID=68027329
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910447340.1A Active CN110299990B (en) | 2019-05-27 | 2019-05-27 | QUAD stream cipher generating device combining disorder and mask |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110299990B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105681033A (en) * | 2016-01-26 | 2016-06-15 | 广东技术师范学院 | Out-of-order encryption device for multivariable quadratic equation |
CN105743644A (en) * | 2016-01-26 | 2016-07-06 | 广东技术师范学院 | Mask encryption device of multivariable quadratic equation |
CN108702286A (en) * | 2016-04-01 | 2018-10-23 | 英特尔公司 | The Advanced Encryption Standard accelerator processor of anti-power side-channel attack |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9209968B2 (en) * | 2012-03-02 | 2015-12-08 | Sony Corporation | Information processing apparatus, information processing method, and program |
-
2019
- 2019-05-27 CN CN201910447340.1A patent/CN110299990B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105681033A (en) * | 2016-01-26 | 2016-06-15 | 广东技术师范学院 | Out-of-order encryption device for multivariable quadratic equation |
CN105743644A (en) * | 2016-01-26 | 2016-07-06 | 广东技术师范学院 | Mask encryption device of multivariable quadratic equation |
CN108702286A (en) * | 2016-04-01 | 2018-10-23 | 英特尔公司 | The Advanced Encryption Standard accelerator processor of anti-power side-channel attack |
Non-Patent Citations (3)
Title |
---|
"SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip";J. Longo;《International Workshop on Cryptographic Hardware and Embedded Systems》;20150901;全文 * |
"KLEIN和QUAD的侧信道攻击与防护研究";李伟键;《中国博士学位论文全文数据库》;20161215;全文 * |
"线程级并行的硬件技术研究";朱霞;《中国博士学位论文全文数据库》;20040215;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN110299990A (en) | 2019-10-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Rivain et al. | Higher-order masking and shuffling for software implementations of block ciphers | |
US7899190B2 (en) | Security countermeasures for power analysis attacks | |
US8306218B2 (en) | Protected encryption method and associated component | |
CN113940028B (en) | Method and device for realizing white box password | |
EP3241150B1 (en) | Determining cryptographic operation masks for improving resistance to external monitoring attacks | |
US20120254625A1 (en) | Protecting states of a cryptographic process using group automorphisms | |
CN108737685B (en) | Image encryption method based on chaotic self-adaptive mechanism | |
CN110190951B (en) | Power consumption attack method and system for DES algorithm L register turning | |
Kamoun et al. | Experimental Implementation of 2ODPA attacks on AES design with flash-based FPGA Technology | |
US10855443B2 (en) | Protecting polynomial hash functions from external monitoring attacks | |
Luo et al. | Cryptanalysis of chaos-based cryptosystem from the hardware perspective | |
WO2008013083A1 (en) | Pseudo random number generator, stream encrypting device, and program | |
Hanley et al. | Unknown plaintext template attacks | |
EP1587237B1 (en) | Security countermeasures for power analysis attacks | |
CN110299992B (en) | Out-of-order encryption method and device of multivariable quadratic equation based on sliding window | |
CN110299990B (en) | QUAD stream cipher generating device combining disorder and mask | |
KR100991713B1 (en) | Apparatus and method for operating inversion of AES with masking method, and AES cipher system and method using thereof | |
CN110299991B (en) | QUAD stream cipher generating device for resisting side channel attack | |
EP2363974A1 (en) | Variable table masking for cryptographic processes | |
You et al. | Low trace-count template attacks on 32-bit implementations of ASCON AEAD | |
Luo et al. | A chaotic block cryptographic system resistant to power analysis attack | |
CN110299986B (en) | Multivariate quadratic equation encryption method and device based on RSA disorder | |
Ali et al. | Modified Advanced Encryption Standard algorithm for fast transmitted data protection | |
Wang et al. | An area-efficient shuffling scheme for AES implementation on FPGA | |
DeTrano et al. | Exploiting small leakages in masks to turn a second-order attack into a first-order attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |