KR20140072283A - Method and apparatus of a masking countermeasure against side channel analysis - Google Patents
Method and apparatus of a masking countermeasure against side channel analysis Download PDFInfo
- Publication number
- KR20140072283A KR20140072283A KR1020120137167A KR20120137167A KR20140072283A KR 20140072283 A KR20140072283 A KR 20140072283A KR 1020120137167 A KR1020120137167 A KR 1020120137167A KR 20120137167 A KR20120137167 A KR 20120137167A KR 20140072283 A KR20140072283 A KR 20140072283A
- Authority
- KR
- South Korea
- Prior art keywords
- random number
- masking
- generating
- random
- generator
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/046—Masking or blinding of operations, operands or results of the operations
Abstract
Description
The present invention relates to a subchannel analysis prevention masking method, and more particularly, to a method and apparatus for generating a new random number by using a pseudo random number generation logic based on LFSR, for reducing random number generation time or calculation time using a conventional random number generator A subchannel analysis prevention masking method capable of efficiently performing a random number generation and cryptographic operation and preventing a high order subchannel analysis by making it possible to perform the remaining necessary operations using one random number, ≪ / RTI >
Generally, a masking technique is a typical method for preventing subchannel analysis of a cryptographic algorithm. As shown in FIG. 1, masking (S100) is performed on a random input value m with a random number (S102), which is properly modified with respect to the masked value, and unmasks (S104) it again to obtain a normal cryptographic operation value
).The subchannel analysis is a technique for extracting keys using additional information such as power and electromagnetic waves in which a cryptographic algorithm operation appears. When the masking is performed with a random number as described above, the internal calculation value of the cryptographic operation can not be inferred, Can not.
This masking technique is a very powerful subchannel analysis prevention technique. However, in order to ensure safety, the random characteristic of the random number generation logic must be guaranteed. To prevent a high order subchannel analysis, a new random value is used for each round operation. A masking operation must be performed.
However, most systems require a longer computation time and additional logic to generate a random number than a cryptographic computation time to generate a random number with a better random characteristic, and the complexity of the cryptographic computation logic due to such random value masking There is a problem that it increases.
Therefore, the present invention generates a new random number by using a pseudo random number generation logic based on the LFSR based on the random number for masking, thereby reducing the random number generating time and the arithmetic time using the conventional random number generator, Channel analysis anti-masking method and apparatus capable of efficiently performing a random number generation and a cryptographic operation while preventing a high-order sub-channel analysis.
The present invention is a subchannel analysis prevention masking method using pseudo random generation logic. The method includes generating a first random number of a predetermined bit using a random generator, generating a remaining random number through a pseudo random generator, Generating a second random number of predetermined bits using the random generator and generating a remaining random number through the pseudo random generator to generate a second group random number; , Masking the input data using the first group random number, performing encryption using the second group random number for the masked data, and after encrypting the second random number, And performing unmasking of the second group random number using the second group random number.
The present invention relates to a subchannel analysis prevention masking method, and more particularly, to a method and apparatus for generating a new random number using a LFSR-based pseudo-random number generating logic, in particular a random number for masking, thereby reducing a random number generating time or a calculating time using a conventional random number generator There is an advantage.
In addition, it is possible to perform the remaining necessary operations using one random number, thereby reducing the memory for random number storage and reducing the complex logic required for masking operation, thereby efficiently performing random number generation and cryptographic operation While preventing the analysis of higher order subchannels.
1 is a conceptual diagram of a cryptographic operation for preventing subchannel analysis,
2 is a block diagram of a masking apparatus using a random number in a cryptographic algorithm using a conventional S-box,
FIGS. 3A and 3B are conceptual diagrams of a random number generator capable of reducing a random number generation time according to an embodiment of the present invention;
FIG. 4 is a block diagram of a subchannel analysis prevention mask apparatus using pseudo random number generation logic according to an embodiment of the present invention. FIG.
Hereinafter, the operation principle of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions of the present invention, and may be changed according to the intentions or customs of the user, the operator, and the like. Therefore, the definition should be based on the contents throughout this specification.
FIG. 2 is a schematic block diagram of a masking device using a random number in a cryptographic operation algorithm using an S-box as in the conventional AES or ARIA. In order to perform a round operation of a normal cryptographic operation, We need a random number.
First, the random number of the first group of RND0 to RND15 and the random number of the second group of RND0 'to RND15' shown in FIG. 2 are random numbers for the masking operation. The random number RND (random) is a value for masking the initial data (data0, data15) and the keys (key0 and key15) of the round operation. When the data and the key are XORed by the
In the
Subsequently, the S-box operation value masked with the second group random number RND 'such as RND0', ... RND15 ', and the like is performed through the
At this time, in order to unmask the masking value of the RND 'that performs the operation in the post-S-
However, in the conventional masking apparatus, it is necessary that the random numbers RND0, RND1 ... RND15, RND0 ', RND1' ... RND15 'are all different from each other in order to prevent the higher order subchannel analysis, And the above operation is performed. However, it is not easy to generate a random number of data length in order to satisfy the above condition, and it takes a lot of calculation time. In addition, the same ShiftRow / MixColumn / Diffusion operation is required for unmasking the RND value.
Therefore, it is necessary to implement a masking device capable of efficiently performing a random number generation and cryptographic operation while preventing a high order subchannel analysis.
FIGS. 3A and 3B illustrate examples of a random number generator proposed to reduce a random number generation time according to an embodiment of the present invention.
3A, in the present invention, a
Referring to FIG. 3B, RND0 'value is generated through the
In this case, since the values of RND1 'to RND15' are values generated by calculation from RND0 ', operations can be performed with simpler logic without having to perform operations such as ShiftRow / MixColumn / Diffusion with RND'. In other words, in unmasking RND ', all values of RND0' to RND15 'are not required and similar operations such as ShiftRow / MixColumn / Diffusion are performed through the
FIG. 4 is a block diagram of a subchannel analysis anti-masking apparatus for efficiently performing a random number generation and cryptographic operation according to an embodiment of the present invention and preventing a high-order subchannel analysis.
The subchannel analysis prevention masking apparatus of the present invention shown in FIG. 4 is applied to the concept of the
Accordingly, the memory for storing the random number can be reduced, and the area of the masking device can be reduced, so that the complex logic of the masking device can be relatively simplified.
As described above, according to the present invention, in the subchannel analysis prevention masking method, in particular, a random number for masking is generated by a pseudo random number generation logic based on LFSR, and a random number generation time using a conventional random number generator The computation time can be reduced. In addition, it is possible to perform the remaining necessary operations using one random number, thereby reducing the memory for random number storage and reducing the complex logic required for masking operation, thereby efficiently performing random number generation and cryptographic operation While avoiding high order subchannel analysis.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should not be limited by the described embodiments but should be defined by the appended claims.
300: random number generator 302: pseudo random number generator
400, 450:
404: Similar operation section 454:
Claims (1)
Generating a second random number of predetermined bits using the random generator and generating a remaining random number through the pseudo random generator to generate a second group random number;
Masking the input data using the first group random number;
Performing encryption using the second group random number for the masked data,
Performing unmasking of the second group random number using the second random number after the encrypting step
Wherein the subchannel analysis masking method comprises:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120137167A KR20140072283A (en) | 2012-11-29 | 2012-11-29 | Method and apparatus of a masking countermeasure against side channel analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120137167A KR20140072283A (en) | 2012-11-29 | 2012-11-29 | Method and apparatus of a masking countermeasure against side channel analysis |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20140072283A true KR20140072283A (en) | 2014-06-13 |
Family
ID=51126153
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020120137167A KR20140072283A (en) | 2012-11-29 | 2012-11-29 | Method and apparatus of a masking countermeasure against side channel analysis |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20140072283A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20170025523A (en) | 2015-08-28 | 2017-03-08 | 고려대학교 산학협력단 | Method of encrypting with lea applying mask and shuffling scheme |
KR101981621B1 (en) | 2017-12-11 | 2019-08-28 | 국민대학교산학협력단 | System and Method for Key bit Parameter Randomizating of public key cryptography |
-
2012
- 2012-11-29 KR KR1020120137167A patent/KR20140072283A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20170025523A (en) | 2015-08-28 | 2017-03-08 | 고려대학교 산학협력단 | Method of encrypting with lea applying mask and shuffling scheme |
KR101981621B1 (en) | 2017-12-11 | 2019-08-28 | 국민대학교산학협력단 | System and Method for Key bit Parameter Randomizating of public key cryptography |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3154217B1 (en) | Scrambled tweak mode of block ciphers for differential power analysis resistant encryption | |
CN105940439B (en) | Countermeasure to side-channel attacks on cryptographic algorithms using permutation responses | |
CN101006677B (en) | Method and device for carrying out a cryptographic calculation | |
US10142103B2 (en) | Hardware assisted fast pseudorandom number generation | |
US9515820B2 (en) | Protection against side channels | |
US9455833B2 (en) | Behavioral fingerprint in a white-box implementation | |
KR102397579B1 (en) | Method and apparatus for white-box cryptography for protecting against side channel analysis | |
EP3363142B1 (en) | A cryptographic device and an encoding device | |
US8619985B2 (en) | Table splitting for cryptographic processes | |
JP2013511057A (en) | Low complexity electronics protected by customized masking | |
EP3477889B1 (en) | Using white-box in a leakage-resilient primitive | |
Aldaya et al. | AES T-Box tampering attack | |
US9729310B2 (en) | Scrambled counter mode for differential power analysis resistant encryption | |
EP3891925B1 (en) | A computation device using shared shares | |
US8958556B2 (en) | Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component | |
CN109804596B (en) | Programmable block cipher with masked input | |
KR20140072283A (en) | Method and apparatus of a masking countermeasure against side channel analysis | |
JP6194136B2 (en) | Pseudorandom number generation device and pseudorandom number generation program | |
EP2940917B1 (en) | Behavioral fingerprint in a white-box implementation | |
JP6397921B2 (en) | Operator lifting in cryptographic algorithms | |
JP2007334016A (en) | Data enciphering device and method | |
CN106161000A (en) | The method and system that data file is encrypted and decrypted | |
KR102404223B1 (en) | Apparatus and method for encryption generating using key dependent layer, computer-readable storage medium and computer program | |
Shi et al. | On security of a white-box implementation of SHARK | |
Serpa et al. | A Secure White Box Implementation of AES Against First Order DCA |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |