CN201039199Y - A byte replacement circuit for resisting power consumption attack - Google Patents
A byte replacement circuit for resisting power consumption attack Download PDFInfo
- Publication number
- CN201039199Y CN201039199Y CNU2007200841746U CN200720084174U CN201039199Y CN 201039199 Y CN201039199 Y CN 201039199Y CN U2007200841746 U CNU2007200841746 U CN U2007200841746U CN 200720084174 U CN200720084174 U CN 200720084174U CN 201039199 Y CN201039199 Y CN 201039199Y
- Authority
- CN
- China
- Prior art keywords
- unit
- circuit
- attack
- power consumption
- box
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model discloses a byte replaced circuit used for preventing a power consumption attack, which comprises a coding unit, a random switch unit, a S box unit and a recovery unit, the S box unit consists of 4 to 16 S boxes with unusual structure. The utility mode adopts the S box unit with unusual structure to displace the traditional S box unit with a single structure, inserts the switch unit at the front of an input end of the S box unit, and adds the recovery unit at the back of the input end. When suppers the attack, the utility model can conduct the selection with the data which is inputted with the attack, and not need another random number generator. On the other hand, a method which adds the number of the input random clear-text to attack the circuit of the utility mode is ineffective. The utility model does not need to adopt an unusual circuit data and a logical form, and can achieve the mode compatibility with the existing AES encrypted circuit. The utility model can remarkably increase the characteristic of preventing the power consumption attack for the byte replaced circuit, can effectively hide the keys when the AES hardware encrypts and decrypts, to lead the power consumption attack to get the wrong key.
Description
Technical field
The utility model belongs to the digital integrated circuit field, be specifically related to a kind of byte replacement circuit of anti-power consumption attack, this byte replacement circuit is exclusively used in realizes AES (high-level data encryption standard) algorithm, is particularly useful for being subjected to the hardware products such as smart card, electronic key chip and wireless senser of power consumption attack.
Background technology
On October 2nd, 2000, American National Standard and technical research institute (NIST) announce selects the Rijndael algorithm as new Advanced Encryption Standard AES (Advanced EncryptionStandard), with the DES Cipher (Data Encryption Standard) of replace old.AES is designed to a kind of cryptographic algorithm with firm security performance, and can support various mini-plants.As the successor of DES, AES is since just being received to from the standard by industrial quarters, banking and administrative department as actual password standard.
AES cryptographic algorithm flow process generally comprises byte and replaces, goes shift transformation, row mixing transformation and round key add operation, the ending wheel is slightly different, row mixing transformation not, its encryption flow as shown in Figure 1, it is as follows wherein to take turns logic: data are finished byte through the S box and are replaced, carry out the capable shift transformation of 4 32 bits then, pass through the row mixing transformation again, carry out round key with the round key of expanding out by initial key at last and add conversion.
The mode that realizes cryptographic algorithm mainly contains two kinds, and a kind of is software mode, and another kind is a hardware mode.When realizing cryptographic algorithm, be divided into embedded mode, field programmable gate array (FPGA) mode and application-specific integrated circuit (ASIC) (ASIC) mode again by hardware mode.The ASIC chip that can directly realize or support cryptographic algorithm to realize is called crypto chip, or the information security chip.At crypto chip, traditional attack method adopts mathematical measure to attack, and the cryptanalyst is used as cryptographic algorithm a kind of desirable mathematic(al) object usually and carries out modeling, thereby the fail safe of cryptographic system is analyzed.Typical case's representative that the difference of early stage introducing of generation nineteen ninety and linear analysis technology are the traditional mathematics attack method.They utilize the statistical property of cryptographic algorithm to disclose the potential vulnerability of algorithm.Another kind method is searched for the key of cryptographic system by a large amount of mathematical computations.A direct example of such attack method is exactly brute force attack: attempt all possible key, until finding correct key.Along with the enhancing of computing power, this method also more and more has feasibility, but still needs to expend a large amount of time and material resources, and if the length of key increase, attacking difficulty then can sharply increase.
At present, the most effective attack method at the AES chip is a power consumption analysis.Power consumption analysis is a kind of in the bypass attack.It is meant when encryption device moves derives operation and the involved key parameter in operation that encryption system carries out by analyzing its power consumption.Usually according to different analytical methods to power consumption, be divided into simple power analysis (Simple PowerAnalysis again, SPA), the differential power analysis (Differential Power Analysis, DPA) and the correlation power analysis (CorrelationPower Analysis, CPA).AES at FPGA and ASIC realizes adopting DPA or CPA attack finally to obtain the key of AES, and existing bibliographical information adopts the successful ASIC at AES of CPA method to attack.
The total power consumption of AES encrypted circuit comprises that byte replaces that unit, row shift transformation unit, row mixing transformation unit, round key add, the power consumption of key expansion unit and internal register.Usually comprise byte in the AES encrypted circuit of structure and replaced 16 S boxes of unit and 4 S boxes of key expansion unit, simplified in the AES encrypted circuit of structure and also comprised 4 or 8 S boxes, consumed most energy in the circuit; On the other hand, byte is replaced the unit and is directly linked to each other with register, and its input can reduce by clock institute synchronously significantly because the irrelevant power consumption of burr and caused by noise.Therefore, the realization that byte is replaced the unit is determining the area of encryption chip and the size of power consumption, and also there is material impact the while to the fail safe of chip.
The S box can adopt different hardware configuration designs.The simplest directly is exactly look-up table (LUT) structure, and the corresponding output of each input in the good inversion process of calculated in advance adds that with the inversion operation on the GF (28) affine transformation represents with the tables of searching one 8 input 8 outputs.
People such as Bertoni are at smart card, the demand of low-power consumption in mobile communication equipment and the battery supply set, the S box that has proposed DSE (Decoder-Switch-Encoder) structure is [referring to Bertoni G., Macchetti M., Negri L., Fragneto P..Power-efficient ASIC Synthesis of Cryptographic Sboxes.In Proceedings of the 1 4th ACM Great Lakes Symposium on VLSI (GLSVLSI 2004), pp.277-281.ACM Press, 2004], comprise decoding module, three parts of Switching Module and coding module.Wherein, Switching Module is only carried out line and consumed energy not; Decoding module resolves into multilevel decoding with traditional direct decoding, and seeks suitable progression; Coding module also can adopt the multilevel coding structure.
Adopt traditional y-bend decision diagram (Binary Decision Diagram, BDD) algorithm can realize that also the S box is [referring to Bryant R.E..Graph-Based algorithmsfor Boolean function manipulation.IEEE Trans.Computers, vol.C-35, no.8, pp.677-691,1986.].BDD is a kind of directed acyclic graph (DirectAcyclic Graph that represents Boolean expression, DAG), its principle be with all variablees in the logical function as the node among the BDD, according to top-down method, the value of each node is carried out bifurcated by shannon formula selects.
People such as Wolkerstorfer have proposed implementation method [the Wolkerstorfer J. that finite field is decomposed, Oswald E., Lamberger M..An ASIC Implementation ofthe AES SBoxes[C] .In Topics in Cryptology-CT-RSA 2002, vol.227 1 of Lecture Notes in Computer Science, pp.67-78.Springer-Verlag, 2002.], it has made full use of the mathematical operation rule on the finite field.Because it is contrary then simple relatively to do multiplication on GF (24), therefore, GF (28) is regarded as secondary expansion on the GF (24), thereby be each element map on the GF (28) element on the GF (24).At last, be transformed on the GF (28) in the result of calculation on the GF (24) by an inverse mapping handle again.This structure takies minimum chip area.
3 grades of PPRM structure S boxes that Marioka and Satoh propose are the improvement to finite field decomposition texture S box: adopted XOR gate to reduce propagation [the S.Morioka and A.Satoh.An optimized S-Box circuit architecturefor low power AES design.In Cryptographic Hardware and Embedded Systems-CHES 2002 of dynamic harzard, vol.2523 of Lecture Notes in Computer Science, pp.172-186.Springer-Verlag, 2002.]; Adopt time delay chain to come the time-delay in balance path to make the time of signal arrival door consistent as far as possible, reduce the invalid upset of device that dynamic harzard causes with this, to reach the purpose that reduces power consumption.
Generally speaking, byte replacement unit directly is made up of the look-up table configuration S boxes that 8 inputs 8 of 16 same structures are exported.Figure 2 shows that the schematic diagram that adopts single look-up table configuration to realize the S box, Fig. 3 is that its particular circuit configurations figure is (referring to [1] S.Morioka and A.Satoh.A 1 0-Gbps Full-AES Crypto Design With a Twisted BDD S-Box Architecture.IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol.1 2, No.7, July 2004; [2] Sbox module optimization method and optimization circuit in a kind of AES decipher circuit, number of patent application 200510085160).
For cmos circuit, the dynamic power consumption that accounts for total energy consumption ratio maximum depends on average capacitance value, supply power voltage and the clock frequency that causes the probability of consumed power incident, generation of per clock cycle switch when clock changes in this gate.Power consumption analysis is attacked the dependence of having utilized dynamic energy consumption that data are handled just.The topological structure of side circuit is very complicated, and dynamic energy consumption depends on the statistical property and the circuit technology of whole upset rate.Think that the total energy consumption of circuit and whole upset rate have the certain proportion relation but can simplify.The circuit energy consumption model of setting up based on this correlation can reflect that the conversion of current deal with data causes the change of instantaneous circuit energy consumption, so power consumption attack can utilize the energy consumption curve statistical of repeatedly measuring to separate out the variation of corresponding data position in the circuit.
In the power consumption attack of reality, if whole 128 bits are attacked, then need to carry out 2128 tests, be unacceptable in actual attack.Therefore, method commonly used is only the part key to be attacked, and adds up piecemeal then.During at AES, by common AES encrypted circuit structure as can be known, import corresponding 16 S boxes of data of 128 bits, therefore can select 8 to attack, total like this testing time is 28 * 16=212.It is 16 S boxes of same structure that the byte of common structure shown in Figure 3 is replaced the unit, its power consumption characteristics unanimity, and the power consumption that byte is replaced whole unit power consumption and each S box is a simple linear relationship.Can be easy to attack out correct result when like this, carrying out local assault.
The AES design of anti-power consumption attack has two kinds of fundamental method: a kind of is to adopt special circuit logic form to realize AES, as use differential cascade switching logic (DCVSL, Differential CascadeVoltage Switch Logic), the dynamic digital logic that perhaps fluctuates (WDDL, Wave DynamicDigital Logic) adopts difference wiring skill and in layout design, perhaps random switching logic (RSL, Random Switching Logic) etc.; Also can adopt the asynchronous circuit method for designing, strengthen the anti-power consumption attack characteristic of AES hardware circuit.Another kind method is to adopt to shelter (mask) technology, with the intermediate object program randomization of encrypting and decrypting among the AES.The deficiency of above method is to realize that comparatively complexity and cost are higher.As adopt special circuit logic way of realization, basic logic gates need increase some additional circuit in order to balance power consumption, on area and power consumption, have loss like this; The special logical form of other not with existing chip technology and domain storehouse compatibility, design like this and produce and need pay extra cost.On the other hand, if the employing macking technique need increase tandom number generator and extra masking logic and recovery logic in chip, make the hardware of AES realize that cost increases and the performance reduction like this.
Summary of the invention
The purpose of this utility model is to provide a kind of byte replacement circuit of anti-power consumption attack, and this circuit can strengthen the anti-power consumption attack characteristic of AES encrypted circuit significantly with less cost.
The byte replacement circuit of a kind of anti-power consumption attack that the utility model provides is characterized in that: this circuit comprises coding unit, random switching unit, S housing unit and recovery unit; Wherein, described coding unit carries out computing to the input data, produces a random number, and sends this random number to random switching unit and recovery unit, the operation of control random switching unit and recovery unit; The random switching unit receives the wheel data of n group 8bit and the random number that coding unit produces, and n group input data are exchanged, and makes respectively to organize data and enter isomery S box S 1~Sn randomly; The S housing unit is made of n S box, and the span of n is 4~16, has at least the structure of a S box to be different from the structure of other S box in n S box; The S housing unit carries out the byte replacement to the data of respectively organizing that receive; Data after the conversion that recovery unit is accepted with the identical random number and the S housing unit of random switching unit send return to random switching elements exchange putting in order before with the data after these conversion.
The utility model circuit adopts the S housing unit of different structure to replace the S housing unit of traditional single structure, has inserted switch element before the input of S housing unit, has added recovery unit after the output of S housing unit.All by random number control, random number is then carried out producing after the computing to the wheel data of input by coding unit for switch element and recovery unit.Be different from general covering method, when under attack, this byte replacement circuit structure can be ingenious the input data of utilization when attacking select, do not need other randomizer.On the other hand, increase input at random expressly the method for number be invalid to the attack of the circuit that the utility model proposes.Simultaneously, the method does not need to adopt special circuit structure and logical form yet, thus can with existing AES encrypted circuit implementation compatibility.The utility model can with the situation of existing process compatible under, strengthen the anti-power consumption attack characteristic of byte replacement circuit significantly with less cost, after adopting the technical solution of the utility model, can when AES hardware encipher and deciphering, effectively shelter key, thereby make power consumption attack can not get correct key.
Description of drawings
Fig. 1 is the flow chart of AES cryptographic algorithm;
Fig. 2 replaces the schematic diagram of unit for the prior art byte;
Fig. 3 replaces the circuit structure diagram of unit for the prior art byte;
Fig. 4 is the structure chart (during n=16) of the byte replacement circuit of the anti-power consumption attack of the utility model;
Fig. 5 is a kind of application example of the utility model byte replacement circuit;
Fig. 6 is a kind of implementation method of S housing unit;
Fig. 7 is the AES attack result of the byte replacement circuit of single look-up table configuration;
Fig. 8 is the AES attack result of the byte replacement circuit of single finite field decomposition texture;
Fig. 9 is for adopting the AES attack result of byte replacement circuit of the present utility model.
Embodiment
All will use byte during in the AES cryptographic algorithm each is taken turns replaces.It is nonlinear transformation unique in the aes algorithm that byte is replaced, and it is bricklayer's displacement, and this displacement comprises a S box that acts on the state byte, for each byte of state, all passes through the byte that the S box replaces to a correspondence.The S box is to be constructed by the synthetic of following two kinds of conversion:
SRD[a]=f(g(a)) (1)
At first, get the contrary g (a) of the multiplication of element a in finite field gf (28), regulation ' 00 ' contrary is it self; Secondly, the affine transformation f that passes through again on the GF (2) obtains the result.
With reference to the accompanying drawings, be the byte replacement circuit that example describes anti-power consumption attack of the present utility model in detail with 16 S boxes.Given accompanying drawing only is used for explanation, does not limit the utility model.
As shown in Figure 4, the utility model byte replacement circuit adopts the anti-power consumption attack of macking technique, comprises coding unit 1, random switching unit 2, S housing unit 3 and recovery unit 4.
1 pair of input of coding unit data are carried out computing, produce a random number, and send this random number to random switching unit 2 and recovery unit 4, the operation of control random switching unit 2 and recovery unit 4.
Being input as each and taking turns data of coding unit 1, the computing that the input data will be carried out can be provided with arbitrarily according to circuit structure.For example, can select low 16 conduct inputs of 128bit wheel data, " 1 " or " 0 " addition on these 16 bits is obtained the result as output.At this moment, if low 16 of wheel data are " 1 " entirely, then exporting the result is 16; If low 16 of the wheel data is " 0 " entirely, then exporting the result is 0.Also can directly choose wheel section data bit and directly constitute a binary number, as the output result.Owing to enter the wheel data difference that byte is replaced the unit at every turn, the input data of coding unit 1 are generally all different, and its output result is a random number.
As shown in Figure 4, the input of random switching unit 2 is divided into two parts, and a part is the random number that coding unit 1 produces, and another part is the wheel data of n group 8bit, and n is the quantity of the S box in the S housing unit 3.When n=16, the function that random switching unit 2 is finished is that 16 groups of input data are exchanged, and makes and respectively organizes data and enter isomery S box S1~S16 randomly, to reach the purpose of sheltering.
The design of random switching unit 2 employed switch functions is equivalent to following sample
{ 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15} arranges entirely, therefore, has 16 altogether! Plant rank results.When the hardware circuit of reality was realized, a part of result who only needs to get wherein constituted alternative arrangement, and this partial results is selected according to the random number of coding unit 1 output.Switch function can adopt various exchanged forms.For example, when switch function employing ring shift right, the random number of coding unit 1 output is 4 o'clock, and random switching unit 2 moves to right 16 groups of input datacycle 4 times.Like this, the 1st group of input data have moved on to the 5th group, enter S box S5; The 2nd group of input data have moved on to the 6th group, enter S box S6; The rest may be inferred for all the other.
S housing unit 3 is made of n isomery S box, n=4~1 6, the structure of S box can be look-up table configuration, DSE (Decoder-Switch-Encoder) structure, y-bend decision diagram (Binary Decision Diagram, BDD) structures such as structure, finite field decomposition texture, PPRM (Positive Polarity Reed-Muller) structure.Have at least the structure of a S box different in the S housing unit 3 with the structure of other S box.This structure has replaced the S box of traditional single structure, and they can be the S boxes of being realized by any different hardware structure, and putting in order also can combination in any, can be used for common structure or simplifies the AES encrypted circuit of structure.
The byte of carrying out of 3 pairs of inputs of S housing unit data is replaced.Each byte of input data is all passed through the byte that the S box replaces to a correspondence.For the S box of various different structures, its hardware circuit difference, the power consumption that produces also different, so can not be with power consumption equivalence the adding up that this S housing unit produced for n identical S box generation power consumption.Therefore as long as the S box of these different structures is selected at random, just can reach the effect of anti-power consumption attack.
Recovery unit 4 is inverse process of random switching unit 2.The random number input value of recovery unit 4 and random switching unit 2 is identical, through the n group input data after 2 exchanges of random switching unit, after through 3 conversion of S housing unit, send recovery unit 4 to, recovery unit 4 returns to putting in order before random switching unit 2 exchange with these data, to guarantee the correctness of subsequent operation.When the switch function of random switching unit 2 adopted ring shift right as mentioned, 4 of recovery units adopted ring shift left.Example:
As shown in Figure 5, coding unit 1 choose the wheel data low 16 by turn addition obtain random number output, the function of switch element 2 is designed to ring shift right, the function of recovery unit 4 correspondingly is designed to ring shift left, and isomery S box S 1~S 16 adopts 5 kinds of S box structures above shown in Figure 6 and puts in order.As indicated above, when the random number of coding unit 1 output is 4, the 1st group of 8bit data input random switching unit 2, enter S5 4 times through ring shift right, finish entering recovery unit 4 after byte is replaced conversion, recirculation moves to left 4 times, reverts to the 1st group of 8bit data after the processing.Equally, the 2nd group, the 3rd group ..., the 16th group of input data all will be carried out the operation of similar flow process.The coding unit 1 of this moment is an adder structure, and random switching unit 2 is the ring shift right structure of one 17 input 16 outputs, and recovery unit 4 is the ring shift left structure of one 17 input 16 outputs.
Compare with common byte replacement circuit, this invention byte replacement circuit has focused on adopting isomery S box S1~S16 to replace the S box of traditional single structure, increased coding unit by the wheel Data Control, work with random switching unit and recovery unit one, the order of S1~S16 is changed along with the variation of wheel for inputting data, whole like this AES encrypted circuit power consumption presents randomized characteristics, therefore can reach the effect of anti-power consumption attack.And this invention circuit can be ingenious utilization when attacking the wheel data of input produce random number and shelter realizing, and need in chip, not increase tandom number generator and extra masking logic and recovery logic, thereby can reduce the realization cost.
The AES decrypt circuit also can adopt to the AES encrypted circuit in similar byte replacement circuit, adopt the S box of different structure to replace traditional homogenous configuration S box, and with the ciphertext coding control signal as switch element and recovery unit, specific implementation method and AES encrypted circuit are similar.In addition, because key expansion unit also needs 4 S boxes, the therefore isomery byte replacement circuit that also can adopt the utility model to propose in key expansion unit is with the effect of the anti-power consumption attack of the hardware circuit that strengthens AES.
The experiment of the technique effect of this invention is as follows: adopt the AES canonical algorithm to realize AES encryption and decryption engine, finish the design and emulation of hardware description language after, adopt UMC 0.25 μ m technology to carry out circuit synthesis and realization.Carry out CPA and attacked experiment [S.B.Ors, F.Gurkaynak, E.Oswald, B.Preneel " Power-Analysis Attack on an ASIC AES implementation ", in the proceedings of ITCC 2004, Las Vegas, April 5-7 2004.], when the part key is 0X9C (156), import 1000 at random expressly, carry out power consumption attack.
Traditional byte replacement circuit implementation method all can be attacked, as Fig. 7, Figure 8 shows that the result when AES encrypted circuit structure that traditional single structure S box is realized is attacked.The byte replacement circuit adopts 16 single look-up table configuration S boxes among Fig. 7, and the byte replacement circuit adopts 16 single finite field decomposition texture S boxes among Fig. 8.As can be seen from Figure, the conjecture key value of coefficient correlation maximum place correspondence is 0X9C (156) just, this shows that correct part key value is come out by successful attack, and repeatedly emulation attack result of experiment shows, as long as expressly number is more than 400 in input at random, all single structure S boxes can both be gone out key value by successful attack.
Result when being illustrated in figure 9 as the AES encrypted circuit structure that adopts the byte replacement circuit that the utility model proposes and being attacked, key 0X9C (156) is successfully sheltered as can be seen.At this moment, the peak of coefficient correlation significantly departs from 0X9C, so power consumption attack will can not get correct part key.Experiment is attacked different keys, all proves the validity of this byte replacement circuit to the power consumption attack protection.Attack and test proof simultaneously, because the special construction that circuit adopts, increasing at random, the number of plaintext can't constitute a threat to the AES encrypted circuit that the byte replacement circuit that employing the utility model proposes is realized equally.
Claims (1)
1. the byte replacement circuit of an anti-power consumption attack, it is characterized in that: this circuit comprises coding unit (1), random switching unit (2), S housing unit (3) and recovery unit (4), wherein,
Described coding unit (1) carries out computing to the input data, produces a random number, and sends this random number to random switching unit (2) and recovery unit (4), the operation of control random switching unit (2) and recovery unit (4);
Random switching unit (2) receives the wheel data of n group 8bit and the random number that coding unit (1) produces, and n group input data are exchanged, and makes respectively to organize data and enter isomery S box S1~Sn randomly;
S housing unit (3) is made of n S box, and the span of n is 4~16, has at least the structure of a S box to be different from the structure of other S box in n S box; S housing unit (3) carries out the byte replacement to the data of respectively organizing that receive;
Data after the conversion that recovery unit (4) is accepted with the identical random number and the S housing unit (3) of random switching unit (2) send return to random switching unit (2) exchange putting in order before with the data after these conversion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2007200841746U CN201039199Y (en) | 2007-04-13 | 2007-04-13 | A byte replacement circuit for resisting power consumption attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNU2007200841746U CN201039199Y (en) | 2007-04-13 | 2007-04-13 | A byte replacement circuit for resisting power consumption attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201039199Y true CN201039199Y (en) | 2008-03-19 |
Family
ID=39211727
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNU2007200841746U Expired - Fee Related CN201039199Y (en) | 2007-04-13 | 2007-04-13 | A byte replacement circuit for resisting power consumption attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201039199Y (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102509145A (en) * | 2011-09-30 | 2012-06-20 | 清华大学 | Power-aware power balancing S box unit circuit and application method thereof |
| CN103001762A (en) * | 2012-11-25 | 2013-03-27 | 宁波大学 | Method for defensing zero power consumption attack on code device |
| CN104219040A (en) * | 2013-06-05 | 2014-12-17 | 上海华虹集成电路有限责任公司 | Method for preventing symmetric cryptographic algorithm from being attacked |
-
2007
- 2007-04-13 CN CNU2007200841746U patent/CN201039199Y/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102509145A (en) * | 2011-09-30 | 2012-06-20 | 清华大学 | Power-aware power balancing S box unit circuit and application method thereof |
| CN103001762A (en) * | 2012-11-25 | 2013-03-27 | 宁波大学 | Method for defensing zero power consumption attack on code device |
| CN103001762B (en) * | 2012-11-25 | 2015-08-19 | 宁波大学 | A kind of cipherware is defendd the method for null value power consumption attack |
| CN104219040A (en) * | 2013-06-05 | 2014-12-17 | 上海华虹集成电路有限责任公司 | Method for preventing symmetric cryptographic algorithm from being attacked |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101009554A (en) | A byte replacement circuit for power consumption attack prevention | |
| Mushtaq et al. | A survey on the cryptographic encryption algorithms | |
| CN107070630B (en) | A kind of fast and safely hardware configuration of aes algorithm | |
| Hell et al. | Grain: a stream cipher for constrained environments | |
| Gross et al. | Ascon hardware implementations and side-channel evaluation | |
| Bi et al. | Tunnel FET current mode logic for DPA-resilient circuit designs | |
| CN103067155A (en) | Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis | |
| CN105959107A (en) | Novel and highly secure lightweight SFN block cipher implementation method | |
| CN104301095A (en) | DES round operation method and circuit | |
| CN110190951A (en) | A kind of power consumption attack method and system for the overturning of DES algorithm L register | |
| Gross et al. | First-order masking with only two random bits | |
| Kuznetsov et al. | Stream Ciphers in Modern Real-Time IT Systems | |
| Huang et al. | Low area-overhead low-entropy masking scheme (LEMS) against correlation power analysis attack | |
| Joshi et al. | Implementation of S-Box for advanced encryption standard | |
| CN201039199Y (en) | A byte replacement circuit for resisting power consumption attack | |
| Luo et al. | Cryptanalysis of a chaotic block cryptographic system against template attacks | |
| CN103888245A (en) | S box randomized method and system for smart card | |
| CN108650072A (en) | It is a kind of to support a variety of symmetric cryptographic algorithm chips and its anti-attack circuit implementation method | |
| Nallathambi et al. | Fault diagnosis architecture for SKINNY family of block ciphers | |
| Wei et al. | New second‐order threshold implementation of AES | |
| Ahmed et al. | New algorithm for wireless network communication security | |
| Wood et al. | Constructing large S-boxes with area minimized implementations | |
| Bulygin et al. | Study of the invariant coset attack on printcipher: more weak keys with practical key recovery | |
| Kang et al. | Secure hardware implementation of ARIA based on adaptive random masking technique | |
| Tang et al. | Polar differential power attacks and evaluation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080319 |