CN112069514A - Anti-power-consumption attack method based on register random grouping - Google Patents
Anti-power-consumption attack method based on register random grouping Download PDFInfo
- Publication number
- CN112069514A CN112069514A CN202010811174.1A CN202010811174A CN112069514A CN 112069514 A CN112069514 A CN 112069514A CN 202010811174 A CN202010811174 A CN 202010811174A CN 112069514 A CN112069514 A CN 112069514A
- Authority
- CN
- China
- Prior art keywords
- register
- random
- power consumption
- grouping
- written
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000005265 energy consumption Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
- G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
Abstract
The invention discloses a power consumption attack resisting method based on register random grouping, which divides the process of writing an encryption algorithm into two times, selects mixed random numbers at different positions according to the random numbers and writes the mixed random numbers into the registers for two times; secondly, selecting whether the operation written into the register at this time is changed into the operation according to another random number; the combination of the register random grouping and the random pre-charging scheme can remarkably improve the power consumption attack resistance. In the method, in the operation process of the cryptographic algorithm, the process of writing the intermediate value into the register is divided into two times of random execution, so that the design requirements of lower resource expenditure and lower power consumption increase are met, and then the scheme is applied in each round and is also randomized, so that the uncertainty of the overall operation time of the cryptographic algorithm in the operation is increased. In order to further improve the power consumption attack resistance, a register random grouping scheme and a random pre-charging scheme are combined, so that the method has very high resistance to first-order DPA and improves the resistance to second-order DPA.
Description
Technical Field
The invention relates to the field of power consumption analysis and cryptographic algorithm, in particular to a power consumption attack resisting method based on register random grouping.
Background
When a DPA (Differential Power Analysis) attack is performed, an attack point is selected, that is, a specific operation of a cryptographic algorithm is selected to be attacked, then a large number of energy traces are collected, and the attack point is aligned with a point mapped in the energy traces to perform subsequent Power consumption attack Analysis.
The design of power attack resistance based on random disorder is that firstly, an input plaintext is stored in a cache unit, then random sequencing is carried out according to a generated random number to carry out encryption and decryption, and finally, the sequence is restored when the plaintext is input into and output from the cache unit. Besides the original encryption module, the structure is additionally provided with an input buffer unit, an output buffer unit and a random out-of-order module. The input buffer unit and the output buffer unit are all buffer areas of N × M, wherein N is the depth of the buffer unit, M is the length of data to be encrypted, if the encrypted data is 128 bits, and the depth of the buffer unit is 32, only the input buffer unit and the output buffer unit need at least 2 × 32 × 128 extra storage space, and in addition, the random disorder module also needs to occupy certain resource consumption according to the used disorder algorithm. Therefore, in a general cryptographic device, this scheme occupies a large resource overhead, and is even less suitable for an IoT device with relatively low resource.
The anti-power consumption attack design based on the pseudo wheel expands the original single-wheel structure into 3 rounds, when the algorithm runs, the original structure only runs the single round, but under the structure, the 1-3 rounds of cipher algorithms can run in a single clock according to random numbers, so that when the power consumption attack is carried out, whether the corresponding time point corresponds to the operation of the same round or not can not be determined. But this solution suffers a large area and performance penalty. Because it upgrades the cryptographic algorithm running one round per clock cycle to running 1-3 rounds, the performance is reduced to 1/3 under the condition of meeting the worst case, and the area is upgraded to be close to 200% under the worst case, which has the advantage of lower increase of extra power consumption. Although the protection scheme based on the insertion of the dummy operation and the protection scheme based on random power consumption or compensation power consumption can improve the power consumption attack resistance of the cryptographic device under certain conditions, the power consumption of the cryptographic device can be greatly improved. When an attacker attacks the password equipment, the energy consumption of some password equipment is more consistent with a Hamming distance model, namely, the number of the turning bits generated by obtaining the intermediate value of two adjacent writes of the same register is obtained.
Therefore, the existing power consumption attack resisting scheme has large loss in the aspect of area overhead and is not beneficial to large-scale arrangement of the password equipment. The power consumption attack resisting scheme by inserting the idle operation can control the password equipment to reduce the running frequency so as to analyze the energy characteristics of the idle operation and the actual operation, distinguish and align. For the scheme of compensating power consumption or random power consumption, on one hand, if the increased power consumption is different from the original frequency, filtering can be performed to improve the signal-to-noise ratio, and because of the difference of the devices in the aspect of layout and wiring, a certain time difference may exist between the compensated power consumption and the original power consumption, so that the decoding can be easier.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the problems, the invention provides a method for resisting power attack based on register random grouping.
The technical scheme is as follows: in order to realize the purpose of the invention, the technical scheme adopted by the invention is as follows: a power consumption attack resisting method based on register random grouping comprises the following steps:
(1) generating a random register control signal by a true random number generator;
(2) generating a random register enabling signal according to the random register control signal, and writing a signal enabling an effective position into a register when an effective clock edge arrives;
(3) negating the enable signal of the random register to be used as the enable signal of the register when the next effective clock edge arrives; when the next valid clock edge arrives, the signals of the remaining positions are written into the register.
Further, before the step (1), the method further comprises:
(0-1) generating a random round register enable signal by a true random number generator;
and (0-2) determining whether the encryption algorithm is written in the register in one time or twice when the encryption algorithm is written in the register in the current round according to the random round register enabling signal.
Further, in the step (1), the random register control signal includes an enable bit number and an enable valid position.
Further, in the step (2), the signal enabling the valid position is written into the register, and simultaneously the random number is written into the rest bits.
Further, the valid enable bit number selects 1.
Has the advantages that: the invention provides a register random grouping-based power attack resisting method aiming at the problems that the existing power attack resisting scheme has large loss in the aspect of area overhead, is not beneficial to large-scale arrangement of cryptographic equipment and the like, and aims to meet the design requirements of low resource overhead and low power consumption increase. In order to further improve the power consumption attack resistance, a register random grouping scheme and a random pre-charging scheme are combined, so that the method has very high resistance to first-order DPA and improves the resistance to second-order DPA.
Drawings
FIG. 1 is a schematic diagram of a register random grouping scheme;
FIG. 2 is a schematic diagram of a method of applying random register grouping;
FIG. 3 is a schematic diagram of random grouping of registers in combination with random precharging.
Detailed Description
The technical solution of the present invention is further described below with reference to the accompanying drawings and examples.
The invention relates to a power consumption attack resisting method based on register random grouping, which firstly divides the process of writing an encryption algorithm into two times, selects mixed random numbers at different positions according to the random numbers to write the mixed random numbers twice, and then selects whether the operation of writing the register is changed into the operation according to another random number so as to increase the uncertainty of the whole running time of the cryptographic algorithm; the combination of the register random grouping and the random pre-charging scheme can remarkably improve the power consumption attack resistance.
As shown in fig. 1, the register random grouping scheme changes the original order of writing data into the register, first generates a random register enable signal, writes a signal enabling a valid position into the register according to the register enable signal when a valid clock edge arrives, and then inverts the register enable signal as a register enable signal when a next valid clock edge arrives. To improve security, protecting attackers from finding laws, the random register control signals should be generated by the true random number generator and replaced after each use.
The register random grouping scheme specifically comprises the following steps:
(1-1) generating a random register control signal by a true random number generator;
the random register control signal includes an enable bit number and an enable valid position.
(1-2) generating a random register enable signal, and writing a signal enabling a valid position into the register when a valid clock edge arrives;
(1-3) negating the random register enable signal to serve as a register enable signal when the next effective clock edge arrives; when the next valid clock edge arrives, the signals of the remaining positions are written into the register.
To further increase the randomness, as shown in fig. 2, a register random grouping scheme enable control is applied for each round, using a random number to control whether register random grouping is spread out for the round.
The method specifically comprises the following steps:
(2-1) generating a random round register enable signal by a true random number generator;
and (2-2) determining whether the encryption algorithm is written into the register in one time or twice when the encryption algorithm is written into the register in the current round according to the random round register enabling signal.
If the write-once operation is performed, the encrypted signal is directly written into the register after the round function is operated. And if the writing is performed in two times, the register random grouping scheme is operated and comprises the steps (1-1) to (1-3).
As shown in fig. 3, the random grouping of registers and the random pre-charging are combined, so that the energy consumption of the first writing is not only the energy consumption and the inherent noise of the partial real data writing, but also the energy consumption of the random number writing of the remaining bits, and the partial energy consumption for the first writing can be regarded as noise, thereby further improving the difficulty of the first writing attack.
The method comprises the following specific steps of combining register random grouping and random pre-charging:
(3-1) operating a register random grouping scheme, writing valid data when the register is written for the first time, and simultaneously writing random numbers into the rest bits;
(3-2) writing the remaining portion of data to the register for a second time.
In order to fully excavate the potential of the power consumption attack resistance, the effective enabling digit and the residual digit of the register are randomized. When the number of the fixed register bits is small, the improvement of the power consumption attack resistance to the first writing time point is large, and on the contrary, the improvement of the power consumption attack resistance to the second writing time point is small. However, considering that only a high-order attack is possible for a power consumption attack at the second write time point and that the difficulty is large, the register fixed bit number is set to 1.
When the effective enabling bit number of the register is 1, the first power consumption attack resistance is improved to the maximum, the second power consumption attack resistance is improved to a weaker degree, a random pre-charging technology is introduced, namely, the residual bits are written into random data when part of real data is written into the register for the first time, then the residual data are written into the register when the data are written into the register for the second time, and the power consumption attack resistance of the data part written into the register for the second time is effectively improved. The writing of the 1-bit effective data and the writing of the random number into the residual bit are equivalent to the increase of the noise of the residual bit, so the difficulty of resisting power consumption attack is greatly improved. The power attack resistance of the first writing and the second writing can be improved obviously by setting the effective enabling bit number of the register to be 1.
Claims (5)
1. A power consumption attack resisting method based on register random grouping is characterized by comprising the following steps:
(1) generating a random register control signal by a true random number generator;
(2) generating a random register enabling signal according to the random register control signal, and writing a signal enabling an effective position into a register when an effective clock edge arrives;
(3) negating the enable signal of the random register to be used as the enable signal of the register when the next effective clock edge arrives; when the next valid clock edge arrives, the signals of the remaining positions are written into the register.
2. The method for resisting power consumption attack based on register random grouping according to claim 1, wherein the step (1) is preceded by:
(0-1) generating a random round register enable signal by a true random number generator;
and (0-2) determining whether the encryption algorithm is written in the register in one time or twice when the encryption algorithm is written in the register in the current round according to the random round register enabling signal.
3. The method for resisting power consumption attack based on random grouping of registers of claim 1, wherein in the step (1), the random register control signal comprises a valid enable bit number and an enable valid position.
4. The method for resisting power consumption attack based on random grouping of registers as claimed in claim 1, wherein in step (2), the signal for enabling the valid position is written into the register while the random number is written into the remaining bits.
5. The method of claim 3, wherein the number of valid enable bits is selected to be 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010811174.1A CN112069514A (en) | 2020-08-13 | 2020-08-13 | Anti-power-consumption attack method based on register random grouping |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010811174.1A CN112069514A (en) | 2020-08-13 | 2020-08-13 | Anti-power-consumption attack method based on register random grouping |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112069514A true CN112069514A (en) | 2020-12-11 |
Family
ID=73661543
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010811174.1A Withdrawn CN112069514A (en) | 2020-08-13 | 2020-08-13 | Anti-power-consumption attack method based on register random grouping |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112069514A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620523A (en) * | 2009-07-29 | 2010-01-06 | 深圳国微技术有限公司 | Random number generator circuit |
| CN102254110A (en) * | 2010-05-20 | 2011-11-23 | 中国人民解放军国防科学技术大学 | Control circuit for randomization of overturning moment of register |
| CN103324467A (en) * | 2013-05-28 | 2013-09-25 | 戴葵 | Side-channel attack resisting processor architecture based on random instruction delay |
| CN107994980A (en) * | 2017-11-21 | 2018-05-04 | 华南理工大学 | It is a kind of using the out of order technology of clock and the anti-DPA attack methods of chaos trigger |
-
2020
- 2020-08-13 CN CN202010811174.1A patent/CN112069514A/en not_active Withdrawn
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620523A (en) * | 2009-07-29 | 2010-01-06 | 深圳国微技术有限公司 | Random number generator circuit |
| CN102254110A (en) * | 2010-05-20 | 2011-11-23 | 中国人民解放军国防科学技术大学 | Control circuit for randomization of overturning moment of register |
| CN103324467A (en) * | 2013-05-28 | 2013-09-25 | 戴葵 | Side-channel attack resisting processor architecture based on random instruction delay |
| CN107994980A (en) * | 2017-11-21 | 2018-05-04 | 华南理工大学 | It is a kind of using the out of order technology of clock and the anti-DPA attack methods of chaos trigger |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8184806B2 (en) | Table masking for resistance to power analysis attacks | |
| Kong et al. | Deconstructing new cache designs for thwarting software cache-based side channel attacks | |
| CA2508160C (en) | Table masking for resistance to power analysis attacks | |
| CN102405615B (en) | The encrypted circuit that defence observation is attacked, particularly high-order observation is attacked | |
| US8213603B2 (en) | Encryption processing apparatus | |
| US8428251B2 (en) | System and method for stream/block cipher with internal random states | |
| US7720225B2 (en) | Table splitting for cryptographic processes | |
| CN103067155A (en) | Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis | |
| EP1833190A1 (en) | Table splitting for cryptographic processes | |
| CN103647638A (en) | DES masking method for resisting side-channel attack | |
| CN109086612B (en) | Embedded system dynamic data protection method based on hardware implementation | |
| US11258579B2 (en) | Method and circuit for implementing a substitution table | |
| CN103916236B (en) | Power attack prevention method oriented at AES algorithm and circuit achieving method thereof | |
| CN112422272B (en) | AES encryption method and circuit for preventing power consumption attack | |
| JP2007195132A (en) | Encryption processing apparatus | |
| CN110190951B (en) | Power consumption attack method and system for DES algorithm L register turning | |
| WO2006067665A1 (en) | Data processing device and method for operating such data processing device | |
| CN108650075A (en) | A kind of quick encryption implementation methods of soft or hard combination AES and system of preventing side-channel attack | |
| Jiang et al. | A novel cache bank timing attack | |
| CN108933653A (en) | A kind of AES encrypting and deciphering system and method based on large-scale data | |
| CN111046381A (en) | Embedded CPU anti-differential power consumption analysis device and method | |
| CN111030991A (en) | Method for defending control flow attack for data processor | |
| CN114218588A (en) | Anti-attack block cipher encryption method for multi-scene application | |
| CN109347621A (en) | The high speed AES encryption circuit of defensive collision attack based on random delay S box | |
| CN112069514A (en) | Anti-power-consumption attack method based on register random grouping |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201211 |
|
| WW01 | Invention patent application withdrawn after publication |