JP2011175039A - Encryption device and decryption device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption device which is secure against side channel attacks without increasing the circuit scale. <P>SOLUTION: The encryption device 100 using an AES encryption system includes an operation part which performs operation including AddRoundKey, SubBytes, and MixColumns in this order in the first round of the rounds for calculating data by using key information, performs operation including MixColumns, AddRoundKey, and SubBytes in this order or operation including AddRoundKey, MixColumns, and SubBytes in this order one round before the last, and performs operation including AddRoundKey in the last round. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an encryption device and a decryption device.

  Smart meters used in smart grids require protection by security in order to prevent tampering of the meters, and encryption technology is applied. How to take measures against side channel attacks is important in making smart meters tamper resistant. In the smart meter, there is a demand to increase the energy efficiency by reducing the circuit scale to reduce the cost and saving power. Therefore, it is necessary to reduce the circuit scale and power even in a countermeasure against side channel attacks for improving safety.

  As an encryption technique, an AES (Advanced Encryption Standard) encryption system is known. The AES encryption method is an encryption algorithm that has become a US government standard as a successor to the DES (Data Encryption Standard) encryption method that has been used for a long time.

  Side channel attacks such as SPA (Simple Power Analysis) and DPA (Differential Power Analysis) are attracting attention as attacks on cryptographic devices (for example, Non-Patent Document 1). Since these side channel attacks are passive attacks in which only power and electromagnetics are measured, there is a problem that no trace remains.

  As a countermeasure against the conventional side channel attack, a measure using random number masks is used to disturb the value in the middle of the calculation so that the information is meaningless even if information is leaked (for example, Non-patent document 2).

S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks Revealing the Secrets of Smart Cards, Chapter 6. Differential Power Analysis, pp. 119-165, Springer, 2007. S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks Revealing the Secrets of Smart Cards, Chapter 9. Masking, pp. 223-244, Springer, 2007.

  However, the random number generation process is a relatively heavy process, and the method using a random number as in Non-Patent Document 2 has a problem that the speed, circuit scale, power, and the like are adversely affected.

  The present invention has been made in view of the above, and an object of the present invention is to provide an encryption device and a decryption device that are safe against a side channel attack without increasing the circuit scale.

  The present invention is an AES (Advanced Encryption Standard) encryption device, and in the first round of calculating data using key information, AddRoundKey, SubBytes, and MixColumns are arranged in this order. In the last previous round, perform an operation that includes MixColumns, AddRoundKey, and SubBytes in this order, or an operation that includes AddRoundKey, MixColumns, and SubBytes in this order. It is characterized by including a calculation unit that performs a calculation including AddRoundKey in a round.

  The present invention is also an AES (Advanced Encryption Standard) decryption device, which performs an operation including InvAddRoundKey in the first round among the rounds in which data is calculated using key information. In a later round, an operation that includes InvSubBytes, InvAddRoundKey, and InvMixColumns in this order, or an operation that includes InvSubBytes, InvMixColumns, InvAddRoundKey in this order, um, v A calculation unit that performs a calculation including InvAddRoundKey in this order is provided.

  According to the present invention, it is possible to provide an encryption device and a decryption device that are safe against a side channel attack without increasing the circuit scale.

The figure which shows the encryption processing procedure of an AES encryption system without a side channel attack countermeasure. The circuit diagram which shows an example of the encryption apparatus which implement | achieves the procedure of FIG. The figure which shows the value of the intermediate result d stored in a flip-flop at each clock. The figure which shows the Hamming distance of the intermediate result d of a continuous clock. The figure which shows the encryption processing procedure of the AES encryption system by 1st Embodiment. 1 is a circuit diagram showing an example of an encryption device according to a first embodiment. The figure which shows the structural example of AddRoundKey. The figure which shows the structural example of SubBytes. The figure which shows the structural example of ShiftRows. The figure which illustrates the correspondence of the byte rearranged by ShiftRows. The figure which shows the structural example of MixColumns. The figure which shows the value of the intermediate result d stored in a flip-flop at each clock. The figure which shows the Hamming distance of the intermediate result d of a continuous clock. The circuit diagram which shows an example of the encryption apparatus concerning the modification of 1st Embodiment. The figure which shows the decoding process procedure of the AES encryption system without a side channel attack countermeasure. The figure which shows the decryption process sequence of the AES encryption system by 2nd Embodiment. A circuit diagram showing an example of a decoding device of a 2nd embodiment. The figure which shows the value of the intermediate result d stored in a flip-flop at each clock. The figure which shows the Hamming distance of the intermediate result d of a continuous clock. The figure which shows the example of 1 structure of the next-generation electric power network of 3rd Embodiment. The block diagram which shows the structural example to which the smart meter and MDMS were connected. The block diagram which shows the structural example to which HEMS and EMS were connected.

  Exemplary embodiments of an encryption device according to the present invention will be explained below in detail with reference to the accompanying drawings.

(First embodiment)
The encryption device according to the first embodiment sets the processing order in each round calculation of SubBytes, ShiftRows, MixColumns, and AddRoundKey, which are four conversion functions defined in the AES encryption method, with a predetermined condition. Change to meet. This makes it possible to realize an encryption device that is safe against side channel attacks without generating random numbers.

  First, an outline of DPA will be described. DPA is an attack in which a key is extracted by measuring the power consumption of a circuit that has performed data processing. Note that the power consumption of the circuit varies depending on the contents of the processed data. In DPA, since the power consumption during the encryption process can also be used for the attack, an efficient attack is possible.

  In the case of hardware configured with CMOS logic that is generally used at present, power is consumed when the output of the logic element changes. For example, assuming that the power consumption when the output of a certain circuit changes from 4 bits of “0000” to 1 bit from “0001” is 1 unit, when the power is changed from “0000” to “1111”, 4 units of power are Will consume. Further, when all the bits are inverted such as “1010” to “0101”, the power consumption is 4 units. When the output does not change at all from “1010” to “1010”, no power is consumed. That is, the Hamming distance between the previous output value and the current output value can be observed from the outside as power consumption. DPA attacks by observing this power consumption.

DPA attacks in the following procedure.
(1) Predict the Hamming distance during processing assuming a certain key (2) Calculate the similarity between the measured power consumption and the predicted Hamming distance (3) The similarity is the highest for a plurality of measurement data When a high key is determined to be a winning key, it is difficult to determine the assumed key unless it is as small as about 8 bits. For the similarity, a function such as an average of a difference or a correlation coefficient is used.

  As described above, in the conventional DPA countermeasures, a mask process is performed in which a random number is applied to data to be processed before processing, and the influence of the random number is removed from the processed data. This is based on the principle that even if the key information can be extracted from the power consumption, the key information is based on the information agitated by the random number, and therefore the true key cannot be extracted. The use of a random number generator for masking results in increased circuit scale and increased power consumption.

  In the case of mounting by hardware, a countermeasure has been proposed in which a noise generation source is provided to reduce the SN ratio and increase the number of waveforms required for DPA. In addition, there is a method to make a circuit configuration such as a dual rail, which is devised so that power changes do not occur in the first place by performing redundant encoding so that the Hamming distance during processing is constant no matter what data is input. Proposed. However, the noise generation source consumes electric power, and there is a problem that the dual rail is several times larger in circuit scale and electric power consumption.

  In general, hardware is composed of a storage unit composed of flip-flops and a combinational circuit. From the viewpoint of DPA, since the flip-flop moves in synchronization with the clock, it is easy to predict the Hamming distance. On the other hand, the timing of the combinational circuit is indefinite, and it is difficult to predict the Hamming distance. In addition, since the flip-flop consumes more power than the combinational circuit, the power consumption is easy to measure. That is, since the flip-flop is more vulnerable to DPA than the combinational circuit, it is necessary to protect the flip-flop appropriately.

  Next, an outline of the AES encryption method will be described. An encryption apparatus using the AES encryption method includes a data agitation unit and a key schedule unit. The data stirring unit includes the above four conversion functions. In the AES encryption method, encryption processing is performed by applying these four conversion functions a plurality of times in a predetermined order. Further, the decryption process by the AES encryption method includes the inverse functions (InvSubBytes, InvShiftRows, InvMixColumns, InvAddRoundKey) of the above four conversion functions. The decryption process is executed by applying these inverse functions in the reverse order to the conversion function of the encryption process.

In the following, the following abbreviations are used for each function.
SB: SubBytes
SR: ShiftRows
MC: MixColumns
AK: AddRoundKey
SB- ¹ : InvSubBytes
SR- ¹ : InvShiftRows
MC- ¹ : InvMixColumns
AK ^-1 : InvAddRoundKey

  Among the conversion functions of the AES encryption method, there are functions whose operation results do not change even if the processing order is changed. As will be described later, SB is a function that performs independent processing in units of bytes. SR is a function for rearranging bytes. Therefore, the result does not change between SB and SR even if the processing order is changed. Similarly, the processing order of MC and AK can be changed with conditions.

  Each round of encryption processing by the AES encryption method uses different key information (round key). Therefore, the first round is affected by one round key, and the second round is affected by two round keys. In other words, the intermediate result of the first round can be calculated from the input and one round key. From the perspective of DPA, the closer to the input, the easier it is to predict and the more difficult the prediction is because the number of related round keys increases as one proceeds to the previous round. The same can be said for the output side. That is, for example, when predicting from the output side using the above inverse function or the like, the prediction is easier in the round closer to the output.

  Thus, in DPA, it is difficult to attack a round key of an intermediate round, and a round close to input or output is attacked. Therefore, in order to increase the efficiency of DPA countermeasures, it is conceivable that a round close to the input or output is adequately taken, and a round closer to the input or output is not taken or not taken at all in the middle round.

  Next, a normal AES encryption processing procedure without a side channel attack countermeasure will be described with reference to FIG. FIG. 1 is a diagram showing an AES encryption method without a side channel attack countermeasure.

  As shown in FIG. 1, in the normal AES encryption method, four conversion functions are executed in the order of AK → SB → SR → MC, and only the last is executed in the order of AK → SB → SR → AK. The vertical lines in FIG. 1 indicate that the encryption process is divided according to the processing procedure described in FIPS-197, which is the standard for the AES encryption method. That is, the plaintext data m is input at clock 0, the result converted by AK is latched at clock 1, the result converted by SB → SR → MC → AK is latched at clock 2, and each round is processed in the same manner. Only the last round is converted by SB → SR → AK. Then, the result latched by the clock 11 is output as encrypted data c. As in FIG. 1, in the first embodiment, one round of the AES encryption method is executed with one clock.

  FIG. 2 is a circuit diagram showing an example of the encryption device 1 that implements the procedure described in FIG. The encryption device 1 includes a flip-flop 11, a selector 12, an SB 13, an SR 14, an MC 15, and AKs 16a to 16c.

  The flip-flop 11 stores the intermediate result d. The selector 12 selects and outputs predetermined data at each clock among the five inputs. In FIG. 2, the numerical value described at the top of the selector 12 represents a clock.

  At clock 0, the selector 12 selects the plain text data m and writes it as the intermediate result d in the flip-flop 11. At clock 1, the selector 12 selects the result obtained by converting the intermediate result d by the AK 16 a and writes the result as the intermediate result d in the flip-flop 11. From clock 2 to clock 10, the selector 12 selects the result obtained by converting the intermediate result d by SB13.fwdarw.SR14.fwdarw.MC15.fwdarw.AK16b and writes it to the flip-flop 11 as the intermediate result d. In the clock 11, the selector 12 selects the result obtained by converting the intermediate result d by SB 13 → SR 14 → AK 16 c and writes the result as the intermediate result d in the flip-flop 11.

  If it is not any clock, the selector 12 selects the intermediate result d and writes it back to the flip-flop 11 as the intermediate result d. After clock 11, encrypted data c is output as a result of the encryption process.

  As described above, even if the order of SB13 and SR14 is changed, the result does not change. Further, as described in FIPS-197, MC15 and AK16b can be interchanged.

FIG. 3 is a diagram showing the value of the intermediate result d stored in the flip-flop 11 at each clock. In FIG. 3, the value of the intermediate result d is expressed by an expression. For convenience of explanation, in FIG. 3, “+” represents an exclusive OR, and S (x) = SR (SB (x)) and M (x) = MC (x). ^{Further, S -1 (x) = SR} -1 (SB -1 (x)), and ^{M -1 (x) = MC -1} (x). AK is expressed as x + kn to indicate the number of the round key to be used. kn represents a round key used in round n (n is an integer satisfying 0 ≦ n ≦ 10). The clocks 3 to 8 are omitted because of complicated expressions.

  FIG. 4 is a diagram illustrating the Hamming distance of the intermediate result d of successive clocks. For example, the first row represents the difference (Hamming distance) between the intermediate result d of clock 0 and the intermediate result d of clock 1. Hereinafter, this value is referred to as “d Hamming distance”.

DPA is applicable when the dhamming distance equation satisfies the following four conditions.
(1) including plaintext data m or encrypted data c (2) including only one kind of round key kn (3) not including M or M ⁻¹ (4) including only one S or S ⁻¹

  The “hamming distance of d” between clock 0 and clock 1 in the first row in FIG. 4 satisfies (2) and (3), but does not satisfy (1) and (4). For this reason, DPA cannot be applied. The “dhamming distance of d” between clock 1 and clock 2 in the second row in FIG. 4 satisfies (1) and (4), but does not satisfy (2) and (3). For this reason, DPA cannot be applied. Since the “dhamming distance of d” between the clock 9 and the clock 10 in the third row in FIG. 4 does not satisfy all the conditions, DPA cannot be applied. Since the “dhamming distance of d” between the clock 10 and the clock 11 in the fourth row in FIG. 4 satisfies all the conditions, DPA can be applied.

  Here, the case of the first line in FIG. 4 will be supplemented. Since the round key k0 is a fixed value and does not depend on the message (plain text data m), there is no amount of information that can be obtained no matter how many times the measurement is performed while changing the message. This means that the condition (1) is essential.

  It supplements about the case of the 2nd line of FIG. Since M is included in the dhamming distance formula of d, one byte with d hamming distance always depends on 32 bits of m, 32 bits of round key k0, and 8 bits of round key k1. . Therefore, unless 40 bits are assumed for the round key, the Hamming distance of d cannot be predicted. For this reason, DPA cannot be applied. This means that the condition (3) is essential.

  Note that the conventional measure for applying a mask by applying a random number stirs the value of the intermediate result d. As a result, even if the DPA is applicable to the conditions such as the Hamming distance of the clock 10 and the clock 11 d, the extracted value depends on the mask (random number). As a countermeasure, correct key information cannot be extracted.

  On the other hand, in the first embodiment, a side channel attack countermeasure is performed using a principle different from the conventional countermeasure. That is, in any round (clock), the circuit configuration is such that the Hamming distance of d obtained as shown in FIG. 4 does not satisfy the conditions (1) to (4).

  FIG. 5 is a diagram showing an encryption processing procedure of the AES encryption method according to the first embodiment. As shown in FIG. 5, the plaintext data m is input at clock 0, the result of conversion by AK → SB → SR → MC is latched at clock 1 to clock 4, and the result of conversion by AK → SB → SR at clock 5 The clock 6 to the clock 10 latch the result converted by MC → AK → SB → SR, and the clock 11 latches the result converted by AK and outputs it as encrypted data c. FIG. 5 and FIG. 1 differ only in the latch timing.

  If a triplet (AK, SB, SR) such as clock 5 in FIG. 5 is placed near the input or output, DPA becomes possible. For this reason, in FIG. 5, it is moved to the round near the center (round 5) far from the input and output. Note that the triplet is not limited to the clock 5. Like clock 3 and clock 4, it may be closer to the input than round 5, and may be closer to output than round 5 like clock 6 and clock 7.

  FIG. 6 is a circuit diagram illustrating an example of the encryption device 100 according to the first embodiment that implements the procedure described in FIG. 5. The encryption device 100 includes a flip-flop 111, a selector 112, SBs 113a and 113b, SRs 114a and 114b, MCs 115a and 115b, and AKs 116a to 116c. Note that FIG. 6 shows a main configuration of a calculation unit that performs calculations for each round of the AES encryption method. The encryption device 100 may further include an input unit that inputs data to be encrypted, a storage unit that stores key information, and the like.

  The flip-flop 111 stores the intermediate result d. The selector 112 selects and outputs predetermined data at each clock among the six inputs. In FIG. 6, the numerical value described in the upper part of the selector 12 represents a clock.

  At clock 0, the selector 112 selects the plaintext data m and writes it as the intermediate result d in the flip-flop 111. From clock 1 to clock 4, the selector 112 selects the result obtained by converting the intermediate result d by AK116a → SB113a → SR114a → MC115a, and writes the result as the intermediate result d in the flip-flop 111. At clock 5, the selector 112 selects the result obtained by converting the intermediate result d by AK116a → SB113a → SR114a, and writes the result as the intermediate result d in the flip-flop 111. From clock 6 to clock 10, the selector 112 selects a result obtained by converting the intermediate result d by MC 115b → AK 116b → SB 113b → SR 114b, and writes the selected result to the flip-flop 111 as the intermediate result d. In the clock 11, the selector 112 selects the result obtained by converting the intermediate result d by the AK 116 c and writes it as the intermediate result d in the flip-flop 11.

  If it is not any clock, the selector 112 selects the intermediate result d and writes it back to the flip-flop 111 as the intermediate result d. After clock 11, encrypted data c is output as a result of the encryption process.

  As described above, even if the order of SB113 and SR114 is changed, the result does not change. Also, as described in FIPS-197, MC 115 and AK 116 can be interchanged. In addition, although FIG. 6 illustrates an example in which the triplet (AK116a, SB113a, SR114a) is executed by the clock 5, the triplet may be executed by any of the clock 2 to the clock 9.

  Next, configuration examples of the four functions of the AES encryption method will be described with reference to FIGS. Hereinafter, an example in which the key length is 128 bits will be described.

  FIG. 7 is a diagram illustrating a configuration example of the AddRoundKey (AK116). As shown in FIG. 7, AddRoundKey outputs 128-bit data that is an exclusive OR of a 128-bit round key (k0 to k10) and 128-bit input data in each round.

  FIG. 8 is a diagram illustrating a configuration example of SubBytes (SB113). As shown in FIG. 8, SubBytes processes 128-bit input data by dividing it into 16 8-bit data.

  FIG. 9 is a diagram illustrating a configuration example of ShiftRows (SR114). As shown in FIG. 9, ShiftRows divides 128-bit input data into 16 8-bit data and rearranges them. FIG. 9 shows that each 8-bit data obtained by dividing the input data is rearranged at the position indicated by the tip of the arrow.

  FIG. 10 is a diagram illustrating a correspondence relationship of bytes rearranged by ShiftRows. FIG. 10 shows the correspondence between input bytes and output bytes when rearranged in the order shown in FIG.

  FIG. 11 is a diagram illustrating a configuration example of MixColumns (MC115). As shown in FIG. 11, MixColumns processes 128-bit input data by dividing it into four 32-bit data.

  Next, the intermediate result d output at each clock in the case of the circuit configuration as shown in FIG. 6 will be described. FIG. 12 is a diagram illustrating the value of the intermediate result d stored in the flip-flop 111 at each clock. FIG. 12 represents the value of the intermediate result d by an expression as in FIG.

  FIG. 13 is a diagram showing the Hamming distance of the intermediate results d of successive clocks calculated from the intermediate results d of FIG. As shown in FIG. 13, according to the circuit configuration of the first embodiment (FIG. 6), it can be seen that the hamming distance of d does not satisfy the above four conditions in all clocks.

  The circuit configuration that does not satisfy the above four conditions is not limited to FIG. Among the rounds in which data is calculated using a round key, calculation is performed in the order of AK → SB → MC in the first round, and MC → AK → SB in the last previous round, or AK → MC → Any circuit may be used as the calculation unit of the encryption apparatus 100 as long as the calculation is performed in the order of SB and the calculation including AK is performed in the last round.

  In such a circuit, since MC is executed in the first round, M (MC) is always included in the expression of the Hamming distance of d from the next round (clock). In addition, since MC is executed in the last previous round, the formula of d's Hamming distance from the last round always includes M (MC). Therefore, since the condition (3) is not satisfied, DPA cannot be applied to these rounds (clocks).

  In each round from 2 rounds to 2 rounds before the last round, at least two round keys are included in the dhamming distance formula. Therefore, since the condition (2) is not satisfied, DPA cannot be applied to these rounds.

  As such a circuit, for example, the calculation is performed in the order of AK → SB in round 5, the calculation is performed in the order of SR → MC → AK → SB in round 6 and after, and the calculation of SR → AK is performed in the last round. The circuit to perform is mentioned. Moreover, you may comprise so that only SR of arbitrary rounds in each round of such a circuit may be calculated with an independent clock (round).

  In the first round, SR may be inserted at any location other than after MC. Specifically, in the first round, SR may be executed before AK, before SB, and before MC.

  Further, in the last previous round, SR may be inserted at any location as long as it is after MC. Specifically, in the last previous round, when calculating in the order MC → AK → SB, SR is executed after MC, after AK, or after SB. What is necessary is just to comprise. Further, when calculating in the order of AK → MC → SB, the SR may be executed either after the MC or after the SB.

  FIG. 14 is a circuit diagram illustrating an example of the encryption device 200 according to the modification of the first embodiment. FIG. 14 shows an example of an equivalent circuit of the circuit of FIG. As shown in FIG. 14, the encryption apparatus 200 includes a flip-flop 111, a selector 112-2, an SB 113, an SR 114, MCs 115a and 115b, AKs 116a and 116c, and a selector 121.

  The circuit of FIG. 14 is functionally equivalent to that of FIG. 6, but the circuit scale is reduced by sharing the part of AK116a → SB113 → SR114. Compared with the circuit of FIG. 2, the circuit of FIG. 14 has only one MC and selector 121 increased.

  As described above, in the encryption apparatus according to the first embodiment, the processing order in each round calculation of SubBytes, ShiftRows, MixColumns, and AddRoundKey of the AES encryption method is rearranged to an order that satisfies the conditions that DPA cannot apply. To calculate. As a result, it is possible to realize an encryption device that has a circuit scale and power consumption comparable to those of AES that has not been addressed and that is safe against side channel attacks without generating random numbers. In order to further increase the safety, it can be used in combination with a conventional countermeasure against side channel attacks.

(Second Embodiment)
In the second embodiment, an example will be described in which the same method as that of the encryption device of the first embodiment is applied to a decryption device of the AES encryption method.

  First, a normal AES decoding process procedure without a side channel attack countermeasure will be described with reference to FIG. FIG. 15 is a diagram showing a decryption processing procedure of the AES encryption method without a side channel attack countermeasure.

As shown in FIG. 15, in the normal AES encryption method, the above four inverse functions are executed in the order of SR ⁻¹ → SB ⁻¹ → AK ⁻¹ → MC ⁻¹ and only SR ⁻¹ → SB ⁻¹ → Execute in the order of AK- ¹ .

FIG. 16 is a diagram illustrating a decryption process procedure of the AES encryption method according to the second embodiment. As shown in FIG. 16, the encrypted data c is input at clock 0, the result of conversion from SR ⁻¹ → SB ⁻¹ → AK ⁻¹ → MC ⁻¹ is latched at clock 1 to clock 4, and at clock 5 The result converted by SR ⁻¹ → SB ⁻¹ → AK ⁻¹ is latched, and from clock 6 to clock 10, the result converted by MC ⁻¹ → SR ⁻¹ → SB ⁻¹ → AK ⁻¹ is latched, and plaintext data Output as m.

FIG. 17 is a circuit diagram illustrating an example of the decoding device 300 according to the second embodiment that implements the procedure described in FIG. 16. The decoding device 300 includes a flip-flop 311, a selector 312, SB- ¹ 313a, 313b, SR- ¹ 314a, 314b, MC- ¹ 315a, 315b, and AK- ¹ 316a-316c. .

  As illustrated in FIG. 17, the decryption device 300 converts the inverse function corresponding to each conversion function in the circuit diagram (FIG. 6) of the encryption device 100 according to the first embodiment to the execution order of each conversion function in FIG. 6. The circuit is executed in the reverse order.

  FIG. 18 is a diagram illustrating the value of the intermediate result d stored in the flip-flop 311 at each clock. FIG. 18 represents the value of the intermediate result d by an expression as in FIGS. 3 and 12.

  FIG. 19 is a diagram illustrating the Hamming distance of the intermediate result d of successive clocks calculated from the intermediate result d of FIG. As shown in FIG. 19, according to the circuit configuration of the second embodiment (FIG. 17), it can be seen that the hamming distance of d does not satisfy the above four conditions in all clocks.

The circuit configuration that does not satisfy the above four conditions is not limited to FIG. Among the rounds in which data is calculated using a round key, an operation including AK ⁻¹ is performed in the first round, and in the order of SB ⁻¹ → AK ⁻¹ → MC ⁻¹ in the first subsequent round, or If the calculation is performed in the order of SB ⁻¹ → MC ⁻¹ → AK ⁻¹ and the calculation is performed in the order of MC ⁻¹ → SB ⁻¹ → AK ^{−1 in} the last round, the calculation unit of the decoding device 300 Any circuit may be used.

In such a circuit, MC ⁻¹ is executed in the first round after the first round. Therefore, the expression of the Hamming distance of d between the first round (clock) is always M ⁻¹ (MC ^{− 1} ) is included. In addition, since MC ⁻¹ is executed in the last round, MC ⁻¹ is always included in the expression of the Hamming distance of d between the last previous round and the last round. Therefore, since the condition (3) is not satisfied, DPA cannot be applied to these rounds (clocks).

  In each round from 2 rounds to 2 rounds before the last round, at least two round keys are included in the dhamming distance formula. Therefore, since the condition (2) is not satisfied, DPA cannot be applied to these rounds.

In the first round after the first, SR- ¹ may be inserted at any location as long as it is before MC- ¹ . Specifically, the first one after the rounds, when calculating the order of ^{SB -1} → ^{AK -1} → ^{MC -1} is the previous ^{SB -1,} prior to ^{AK -1,} and, ^{MC -1} What is necessary is just to comprise so that SR- ¹ may be performed in either of. Further, when calculating in the order of SB ⁻¹ → MC ⁻¹ → AK ⁻¹ , SR ⁻¹ may be executed either before SB ⁻¹ or before MC ^−1. .

In the last round, SR- ¹ may be inserted at any location as long as it is after MC- ¹ . Specifically, in the last round, SR ⁻¹ may be executed after MC ⁻¹ , after SB ⁻¹ , and after AK ⁻¹ .

  As described above, in the decryption device according to the second embodiment, the same technique as that of the encryption device according to the first embodiment can be applied to the decryption process of the AES encryption method. As a result, it is possible to realize a decryption device that has a circuit scale and power consumption comparable to that of AES that has not been addressed and that is safe against side channel attacks without generating random numbers.

(Third embodiment)
In the third embodiment, an embodiment applied to a smart grid will be described. A smart grid is a next-generation power network that is built to stabilize power quality when using renewable energy such as solar power and wind power in addition to conventional power generation such as nuclear power and thermal power.

  FIG. 20 is a diagram illustrating a configuration example of the next-generation power network according to the third embodiment. In the next-generation power network, a smart meter 3010a for collecting power consumption and a home energy management system (HEMS) 3020 that is a home server for managing home appliances are installed in each home. In addition, for commercial buildings, a BEMS (Building Energy Management System) 3030, which is a server for managing electrical devices in the building, is installed for each building. In a commercial building, a smart meter 3010b similar to the smart meter 3010a is installed. Hereinafter, the smart meters 3010a and 3010b are simply referred to as a smart meter 3010.

  The smart meter 3010 is grouped into several units by a repeater (concentrator 3040) called a concentrator, and communicates with an MDMS (Meter Data Management System) 3050 which is a meter data management system via a communication network. The MDMS 3050 receives and stores the power usage from the smart meter 3010 in each home at regular intervals. An EMS (Energy Management System) 3060, which is an energy management system, is based on the power consumption of a plurality of households collected in the MDMS 3050 or information from sensors installed in the power system, and the smart meter 3010 and the HEMS 3020 of each household. Power control such as requesting to suppress power usage. The EMS 3060 is connected to a distributed power source 3080 such as solar power generation or wind power generation connected to an RTU (Remote Terminal Unit) 3071 which is a remote terminal unit, a power storage device 3090 connected to the RTU 3072, and an RTU 3073. Control is performed to stabilize the voltage and frequency of the entire grid by controlling the power transmission and distribution control device 3100 that controls the power generation side.

  FIG. 21 is a block diagram illustrating a configuration example in which a smart meter 3010 and an MDMS 3050 are connected. Smart meter 3010 performs encrypted communication with MDMS 3050. A concentrator 3040 exists on the communication path, but the concentrator 3040 only relays encrypted communication.

  For example, the encryption / decryption unit 421 of the communication unit 420 connected to the measurement unit 410 encrypts the measurement value using the AES key information, and sends the measurement value encrypted by the transmission / reception unit 422 of the communication unit 420 to the MDMS 3050. The transmission / reception unit 422 of the MDMS 3050 receives the encrypted measurement value, and the encryption / decryption unit 421 of the MDMS 3050 decrypts the encrypted measurement value using the held AES key information. Thereby, even if communication is intercepted on a communication path, an interceptor cannot know a measured value. Alternatively, a control command may be sent from the MDMS 3050 to the measurement unit 410. For example, control commands such as stop and start of measurement and an instruction to send measurement data. The encryption / decryption unit 421 of the MDMS 3050 encrypts the control command using the AES key information, and the transmission / reception unit 422 of the MDMS 3050 transmits the encrypted control command to the communication unit 420 of the smart meter 3010. The transmission / reception unit 422 of the communication unit 420 receives the encrypted control command, the encryption / decryption unit 421 of the communication unit 420 decrypts the encryption control command using the AES key information, and sends the control command to the measurement unit 410. send. Alternatively, power usage amount data is stored in a storage area of a storage device (not shown) provided in the smart meter 3010, and the encryption / decryption unit 421 of the communication unit 420 uses the AES key information to store the power usage amount. The data is encrypted, and the transmission / reception unit 422 of the communication unit 420 transmits the encrypted power usage data to the MDMS 3050. The transmission / reception unit 422 of the MDMS 3050 receives the encrypted power usage data, and the encryption / decryption unit 520 of the MDMS 3050 decrypts the encrypted power usage data using the AES key information. Here, the encryption / decryption unit 421 of the smart meter 3010 includes the encryption device (100, 200) of the first embodiment and the decryption device (300) of the second embodiment. The plain text data m of the first embodiment corresponds to the measurement value and control command of the present embodiment, and the encrypted data c of the first embodiment is the encrypted measurement value (power) of the present embodiment. Usage) and encrypted control commands.

  FIG. 22 is a block diagram illustrating a configuration example in which the HEMS 3020 and the EMS 3060 are connected. The encryption / decryption unit 720 of the EMS 3060 encrypts the control information, and the transmission / reception unit 710 of the EMS 3060 transmits the encrypted control information to the transmission / reception unit 622 in the communication unit 620 of the HEMS 3020. The transmission / reception unit 622 of the HEMS 3020 receives the encrypted control information, and the encryption / decryption unit 621 in the communication unit 620 of the HEMS 3020 decrypts the encrypted control information. The decoded control information is received by the control unit 640 of the HEMS 3020, and the control unit 640 controls devices in the home based on the control information. Further, the following operation may be performed. The device status information indicating the status of devices in the home is encrypted by the encryption / decryption unit 621 of the HEMS 3020 from the control unit 640 of the HEMS 3020, and the transmission / reception unit 622 of the HEMS 3020 transmits the data to the EMS 3060. The device status information encrypted by the transmission / reception unit 720 of the EMS 3060 is decrypted by the encryption / decryption unit 720 of the EMS 3060, and the decrypted device status information is used by the EMS 3060 for subsequent control. Here, the encryption / decryption unit 621 of the HEMS 3020 includes the encryption device (100, 200) of the first embodiment and the decryption device (300) of the second embodiment. The plain text data m of the first embodiment corresponds to the control information and device status information of the present embodiment, and the encrypted data c of the first embodiment is the encrypted control information of the present embodiment Corresponds to encrypted device status information.

  Thus, in the third embodiment, unauthorized use of data can be prevented for data used in the next-generation power network, which is a field different from content protection.

  Next, the hardware configuration of the device (encryption device or decryption device) of the first to third embodiments will be described.

  The devices according to the first to third embodiments are connected to a control device such as a CPU (Central Processing Unit), a storage device such as a ROM (Read Only Memory) and a RAM (Random Access Memory), and a network. Connects the communication I / F, external storage devices such as HDD (Hard Disk Drive) and CD (Compact Disc) drive devices, display devices such as display devices, input devices such as keyboards and mice, etc. And a hardware configuration using an ordinary computer.

  It should be noted that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the above embodiments. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

100, 200 Encryption device 111 Flip-flop 112 Selector 113 SB (SubBytes)
114 SR (ShiftRows)
115 MC (MixColumns)
116 AK (AddRoundKey)
300 Decoder 311 Flip-flop 312 Selector 313 SB ^-1 (InvSubBytes)
314 SR ^-1 (InvShiftRows)
315 MC ^-1 (InvMixColumns)
316 AK ^-1 (InvAddRoundKey)

Claims (4)

An AES (Advanced Encryption Standard) encryption system encryption device,
Of the rounds that calculate data using key information,
In the first round, an operation that includes AddRoundKey, SubBytes, and MixColumns in this order is performed.
In the last round, perform an operation that includes MixColumns, AddRoundKey, and SubBytes in this order, or an operation that includes AddRoundKey, MixColumns, and SubBytes in this order.
An encryption apparatus comprising: an operation unit that performs an operation including AddRoundKey in the last round. The computing unit is
In the first round, perform an operation that includes ShiftRows before any of AddRoundKey, SubBytes, and MixColumns,
In the last previous round, an operation that includes MixColumns, AddRoundKey, and SubBytes in this order, and that includes MixColumns, AddRoundKey, and SubBytes followed by ShiftRum and KdRund, In this order, and perform an operation including ShiftRows after either MixColumns or SubBytes.
The encryption device according to claim 1. A decryption device of AES (Advanced Encryption Standard) encryption method,
Of the rounds that calculate data using key information,
In the first round, perform an operation involving InvAddRoundKey,
In the first subsequent round, perform an operation that includes InvSubBytes, InvAddRoundKey, and InvMixColumns in this order, or an operation that includes InvSubBytes, InvMixColumns, and InvAddRoundKey in this order.
A decoding apparatus comprising: a calculation unit that performs a calculation including InvMixColumns, InvSubBytes, and InvAddRoundKey in the last round in this order. The computing unit is
In the first round after, InvSubBytes, InvAddRoundKey, InvMixColumns are included in this order, and InvSubBytes, InvAddRoundKey, InvMixColumn, InvSyM, and InvMixIns Includes InvAddRoundKey in this order, performs an operation that includes InvShiftRows before either InvSubBytes or InvMixColumns,
In the last round, InvMixColumns, InvSubBytes, InvAddRoundKey are included in this order, InvMixColumns, InvSubBytes, and InvAddRoundKey are performed after InvShiftRows
The decoding device according to claim 3.

Images