KR20170025523A - Method of encrypting with lea applying mask and shuffling scheme - Google Patents

Method of encrypting with lea applying mask and shuffling scheme Download PDF

Info

Publication number
KR20170025523A
KR20170025523A KR1020150122061A KR20150122061A KR20170025523A KR 20170025523 A KR20170025523 A KR 20170025523A KR 1020150122061 A KR1020150122061 A KR 1020150122061A KR 20150122061 A KR20150122061 A KR 20150122061A KR 20170025523 A KR20170025523 A KR 20170025523A
Authority
KR
South Korea
Prior art keywords
masking
round
lea
arithmetic
shuffling
Prior art date
Application number
KR1020150122061A
Other languages
Korean (ko)
Inventor
홍석희
김한빛
김희석
Original Assignee
고려대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 고려대학교 산학협력단 filed Critical 고려대학교 산학협력단
Priority to KR1020150122061A priority Critical patent/KR20170025523A/en
Publication of KR20170025523A publication Critical patent/KR20170025523A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to an encryption method using LEA to which masking and shuffling schemes are applied, comprising the following steps of: generating four random numbers with respect to a round function of an LEA encryption algorithm, and performing Boolean masking by applying each of the random numbers to four round state values; performing an exclusive OR operation (XOR) on a round key to which the Boolean masking is applied by using the four random numbers and on the round state values to which the Boolean masking is applied, and converting an XOR result value from the Boolean masking to arithmetic masking; performing an add operation between adjacent two XOR result values among six XOR result values converted to the arithmetic masking, and converting the add operation result value from the arithmetic masking to the Boolean masking; and correcting the add operation result value converted to the Boolean masking by using a re-masking function, which is a masking value of a next round, and shifting the corrected add operation result value to store the same in a next round state value.

Description

METHOD OF ENCRYPTING WITH LEA APPLICATION MASK AND SHUFFLING SCHEME FIELD OF THE INVENTION [0001]

The present invention relates to an encryption method using an LEA with masking and shuffling, and more particularly, to a method for encrypting a round function and a key schedule function of an LEA algorithm by applying a masking technique and a shuffling technique.

Recently, the development of the Internet of Things (IoT) has increased the need for lightweight and fast encryption algorithms. The LEA (Lightweight Encryption Algorithm) developed by the National Institute of Security Research in 2012 is a high-speed encryption algorithm suitable for the Internet of Things. 128-bit-based block cipher LEA supports 128, 192, and 256-bit key lengths and has high-speed, lightweight, and low-power implementations for 32-bit platforms.

In addition, the LEA algorithm eliminates the S-Box structure used in encryption algorithms such as AES (Advanced Encryption Standard), DES (Data Encryption Standard), ARIA (Academy, Research Institute, Agency) (Addition, Rotation, XOR) structure. It is possible to operate at a higher speed than the conventional encryption algorithm using S-Box.

In terms of safety, it is safe against the latest algebraic attack methods such as Differential Cryptanalysis (DC) and Linear Cryptalaysis (LC).

However, even if safety is verified mathematically, leakage of information that the designer can not consider at the implementation stage may occur.

The Side Channel Attack, first proposed by Kocher in 1999, is an attack technique that can detect the value of a secret key through leakage of this information. Since the introduction of various subchannel attacks, cryptographic designers must design cryptographic algorithms securely against subchannel attacks as well as mathematical safety.

Korean Patent Publication No. 10-2014-0072283 (June 13, 2014)

SUMMARY OF THE INVENTION It is an object of the present invention to provide an encryption method using an LEA to which masking is applied by introducing masking into an LEA algorithm to ensure subchannel security of the encryption system.

Another object of the present invention is to provide a LEA key scheduling masking method that is safe for key scheduling attacks and a shuffling technique for LEA round operations.

According to an aspect of the present invention, there is provided a method for generating a random function of a LEA encryption algorithm, the method comprising: generating four random numbers in a round function of the LEA encryption algorithm; performing unmasking by applying the random numbers to four round state values; (XOR) a round key to which a non-masking is applied and a round state value to which the non-masking is applied, and converting the result of the exclusive operation from arithmetic masking to arithmetic masking; Performing an addition operation between two adjacent exclusive operation result values among the operation result values and converting the addition operation result value from the arithmetic masking to the non-masking, and adding the masking value of the next round to the addition operation result value converted into the non- And the result of the corrected addition operation is shifted, It is configured to include the step of storing the de-state value.

The encryption method using the LEA to which masking and shuffling are applied according to the present invention is characterized in that the random number is shifted by shifting only the position where the random number value of the initially generated four random numbers is applied and the random number is initialized And the four random numbers are the same.

In the encrypting method using LEA to which masking and shuffling are applied according to the present invention, the round function using the LEA includes a step of applying shuffling to two start rounds and two final rounds.

In the encrypting method using the LEA using masking and shuffling according to the present invention, the step of applying the shuffling may include adding the shuffling to the addition operation performed in the addition round No. 6 and the round round 2, And the sixth operation is rearranged in a random order, and the random order is rearranged in the order of the addition operation using a randomly selected order in the number of stored 61 cases.

The present invention also provides a method of generating a key schedule function for an LEA encryption algorithm, the method comprising: generating a random number in a key schedule function of an LEA encryption algorithm; applying arithmetic masking to an internal state variable using the random number; And a step of converting the result of the addition operation into a non-masking value and using the resultant value as a round key.

In the encrypting method using the LEA employing the masking and shuffling according to the present invention, the result converted into the non-masking is converted into the arithmetic masking for updating with the internal state variable after using the round key.

According to the encryption method using the LEA to which the masking and shuffling is applied, the encryption method using the LEA with masking is introduced by introducing masking into the LEA algorithm to ensure the subchannel safety of the encryption system .

Also, it is possible to provide LEA key scheduling masking method that is safe for key scheduling attack and shuffling method for LEA round operation.

1 is a diagram showing the LEA round function.
2 is a diagram showing an LEA-128 encryption key schedule function.
3 is a diagram showing the B2A algorithm.
4 is a diagram showing the A2B algorithm.
FIG. 5 is a flowchart illustrating a method of applying a masking and shuffling scheme to a round function of an LEA according to a preferred embodiment of the present invention.
6 is a diagram showing a method of encrypting the round function of the present invention using masking.
7 is a diagram showing a method of decoding the round function of the present invention by using masking.
8 is a diagram showing a first-order masking addition / subtraction algorithm to the round function of the present invention.
9 is a diagram showing a method of encrypting a round function of the present invention by applying shuffling.
10 is a diagram showing the number of 61 stored cases among the random order of the shuffling applied to the round function of the present invention.
11 is a flowchart illustrating a method of applying a masking scheme to a key schedule function of an LEA according to an embodiment of the present invention.
12 is a diagram showing a method of encrypting a key schedule function of the present invention using masking.

BRIEF DESCRIPTION OF THE DRAWINGS The present invention may be embodied in many different forms and with various embodiments, and particular implementations thereof are shown by way of example in the drawings and will herein be described in detail. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

Before describing the present invention, the encryption algorithms will be described. First, the Lightweight Encryption Algorithm (LEA) is a block cipher algorithm that encrypts 128-bit data blocks. The LEA round function consists of only 32-bit ARX operations as shown in FIG. 1, and operates at a high speed on a 32-bit software platform supporting these operations.

Here, the detailed symbols X i [0 ~ 3] of the round function means the state value of the i-th round, RK [0-5] is the round key and ROR i is the bit cyclic place shift , ROL i means the bit cyclic shift of the left by i times. In addition, the ARX operation arrangement inside the round function ensures sufficient stability, and at the same time, it is possible to realize a light weight by excluding the use of the S-box.

The encryption key schedule function of the LEA is shown in FIG. Referring to FIG. 2, the LEA round function requires a 192-bit encryption round key. The key schedule function updates four 32-bit internal state variables T, Key. The constants δ used in the schedule function are shown in Table 1.

δ [0] = 0xC3EFE9DB 隆 [1] = 0x44626B02 隆 [2] = 0x79E27C8A 隆 [3] = 0x78DF30EC 隆 [4] = 0x715EA49E [delta] [5] = 0xC785DA0A δ [6] = 0xE04EF22A [delta] [7] = 0xE5C40957

Next, the masking method will be described as an effective countermeasure against differential power analysis (DPA), which is one of sub-channel attacks.

The masking technique can be broadly divided into Boolean masking and Arithmetic masking. In the case of non-masking, intermediate values are hidden in the form of exclusive OR (XOR). In the case of arithmetic masking, intermediate values such as addition, subtraction, multiplication, .

This masking technique can be applied to the LEA algorithm. Specifically, the LEA algorithm is composed of an arithmetic operation which is a Boolean operation and an addition operator, which is a circular motion and an XOR operator, and a conversion algorithm is required between the two operations when the masking technique is applied to the Boolean operation and the arithmetic operation.

 The above conversion algorithm includes a B2A algorithm for converting from non-masking to arithmetic masking and an A2B algorithm for converting from arithmetic masking to non-masking.

First, the B2A algorithm for converting from fire masking to arithmetic masking can be converted into arithmetic masking only by performing an additional operation that implements non-masking on an arbitrary bit size as shown in FIG.

Next, the A2B algorithm for converting the arithmetic masking to the non-masking is based on a ripple-carry adder as shown in FIG. 4, and this operation is generated in the lower bit for the A2B conversion of the upper bit You need to raise it.

The encryption algorithm has been described above in the present invention. Hereinafter, the present invention will be described with reference to the drawings.

FIG. 5 is a flowchart illustrating a method of applying a masking and shuffling scheme to a round function of an LEA according to a preferred embodiment of the present invention. Referring to FIG. 5, first, four random numbers are generated in the round function of the LEA, and four random numbers are applied to four round state values using the generated random number to perform masking (S10). Here, the four random numbers m [i to i + 3] perform a non-masking operation with the round state value X i [0 to 3], which is an input value, with a 32-bit random number and an exclusive operation.

Next, the round key to which the non-masking is applied and the round state value to which the non-masking is applied are subjected to exclusive operation (XOR) using the four random numbers, and the result of the exclusive operation is converted from arithmetic masking to arithmetic masking (S20). Here, the round key to which the fire masking is applied is composed of a total of six, and the method of converting from the non-masking to the arithmetic masking uses the B2A algorithm described in FIG.

Next, an addition operation is performed between the two exclusive operation result values out of the six exclusive operation result values converted into the arithmetic masking, and the result of the addition operation is converted from arithmetic masking to non-masking (S30). Here, the six exclusive operation results converted into the arithmetic masking are added up by two adjacent ones. Therefore, there are three addition result values output through the addition operation.

Next, the result of the addition operation converted to the non-masking is corrected using a ReMask function, which is a masking value of the next round, and the corrected result of the addition operation is shifted and stored in the next round state value (S40). Here, the re-mask function is a random number value of the next round. When one round is progressed, the masking value of four random numbers is shifted by one space. Therefore, after the addition operation, the value which is changed through the non-masking conversion is converted into the random number value again.

In this case, if the random number value is continuously used, it is difficult to operate normally in the system to which the algorithm is applied, and it is difficult for the user to grasp it and release the masking after the end of the round. Therefore, the four random numbers generated during the whole round are shifted only after the first generation, and there is no change in the value.

The above-described steps can be specifically confirmed with reference to FIG. FIG. 6 is a diagram showing a method of encrypting the round function of the present invention by using masking, wherein input values, calculation values, shift positions, and the like of each step can be confirmed by specific expressions.

 Referring to FIG. 6, it can be seen that the rounding function is performed by using four random numbers for four round state values. Also, it can be confirmed that the six round keys are also masked using random numbers.

Here, the part denoted by MA is a process of converting two inputs of the non-masking state into arithmetic masking, adding two inputs converted to arithmetic masking, and then converting them into non-masking. This can be converted into an algorithm as shown in FIG.

That is, the algorithm described in FIG. 8 is converted by using the B2A conversion algorithm described in FIG. 3, and then the addition operation is performed, and then the conversion is performed using the A2B conversion algorithm described in FIG.

Thereafter, the masking value of the deformed unmasked state is corrected to the masking value of the next round by using the remask function, and this method will be described as an example.

Using X i [2] and X i [3] in Fig. 6, the input of the MA algorithm is Xi [3]

Figure pat00001
m [i + 3]. This is because the result (X i [2] + X i [3]) calculated in Fig.
Figure pat00002
(m [i + 2] + m [i + 3]). If this intermediate value passes the ROR 3 function, ROR 3 (X i [2] + X i [3])
Figure pat00003
ROR 3 (m [i + 2] + m [i + 3]). now
Figure pat00004
ROR 3 (m [i + 2] + m [i + 3])
Figure pat00005
m [i + 3]. Note that the secret value (X i [2] + X i [3]) is not exposed in the intermediate operation
Figure pat00006
m [i + 3]
Figure pat00007
ROR 3 (m [i + 2] + m [i + 3]).

As described above, a method of encrypting the round function by applying masking has been described with reference to FIG. Here, the encrypted round function is decoded as shown in FIG.

7 is a diagram showing a method of decoding the round function of the present invention by using masking. FIG. 7 is a flowchart illustrating a method of applying a reparming function to a round state value to which a non-masking is applied in the reverse order of the method described with reference to FIG. 6, converting a non-masking into an arithmetic masking as a subtraction operation instead of an addition operation, Again, convert the arithmetic masking to fire masking. Hereinafter, the round key and exclusive operation are performed as shown in FIG. 6, and a detailed description thereof will be omitted.

Thus, a method of encrypting a round function using a masking technique has been described. Now let's go back to Figure 5 and show how to use shuffling in the round function.

In the round function after step S40, shuffling is applied to two start rounds in the first and second rounds, a last round before the last round, and two rounds in the final round (S50). Here, a method of applying the shuffling technique will be described with reference to FIG.

9 is a diagram showing a method of encrypting a round function of the present invention by applying shuffling. Referring to FIG. 9, six addition operations are performed in two rounds to be connected. In the case of an operation without shuffling, arithmetic operations are performed in order of 1, 2, 3, 4, 5, 6 or 3, 2, 1, 6, 5, If such a sequence of operations is rearranged in a random order, the subchannel attacker can not correctly follow the point matching process necessary for the attack, and as a result, the subchannel attack is likely to fail. However, due to the characteristics of the LEA algorithm, a complete random operation may not operate the algorithm.

For example, if operations 1 and 2 are not performed, operation 4 can not be computed. Therefore, in the present invention, the number of cases of rearrangement is stored as 61 as shown in FIG. Through this, the designer can apply shuffling by selecting one of the stored 61 sequences at random and proceeding with the calculation according to the calculation order stored in the array.

Thus, shuffling encrypts the round operation by applying two connected rounds, two start rounds and two last rounds.

In the above, a method of encrypting the round function of the LEA using the masking and shuffling techniques has been described. Next, a method of encrypting the key schedule function of the LEA using the masking technique will be described with reference to FIGS. 11 to 12. FIG.

FIG. 11 is a flowchart illustrating a method of applying a masking scheme to a key schedule function of an LEA according to an embodiment of the present invention. FIG. 12 is a diagram illustrating a method of encrypting a key schedule function of the present invention using masking. to be. 11, a random number is generated in the key schedule function of the LEA, and arithmetic masking is applied to the internal state variable using the generated random number (S110). In the case of the 128-bit LEA key scheduling function, the round key is generated by updating four 32-bit internal state variables T [k] (k = {0,1,2,3} .

Next, the key scheduling constant to which the arithmetic masking is applied is summed with the internal state variable (S120). Here, the initial internal state variable is arithmetic masking applied to -M k .

Next, the result of the addition operation is converted into a non-masking value, and the converted result value is used as a round key (S130). Here, the internal state variable of the arithmetic masking state and the key scheduling constant are added, and then the result is transformed into the non-masking state, which is converted to use the round key as the non-masking state.

Finally, after using the round key, it is converted into arithmetic masking to update the internal state variable (S140). In this case, it is converted into arithmetic masking by converting it into a non-masking for use as a round key and then updating it to an internal state variable.

As described above, a method of encrypting internal state variables and performing addition operations has been described. A more specific method will be described with reference to FIG.

12 is a diagram showing a method of encrypting a key schedule function of the present invention using masking. First, in the case of key scheduling, Differential Power Attacks (DPA) are not considered because only the power consumption of the fixed secret key is measured. Therefore, we focus on hiding the Hamming weight of the secret key.

Referring to FIG. 12, the internal state variable T [k] is an arithmetic masking state masked with -M k , and is converted into a non-masking state after the addition operation. At this time, the key scheduling constant δ is masked in the form of - (ROR j (M k ) -M k ) after the rotation operation in order to maintain the shape of the masking.

Then, the internal state variable of the non-masking state is used as a round key, and the internal state variable is converted into arithmetic masking to update the internal state variable. For the other three internal state variables, the masked round key can be obtained in the same way. The four round keys thus obtained can be used in a method of encryption using the masking and shuffling techniques in the round function of the LEA.

The embodiments of the present invention described in the present specification and the configurations shown in the drawings relate to the most preferred embodiments of the present invention and are not intended to encompass all of the technical ideas of the present invention so that various equivalents It should be understood that water and variations may be present. Therefore, it is to be understood that the present invention is not limited to the above-described embodiments, and that various modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims. , Such changes shall be within the scope of the claims set forth in the claims.

S10: Random number generation and round state value non-masking step
S20: Round key and round state value exclusive operation and result value arithmetic masking step
S30: Addition operation and result value non-masking step
S40: Correction using the remask function and storage of the corrected result value
S50: Apply shuffling to two start rounds and two final rounds
S110: Random number generation and internal state variable arithmetic masking step
S120: key scheduling constant and internal state variable addition operation step
S130: Use as round key by unmasking result of summing operation
S140: Internal state variable arithmetic masking step

Claims (6)

In the round function of the LEA encryption algorithm,
Generating four random numbers and performing the unmasking by applying the respective random numbers to the four round state values;
(XOR) a round key to which a non-masking is applied using the four random numbers and a round state value to which the non-masking is applied, and converting the result of the exclusive operation from non-masking to arithmetic masking;
Performing an addition operation between two adjacent exclusive operation result values among the six exclusive operation result values converted into the arithmetic masking and converting the addition operation result value from arithmetic masking to non-masking; And
Correcting the addition resultant value converted to the non-masking by using a masking value of a masking value of the next round, and shifting the result of the corrected addition operation to save in a next round state value; Encryption method using LEA with ring applied. The method according to claim 1,
The random number,
Wherein the initial generated four random numbers are shifted only by a position to which the random number is applied, and the random number is the same as the initial random number generated until the end of the round. The encryption using the LEA with masking and shuffling Way. The method according to claim 1,
The round function using the LEA includes:
And applying shuffling to two start rounds and two last rounds, wherein the shuffling is applied to the start round and the last round. The method of claim 3,
Wherein applying the shuffling comprises:
The add operation 6 performed in two start rounds and the add operation 6 performed in two last rounds are rearranged in a random order,
Wherein the random order is rearranged in order of the addition operation using a randomly selected order in the number of 61 stored cases. In the key schedule function of the LEA encryption algorithm,
Generating a random number and applying arithmetic masking to the internal state variable using the random number;
Adding the internal state variable to which arithmetic masking is applied and the key scheduling constant to which arithmetic masking is applied; And
And converting the result of the addition operation into a non-masking and using the converted result as a round key, wherein the masking and shuffling are applied. 6. The method of claim 5,
The resultant value converted into the non-
Wherein the encryption key is converted into an arithmetic masking for updating to the internal state variable after use of the round key, and the masking and shuffling is applied.
KR1020150122061A 2015-08-28 2015-08-28 Method of encrypting with lea applying mask and shuffling scheme KR20170025523A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150122061A KR20170025523A (en) 2015-08-28 2015-08-28 Method of encrypting with lea applying mask and shuffling scheme

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150122061A KR20170025523A (en) 2015-08-28 2015-08-28 Method of encrypting with lea applying mask and shuffling scheme

Publications (1)

Publication Number Publication Date
KR20170025523A true KR20170025523A (en) 2017-03-08

Family

ID=58403770

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150122061A KR20170025523A (en) 2015-08-28 2015-08-28 Method of encrypting with lea applying mask and shuffling scheme

Country Status (1)

Country Link
KR (1) KR20170025523A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20200067414A (en) * 2018-12-04 2020-06-12 고려대학교 산학협력단 Method of switching arithmetic to boolean masking, computer readable medium for performing the method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140072283A (en) 2012-11-29 2014-06-13 한국전자통신연구원 Method and apparatus of a masking countermeasure against side channel analysis

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140072283A (en) 2012-11-29 2014-06-13 한국전자통신연구원 Method and apparatus of a masking countermeasure against side channel analysis

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20200067414A (en) * 2018-12-04 2020-06-12 고려대학교 산학협력단 Method of switching arithmetic to boolean masking, computer readable medium for performing the method

Similar Documents

Publication Publication Date Title
CN1989726B (en) Method and device for executing cryptographic calculation
US9143325B2 (en) Masking with shared random bits
CN108964872B (en) Encryption method and device based on AES
US20170104586A1 (en) Scrambled tweak mode of blockciphers for differential power analysis resistant encryption
US20110138182A1 (en) Method for Generating a Cipher-based Message Authentication Code
US20150244518A1 (en) Variable-length block cipher apparatus and method capable of format preserving encryption
US20130236005A1 (en) Cryptographic processing apparatus
KR101586811B1 (en) Apparatus and method for protecting side channel attacks on hight
US11153068B2 (en) Encryption device, encryption method, decryption device and decryption method
CN111555862B (en) White-box AES implementation method of random redundant round function based on mask protection
CN104639502B (en) A kind of mask method and device of the anti-Attacks of SM4 algorithms
KR101623503B1 (en) Apparatus and method for white-box cryptography implementation of LEA block cipher
Kumar et al. Lightweight data security model for IoT applications: a dynamic key approach
CN104184579A (en) Lightweight block cipher VH algorithm based on dual pseudo-random transformation
CN111314050B (en) Encryption and decryption method and device
JP5612007B2 (en) Encryption key generator
KR20190020988A (en) Computer-executable lightweight white-box cryptographic method and apparatus thereof
Yan et al. DBST: a lightweight block cipher based on dynamic S-box
Andreeva et al. AES-COPA v.
Patranabis et al. Using Tweaks To Design Fault Resistant Ciphers (Full Version)
KR20170025523A (en) Method of encrypting with lea applying mask and shuffling scheme
CN109936437B (en) power consumption attack resisting method based on d +1 order mask
CN107231229B (en) Low-entropy mask leakage protection method for protecting SM4 password chip and implementation system thereof
Sharma et al. On security of Hill cipher using finite fields
CN111314051B (en) Encryption and decryption method and device

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application