CN110299990B - QUAD stream cipher generating device combining disorder and mask - Google Patents

QUAD stream cipher generating device combining disorder and mask Download PDF

Info

Publication number
CN110299990B
CN110299990B CN201910447340.1A CN201910447340A CN110299990B CN 110299990 B CN110299990 B CN 110299990B CN 201910447340 A CN201910447340 A CN 201910447340A CN 110299990 B CN110299990 B CN 110299990B
Authority
CN
China
Prior art keywords
monomial
subscript
quadratic equation
value
values
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910447340.1A
Other languages
Chinese (zh)
Other versions
CN110299990A (en
Inventor
李伟键
黄娴
鹿福祥
李艳华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Polytechnic Normal University
Original Assignee
Guangdong Polytechnic Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Polytechnic Normal University filed Critical Guangdong Polytechnic Normal University
Priority to CN201910447340.1A priority Critical patent/CN110299990B/en
Publication of CN110299990A publication Critical patent/CN110299990A/en
Application granted granted Critical
Publication of CN110299990B publication Critical patent/CN110299990B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The application discloses a QUAD stream cipher generating device combining disorder and mask, which generates a plurality of monomial subscript values in a multivariable quadratic equation set by generating the monomial subscript values in disorder, sequentially acquires the encrypted values of the monomial subscript values according to the generating sequence of the monomial subscript values, accumulates the encrypted values of the monomial subscripts belonging to the same multivariable quadratic equation into a register to generate a QUAD stream cipher, so that the same key information generated by electronic equipment with the device appears at different moments, thereby reducing the correlation between a power consumption curve of register storage operation and the key information, and performs XOR encryption on the key or plaintext by adopting randomized mask, further encrypts the intermediate result of the multivariable quadratic equation, namely each monomial, thereby avoiding side channel leakage when each monomial is written into the register, and further resisting side channel attack, the security of the secret key is effectively improved.

Description

QUAD stream cipher generating device combining disorder and mask
Technical Field
The application relates to the technical field of information security, in particular to a QUAD stream password generating device combining disorder and a mask.
Background
QUAD is a set of provably secure stream ciphers constructed based on a multivariate quadratic system of equations over a finite field. The multivariate quadratic equation can be expressed as follows:
Q(x)=∑1≤i≤j≤nαijxixj+∑1≤i≤nβijxi
side channel attack (SCA for short), also called bypass attack, is a method for attacking an encrypted device against side channel information leakage such as time consumption, power consumption or electromagnetic radiation in the operation process of the encrypted electronic device. This attack method poses a serious threat to cryptographic devices.
In a traditional method for dealing with side channel attack, each monomial in a plurality of multivariate quadratic equations is usually calculated directly according to the same sequence during encryption, and the calculation results of each monomial are accumulated and then temporarily stored in a register to generate a QUAD stream password so as to resist side channel attack. However, if an attacker analyzes the power consumption of the storage operation of the corresponding register of each multivariate quadratic equation, the key information (xj information) can be obtained, and the cryptographic algorithm is further broken.
In order to solve the problems, in the prior art, each monomial in a plurality of multivariable quadratic equations is directly calculated according to the same sequence during encryption, the calculation result of each monomial is accumulated and then temporarily stored in a register, and then the side channel attack is resisted in a mode of constructing a QUAD stream password through the accumulated result. However, when the prior art is adopted to defend side channel attacks, it is found that after the starting monomial numbers are selected, the calculation among the polynomials is still fixed and sequential, and an attacker still has the possibility of aligning the polynomial calculation to obtain key information by exhausting the initial subscript, thereby threatening the security of the cryptographic algorithm.
Disclosure of Invention
The technical problem to be solved by the embodiments of the present application is to provide a QUAD stream cipher generation apparatus combining disorder and a mask to generate a higher security QUAD stream cipher, thereby effectively resisting side channel attack.
In order to solve the above problem, an embodiment of the present application provides a QUAD stream cipher generating apparatus combining scrambling and masking, including:
the disorder subscript controller is used for extracting a multivariable quadratic equation set comprising n variables r multivariable quadratic equations so as to enable the multivariable quadratic equation set to generate a plurality of monomial subscript values (i, j, k) based on the thread where the sliding window is located in a disorder manner; wherein j is more than or equal to 1 and less than or equal to n, k is more than or equal to 1 and less than or equal to r, and r is an even number;
a monomial generator for sequentially obtaining a plurality of monomials of the multivariate quadratic equation set according to a generation order of each monomial subscript value (i, j, k)
Figure BDA0002074052250000021
Wherein the content of the first and second substances,
Figure BDA0002074052250000022
for the plaintext, xiIs a secret key;
a mask type multiplier for mask-encrypting each of the monomials based on the obtaining order of the monomials to sequentially generate an encrypted value of each of the monomials
Figure BDA0002074052250000023
Wherein m isjIs a random mask;
each register is used for obtaining the encrypted values of the monomials belonging to the same multivariable quadratic equation and accumulating the encrypted values in sequence to generate a QUAD stream password; and the multivariable quadratic equations correspond to the registers one by one.
Further, the out-of-order subscript controller is configured to generate a plurality of monomial subscript values (i, j, k) out of order according to the cycle jitter of the sliding window, and specifically includes:
step S11, generating a sliding window with the size of L according to the n variables, and dividing each monomial subscript into a plurality of windows based on the size of the sliding window; wherein if n is an even number, the length L is n, and each polynomial subscript is divided into r × (n +1)/2 windows; if n is an odd number, the length L is n +1, and each polynomial subscript is divided into r × n/2 windows;
step S12 is to randomly generate an initial value L by setting the window number of the window to w 1 and the internal iteration number of the window to L1sThen, randomly generating an initial value i ═ i of the monomial subscripts,j=js,k=ksAnd assigns j to j + Ls-1, performing step S13;
step S13, judging whether the assigned j is larger than n; if yes, go to step S14; otherwise, go to step S17;
step S14, assigning i to i +1, and judging whether the assigned i is larger than n; if yes, go to step S15; otherwise, go to step S16;
step S15, assigning i to i% n, and judging whether k is smaller than r; if yes, assigning k to k +1, and executing step S16; otherwise, assigning k to 1, and executing step S16;
step S16, j is assigned as j- (n-i +1), and step S13 is executed;
step S17, generating a monomial subscript value, and judging whether L is larger than L; if yes, generating a monomial subscript value in the multivariate quadratic equation; otherwise, when w is less than the number of windows, assigning w as w +1, assigning j as j + L, and then executing step S13; wherein, L is more than or equal to 1s≤L/2,1≤is≤js≤n,1≤ks≤r。
Further, the out-of-order subscript controller is configured to generate a plurality of monomial subscript values (i, j, k) out of order according to the cycle jitter of the sliding window, and further includes:
when w in the step S17 is greater than or equal to the number of windows, executing step S18;
step S18, assigning w to 1, assigning l to l +1, and judging whether the assigned l is an odd number; if yes, go to step S19; otherwise, after j is assigned as j + L + L/2, executing step S13;
step S19, determining LsWhether it is less than L/2; if yes, j is assigned as j + L/2+1, LsAssigned a value of LsAfter +1, step S13 is executed; otherwise, j is assigned to j +1, LsAfter the value is assigned to 1, step S13 is performed.
Further, the mask type multiplier is specifically configured to:
acquiring a plurality of random masks, carrying out XOR encryption on the random masks and the keys in a one-to-one correspondence manner, and sequentially generating the acquiring sequence of the monomials according to the plurality of encrypted keys, the random masks and the plaintext based on the acquiring sequence of the monomialsEncrypted value
Figure BDA0002074052250000031
Further, the mask type multiplier includes:
a first multiplier for obtaining
Figure BDA0002074052250000032
And mi×mj(ii) a Wherein the content of the first and second substances,
Figure BDA0002074052250000033
and
Figure BDA0002074052250000034
as a mask type key, mjIs the random mask;
a second multiplier for multiplying alphaijAre respectively multiplied by
Figure BDA0002074052250000041
And mi×mjTo obtain
Figure BDA0002074052250000042
And
Figure BDA0002074052250000043
a first XOR calculator for dividing mjAnd
Figure BDA0002074052250000044
is subjected to XOR operation to obtain
Figure BDA0002074052250000045
Then, will
Figure BDA0002074052250000046
And
Figure BDA0002074052250000047
performing an XOR operation to obtain
Figure BDA0002074052250000048
A second XOR calculator for calculating
Figure BDA0002074052250000049
And
Figure BDA00020740522500000410
performing an exclusive OR operation to obtain
Figure BDA00020740522500000411
A third difference or calculator for
Figure BDA00020740522500000412
And
Figure BDA00020740522500000413
performing XOR operation to obtain the encryption value of the single term
Figure BDA00020740522500000414
Wherein the content of the first and second substances,
Figure BDA00020740522500000415
further, the register is specifically configured to:
and obtaining the encrypted values of the monomials belonging to the same multivariable quadratic equation, sequentially accumulating, and performing exclusive OR operation on the final accumulation result and a plurality of masks bit by bit to generate a QUAD stream password.
Further, the stream cipher corresponding to each multivariate quadratic equation is:
Figure BDA00020740522500000416
the embodiment of the application has the following beneficial effects:
according to the QUAD stream password generating device combining disorder and the mask, a plurality of monomial subscript values in a multivariable quadratic equation set are generated in a mode of generating the monomial subscript values in disorder, after the encryption values of the monomials are sequentially acquired according to the generating sequence of the monomial subscript values, the encryption values of the monomials belonging to the same multivariable quadratic equation are accumulated to a register, and a QUAD stream password is generated. Compared with the prior art, the method and the device have the advantages that the calculation sequence of each monomial is disordered, the same key information generated by the electronic equipment with the device appears at different moments, so that the correlation between the power consumption curve of the register storage operation and the key information is reduced, the key or the plaintext is subjected to exclusive-or encryption by adopting the randomized mask, the intermediate result of the multivariable quadratic equation, namely each monomial is encrypted, the side channel leakage when each monomial is written into the register is avoided, the side channel attack is resisted, and the security of the key is effectively improved.
Drawings
FIG. 1 is a schematic diagram of a QUAD stream cipher generation apparatus with a combination of out-of-order and masking according to an embodiment of the present application;
FIG. 2 is a schematic flow diagram of the out-of-order subscript controller generating a plurality of single-term subscript values out-of-order;
FIG. 3 is yet another flow diagram of the out-of-order subscript controller generating a plurality of single-term subscript values out-of-order;
FIG. 4 is a schematic diagram of a mask type multiplier;
fig. 5 is a flowchart of an implementation of a mask type multiplier to obtain a mono-polynomial encrypted value.
Fig. 6 is a schematic structural diagram of a QUAD stream cipher generating device combining scrambling and masking according to still another embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a schematic structural diagram of a QUAD stream cipher generating apparatus combining scrambling and masking according to an embodiment of the present application is shown. The method comprises the following steps:
the disorder subscript controller 1 is used for extracting a multivariable quadratic equation set comprising n variables r multivariable quadratic equations so as to enable the multivariable quadratic equation set to generate a plurality of monomial subscript values (i, j, k) in a disorder manner based on the thread where the sliding window is located.
Wherein j is more than or equal to 1 and less than or equal to n, k is more than or equal to 1 and less than or equal to r, and r is an even number.
Preferably, the number of the polynomial subscript values (i, j, k) generated out of order is rn (n + 1)/2.
In the present embodiment, after the out-of-order subscript controller 1 generates each monomial subscript value (i, j, k), the variable x is output according to the generated subscript valuei、xiAnd coefficient of
Figure BDA0002074052250000051
For subsequent composition into a single-term.
A monomial generator 2 for sequentially obtaining a plurality of monomials of the multivariate quadratic equation set according to the generation order of the subscript value (i, j, k) of each monomial
Figure BDA0002074052250000061
Wherein the content of the first and second substances,
Figure BDA0002074052250000062
for the plaintext, xiIs a key, or,
Figure BDA0002074052250000063
is a secret key, xiIs in the clear.
In the present embodiment, the monomial generator 2 outputs the variable x output by the out-of-order subscript controller 1i、xjAnd coefficient of
Figure BDA0002074052250000064
Is multiplied and then output, therebyObtaining a monomial
Figure BDA0002074052250000065
Preferably, the number of monomials in the multivariate quadratic system is r × n (n + 1)/2.
A mask multiplier 3 for mask-encrypting the monomials based on the obtaining order of the monomials to generate the encrypted value of each monomial in turn
Figure BDA0002074052250000066
Wherein m isjIs the random mask.
Specifically, a plurality of random masks are obtained, the random masks and a plurality of keys are subjected to XOR encryption in a one-to-one correspondence manner, and the encrypted values of the polynomials are sequentially generated based on the obtaining sequence of the polynomials according to the plurality of encrypted keys, the random masks and the plaintexts
Figure BDA0002074052250000067
And each register 4 is used for acquiring the encrypted values of the monomials belonging to the same multivariable quadratic equation and accumulating the encrypted values in sequence to generate the QUAD stream password.
The multivariable quadratic equation corresponds to the register 3 one by one.
Specifically, the register 4 is specifically configured to obtain the encrypted values of the polynomials belonging to the same multivariate quadratic equation, sequentially accumulate the encrypted values, and perform an exclusive or operation on the final accumulation result and the masks bit by bit to generate a QUAD stream password.
In this embodiment, the register 4 is used to encrypt the jth polynomial
Figure BDA0002074052250000068
When accumulation is carried out, the accumulated value Q of the current encryption values of a plurality of monomials is addedkCryptographic value with jth polynomial
Figure BDA0002074052250000069
Accumulation is performed so that the accumulated value stored in the register 4 is updated to
Figure BDA00020740522500000610
When the out-of-order subscript controller 1 generates the last subscript, and after all the monomials are calculated, if n is an odd number, the register 4 carries out bit-by-bit and mask operation on the final accumulated value
Figure BDA00020740522500000611
Performing an XOR operation
Figure BDA00020740522500000612
If n is even, the register 4 bitwise sums the final accumulated value with a mask
Figure BDA00020740522500000613
Performing an XOR operation
Figure BDA0002074052250000071
And finally obtaining a result which is the ciphertext.
In this embodiment, the stream cipher corresponding to each multivariate quadratic equation is:
Figure BDA0002074052250000072
wherein the multivariate quadratic equation randomly generates different initial values of the monomial subscripts (i)s,js,ks) And then, calculating according to the formula so as to obtain the corresponding stream cipher of each multivariable quadratic equation.
It should be noted that, by calculating a multivariable quadratic system of r equations over a finite field
Figure BDA0002074052250000073
To realize encryption of key and plaintext. Wherein, if
Figure BDA0002074052250000074
Is a plaintext, then xiIs a secret key; if it is
Figure BDA0002074052250000075
Is a secret key, then xiIs in the clear. In this embodiment, in calculating each multivariate quadratic equation in the multivariate quadratic equation set, the individual monomials in each multivariate quadratic equation are randomly perturbed
Figure BDA0002074052250000076
Order of calculation of (2) making the monomials in different multivariate quadratic equations
Figure BDA0002074052250000077
The calculation orders of the first and second polynomials are different, and mask encryption operation is carried out on each polynomial, so that each polynomial is encrypted, and side channel leakage when each polynomial is stored in a register is avoided.
When a multivariable quadratic equation set is calculated, the disorder subscript controller 1 generates r multiplied by n (n +1)/2 monomial subscript values (i, j, k) in a disorder way, namely, the monomial subscript values of the multivariable quadratic equations are reordered, so that the order of the monomial subscript values of each multivariable quadratic equation is different. Wherein r × n (n +1)/2 monomial subscript values (i, j, k) encompass all monomial subscript values in the multivariate quadratic system. Calculating each monomial formula according to the generation sequence of the index value of each monomial formula of the multivariable quadratic equation set
Figure BDA0002074052250000078
And then, calculating to obtain the encrypted value of each monomial in the multivariate quadratic equation by adopting a mask algorithm. Each time a cryptographic value of a monomial is computed, the cryptographic value of the monomial is accumulated into a register. After all the monomial encrypted values are accumulated, the stream cipher corresponding to the multivariable quadratic equation can be obtained. The calculation results of r equations in the multivariable quadratic equation set are respectively and correspondingly stored in r registers.
Each multivariable quadratic equation has an n x (n +1)/2 term monomial expression, and after the order of the monomial expressions is disturbed, an attacker wants to pass through r registersThe power consumption analysis of (1) to obtain the key or the plaintext information needs to consider n/2 × a (n +1)/2, n (n +1)/2) ═ n/2 × (n +1)/2) |! There are possibilities to analyze and thus it is difficult to realize an attack on the side channel. And when the encryption value of each monomial is added to the register in sequence, the values written into the register are all mask-type values, so that no x exists in the whole calculation processi、xjAnd xi×xjAnd the side channel leakage is prevented, so that an attacker cannot acquire key or plaintext information through power consumption analysis of a register, and the attack on the side channel is more difficult to realize.
It should be noted that the QUAD stream password generating apparatus combining the disorder and the mask provided by the embodiment of the present invention is generally applied to a multi-end interactive system. The intermediate value of the data is subjected to mask protection, the calculation sequences of the monomials in each multivariate quadratic equation are different, and the sequences accumulated in the memory are different, so that an attacker is prevented from obtaining the key information by analyzing the power consumption of the memory.
Further, referring to fig. 2, it is a schematic flow chart of the out-of-order subscript controller for generating a plurality of single-term subscript values out-of-order. In this embodiment, the generating the plurality of single-term subscript values out of order by the out-of-order subscript controller 1 specifically includes:
and step S11, initializing the size L of the sliding window according to the n variables, and dividing each polynomial subscript into a plurality of windows based on the size of the sliding window.
Wherein if n is an even number, the length L is n, and each polynomial subscript is divided into r × (n +1)/2 windows; if n is an odd number, the length L is n +1 and each polynomial subscript is divided into r × n/2 windows.
Step S12 is to randomly generate an initial value L by setting the window number of the window to w 1 and the internal iteration number of the window to L1sThen, randomly generating an initial value i ═ i of the monomial subscripts,j=js,k=ksAnd assigns j to j + Ls-1, performing step S13.
Step S13, judging whether the assigned j is larger than n; if yes, go to step S14; otherwise, step S17 is executed.
Step S14, assigning i to i +1, and judging whether the assigned i is larger than n; if yes, go to step S15; otherwise, step S16 is executed.
Step S15, assigning i to i% n, and judging whether k is smaller than r; if yes, assigning k to k +1, and executing step S16; otherwise, k is assigned to 1, and step S16 is performed.
Step S16, assigning j to j- (n-i +1), and executing step S13.
Step S17, generating a monomial subscript value, and judging whether L is larger than L; if yes, generating a monomial subscript value in the multivariate quadratic equation; otherwise, when w is less than the window number, w is assigned as w +1, and j is assigned as j + L, then step S13 is executed.
Wherein, L is more than or equal to 1s≤L/2,1≤is≤js≤n,1≤ks≤r。
Further, referring to fig. 3, it is another schematic flow chart of the out-of-order subscript controller generating a plurality of single-term subscript values out-of-order. In this embodiment, in addition to the steps shown in fig. 2, the method further includes:
in step S17, when w is equal to or greater than the number of windows, step S18 is executed.
Step S18, assigning w to 1, assigning l to l +1, and judging whether the assigned l is an odd number; if yes, go to step S19; otherwise, after j is assigned as j + L + L/2, step S13 is executed.
Step S19, determining LsWhether it is less than L/2; if yes, j is assigned as j + L/2+1, LsAssigned a value of LsAfter +1, step S13 is executed; otherwise, j is assigned to j +1, LsAfter the value is assigned to 1, step S13 is performed.
It should be noted that all the monomials in the multivariate quadratic system are completely scrambled to best resist the side channel attack. Meanwhile, in order to reduce the calculation time and storage cost and avoid consuming a large amount of resources, the initial calculation sequence in each multivariable quadratic equation is only disturbed, and each multivariable quadratic equation starts from different initial monomials according to the cycle jitter of a sliding windowAnd calculating, and then calculating cycle run-out. For example, r polynomial equations are calculated, the polynomial subscript generator 2 generates a random polynomial initial subscript value (5,5,1), and a random initial value L s2, then a from the first multivariate quadratic equation2 11x1x1All the monomials of the r multivariate quadratic equations are initially computed step-wise, etc. The QUAD stream password generating device combining disorder and the mask enables the same operation of the secret key and the plaintext in different multivariable quadratic equations to be hidden in different clock cycles, cannot be observed through the power consumption curve characteristics of the memory, is simple and efficient, and is beneficial to the efficient realization of software and hardware.
Further, referring to fig. 4, a schematic diagram of a structure of the mask type multiplier in fig. 1 is shown. The method comprises the following steps:
a first multiplier 21 for obtaining
Figure BDA0002074052250000091
And mi×mj
Wherein the content of the first and second substances,
Figure BDA0002074052250000101
and
Figure BDA0002074052250000102
as a mask type key, mjIs a random mask.
A second multiplier 22 for multiplying alphaijAre respectively multiplied by
Figure BDA0002074052250000103
And mi x mjTo obtain
Figure BDA0002074052250000104
And
Figure BDA0002074052250000105
a first XOR calculator 23 for dividing mjAnd
Figure BDA0002074052250000106
is subjected to XOR operation to obtain
Figure BDA0002074052250000107
Then, will
Figure BDA0002074052250000108
And
Figure BDA0002074052250000109
performing an XOR operation to obtain
Figure BDA00020740522500001010
A second XOR calculator 24 for calculating
Figure BDA00020740522500001011
And
Figure BDA00020740522500001012
performing an exclusive OR operation to obtain
Figure BDA00020740522500001013
A third difference or calculator 25 for
Figure BDA00020740522500001014
And
Figure BDA00020740522500001015
performing XOR operation to obtain the encryption value of the single term
Figure BDA00020740522500001016
Wherein the content of the first and second substances,
Figure BDA00020740522500001017
in this embodiment, the flow of performing the mask multiplier to obtain the encrypted value of the monomial may be as shown in fig. 5.
Further, referring to fig. 6, it is a schematic flow chart of a QUAD stream cipher generating apparatus combining scrambling and masking according to still another embodiment of the present application.
Including an out-of-order subscript controller 31, a mask register 32, a mask-type key register 33, a mask-type multiplier 34, an adder 35, a decider 36, an exclusive or calculator 37, and a result register 38. In calculating the multivariate quadratic equation, the disorder subscript controller 31 randomly generates the monomial subscript values i, j, and k, wherein the multivariate quadratic equation set has r multivariate quadratic equations, and the randomly generated initial monomial subscript value is is、jsAnd ks. The mask register 32 is used to store n masks that are randomly generated. The mask type variable register 33 acquires a variable X in the multivariate quadratic equation, and xors the acquired variable X with the mask M, thereby acquiring a mask type variable Xm. Mask type multiplier 34 receives mask type variable outputted from mask type variable register 33
Figure BDA00020740522500001018
And
Figure BDA00020740522500001019
masks mi and mj output from mask register 32, and coefficients
Figure BDA00020740522500001020
And after outputting the encrypted value of the polynomial after the calculation, accumulates the encrypted value of the polynomial into the result register 38. The determiner 36 adds the encrypted value of the kth polynomial in the result register 38, determines whether the internal iteration number of the window is larger than the size of the sliding window, if not, determines that the value is 0, adds the value in the result register 38 and the encrypted value of the (k-1) th polynomial, and writes the added value into the result register 38; if yes, it is determined as 1, and if n is an odd number, the value in result register 38 is compared with
Figure BDA0002074052250000111
Exclusive or operation is performed by exclusive or calculator 37; when n is an even number, the value in result register 38 is ANDed
Figure BDA0002074052250000112
Exclusive or operation is performed by exclusive or calculator 37; the value output in result register 38 after the exclusive or operation is the ciphertext. After the calculation of r multivariable quadratic equations is completed, encryption is realized.
The embodiment of the application provides a QUAD stream password generating device combining disorder and mask, a plurality of monomial subscript values in a multivariable quadratic equation set are generated in a mode of generating the monomial subscript values in disorder, after the encryption values of the monomials are sequentially acquired according to the generation sequence of the monomial subscript values, the encryption values of the monomials belonging to the same multivariable quadratic equation are accumulated in a register, and a QUAD stream password is generated. Compared with the prior art, the method and the device have the advantages that the calculation sequence of each monomial is disordered, the same key information generated by the electronic equipment with the device appears at different moments, so that the correlation between the power consumption curve of the register storage operation and the key information is reduced, the key or the plaintext is subjected to exclusive-or encryption by adopting the randomized mask, the intermediate result of the multivariable quadratic equation, namely each monomial is encrypted, the side channel leakage when each monomial is written into the register is avoided, the side channel attack is resisted, and the security of the key is effectively improved.
The foregoing is a preferred embodiment of the present application, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations are also regarded as the protection scope of the present application.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.

Claims (6)

1. A QUAD stream cipher generating apparatus combining scrambling and masking, comprising:
the disorder subscript controller is used for extracting a multivariable quadratic equation set comprising n variables r multivariable quadratic equations so as to enable the multivariable quadratic equation set to generate a plurality of monomial subscript values (i, j, k) based on the thread where the sliding window is located in a disorder manner; wherein j is more than or equal to 1 and less than or equal to n, k is more than or equal to 1 and less than or equal to r, and r is an even number;
a monomial generator for sequentially obtaining a plurality of monomials of the multivariate quadratic equation set according to a generation order of each monomial subscript value (i, j, k)
Figure FDA0003247389560000011
Wherein the content of the first and second substances,
Figure FDA0003247389560000012
for the plaintext, xiIs a secret key;
a mask type multiplier for mask-encrypting each of the monomials based on the obtaining order of the monomials to sequentially generate an encrypted value of each of the monomials
Figure FDA0003247389560000013
Wherein m isjIs a random mask;
each register is used for obtaining the encrypted values of the monomials belonging to the same multivariable quadratic equation and accumulating the encrypted values in sequence to generate a QUAD stream password; the multivariable quadratic equation corresponds to the register one by one;
wherein, the out-of-order subscript controller is configured to generate a plurality of monomial subscript values (i, j, k) out of order according to the cycle jitter of the sliding window, and specifically includes:
step S11, generating a sliding window with the size of L according to the n variables, and dividing each monomial subscript into a plurality of windows based on the size of the sliding window; wherein if n is an even number, the length L is n, and each polynomial subscript is divided into r × (n +1)/2 windows; if n is an odd number, the length L is n +1, and each polynomial subscript is divided into r × n/2 windows;
step S12 is to randomly generate an initial value L by setting the window number of the window to w 1 and the internal iteration number of the window to L1sThen, randomly generating an initial value i ═ i of the monomial subscripts,j=js,k=ksAnd assigns j to j + Ls-1, performing step S13;
step S13, judging whether the assigned j is larger than n; if yes, go to step S14; otherwise, go to step S17;
step S14, assigning i to i +1, and judging whether the assigned i is larger than n; if yes, go to step S15; otherwise, go to step S16;
step S15, assigning i to i% n, and judging whether k is smaller than r; if yes, assigning k to k +1, and executing step S16; otherwise, assigning k to 1, and executing step S16;
step S16, j is assigned as j- (n-i +1), and step S13 is executed;
step S17, generating a monomial subscript value, and judging whether L is larger than L; if yes, generating a monomial subscript value in the multivariate quadratic equation; otherwise, when w is less than the number of windows, assigning w as w +1, assigning j as j + L, and then executing step S13; wherein, L is more than or equal to 1s≤L/2,1≤is≤js≤n,1≤ks≤r。
2. The apparatus for generating a QUAD stream cipher combining out-of-order and masking according to claim 1, wherein said out-of-order subscript controller is configured to generate a plurality of monomial subscript values (i, j, k) out-of-order according to a cycle jitter of said sliding window, further comprising:
when w in the step S17 is greater than or equal to the number of windows, executing step S18;
step S18, assigning w to 1, assigning l to l +1, and judging whether the assigned l is an odd number; if yes, go to step S19; otherwise, after j is assigned as j + L + L/2, executing step S13;
step S19, determining LsWhether it is less than L/2; if so, thenAssign j to j + L/2+1, assign LsAssigned a value of LsAfter +1, step S13 is executed; otherwise, j is assigned to j +1, LsAfter the value is assigned to 1, step S13 is performed.
3. The apparatus for QUAD stream cipher generation with combined out-of-order and masking according to claim 1, wherein said masked-type multiplier is specifically configured to:
acquiring a plurality of random masks, carrying out XOR encryption on the random masks and the keys in a one-to-one correspondence manner, and sequentially generating an encrypted value of each monomial expression according to the plurality of encrypted keys, the random masks and the plaintext after encryption and based on the acquisition sequence of the monomials
Figure FDA0003247389560000031
4. The combined out-of-order and masked QUAD stream cipher generation apparatus of claim 1, wherein said masked multiplier includes:
a first multiplier for obtaining
Figure FDA0003247389560000032
And mi×mj(ii) a Wherein the content of the first and second substances,
Figure FDA0003247389560000033
and
Figure FDA0003247389560000034
as a mask type key, mjIs the random mask;
a second multiplier for multiplying alphaijAre respectively multiplied by
Figure FDA0003247389560000035
And mi×mjTo obtain
Figure FDA0003247389560000036
And
Figure FDA0003247389560000037
a first XOR calculator for dividing mjAnd
Figure FDA0003247389560000038
is subjected to XOR operation to obtain
Figure FDA0003247389560000039
Then, will
Figure FDA00032473895600000310
And
Figure FDA00032473895600000311
performing an XOR operation to obtain
Figure FDA00032473895600000312
A second XOR calculator for calculating
Figure FDA00032473895600000313
And
Figure FDA00032473895600000314
performing an exclusive OR operation to obtain
Figure FDA0003247389560000041
A third difference or calculator for
Figure FDA0003247389560000042
And
Figure FDA0003247389560000043
performing XOR operation to obtain the encryption value of the single term
Figure FDA0003247389560000044
Wherein the content of the first and second substances,
Figure FDA0003247389560000045
5. the apparatus for QUAD stream cipher generation with out-of-order and masking according to claim 1, wherein said register is specifically configured to:
and obtaining the encrypted values of the monomials belonging to the same multivariable quadratic equation, sequentially accumulating, and performing exclusive OR operation on the final accumulation result and a plurality of masks bit by bit to generate a QUAD stream password.
6. The apparatus for generating a QUAD stream cipher with combined scrambling and masking according to claim 1, wherein each of said multivariate quadratic equations corresponds to a stream cipher:
Figure FDA0003247389560000046
CN201910447340.1A 2019-05-27 2019-05-27 QUAD stream cipher generating device combining disorder and mask Active CN110299990B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910447340.1A CN110299990B (en) 2019-05-27 2019-05-27 QUAD stream cipher generating device combining disorder and mask

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910447340.1A CN110299990B (en) 2019-05-27 2019-05-27 QUAD stream cipher generating device combining disorder and mask

Publications (2)

Publication Number Publication Date
CN110299990A CN110299990A (en) 2019-10-01
CN110299990B true CN110299990B (en) 2021-11-02

Family

ID=68027329

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910447340.1A Active CN110299990B (en) 2019-05-27 2019-05-27 QUAD stream cipher generating device combining disorder and mask

Country Status (1)

Country Link
CN (1) CN110299990B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681033A (en) * 2016-01-26 2016-06-15 广东技术师范学院 Out-of-order encryption device for multivariable quadratic equation
CN105743644A (en) * 2016-01-26 2016-07-06 广东技术师范学院 Mask encryption device of multivariable quadratic equation
CN108702286A (en) * 2016-04-01 2018-10-23 英特尔公司 The Advanced Encryption Standard accelerator processor of anti-power side-channel attack

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9209968B2 (en) * 2012-03-02 2015-12-08 Sony Corporation Information processing apparatus, information processing method, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681033A (en) * 2016-01-26 2016-06-15 广东技术师范学院 Out-of-order encryption device for multivariable quadratic equation
CN105743644A (en) * 2016-01-26 2016-07-06 广东技术师范学院 Mask encryption device of multivariable quadratic equation
CN108702286A (en) * 2016-04-01 2018-10-23 英特尔公司 The Advanced Encryption Standard accelerator processor of anti-power side-channel attack

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip";J. Longo;《International Workshop on Cryptographic Hardware and Embedded Systems》;20150901;全文 *
"KLEIN和QUAD的侧信道攻击与防护研究";李伟键;《中国博士学位论文全文数据库》;20161215;全文 *
"线程级并行的硬件技术研究";朱霞;《中国博士学位论文全文数据库》;20040215;全文 *

Also Published As

Publication number Publication date
CN110299990A (en) 2019-10-01

Similar Documents

Publication Publication Date Title
Rivain et al. Higher-order masking and shuffling for software implementations of block ciphers
US7899190B2 (en) Security countermeasures for power analysis attacks
US8306218B2 (en) Protected encryption method and associated component
CN113940028B (en) Method and device for realizing white box password
EP3241150B1 (en) Determining cryptographic operation masks for improving resistance to external monitoring attacks
US20120254625A1 (en) Protecting states of a cryptographic process using group automorphisms
CN108737685B (en) Image encryption method based on chaotic self-adaptive mechanism
CN110190951B (en) Power consumption attack method and system for DES algorithm L register turning
Kamoun et al. Experimental Implementation of 2ODPA attacks on AES design with flash-based FPGA Technology
US10855443B2 (en) Protecting polynomial hash functions from external monitoring attacks
Luo et al. Cryptanalysis of chaos-based cryptosystem from the hardware perspective
WO2008013083A1 (en) Pseudo random number generator, stream encrypting device, and program
Hanley et al. Unknown plaintext template attacks
EP1587237B1 (en) Security countermeasures for power analysis attacks
CN110299992B (en) Out-of-order encryption method and device of multivariable quadratic equation based on sliding window
CN110299990B (en) QUAD stream cipher generating device combining disorder and mask
KR100991713B1 (en) Apparatus and method for operating inversion of AES with masking method, and AES cipher system and method using thereof
CN110299991B (en) QUAD stream cipher generating device for resisting side channel attack
EP2363974A1 (en) Variable table masking for cryptographic processes
You et al. Low trace-count template attacks on 32-bit implementations of ASCON AEAD
Luo et al. A chaotic block cryptographic system resistant to power analysis attack
CN110299986B (en) Multivariate quadratic equation encryption method and device based on RSA disorder
Ali et al. Modified Advanced Encryption Standard algorithm for fast transmitted data protection
Wang et al. An area-efficient shuffling scheme for AES implementation on FPGA
DeTrano et al. Exploiting small leakages in masks to turn a second-order attack into a first-order attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant