CN111339577B - Construction method of S box with excellent DPA resistance - Google Patents

Construction method of S box with excellent DPA resistance Download PDF

Info

Publication number
CN111339577B
CN111339577B CN202010088063.2A CN202010088063A CN111339577B CN 111339577 B CN111339577 B CN 111339577B CN 202010088063 A CN202010088063 A CN 202010088063A CN 111339577 B CN111339577 B CN 111339577B
Authority
CN
China
Prior art keywords
box
value
input
loss function
elements
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010088063.2A
Other languages
Chinese (zh)
Other versions
CN111339577A (en
Inventor
徐友乐
王启春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Normal University
Original Assignee
Nanjing Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Normal University filed Critical Nanjing Normal University
Priority to CN202010088063.2A priority Critical patent/CN111339577B/en
Publication of CN111339577A publication Critical patent/CN111339577A/en
Application granted granted Critical
Publication of CN111339577B publication Critical patent/CN111339577B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/75Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
    • G06F21/755Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/60Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
    • G06F7/72Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
    • G06F7/727Modulo N arithmetic, with N being either (2**n)-1,2**n or (2**n)+1, e.g. mod 3, mod 4 or mod 5
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks

Abstract

The invention discloses a construction method of an S box with excellent DPA resistance, which relates to the technical field of information security, can obtain the S box with excellent DPA resistance, can also be used for improving the DPA resistance of the existing S box, and simultaneously can retain other important cryptology properties such as nonlinearity, algebraic times, difference consistency, absolute value indexes and the like. By contrast, the S box obtained by the method has the DPA resistance obviously superior to that of the existing practical S box, and other various important cryptology properties are the same, so that the S box has stronger safety and practicability.

Description

Construction method of S box with excellent DPA resistance
Technical Field
The invention relates to the technical field of information security, in particular to a construction method of an S box with excellent DPA resistance.
Background
The S-box is the only nonlinear component in the block cipher, and the cryptographic property directly influences the security of the related cipher system. Therefore, the S-box plays a very important role in symmetric cryptography. The defense against various attack means is started from constructing an S box with good cryptology properties, such as nonlinearity, difference consistency, algebraic times, absolute value indexes and the like. A sufficiently safe S-box should have a high degree of non-linearity, not low algebraic degree, low differential consistency, low absolute value index, etc.
In 1996, the side channel attack proposed by Kocher posed a serious threat to the security of physical cryptographic devices. Among the types of side channel attacks, Differential Power Analysis (DPA) is one of the most effective attack means. Compared with the traditional attack means such as linear attack, algebraic attack, differential attack and the like, the attack means has very strong attack efficiency, and can extract the key information only by needing little physical information, thereby successfully attacking an encryption system. Especially the widely used AES, which uses S-boxes with very poor resistance to DPA attacks. Therefore, many researchers have been exploring in recent years how to construct an S-box with excellent DPA resistance, thereby increasing DPA resistance of the relevant cryptographic device at a small cost. The transparent order is a cryptographic property that has been proven in practice to be an effective measure of resistance to S-box DPA. Recent studies have focused on the S-box resulting in DPA resistance, which has been greatly improved over AES. However, the S-boxes obtained by these techniques have important cryptographic properties such as non-linearity, difference consistency, absolute value index, etc. which cannot satisfy the requirements of security and practicability.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art and provide a construction method of an S box with excellent DPA resistance, and meanwhile, the important cryptology properties of nonlinearity, difference consistency, algebraic times, absolute value indexes and the like also meet the requirements of safety and practicability.
The invention adopts the following technical scheme for solving the technical problems:
according to the invention, the construction method of the S box with excellent DPA resistance comprises the following steps:
step 1, giving an n-bit input and balanced S box F, wherein the S box F is used as an initial input of an iterative construction process, and the S box F is put into a set SF; the iterative construction process is step 2-step 7;
step 2, generating a candidate pool according to the input truth table of the S box F, wherein the candidate pool comprises all bit positions capable of being reversed;
step 3, b elements are taken out from the candidate pool, and the b elements are b bit positions; then, carrying out bit inversion operation on the b bit positions of the S box to generate a new S box;
the b elements taken out need to meet the following requirements: 1) b 2k, k 1,2, …,2n-1(ii) a 2) The same component function attributed to the S-box; 3) the Hamming weight of the vector composed of the bits corresponding to the b elements is 2b-1
Step 4, repeating the process of step 3 until the elements in the candidate pool are emptied, and generating all new S boxes associated with the F;
step 5, calculating the value of the loss function of each newly generated S box, and putting the S box and the corresponding value of the loss function into a list L;
step 6, judging whether the list L is empty, if so, increasing the value of b, and meanwhile, b meets the requirements 1), 2) and 3) in the step 3, and executing the step 3-5; if L is not empty, selecting an S box with the minimum loss function value from the list L;
and 7, judging whether the S box selected in the step 6 exists in the set SF:
if yes, deleting the S box and the corresponding loss function value from the list L, and executing the step 6;
if not, judging whether the S box meets the preset safety requirement or not: if yes, outputting the S box, and terminating the iterative construction process; if not, putting the S box into the set SF, and taking the S box as an input S box of the next iteration construction process, namely taking the S box as the input S box in the step 2; and steps 2-7 are performed.
As a further optimization of the construction method of an S-box with excellent DPA resistance according to the present invention, the loss function in step 5 is:
Figure BDA0002382743370000021
where n represents the S-box as n input bits,
Figure BDA0002382743370000022
is an n-dimensional vector space over a binary domain,
Figure BDA0002382743370000023
is a non-zero n-dimensional vector space, W, over a binary domainF(c, b) is Walsh spectrum value of S-box relative to vector c, b, beta is N-dimensional vector on binary domain, c, alpha is non-zero N-dimensional vector on binary domain, R is constant, sigma (alpha, beta) is difference spectrum value of S-box relative to vector alpha, beta, N4(σ (α, β)) is a function for determining whether σ (α, β) is greater than 4, τFIs a transparent step of the S-box.
As a further optimization of the construction method of an S-box with excellent DPA resistance according to the present invention, the preset safety requirements in step 7 are: the nonlinearity of the S-box is 112, the algebraic degree is greater than 3, the difference consistency is 4, the absolute value index is 32, and the transparency level is less than 6.9160.
As a further optimization scheme of the construction method of the S box with excellent DPA resistance, R is set to be 2-5.
Compared with the prior art, the invention adopting the technical scheme has the following technical effects:
(1) the method can generate the S box with excellent DPA resistance, very high nonlinearity, low difference consistency, low absolute value index and high algebraic times, and compared with the prior art research scheme, the S box obtained by construction has stronger safety and practicability;
(2) the invention can improve the DPA resistance of the existing S box, and simultaneously reserve other important cryptology properties such as nonlinearity, difference consistency, algebraic times, absolute value indexes and the like; the S box of the invention has strong enough capability of resisting other attacks, so that the S box of the invention can have higher security to meet the practical requirement.
Drawings
FIG. 1 is a process of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
FIG. 1 is a process of the present invention, which is specifically embodied as follows:
step 1, an n-bit input and balanced S box F is given as an initial input of an iterative construction process and is put into a set SF. The iterative construction process is step 2-7:
step 2, according to the truth table of the S-box F as input, adding all the bit positions of the S-box into a candidate pool PF, wherein the pool contains all the possible reversal bit positions, and the total number is n x 2nAnd (4) each element.
And 3, taking out b elements, namely bit positions, from the candidate pool. The b elements taken out need to meet the requirements: 1) b 2k, (k 1,2, …, 2)n-1). 2) The same component function attributed to the S-box. 3) The Hamming weight of the vector composed of the bits corresponding to the b elements is 2b-1. The bit reversal operation is then performed at these b positions of the S-box, generating a new S-box F'.
Step 4, repeat the process of step 3 until all elements in the candidate pool are emptied, generating all S-boxes F' associated with F.
And 5, calculating the value CF of the loss function of each newly generated S box F ', and putting the S box F' and the corresponding loss function value CF into the list L. Where the loss function used for the calculation is:
Figure BDA0002382743370000031
where n represents the number of input bits of S-box F,
Figure BDA0002382743370000032
is an n-dimensional vector space over a binary domain,
Figure BDA0002382743370000033
the vector space is a non-zero n-dimensional vector space on a binary domain, and R is a constant and is set to be 2-5.
WF(c, b) is the Walsh spectrum value of the S-box with respect to vector c, b, defined as:
Figure BDA0002382743370000034
wherein x is (x)1,x2,…,xn),b=(b1,b2,…,bn) Is an n-dimensional vector on a binary domain, "·" is an inner product operation, i.e. x · b ═ x1b1⊕x2b2⊕…⊕xnbn. ≧ is addition on the binary field, i.e., modulo-2 addition.
N4(σ (α, β)) is a judgment function that judges whether the S-box has a difference spectrum value σ (α, β) greater than 4 with respect to the n-dimensional vector α, β on the binary domain, and if greater than 4, returns 1, otherwise returns 0. Wherein σ (α, β) is defined as
Figure BDA0002382743370000041
Where # represents the number of collection elements.
τFTransparent order for S-box F, defined as:
Figure BDA0002382743370000042
herein, the
Figure BDA0002382743370000043
Is the cross-correlation coefficient of S-box F, defined as
Figure BDA0002382743370000044
Where max is the maximum value, and β ═ β (β)01,…,βn) Is an n-dimensional vector over a binary field, and F ═ F1,f2,…,fn),fi(x),fj(x) As a function of the component of S-box F, betaijIs the bit information of i and j positions in the vector beta, wherein 0 is less than or equal to i, j, and less than or equal to n.
For a given S-box F, the loss function value designed above is calculated, and the smaller the calculated value is, the higher the nonlinearity, the lower the difference consistency, the smaller the absolute value index, the lower the transparency level and the higher the DPA resistance are possessed in the cryptographic property of the S-box. Therefore, the S box can resist attacks such as DPA attack, linear attack, algebraic attack, differential attack and the like, and the safety and the practicability of relevant equipment are improved.
And 6, judging whether the list L is empty, if so, increasing the value of b, and simultaneously b meets the requirements 1), 2) and 3) in the step 3). Step 3 in the starting iterative construction process is reproduced. If L is not empty, selecting an S box in the list L, wherein the S box needs to meet the requirement of having the minimum loss function value;
and 7, judging whether the S box selected in the step 6 exists in the set SF or not. If yes, deleting the S box and the corresponding loss function value from the list L, and repeating the step 6; if not, whether the S box meets the safety requirement designed in advance is judged. The method comprises the following specific steps:
and calculating whether the properties of the S box, such as nonlinearity, transparent order, difference consistency, algebraic times, absolute value index and the like, meet the requirement that the nonlinearity is equal to 112, the transparent order is less than 6.9160, the algebraic times is greater than 3, the difference consistency is equal to 4, and the absolute value index is equal to 32. The specific calculation process is as follows:
degree of non-linearity
Figure BDA0002382743370000045
Differential coherency
Figure BDA0002382743370000046
Index of absolute value
Figure BDA0002382743370000047
Where r (a, b) is its autocorrelation function defined as:
Figure BDA0002382743370000051
if yes, outputting the S box, and terminating the iterative construction process. If not, the S box is put into the set SF and is used as an input S box of the next iteration construction process, and the iteration construction process is repeated, namely the steps 2-7.
The cryptographic properties of the S-box of the AES of the present invention are shown in Table 1
TABLE 1
Degree of non-linearity Degree of algebra Differential coherency Index of absolute value Transparent stage
The method of the invention 112 7 4 32 6.8930
AES S box 112 7 4 32 6.9160
The method of the invention constructs the S box as follows: [65,158,207,138,121,103,233,69,72,60,88,51,244, 215,34,37,164,28,30,78,129,172,77,153,56,122,95,235,17,251,18,200,82,71, 14,66,180,15,86,39,232,64,203,214,166,97,204,202,156,234,189,11,197,175, 218,245,24,136,196,253,9,128,100,239,41,165,35,93,114,7,127,33,8,90,160, 135,171,22,19,188,116,254,32,89,249,229,38,107,10,83,73,176,230,67,101, 26,206,45,117,194,62,94,212,5,146,226,205,87,109,108,250,237,140,185,68, 184,80,98,223,126,167,4,25,192,178,221,119,70,61,20,243,210,145,177,174, 75,57,157,3,154,112,191,247,144,143,132,104,173,208,151,195,149,213,23, 139,181,48,137,1,222,74,186,228,255,16,65,44,120,252,179,242,76,21,147, 134,53,91,133,124,169,36,155,216,219,115,113,161,190,79,50,187,141,123, 231,99,150,58,52,225,238,31,209,47,42,46,106,96,2,148,201,131,241,102, 152,43,13,182,248,54,183,227,125,159,118,246,198,105,220,162,85,92,193, 40,6,49,27,240,111,199,63,236,211,170,130,12,55,224,142,217,84,110,29, 168,59,16,163]
The above embodiments are only for illustrating that the present invention aims to improve DPA resistance of S-boxes, and do not limit the present invention to take only the above parameter values and parameter forms, and it is obvious to those skilled in the art that the present invention can be changed in various forms without departing from the spirit of the present invention, so the protection scope of the present invention is not limited to the above embodiments. Any modifications, equivalents, improvements and the like which come within the spirit of the invention are intended to be included within the scope of the claims.

Claims (3)

1. A method of constructing an S-cassette with excellent DPA resistance, comprising the steps of:
step 1, giving an n-bit input and balanced S box F, wherein the S box F is used as an initial input of an iterative construction process, and the S box F is put into a set SF; the iterative construction process is step 2-step 7;
step 2, generating a candidate pool according to the input truth table of the S box F, wherein the candidate pool comprises all bit positions capable of being reversed;
step 3, b elements are taken out from the candidate pool, and the b elements are b bit positions; then, carrying out bit inversion operation on the b bit positions of the S box to generate a new S box;
the b elements taken out need to meet the following requirements: 1) b 2k, k 1,2, …,2n-1(ii) a 2) The same component function attributed to the S-box; 3) the Hamming weight of the vector composed of the bits corresponding to the b elements is 2b-1
Step 4, repeating the process of step 3 until the elements in the candidate pool are emptied, and generating all new S boxes associated with the F;
step 5, calculating the value of the loss function of each newly generated S box, and putting the S box and the corresponding value of the loss function into a list L;
step 6, judging whether the list L is empty, if so, increasing the value of b, and simultaneously b meets the requirements 1), 2) and 3) in the step 3, and executing the step 3 to the step 5; if L is not empty, selecting an S box with the minimum loss function value from the list L;
and 7, judging whether the S box selected in the step 6 exists in the set SF:
if yes, deleting the S box and the corresponding loss function value from the list L, and executing the step 6;
if not, judging whether the S box meets the preset safety requirement: if yes, outputting the S box, and terminating the iterative construction process; if not, putting the S box into the set SF, and taking the S box as an input S box of the next iteration construction process, namely taking the S box as the input S box in the step 2; and executing the step 2 to the step 7;
the loss function in step 5 is:
Figure FDA0003470425490000011
where n represents the S-box as n input bits,
Figure FDA0003470425490000012
is an n-dimensional vector space over a binary domain,
Figure FDA0003470425490000013
is a non-zero n-dimensional vector space, W, over a binary domainF(c, b) Walsh spectrum values of S-box with respect to vector c, b, β are N-dimensional vectors in binary domain, c, α are non-zero N-dimensional vectors in binary domain, R is a constant, σ (α, β) is a differential spectrum value of S-box with respect to vector α, β, N4(σ (α, β)) is a function for determining whether σ (α, β) is greater than 4, τFIs a transparent step of the S-box.
2. The method of claim 1, wherein the safety requirements predetermined in step 7 are: the nonlinearity of the S-box is 112, the algebraic degree is greater than 3, the difference consistency is 4, the absolute value index is 32, and the transparency level is less than 6.9160.
3. The method of claim 1, wherein R is set to 2-5.
CN202010088063.2A 2020-02-12 2020-02-12 Construction method of S box with excellent DPA resistance Active CN111339577B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010088063.2A CN111339577B (en) 2020-02-12 2020-02-12 Construction method of S box with excellent DPA resistance

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010088063.2A CN111339577B (en) 2020-02-12 2020-02-12 Construction method of S box with excellent DPA resistance

Publications (2)

Publication Number Publication Date
CN111339577A CN111339577A (en) 2020-06-26
CN111339577B true CN111339577B (en) 2022-06-07

Family

ID=71181504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010088063.2A Active CN111339577B (en) 2020-02-12 2020-02-12 Construction method of S box with excellent DPA resistance

Country Status (1)

Country Link
CN (1) CN111339577B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112636899B (en) * 2020-09-21 2022-03-18 中国电子科技集团公司第三十研究所 Lightweight S box design method
CN112511293B (en) * 2020-09-21 2022-03-18 中国电子科技集团公司第三十研究所 S-box parameterization design method based on bit sum operation and storage medium
CN114124351B (en) * 2021-11-15 2023-06-27 中国电子科技集团公司第三十研究所 Rapid calculation method of nonlinear invariant

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0211812D0 (en) * 2002-05-23 2002-07-03 Koninkl Philips Electronics Nv S-box encryption in block cipher implementations
JP2006019872A (en) * 2004-06-30 2006-01-19 Sony Corp Encryption processing apparatus
CN101729241B (en) * 2008-10-23 2012-01-25 国民技术股份有限公司 AES encryption method for resisting differential power attacks
CN101848081A (en) * 2010-06-11 2010-09-29 中国科学院软件研究所 S box and construction method thereof
US8971526B2 (en) * 2011-07-26 2015-03-03 Crocus-Technology Sa Method of counter-measuring against side-channel attacks
CN102546157B (en) * 2011-12-14 2014-06-18 北京航空航天大学 Random mixed encryption system for resisting energy analysis and implementation method thereof
CN102571331A (en) * 2012-02-07 2012-07-11 中国科学院软件研究所 Cryptographic algorithm realization protecting method used for defending energy analysis attacks
CN103888245A (en) * 2012-12-20 2014-06-25 北京握奇数据系统有限公司 S box randomized method and system for smart card
CN103647637B (en) * 2013-11-19 2017-01-04 国家密码管理局商用密码检测中心 A kind of SM4 algorithm to simple mask carries out second order side channel energy and analyzes method
MY162666A (en) * 2013-12-04 2017-06-30 Mimos Berhad A method to construct bijective substitution box from non-permutation power functions using heuristic techniques
CN106788974B (en) * 2016-12-22 2020-04-28 深圳国微技术有限公司 Mask S box, grouping key calculation unit, device and corresponding construction method
CN107204841B (en) * 2017-03-14 2020-01-07 中国人民武装警察部队工程大学 Method for realizing multiple S boxes of block cipher for resisting differential power attack
AU2018101651A4 (en) * 2018-11-03 2018-12-20 JAIN (Deemed-to-be-University) An apparatus and method based on dynamic key dependent S-Box for Symmetric Encryption in wireless networks using symmetric ciphers.
CN109525384A (en) * 2018-11-16 2019-03-26 成都信息工程大学 The DPA attack method and system, terminal being fitted using neural network
CN109921899B (en) * 2019-04-18 2019-11-19 衡阳师范学院 A kind of S box implementation method of complete snowslide 4 × 4

Also Published As

Publication number Publication date
CN111339577A (en) 2020-06-26

Similar Documents

Publication Publication Date Title
CN111339577B (en) Construction method of S box with excellent DPA resistance
Carlet et al. Further properties of several classes of Boolean functions with optimum algebraic immunity
CN105846814B (en) For the building method of the quantum current distribution of encryption technology field multiplying
CN105631796A (en) Quantum chaotic image encryption method based on bit scrambling
CN107204841B (en) Method for realizing multiple S boxes of block cipher for resisting differential power attack
Li et al. Constructing S-boxes for lightweight cryptography with Feistel structure
Demirtaş A new RGB color image encryption scheme based on cross-channel pixel and bit scrambling using chaos
Maitra et al. Modifications of Patterson-Wiedemann functions for cryptographic applications
Lui et al. Chaos-based joint compression and encryption algorithm for generating variable length ciphertext
Saha et al. Symmetric random function generator (SRFG): A novel cryptographic primitive for designing fast and robust algorithms
CN115766962A (en) Multi-key image encryption method based on five-dimensional conservative hyperchaotic system
Hu et al. An effective differential power attack method for advanced encryption standard
CN103310157B (en) Based on the image encryption method of RT-DNA cellular automaton
CN109981247B (en) Dynamic S box generation method based on integer chaotic mapping
Xiao et al. Improving the security of a parallel keyed hash function based on chaotic maps
CN108650072A (en) It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method
Zaibi et al. On dynamic chaotic S-Box
CN109936437B (en) power consumption attack resisting method based on d +1 order mask
Kölbl et al. Differential cryptanalysis of Keccak variants
Mohammed et al. DNA-based steganography using neural networks
Khadem et al. Construction of Side Channel Attacks Resistant S-boxes using Genetic Algorithms based on Coordinate Functions
Zhou et al. On the signal-to-noise ratio for Boolean functions
Burnett et al. Efficient Methods for Generating MARS-like S-boxes
Sharma et al. On security of Hill cipher using finite fields
CN107864035B (en) Method for realizing DPA attack resistance based on power consumption equalization coding in AES circuit

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant