TWI608381B - Encryption/decryption apparatus and power analysis protecting method thereof - Google Patents

Encryption/decryption apparatus and power analysis protecting method thereof Download PDF

Info

Publication number
TWI608381B
TWI608381B TW105112064A TW105112064A TWI608381B TW I608381 B TWI608381 B TW I608381B TW 105112064 A TW105112064 A TW 105112064A TW 105112064 A TW105112064 A TW 105112064A TW I608381 B TWI608381 B TW I608381B
Authority
TW
Taiwan
Prior art keywords
power
encryption
data
decryption
random number
Prior art date
Application number
TW105112064A
Other languages
Chinese (zh)
Other versions
TW201738803A (en
Inventor
游鈞元
鍾思齊
李嵩聲
張錫嘉
李鎮宜
Original Assignee
華邦電子股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 華邦電子股份有限公司 filed Critical 華邦電子股份有限公司
Priority to TW105112064A priority Critical patent/TWI608381B/en
Publication of TW201738803A publication Critical patent/TW201738803A/en
Application granted granted Critical
Publication of TWI608381B publication Critical patent/TWI608381B/en

Links

Description

加解密裝置及其功率分析防禦方法Encryption and decryption device and power analysis and defense method thereof

本發明是有關於一種加解密技術,且特別是有關於一種可防禦功率分析攻擊(power analysis attack)的加解密裝置及其功率分析防禦方法。The present invention relates to an encryption and decryption technique, and more particularly to an encryption and decryption apparatus capable of defending against a power analysis attack and a power analysis and defense method thereof.

加解密技術常用來確認訊息傳輸的安全性(security)。在一般的加密技術中,首先在一傳送端會對一個訊息(即明文(plain text))加密(encrypted),並且在一接收端會對一個訊息(即密文(cipher text))解密(decrypted)或解碼(decoded)。像這樣的訊息加密或解密即為眾所周知的加解密技術。Encryption and decryption techniques are commonly used to confirm the security of message transmission. In a general encryption technique, a message (ie, plain text) is first encrypted on a transmitting end, and a message (ie, cipher text) is decrypted at a receiving end (decrypted). ) or decoded (decoded). Encryption or decryption of messages like this is a well-known encryption and decryption technique.

加解密演算法被廣泛地應用在無線通訊系統如無線區域網路、近場通訊以及資料儲存系統與銀行系統裡,但也存在惡意對其進行破解的手段。旁通道攻擊(side-channel attack)指的是藉由對系統的物理學分析和實現方式分析,來嘗試破解加解密系統的行為。舉例來說,加解密系統中的電力消耗、電磁波、時間差等信息都有可能提供對破解系統有幫助的信息。The encryption and decryption algorithm is widely used in wireless communication systems such as wireless local area networks, near field communication, data storage systems and banking systems, but there are also malicious means to crack them. Side-channel attack refers to the behavior of cracking the encryption and decryption system by analyzing the physical analysis and implementation of the system. For example, information such as power consumption, electromagnetic waves, time difference, etc. in the encryption and decryption system may provide information that is helpful for cracking the system.

其中差動功率分析攻擊法就是利用硬體在加、解密時,通道上所洩露的功率訊息來推導出密鑰(secret key)。差動功率分析攻擊可藉由例如測量密碼編譯器件之電力消耗(功率訊號),或是例如從外部汲取電力的智慧卡,其中智慧卡之電流消耗可取決於正在執行之運算決定的閘極切換。駭客可監視智慧卡之電力消耗,並且在操控其時可利用統計資訊推斷關於敏感資料之資訊。因此,如何能有效地防禦功率分析攻擊,實為此技術領域者所關注的重點之一。The differential power analysis attack method is to use the power information leaked on the channel during hardware addition and decryption to derive a secret key. The differential power analysis attack can compile the power consumption (power signal) of the device by, for example, measuring a password, or a smart card, for example, drawing power from the outside, wherein the current consumption of the smart card can depend on the gate switching determined by the operation being performed. . The hacker can monitor the power consumption of the smart card and use statistical information to infer information about sensitive data while manipulating it. Therefore, how to effectively defend against power analysis attacks is one of the focuses of the technical field.

本發明提供一種加解密裝置及其功率分析防禦方法,可有效防禦功率分析攻擊,並且不會影響加解密運算的速度與效能。The invention provides an encryption and decryption device and a power analysis and defense method thereof, which can effectively defend against power analysis attacks without affecting the speed and performance of the encryption and decryption operation.

本發明的加解密裝置適用於對數位資料進行加解密運算,包括資料加解密單元、亂數產生器以及功率分析防禦電路。資料加解密單元接收數位資料,且對數位資料進行加解密運算。亂數產生器用以產生亂數資料,亂數資料具備N位元,N為正整數。功率分析防禦電路在接收到亂數資料時依據亂數資料中的各位元資料而產生M種不同大小的功率訊號,M為2的N次方。The encryption and decryption device of the present invention is suitable for performing encryption and decryption operations on digital data, including a data encryption and decryption unit, a random number generator, and a power analysis and defense circuit. The data encryption and decryption unit receives the digital data, and performs encryption and decryption operations on the digital data. The random number generator is used to generate random data, the random data has N bits, and N is a positive integer. The power analysis and defense circuit generates M different power signals according to the metadata in the random data when the random data is received, and M is the Nth power of 2.

在本發明的一實施例中,當上述的資料加解密單元未進行加解密運算時加解密裝置控制亂數產生器禁能,以使功率分析防禦電路停止運作。In an embodiment of the invention, when the data encryption/decryption unit does not perform the encryption and decryption operation, the encryption and decryption device controls the random number generator to disable, so that the power analysis defense circuit stops operating.

本發明的功率分析防禦方法,適用於加解密裝置。方法包括:產生亂數資料,亂數資料具備N位元,N為正整數;以及根據亂數資料啟動功率分析防禦電路,使功率分析防禦電路在接收到亂數資料時依據亂數資料中的各位元資料而產生M種不同大小的功率訊號,M為2的N次方。The power analysis and defense method of the present invention is applicable to an encryption and decryption device. The method comprises: generating random data, the random data has N bits, N is a positive integer; and starting the power analysis and defense circuit according to the random data, so that the power analysis and defense circuit is based on the random data when receiving the random data. M different kinds of power signals are generated for each meta-data, and M is 2 N powers.

基於上述,本發明的加解密裝置,可利用亂數資料的變動而針對每個時脈週期動態改變在加解密運算過程中所產生的電力消耗(功率訊號),藉此使攻擊者難以依據電力消耗來推導出敏感資料之資訊(例如密鑰等)。再者,將功率分析防禦電路獨立於資料加解密單元進行配置可避免影響加解密運算的速度與效能,並且可依加解密運算的執行與否而適當地停止功率分析防禦電路的運作,降低不必要的電力消耗。Based on the above, the encryption/decryption apparatus of the present invention can dynamically change the power consumption (power signal) generated during the encryption/decryption operation for each clock cycle by using the fluctuation of the random number data, thereby making it difficult for the attacker to rely on the power. Consumption to derive information about sensitive data (such as keys, etc.). Furthermore, the power analysis and defense circuit is configured independently of the data encryption and decryption unit to avoid affecting the speed and performance of the encryption and decryption operation, and can appropriately stop the operation of the power analysis and defense circuit according to the execution of the encryption/decryption operation, and reduce the operation. Necessary power consumption.

為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。The above described features and advantages of the invention will be apparent from the following description.

首先請參照圖1,圖1繪示本發明一實施例的加解密裝置的示意圖。在本實施例中,加解密裝置100可例如為密碼晶片,包括資料加解密單元110、亂數產生器120以及功率分析防禦電路130。當將數位資料D1輸入至加解密裝置100時,資料加解密單元110可接收數位資料D1,且對數位資料D1進行加解密運算。此處的加解密運算例如是符合資料加密標準(data encryption standard,DES)、3-DES或先進加密標準(Advanced Encryption Standard,AES)等加密標準的運算。資料加解密單元110在加解密運算的過程中產生了功率訊號SP1。First, please refer to FIG. 1. FIG. 1 is a schematic diagram of an encryption and decryption apparatus according to an embodiment of the present invention. In this embodiment, the encryption and decryption device 100 can be, for example, a cryptographic chip, including a data encryption and decryption unit 110, a random number generator 120, and a power analysis defense circuit 130. When the digital data D1 is input to the encryption/decryption apparatus 100, the data encryption/decryption unit 110 can receive the digital data D1 and perform encryption and decryption operations on the digital data D1. The encryption and decryption operation here is, for example, an operation conforming to an encryption standard such as a data encryption standard (DES), a 3-DES, or an Advanced Encryption Standard (AES). The data encryption/decryption unit 110 generates a power signal SP1 in the process of the encryption and decryption operation.

舉例來說,圖2繪示本發明一實施例的資料加解密單元的示意圖。在圖2中,資料加解密單元110包括邏輯運算單元200以及儲存單元210。邏輯運算單元200可接收密鑰K1以及數位資料D1,並依據密鑰K1來對數位資料D1進行邏輯運算,並且可利用儲存於儲存單元210的數位資料置換表來對數位資料D1進行置換,以執行加解密運算。需說明的是,上述資料加解密單元的結構與動作僅為示範性的實施例,本發明並不以此為限。For example, FIG. 2 is a schematic diagram of a data encryption and decryption unit according to an embodiment of the present invention. In FIG. 2, the data encryption/decryption unit 110 includes a logical operation unit 200 and a storage unit 210. The logic operation unit 200 can receive the key K1 and the digital data D1, and perform logical operations on the digital data D1 according to the key K1, and can replace the digital data D1 by using the digital data replacement table stored in the storage unit 210. Perform encryption and decryption operations. It should be noted that the structure and operation of the above data encryption and decryption unit are merely exemplary embodiments, and the present invention is not limited thereto.

回到圖1,亂數產生器120可用以在每個時脈週期產生不同的亂數資料D2。亂數資料D2例如為真實亂數資料,且每筆亂數資料D2皆具備N位元(N為正整數)。功率分析防禦電路130耦接亂數產生器120,並可從亂數產生器120接收到亂數資料D2。功率分析防禦電路130在接收到亂數資料D2時可依據亂數資料D2中的各個位元資料而產生M種不同大小的功率訊號SP2(M等於 )。其中,N的大小視實際需求而論/決定,N越大針對功率分析攻擊的防禦可靠度就越高,但成本也越高。 Returning to Figure 1, the random number generator 120 can be used to generate different hash data D2 at each clock cycle. The random number data D2 is, for example, a real random number data, and each random number data D2 has N bits (N is a positive integer). The power analysis defense circuit 130 is coupled to the random number generator 120 and can receive the random number data D2 from the random number generator 120. The power analysis and defense circuit 130 can generate M different sizes of power signals SP2 according to the bit data in the random number data D2 when receiving the random number data D2 (M is equal to ). Among them, the size of N depends on the actual demand / decision, the greater the N, the higher the defense reliability for power analysis attacks, but the higher the cost.

當攻擊者對本實施例的加解密裝置100進行電力消耗的測量時,所測量得到的功率訊號SP3為功率訊號SP1與功率訊號SP2相加的總合,因此在每個時脈週期中功率訊號SP3亦有參雜 種不同的大小變化,藉此使攻擊者難以利用電力消耗來推導出敏感資料之資訊(例如密鑰等)。 When the attacker performs the power consumption measurement on the encryption/decryption device 100 of the embodiment, the measured power signal SP3 is the sum of the power signal SP1 and the power signal SP2, so the power signal SP3 in each clock cycle. Also mixed Different size changes, which makes it difficult for an attacker to use power consumption to derive information about sensitive data (such as keys, etc.).

舉例來說,圖3繪示本發明一實施例的功率分析防禦電路的示意圖。在圖3中,功率分析防禦電路130可包括N個功率訊號產生器300_1~300_N,各功率訊號產生器300_1~300_N分別接收亂數資料D2的各個位元資料D2_1~D2_N,並且可據以產生不同功率準位的功率訊號。以功率訊號產生器300_1為範例,當所接收到的位元資料D2_1為邏輯0時,功率訊號產生器300_1可停止運作,而不產生任何功率訊號。當所接收到的位元資料D2_1為邏輯1時,功率訊號產生器300_1則可產生特定大小(即單位功率UPx1)的功率訊號。For example, FIG. 3 is a schematic diagram of a power analysis and defense circuit according to an embodiment of the present invention. In FIG. 3, the power analysis and defense circuit 130 may include N power signal generators 300_1 300 300_N, and each power signal generator 300_1 300 300_N receives each bit data D2_1 D D2_N of the random data D2, respectively, and may generate Power signals at different power levels. Taking the power signal generator 300_1 as an example, when the received bit data D2_1 is logic 0, the power signal generator 300_1 can stop operating without generating any power signal. When the received bit data D2_1 is logic 1, the power signal generator 300_1 can generate a power signal of a specific size (ie, unit power UPx1).

功率訊號產生器300_1~300_N所產生的功率訊號間分別具有一定的比例關係。詳細來說,功率訊號產生器300_1~300_N所產生的功率訊號可以設定為將單位功率UP乘上2的幂次方。也就是說,功率訊號產生器300_2所產生的功率訊號(單位功率UPx2)可以是功率訊號產生器300_1所產生的功率訊號(單位功率UPx1)的兩倍大,而作為第n個功率訊號產生器300_n所產生的功率訊號可以為單位功率UP的 倍(n為正整數,且1≦n≦N)。換言之,功率分析防禦電路130中的每個功率訊號產生器300_1~300_N皆可分別依據所接收到的位元資料D2_1~D2_N是邏輯0或邏輯1決定是否被啟動,並在被啟動時產生各自特定功率準位的功率訊號。此外,當資料加解密單元110未進行加解密運算時,加解密裝置100可例如透過禁能訊號來控制亂數產生器120禁能,從而讓每個功率訊號產生器300_1~300_N皆不被啟動而使功率分析防禦電路130停止運作,以降低不必要的電力消耗。 The power signals generated by the power signal generators 300_1~300_N have a certain proportional relationship. In detail, the power signals generated by the power signal generators 300_1 300 300_N can be set to multiply the unit power UP by a power of two. That is, the power signal (unit power UPx2) generated by the power signal generator 300_2 may be twice as large as the power signal (unit power UPx1) generated by the power signal generator 300_1, and is used as the nth power signal generator. The power signal generated by 300_n can be unit power UP Multiple (n is a positive integer and 1≦n≦N). In other words, each of the power signal generators 300_1~300_N in the power analysis and defense circuit 130 can determine whether to be activated according to whether the received bit data D2_1~D2_N is logic 0 or logic 1, respectively, and generate respective when activated. Power signal at a specific power level. In addition, when the data encryption/decryption unit 110 does not perform the encryption and decryption operation, the encryption/decryption device 100 can control the random number generator 120 to be disabled, for example, by disabling the signal, so that each of the power signal generators 300_1~300_N is not activated. The power analysis defense circuit 130 is stopped to reduce unnecessary power consumption.

為了進一步說明本實施例,以下表(1)描述了當N等於3時功率分析防禦電路130中功率訊號產生器300_1~300_3的啟動情形以及所產生的功率訊號SP2。 表(1) <TABLE border="1" borderColor="#000000" width="85%"><TBODY><tr><td> 亂數資料D2 (D2_3、D2_2、D2_1) </td><td> 啟動的功率訊號產生器 </td><td> 功率訊號SP2 </td></tr><tr><td> 000 </td><td> 無 </td><td> 0 </td></tr><tr><td> 001 </td><td> 300_1 </td><td> 單位功率UPx1 </td></tr><tr><td> 010 </td><td> 300_2 </td><td> 單位功率UPx2 </td></tr><tr><td> 011 </td><td> 300_1、300_2 </td><td> 單位功率UPx3 </td></tr><tr><td> 100 </td><td> 300_3 </td><td> 單位功率UPx4 </td></tr><tr><td> 101 </td><td> 300_1、300_3 </td><td> 單位功率UPx5 </td></tr><tr><td> 110 </td><td> 300_2、300_3 </td><td> 單位功率UPx6 </td></tr><tr><td> 111 </td><td> 300_1、300_2、300_3 </td><td> 單位功率UPx7 </td></tr></TBODY></TABLE>To further illustrate the present embodiment, Table (1) below describes the startup situation of the power signal generators 300_1 300 300_3 in the power analysis defense circuit 130 when N is equal to 3 and the generated power signal SP2. Table 1)         <TABLE border="1" borderColor="#000000" width="85%"><TBODY><tr><td> Random data D2 (D2_3, D2_2, D2_1) </td><td> Power of startup Signal Generator</td><td> Power Signal SP2 </td></tr><tr><td> 000 </td><td> None</td><td> 0 </td></ Tr><tr><td> 001 </td><td> 300_1 </td><td> Unit Power UPx1 </td></tr><tr><td> 010 </td><td> 300_2 </td><td> Unit Power UPx2 </td></tr><tr><td> 011 </td><td> 300_1, 300_2 </td><td> Unit Power UPx3 </td>< /tr><tr><td> 100 </td><td> 300_3 </td><td> Unit Power UPx4 </td></tr><tr><td> 101 </td><td> 300_1, 300_3 </td><td> Unit Power UPx5 </td></tr><tr><td> 110 </td><td> 300_2, 300_3 </td><td> Unit Power UPx6 </ Td></tr><tr><td> 111 </td><td> 300_1, 300_2, 300_3 </td><td> Unit Power UPx7 </td></tr></TBODY></TABLE >

由表(1)可知,功率分析防禦電路130可依據3位元的亂數資料D2而產生8( )種不同大小組合的功率訊號SP2。以此類推,在每個時脈週期中功率分析防禦電路130可依據N位元的亂數資料D2中而產生 種不同大小組合的功率訊號SP2。 As can be seen from the table (1), the power analysis defense circuit 130 can generate 8 according to the 3-bit random data D2 ( A power signal SP2 of different size combinations. By analogy, the power analysis defense circuit 130 can generate the N-bit random data D2 in each clock cycle. A power signal SP2 of different size combinations.

需說明的是,在本實施例中,加解密裝置100內的亂數產生器120與功率分析防禦電路130,係和資料加解密單元110完全獨立的,因此可避免影響資料加解密單元110的速度與效能。由另一觀點來看,本實施例的亂數產生器120與功率分析防禦電路130可適用於整合在任何種類的加解密裝置中,具有高可移植性。It should be noted that, in this embodiment, the random number generator 120 and the power analysis and defense circuit 130 in the encryption and decryption apparatus 100 are completely independent from the data encryption and decryption unit 110, so that the data encryption/decryption unit 110 can be avoided. Speed and performance. From another point of view, the random number generator 120 and the power analysis and defense circuit 130 of the present embodiment are applicable to integration in any kind of encryption and decryption apparatus, and have high portability.

圖4繪示本發明一實施例的分析防禦電路中機率相對於功率準位的關係圖。其中圖4的橫軸為分析防禦電路130所產生的功率訊號SP2的功率準位,縱軸為功率準位產生的機率。當分析防禦電路130被亂數資料D2觸發啟動的情況下,如圖4所示,分析防禦電路130可產生 種不同大小組合的功率準位(即0、UP~ UP),並且每個功率準位的產生機率皆為 FIG. 4 is a diagram showing the relationship between the probability and the power level in the analysis and defense circuit according to an embodiment of the invention. The horizontal axis of FIG. 4 is the power level of the power signal SP2 generated by the analysis defense circuit 130, and the vertical axis is the probability of the power level. When the analysis defense circuit 130 is triggered to be triggered by the random data D2, as shown in FIG. 4, the analysis defense circuit 130 can generate Power level of different size combinations (ie 0, UP~ UP), and the probability of generating each power level is .

請參考圖5,圖5繪示本發明一實施例的功率訊號產生器的一實施方式的示意圖。功率訊號產生器300_1~300_N可例如採用環形振盪器的結構。如圖5所示,以功率訊號產生器300_1為範例,可包括一個環形振盪器500。環形振盪器500可包括反及閘510、第一反相器520以及第二反相器530。反及閘510的第一輸入端接收亂數資料D2中對應的其中一個位元資料D2_1。第一反相器520的輸入端耦接反及閘510的輸出端。第二反相器530的輸入端耦接第一反相器520的輸出端,第二反相器530的輸出端耦接反及閘的第二輸入端。環形振盪器500可透過位元資料D2_1的觸發而產生一個單位功率UP的功率訊號。Please refer to FIG. 5. FIG. 5 is a schematic diagram of an embodiment of a power signal generator according to an embodiment of the present invention. The power signal generators 300_1 300 300_N may employ, for example, a structure of a ring oscillator. As shown in FIG. 5, the power signal generator 300_1 can be included as an example, and may include a ring oscillator 500. The ring oscillator 500 can include an inverse gate 510, a first inverter 520, and a second inverter 530. The first input end of the inverse gate 510 receives one of the bit data D2_1 corresponding to the random number data D2. The input end of the first inverter 520 is coupled to the output of the anti-gate 510. The input end of the second inverter 530 is coupled to the output end of the first inverter 520, and the output end of the second inverter 530 is coupled to the second input end of the anti-gate. The ring oscillator 500 can generate a power signal of unit power UP through the trigger of the bit data D2_1.

另一方面,功率訊號產生器300_2所產生的功率訊號是功率訊號產生器300_1所產生的功率訊號的兩倍大,因此功率訊號產生器300_2可包括兩個環形振盪器500。兩個環形振盪器500皆連接位元資料D2_1而互相並聯,以透過位元資料D2_1的觸發而產生共兩個單位功率UP的功率訊號。以此類推,第n個功率訊號產生器300_n(n為正整數,且1≦n≦N)可包括 個互相並聯的環形振盪器500,以產生 個單位功率UP的功率訊號。 On the other hand, the power signal generated by the power signal generator 300_2 is twice as large as the power signal generated by the power signal generator 300_1. Therefore, the power signal generator 300_2 may include two ring oscillators 500. The two ring oscillators 500 are connected to each other in parallel with the bit data D2_1 to generate a power signal of two unit powers UP through the trigger of the bit data D2_1. By analogy, the nth power signal generator 300_n (n is a positive integer, and 1≦n≦N) may include a ring oscillator 500 connected in parallel with each other to generate Power signal of unit power UP.

此外,亂數產生器120亦可例如為環型震盪器式亂數產生器(ring oscillator based random number generator)。若亂數產生器120與功率分析防禦電路130主要皆由環型震盪器組成,可有利於製程上的設計,以降低成本。In addition, the random number generator 120 can also be, for example, a ring oscillator based random number generator. If the random number generator 120 and the power analysis and defense circuit 130 are mainly composed of a ring type oscillator, the design on the process can be facilitated to reduce the cost.

圖6繪示本發明一實施例的功率分析防禦方法的流程圖。本發明實施例的功率分析防禦方法適用於圖1的加解密裝置100。請同時參照圖1及圖6,當加解密裝置100在進行加解密運算時,在步驟S610中,亂數產生器120產生亂數資料D2。亂數資料D2具備N位元,且N為正整數。在步驟S620中,加解密裝置100根據亂數資料D2啟動功率分析防禦電路130,使功率分析防禦電路130在接收到亂數資料D2時依據亂數資料D2中的各位元資料D2_1~D2_N而產生M種不同大小的功率訊號,M為2的N次方。FIG. 6 is a flow chart of a power analysis and defense method according to an embodiment of the present invention. The power analysis and defense method of the embodiment of the present invention is applicable to the encryption and decryption apparatus 100 of FIG. Referring to FIG. 1 and FIG. 6 simultaneously, when the encryption/decryption apparatus 100 performs the encryption/decryption operation, the random number generator 120 generates the random number data D2 in step S610. The random number data D2 has N bits, and N is a positive integer. In step S620, the encryption/decryption apparatus 100 starts the power analysis and defense circuit 130 according to the random number data D2, so that the power analysis and defense circuit 130 generates the random data D2 according to the metadata D2_1~D2_N in the random number data D2. M power signals of different sizes, M is the Nth power of 2.

此外,關於上述圖6中,功率分析防禦方法的執行步驟的實施細節,在前述的多個實施例及多個實施方式中都有詳細的說明,以下恕不多贅述。In addition, in the above-mentioned FIG. 6, the implementation details of the execution steps of the power analysis defense method are described in detail in the foregoing various embodiments and various embodiments, and will not be further described below.

綜上所述,本發明的加解密裝置及其功率分析防禦方法,可利用亂數資料的變動而在每個時脈週期參雜不同功率準位的電力消耗,藉此使攻擊者難以依據電力消耗來推導出敏感資料之資訊(例如密鑰等)。在結構上將功率分析防禦電路獨立於資料加解密單元進行配置可避免影響加解密運算的速度與效能,而且本發明亦具有在不使用時適當地停止功率分析防禦電路的運作以降低不必要的電力消耗的功能。In summary, the encryption and decryption apparatus and the power analysis and defense method thereof of the present invention can utilize the fluctuation of the random number data to mix power consumption of different power levels in each clock cycle, thereby making it difficult for an attacker to rely on the power. Consumption to derive information about sensitive data (such as keys, etc.). Structurally configuring the power analysis defense circuit independently of the data encryption and decryption unit can avoid affecting the speed and performance of the encryption and decryption operation, and the invention also has the function of appropriately stopping the power analysis and defense circuit when not in use to reduce unnecessary The function of power consumption.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention, and any one of ordinary skill in the art can make some changes and refinements without departing from the spirit and scope of the present invention. The scope of the invention is defined by the scope of the appended claims.

100:加解密裝置 110:資料加解密單元 120:亂數產生器 130:功率分析防禦電路 200:邏輯運算單元 210:儲存單元 300_1~300_N:功率訊號產生器 500:環形振盪器 510:反及閘 520:第一反相器 530:第二反相器 D1:數位資料 D2:亂數資料 D2_1~D2_N:位元資料 K1:密鑰 SP1、SP2、SP3:功率訊號 S610、S620:步驟100: encryption and decryption device 110: data encryption and decryption unit 120: random number generator 130: power analysis defense circuit 200: logic operation unit 210: storage unit 300_1~300_N: power signal generator 500: ring oscillator 510: anti-gate 520: first inverter 530: second inverter D1: digital data D2: random data D2_1~D2_N: bit data K1: key SP1, SP2, SP3: power signal S610, S620: steps

圖1繪示本發明一實施例的加解密裝置的示意圖。 圖2繪示本發明一實施例的資料加解密單元的示意圖。 圖3繪示本發明一實施例的功率分析防禦電路的示意圖。 圖4繪示本發明一實施例的分析防禦電路中機率相對於功率準位的關係圖。 圖5繪示本發明一實施例的功率訊號產生器的示意圖。 圖6繪示本發明一實施例的功率分析防禦方法的流程圖。FIG. 1 is a schematic diagram of an encryption and decryption apparatus according to an embodiment of the present invention. 2 is a schematic diagram of a data encryption and decryption unit according to an embodiment of the present invention. 3 is a schematic diagram of a power analysis and defense circuit according to an embodiment of the present invention. FIG. 4 is a diagram showing the relationship between the probability and the power level in the analysis and defense circuit according to an embodiment of the invention. FIG. 5 is a schematic diagram of a power signal generator according to an embodiment of the invention. FIG. 6 is a flow chart of a power analysis and defense method according to an embodiment of the present invention.

100:加解密裝置 110:資料加解密單元 120:亂數產生器 130:功率分析防禦電路 D1:數位資料 D2:亂數資料 K1:密鑰 SP1、SP2、SP3:功率訊號100: encryption and decryption device 110: data encryption and decryption unit 120: random number generator 130: power analysis and defense circuit D1: digital data D2: random data K1: key SP1, SP2, SP3: power signal

Claims (9)

一種加解密裝置,適用於對一數位資料進行加解密運算,該加解密裝置包括:一資料加解密單元,接收該數位資料,且對該數位資料進行加解密運算;一亂數產生器,用以產生一亂數資料,該亂數資料具備N位元,N為正整數;以及一功率分析防禦電路,耦接該亂數產生器,在接收到該亂數資料時依據該亂數資料中的各位元資料而產生M種不同大小的功率訊號,M為2的N次方,其中該功率分析防禦電路包括N個功率訊號產生器,各所述功率訊號產生器分別接收該亂數資料的各位元資料並據以產生不同功率準位的功率訊號。 An encryption and decryption device is adapted to perform encryption and decryption operations on a digital data, the encryption and decryption device comprising: a data encryption and decryption unit, receiving the digital data, and performing encryption and decryption operations on the digital data; a random number generator, To generate a random number of data, the random number data has N bits, N is a positive integer; and a power analysis defense circuit is coupled to the random number generator, and according to the random number data when receiving the random number data The power data of the different types of power is generated, and M is a power of 2 N, wherein the power analysis and defense circuit includes N power signal generators, and each of the power signal generators respectively receives the random data. The metadata of each element is used to generate power signals of different power levels. 如申請專利範圍第1項所述的加解密裝置,其中當該資料加解密單元未進行加解密運算時該加解密裝置控制該亂數產生器禁能,以使該功率分析防禦電路停止運作。 The encryption/decryption device of claim 1, wherein the encryption/decryption device controls the random number generator to disable when the data encryption/decryption unit does not perform an encryption/decryption operation, so that the power analysis defense circuit stops operating. 如申請專利範圍第1項所述的加解密裝置,其中該資料加解密單元包括:一邏輯運算單元,接收一密鑰以及該數位資料,並依據該密鑰對該數位資料進行加解密運算。 The encryption and decryption device of claim 1, wherein the data encryption and decryption unit comprises: a logic operation unit, receiving a key and the digital data, and performing encryption and decryption operations on the digital data according to the key. 如申請專利範圍第1項所述的加解密裝置,其中當所接收到的該位元資料為邏輯0時該功率訊號產生器停止運作。 The encryption/decryption device of claim 1, wherein the power signal generator stops operating when the received bit data is logic 0. 如申請專利範圍第1項所述的加解密裝置,其中第n個該功率訊號產生器所產生的功率訊號為一單位功率的2的n-1次方倍,其中n為正整數,且1≦n≦N。 The encryption and decryption device of claim 1, wherein the power signal generated by the nth power signal generator is 2 to 1 power of 2 unit power, wherein n is a positive integer, and 1 ≦n≦N. 如申請專利範圍第5項所述的加解密裝置,其中第n個該功率訊號產生器包括2的n-1次方個環形振盪器,各所述環形振盪器產生一個該單位功率的功率訊號。 The encryption and decryption apparatus of claim 5, wherein the nth power signal generator comprises 2 n-1 power ring oscillators, and each of the ring oscillators generates a power signal of the unit power. . 如申請專利範圍第6項所述的加解密裝置,其中該環形振盪器包括:一反及閘,其第一輸入端接收該亂數資料中對應的其中一個位元資料;一第一反相器,其輸入端耦接該反及閘的輸出端;以及一第二反相器,其輸入端耦接該第一反相器的輸出端,其輸出端耦接該反及閘的第二輸入端。 The encryption and decryption device of claim 6, wherein the ring oscillator comprises: a reverse gate, the first input end receiving one of the corresponding bit data in the random data; a first inversion The input end is coupled to the output of the anti-gate; and a second inverter having an input coupled to the output of the first inverter and an output coupled to the second of the anti-gate Input. 一種功率分析防禦方法,適用於一加解密裝置,所述方法包括:產生一亂數資料,該亂數資料具備N位元,N為正整數;根據該亂數資料啟動一功率分析防禦電路,該功率分析防禦電路包括N個功率訊號產生器;以及使各所述功率訊號產生器分別接收該亂數資料的各位元資料並據以產生M種不同功率準位的功率訊號,M為2的N次方。 A power analysis and defense method is applicable to an encryption and decryption device, and the method includes: generating a random number data, the random number data has N bits, and N is a positive integer; and starting a power analysis and defense circuit according to the random number data, The power analysis and defense circuit includes N power signal generators; and each of the power signal generators respectively receives the metadata of the random data and generates power signals of M different power levels, where M is 2. Nth power. 如申請專利範圍第8項所述的功率分析防禦方法,其中當未進行加解密運算時停止產生該亂數資料,以使該功率分析防禦電路停止運作。 The power analysis defense method according to claim 8, wherein the generation of the random number data is stopped when the encryption/decryption operation is not performed, so that the power analysis defense circuit stops operating.
TW105112064A 2016-04-19 2016-04-19 Encryption/decryption apparatus and power analysis protecting method thereof TWI608381B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW105112064A TWI608381B (en) 2016-04-19 2016-04-19 Encryption/decryption apparatus and power analysis protecting method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW105112064A TWI608381B (en) 2016-04-19 2016-04-19 Encryption/decryption apparatus and power analysis protecting method thereof

Publications (2)

Publication Number Publication Date
TW201738803A TW201738803A (en) 2017-11-01
TWI608381B true TWI608381B (en) 2017-12-11

Family

ID=61022668

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105112064A TWI608381B (en) 2016-04-19 2016-04-19 Encryption/decryption apparatus and power analysis protecting method thereof

Country Status (1)

Country Link
TW (1) TWI608381B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI736817B (en) * 2018-03-25 2021-08-21 新唐科技股份有限公司 Multiword multiplier circuit and method of protecting against power analysis attacks

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200823926A (en) * 2006-09-21 2008-06-01 Atmel Corp Randomizing current consumption in memory devices
US20080212776A1 (en) * 2006-11-07 2008-09-04 Kabushiki Kaisha Toshiba Encryption processing circuit and encryption processing method
CN102509036A (en) * 2011-09-28 2012-06-20 东南大学 Reconfigurable cipher processor and anti-power consumption attach method
CN102710413A (en) * 2012-04-25 2012-10-03 杭州晟元芯片技术有限公司 System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200823926A (en) * 2006-09-21 2008-06-01 Atmel Corp Randomizing current consumption in memory devices
US20080212776A1 (en) * 2006-11-07 2008-09-04 Kabushiki Kaisha Toshiba Encryption processing circuit and encryption processing method
CN102509036A (en) * 2011-09-28 2012-06-20 东南大学 Reconfigurable cipher processor and anti-power consumption attach method
CN102710413A (en) * 2012-04-25 2012-10-03 杭州晟元芯片技术有限公司 System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI736817B (en) * 2018-03-25 2021-08-21 新唐科技股份有限公司 Multiword multiplier circuit and method of protecting against power analysis attacks

Also Published As

Publication number Publication date
TW201738803A (en) 2017-11-01

Similar Documents

Publication Publication Date Title
JP6533553B2 (en) Encryption / decryption device and power analysis protection method therefor
US20160124716A1 (en) Deriving Entropy From Multiple Sources Having Different Trust Levels
US10826694B2 (en) Method for leakage-resilient distributed function evaluation with CPU-enclaves
EP3503463B1 (en) Systems and methods implementing countermeasures to phase tracking attacks on ring oscillator based entropy sources
US11349668B2 (en) Encryption device and decryption device
TWI422203B (en) Electronic device and method for protecting against differential power analysis attack
Reddy et al. BHARKS: Built-in hardware authentication using random key sequence
US11418334B2 (en) Protecting modular inversion operation from external monitoring attacks
TWI517655B (en) Cryptographic device and secret key protection method
Kumaki et al. Cipher-destroying and secret-key-emitting hardware Trojan against AES core
TWI608381B (en) Encryption/decryption apparatus and power analysis protecting method thereof
US11303436B2 (en) Cryptographic operations employing non-linear share encoding for protecting from external monitoring attacks
Rahman et al. Design and security-mitigation of custom and configurable hardware cryptosystems
CN112286463A (en) Data processing method, device, equipment and storage medium
Goswami et al. Absolute key variation technique of automatic variable key in cryptography
Kamal et al. Comparative Analysis of Various Elliptic Curve Cryptography Algorithms for Handheld Devices
Dubrova Energy-efficient cryptographic primitives
US11645409B2 (en) Search and access pattern hiding verifiable searchable encryption for distributed settings with malicious servers
Mohankumar et al. Lightweight PUF-Based Gate Replacement Technique to Reduce Leakage of Information through Power Profile Analysis
Devi M Lightweight PUF-Based Gate Replacement Technique to Reduce Leakage of Information through Power Profile Analysis
Bakhtiari et al. Lightweight symmetric encryption algorithm in big data
Paje et al. 1024Bit Key Fortification of RC6 for Video Encryption
Rehman et al. Hybrid AES-ECC Model for the Security of Data over Cloud Storage. Electronics 2021, 10, 2673
Iavich et al. Investigating CRYSTALS-Kyber Vulnerabilities: Attack Analysis and Mitigation
Pujol et al. A Secure and User Friendly Multi-Purpose Asymmetric Key Derivation System (MPKDS)