CN110717201B - Gaussian sampling circuit capable of resisting simple power consumption analysis attack - Google Patents

Gaussian sampling circuit capable of resisting simple power consumption analysis attack Download PDF

Info

Publication number
CN110717201B
CN110717201B CN201910866396.0A CN201910866396A CN110717201B CN 110717201 B CN110717201 B CN 110717201B CN 201910866396 A CN201910866396 A CN 201910866396A CN 110717201 B CN110717201 B CN 110717201B
Authority
CN
China
Prior art keywords
module
power consumption
random number
sampling
distribution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910866396.0A
Other languages
Chinese (zh)
Other versions
CN110717201A (en
Inventor
刘冬生
张聪
陈宇阳
陆家昊
金子睿
罗香华
卢楷文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN201910866396.0A priority Critical patent/CN110717201B/en
Priority to PCT/CN2019/113017 priority patent/WO2021046978A1/en
Publication of CN110717201A publication Critical patent/CN110717201A/en
Application granted granted Critical
Publication of CN110717201B publication Critical patent/CN110717201B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a Gaussian sampling circuit for resisting simple power consumption analysis attack, which comprises: the device comprises a control module, a random number generation module, a binary comparison module, a first single-port RAM, a sampling result output module and a power consumption information covering module; the control module is used for controlling state transition and enabling of the circuit; the random number generation module generates uniformly distributed random numbers through a shift register; the binary comparison module adopts a binary search algorithm to position the address of the random number in a distribution accumulation function table with Gaussian distribution; the sampling result output module performs a modulus taking operation on the positioned address to form sampling output; the power consumption information masking module generates random power consumption by binary searching an address of a random number in the pseudo-distribution accumulation function table. The circuit of the invention can effectively cover the power consumption information in the sampling process and realize the characteristic of resisting the analysis of the simple attack of the selective input.

Description

Gaussian sampling circuit capable of resisting simple power consumption analysis attack
Technical Field
The invention belongs to the field of information security algorithm circuit implementation, and particularly relates to a Gaussian sampling circuit capable of resisting simple power consumption analysis attacks.
Background
With the development of quantum computing, the security of the traditional public key encryption system is threatened. The public key encryption system based on the lattice theory becomes a cryptosystem with great potential in the later quantum era due to the characteristics of quantum attack resistance, high-efficiency encryption efficiency, simple hardware implementation and the like.
In a common lattice theory-based cryptosystem, errors satisfying a discrete gaussian distribution are utilized to conceal secret information. Therefore, the gaussian sampling circuit is an important module for forming the hardware circuit of the cryptosystem based on the lattice theory. Although the lattice cryptosystem can effectively resist the attack of the quantum algorithm, the hardware circuit of the lattice cryptosystem is threatened by the attack of the side channel as the traditional public key cryptosystem. An attacker can recover a ciphertext and a secret key by using side channel information leaked by the Gaussian sampling circuit, so that the design of the Gaussian sampling circuit for resisting the side channel attack is necessary in order to realize a cipher system based on lattice theory in future daily application.
The side channel attack technique includes: time analysis attacks, power consumption analysis attacks, electromagnetic attacks, calculation fault attacks and the like. Among them, the power consumption analysis attack is recognized as a powerful means for stealing private information due to its characteristics of high efficiency, simple implementation and less resources required. According to the side channel information analysis principle, the power consumption analysis technique can be specifically divided into: simple power consumption analysis, differential power consumption analysis, correlation power consumption analysis and the like. The simple power consumption analysis technology can obtain the power consumption characteristics leaked when the equipment executes operation through selection input, and then compare and analyze the power consumption characteristics with the template power consumption curve so as to conjecture the private information. The method is a method for obtaining private information by observing and analyzing a small amount of power consumption curves. For the gaussian sampling circuit, the current research mainly focuses on resisting time analysis attack, and the research on resisting simple power analysis attack is few, so that the method has great significance for the design and research of the gaussian sampling circuit with the capacity of resisting simple power analysis attack.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a Gaussian sampling circuit resisting simple power consumption analysis attack, and aims to cover power consumption information in the Gaussian sampling process and solve the problem of resisting the attack of selecting and inputting simple power consumption analysis.
In order to achieve the purpose, the invention provides a Gaussian sampling circuit for resisting simple power consumption analysis attack, which comprises a control module, a random number generation module, a binary comparison module, a first single-port RAM, a sampling result output module and a power consumption information covering module, wherein the control module is used for generating a random number; the output end of the random number generation module is respectively connected with the input end of the binary comparison module and the input end of the power consumption information covering module, the output end of the first single-port RAM is connected with the other input end of the binary comparison module, and the input end of the sampling result output module is connected with the output end of the binary comparison module;
the control module is used for controlling state transition and enabling of the circuit; the random number generation module generates uniformly distributed random numbers through a shift register; the binary comparison module adopts binary search to locate the address of the random number in the distribution accumulation function table to obtain a sampling result under the probability value of the random number; the first single-port RAM is used for storing a distribution accumulation function table; the sampling result output module is used for carrying out modulus operation on the sampling result of the binary comparison module to generate output; the power consumption information covering module is used for covering the actual sampling power consumption information by comparing and generating random power consumption, and the resistance effect on simple power consumption attack is realized.
Preferably, the binary comparison module includes an address pointer register and a first comparator, an output end of the first comparator is connected to an input end of the address pointer register, and the first comparator is configured to compare data read by the first single-port RAM storing the distribution accumulation function table with the generated random number, and modify the address pointer register successively according to an output of the first comparator.
Preferably, the first single-port RAM stores a distribution accumulation function table having a gaussian distribution, addresses of which are gaussian sample values, and data stored at each address is a probability accumulation starting from an initial address to the address.
Preferably, the power consumption information masking module comprises a second single-port RAM storing the pseudo distribution cumulative function table, a shift register and a second comparator, and an output end of the second single-port RAM storing the pseudo distribution cumulative function table is connected with the second comparator and used for providing a second comparison data source and generating the random power consumption information.
Preferably, the power consumption information masking module uses binary search to locate the address of the random number in the pseudo-distribution cumulative function table to obtain the comparison result.
Preferably, the binary search gradually reduces the sampling range by setting the register pointer multiple times, and finally locates to the sampling result.
Preferably, the pseudo distribution accumulation function table stored in the second single-port RAM is the same in value as the distribution accumulation function table stored in the first single-port RAM, and the storage sequence is different.
According to the technical scheme, the random numbers which are uniformly distributed are generated through the random number generation module, the binary comparison module reads the distribution accumulation function stored in the single-port RAM under the action of the control module and compares the distribution accumulation function with the uniform random numbers, the address pointer register is updated through the binary search algorithm, the pointer address confirms the symbol and performs the modulus operation in the sampling result output module, and the sampling result is output, so that the sampling meeting the discrete Gaussian distribution is realized, the complexity in the sampling process is greatly reduced, and the operation efficiency of the circuit is improved. As a means for resisting simple power consumption attack, random power consumption is generated in each period of the sampling process through the power consumption information covering module, and power consumption information leaked out by the sampling circuit due to the execution of a sampling algorithm is covered, so that the attack of selecting and inputting simple power consumption analysis is effectively resisted.
Drawings
FIG. 1 is a schematic structural diagram of a Gaussian sampling circuit for resisting simple power analysis attacks provided by the invention;
fig. 2 is a flow chart of a binary search algorithm of the gaussian sampling circuit provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Fig. 1 is a structural diagram of a gaussian sampling circuit for resisting simple power analysis attack according to an embodiment of the present invention, including a control module, a random number generation module, a binary comparison module, a first single-port RAM, a sampling result output module, and a power consumption information masking module; the output end of the random number generation module is respectively connected with the input end of the binary comparison module and the input end of the power consumption information covering module, the output end of the first single-port RAM is connected with the other input end of the binary comparison module, and the input end of the sampling result output module is connected with the output end of the binary comparison module;
the control module is used for controlling state transition and enabling of the circuit; the random number generation module generates uniformly distributed random numbers through a shift register; the binary comparison module adopts binary search to locate the address of the random number in the distribution accumulation function table to obtain a sampling result under the probability value of the random number; the first single-port RAM is used for reading a distribution accumulation function table as a first comparison data source; the sampling result output module is used for carrying out modulus operation on the sampling result of the binary comparison module to generate output; the power consumption information covering module is used for covering the actual sampling power consumption information by comparing and generating random power consumption, and the resistance effect on simple power consumption attack is realized.
Specifically, the random number generation module comprises a 112bit register and a shift circuit. The random number generation module takes an external 32-bit uniform random number generator as a random number source, a 112-bit register stores random numbers, and then a displacement circuit carries out displacement operation.
Specifically, the binary comparison module comprises an address pointer register and a first comparator, wherein the output end of the first comparator is connected with the input end of the address pointer register, and the binary comparison module is used for comparing data read by a first single-port RAM storing a distribution accumulation function table with a generated random number and gradually modifying the address pointer register according to the output of the first comparator. When the sampling is completed for a 112bit random number, the module performs a binary search according to the algorithm. The principle of the binary search algorithm is shown in fig. 2, and three pointers of min, max and mid represent the head and tail and the middle position of the binary interval respectively. During sampling, the range of sampled outputs always falls between { min, max }. Wherein, inputting the relevant parameters comprises: precision parameter λ, tail distribution parameter ZtSign bit s e {0,1}, uniform random number r e {0,1, …, (2)λ-1)}. By comparing the CDT values pointed by the random input and the intermediate value, the range of the interval where the sampling output value falls is reduced, and each comparison can reduce the current interval by half, so that the current interval is fixed by [ log ]2zt]A specific sampling result may be determined by the secondary comparison.
And comparing once in each clock cycle, updating the values of the pointers min and max of the register according to the comparison result to reduce the binary search interval, and accessing and reading the first single-port RAM for storing the CDT data by using the pointer mid as an address to obtain the data for comparison in the next cycle. And obtaining a result k through binary search of 6 clock periods. And the sampling result output circuit determines the sign of the sampling result according to the one-bit uniform random number and outputs the sign. Plus one initialization period, the sampler needs 8 periods for binary search and result output. Since the generation of 112 bits of random number for comparison requires only 4 cycles and the circuit implemented is independent of binary search. The sampler is thus designed in a pipelined structure, while the generation of the current sample value takes place, while the random number for the next sampling process is collected. Thus, a sample satisfying discrete Gaussian distribution can be generated by fixing 8 clock cycles, and the time analysis attack resistance is achieved.
Specifically, the first single-port RAM stores a distribution accumulation function table having a gaussian distribution.
Specifically, the power consumption information masking module comprises a second single-port RAM (CDT _ fail) storing a pseudo distribution accumulation function table, a Linear Feedback Shift Register (LFSR) and a 112bit second comparator, wherein an output end of the single-port RAM storing the pseudo distribution accumulation function table is connected with the second comparator and used for providing a second comparison data source and generating random power consumption information. The LFSR outputs a 6-bit random number rng _ FAKE as an address input to the CDT _ FAKE every cycle. The CDT _ FAKE stores CDT values t (x) in the same manner as the first single-port RAM, but the order of storage is randomly disturbed. And comparing the data read from the CDT _ FAKE with the 112bit random number to generate a comparison result FAKE _ flag output, wherein the result and the binary comparison module are independent. The output of the power consumption information covering module has no influence on the sampling result, and the power consumption information covering module has the functions of generating random power consumption in each period of the sampling process and covering the power consumption information leaked out by the sampling circuit due to the execution of the sampling algorithm, so that the attack of selecting and inputting simple power consumption analysis is effectively resisted.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (6)

1. A Gaussian sampling circuit for resisting simple power analysis attack is characterized by comprising a control module, a random number generation module, a binary comparison module, a first single-port RAM, a sampling result output module and a power consumption information covering module; the output end of the random number generation module is respectively connected with the input end of the binary comparison module and the input end of the power consumption information covering module, the output end of the first single-port RAM is connected with the other input end of the binary comparison module, and the input end of the sampling result output module is connected with the output end of the binary comparison module;
the control module is used for controlling state transition and enabling of the circuit; the random number generation module generates uniformly distributed random numbers through a shift register; the binary comparison module adopts binary search to locate the address of the random number in the distribution accumulation function table to obtain a sampling result under the probability value of the random number; the first single-port RAM is used for storing a distribution accumulation function table; the sampling result output module is used for carrying out modulus operation on the sampling result of the binary comparison module to generate output; the power consumption information masking module comprises a second single-port RAM for storing a pseudo-distribution cumulative function table, a displacement register and a second comparator, wherein the output end of the second single-port RAM for storing the pseudo-distribution cumulative function table is connected with the second comparator and used for providing a second comparison data source, generating random power consumption information and realizing the resistance effect on simple power consumption attack.
2. The Gaussian sampling circuit of claim 1, wherein the binary comparison module comprises an address pointer register and a first comparator, and an output end of the first comparator is connected with an input end of the address pointer register and is used for comparing data read by a first single-port RAM storing a distribution accumulation function table with a generated random number and modifying the address pointer register gradually according to an output of the first comparator.
3. The gaussian sampling circuit of claim 2, wherein the distribution accumulation function of the distribution accumulation function table is a gaussian distribution function, the addresses of the distribution accumulation function table are gaussian sampling values, and the data stored at each address is a probability accumulation starting from an initial address to the address.
4. The Gaussian sampling circuit of claim 1, wherein the power consumption information masking module uses binary search to locate the address of the random number in the pseudo-distribution cumulative function table to obtain the comparison result.
5. The Gaussian sampling circuit of claim 1 or 4, wherein the binary search gradually reduces the sampling range by setting the register pointer multiple times, and finally locates to the sampling result.
6. The Gaussian sampling circuit according to claim 1, wherein the pseudo distribution accumulation function table stored in the second single-port RAM is the same in value as the distribution accumulation function table stored in the first single-port RAM, and the storage sequence is different.
CN201910866396.0A 2019-09-12 2019-09-12 Gaussian sampling circuit capable of resisting simple power consumption analysis attack Active CN110717201B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910866396.0A CN110717201B (en) 2019-09-12 2019-09-12 Gaussian sampling circuit capable of resisting simple power consumption analysis attack
PCT/CN2019/113017 WO2021046978A1 (en) 2019-09-12 2019-10-24 Gaussian sampling circuit resistant to simple power consumption analysis attacks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910866396.0A CN110717201B (en) 2019-09-12 2019-09-12 Gaussian sampling circuit capable of resisting simple power consumption analysis attack

Publications (2)

Publication Number Publication Date
CN110717201A CN110717201A (en) 2020-01-21
CN110717201B true CN110717201B (en) 2021-06-11

Family

ID=69210414

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910866396.0A Active CN110717201B (en) 2019-09-12 2019-09-12 Gaussian sampling circuit capable of resisting simple power consumption analysis attack

Country Status (2)

Country Link
CN (1) CN110717201B (en)
WO (1) WO2021046978A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023009207A2 (en) * 2021-05-31 2023-02-02 William Marsh Rice University Method and device for in-memory cumulative distribution table based random sampler

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100725169B1 (en) * 2005-01-27 2007-06-04 삼성전자주식회사 Apparatus and method for performing logical operation being secure against differential power analysis
CN202189369U (en) * 2011-07-18 2012-04-11 中国电力科学研究院 Integrated circuit capable of preventing power consumption attack
FR3010210B1 (en) * 2013-08-29 2017-01-13 Stmicroelectronics Rousset PROTECTION OF CALCULATION AGAINST HIDDEN CHANNEL ATTACKS
US9485088B2 (en) * 2014-10-31 2016-11-01 Combined Conditional Access Development And Support, Llc Systems and methods for dynamic data masking
US10530566B2 (en) * 2015-04-23 2020-01-07 Cryptography Research, Inc. Configuring a device based on a DPA countermeasure
CN106919833A (en) * 2015-12-28 2017-07-04 上海华虹集成电路有限责任公司 The method for preventing power consumption from revealing in safety chip
CN107306180B (en) * 2016-04-19 2020-05-19 华邦电子股份有限公司 Encryption and decryption device and power analysis defense method thereof
US10367637B2 (en) * 2016-07-22 2019-07-30 Qualcomm Incorporated Modular exponentiation with transparent side channel attack countermeasures
US10461925B2 (en) * 2016-09-01 2019-10-29 Cryptography Research, Inc. Hardware masked substitution box for the data encryption standard
CN107203487B (en) * 2017-05-24 2020-09-11 东南大学 Security reconfigurable architecture capable of resisting power consumption attack
CN107769910B (en) * 2017-11-15 2020-08-04 东南大学 DES (data encryption Standard) protection method and circuit for resisting side channel attack based on L atch PUF (physical unclonable function)
US10263767B1 (en) * 2018-07-03 2019-04-16 Rajant Corporation System and method for power analysis resistant clock
CN109165531B (en) * 2018-09-11 2020-04-07 网御安全技术(深圳)有限公司 AES mask method, electronic equipment and storage medium
CN109993005A (en) * 2019-04-11 2019-07-09 北京智芯微电子科技有限公司 To the method and device of the data-signal Reinforced turf of cpu bus

Also Published As

Publication number Publication date
WO2021046978A1 (en) 2021-03-18
CN110717201A (en) 2020-01-21

Similar Documents

Publication Publication Date Title
CA2578316C (en) Table splitting for cryptographic processes
US7720225B2 (en) Table splitting for cryptographic processes
JP3696209B2 (en) Seed generation circuit, random number generation circuit, semiconductor integrated circuit, IC card and information terminal device
CN115051798B (en) Random number generation method and device, electronic equipment and storage medium
CN110190951B (en) Power consumption attack method and system for DES algorithm L register turning
US8619985B2 (en) Table splitting for cryptographic processes
CN112422272A (en) AES encryption method and circuit for preventing power consumption attack
JP2007195132A (en) Encryption processing apparatus
CN103019648A (en) True random number generator with digital post-processing circuit
CN110717201B (en) Gaussian sampling circuit capable of resisting simple power consumption analysis attack
Yakut et al. Secure and efficient hybrid random number generator based on sponge constructions for cryptographic applications
CN113949504B (en) High-speed SM4 cryptographic algorithm circuit suitable for mobile device
Demir et al. Cryptanalysis of a random number generator based on continuous‐time chaos
Jothi et al. Parallel RC4 Key Searching System Based on FPGA
Abdulraheem et al. Secure iot model based on present lightweight modified and chaotic key generator
CN114760157B (en) Method and system for verifying validity of block chain node in urban planning field
CN113938267B (en) Method for constructing high-dimensional chaotic pseudorandom sequence generator based on periodic ring monitoring mechanism
Krentz et al. Secure self-seeding with power-up SRAM states
CN104461452A (en) Method and device for generating true random numbers in system on chip
Keller et al. Tweaking cryptographic primitives with moderate state space by direct manipulation
Wu et al. Side Channel Attack of Lightweight Block Cipher Simeck Based on Deep Learning
Ma et al. Internal state recovery of Grain v1 employing guess‐and‐determine attack<? show [AQ ID= Q1]?>
CN109918928A (en) A kind of password chronometric analysis method of cache access collision
CN113343609B (en) Communication secret circuit design method based on publicable chaotic stream cipher encryption
Liu Far Field EM Side-channel Attack Based on Deep Learning with Automated Hyperparameter Tuning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant