WO2013163854A1 - Circuit, chip and method against power attack for grouping algorithms - Google Patents

Circuit, chip and method against power attack for grouping algorithms Download PDF

Info

Publication number
WO2013163854A1
WO2013163854A1 PCT/CN2012/081145 CN2012081145W WO2013163854A1 WO 2013163854 A1 WO2013163854 A1 WO 2013163854A1 CN 2012081145 W CN2012081145 W CN 2012081145W WO 2013163854 A1 WO2013163854 A1 WO 2013163854A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
module
random
scrambling
circle
Prior art date
Application number
PCT/CN2012/081145
Other languages
French (fr)
Chinese (zh)
Inventor
李娜
胡晓波
赵东艳
王于波
张海峰
Original Assignee
国网电力科学研究院
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国网电力科学研究院 filed Critical 国网电力科学研究院
Publication of WO2013163854A1 publication Critical patent/WO2013163854A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Definitions

  • the present invention relates to the field of information security, and in particular to a circuit, a chip and a method for defending against energy attacks on a packet algorithm.
  • BACKGROUND OF THE INVENTION With the development of information technology, computer applications have penetrated into various fields of social life, especially in e-commerce, making people rely more and more on information, making information security technology particularly important. Encryption is also gaining more and more attention as an important part of the information security field. Encryption has a long history and a variety of cryptographic algorithms. The cryptographic algorithm can be divided into a grouping algorithm and a stream cipher algorithm according to the processing of plaintext data.
  • the grouping algorithm is an algorithm for encrypting a fixed length of a set of plaintext, which groups the plaintext according to a certain bit length, and all of the plaintext group and the key group are encrypted to obtain a ciphertext group.
  • the characteristics of the grouping algorithm are as follows:
  • the key can be fixed for a certain period of time, and it is not necessary to change each time. Therefore, it is convenient for key distribution, but there are also security risks such as the key being vulnerable to attack.
  • the operation process of the encryption algorithm includes:
  • the encryption algorithm E under the control of the key K is denoted as E_K, and the ciphertext corresponding to the plaintext message m is E_K (m).
  • the decryption algorithm D under the control of the key K is denoted as D_K, and the plaintext message c corresponds to the plaintext note! ) _K (c).
  • there is 1)_1 _1 (111) ) 111.
  • Figure 1 The general simplified structure of the grouping algorithm operation is shown in Figure 1.
  • the prior art is mainly for the defense measures taken by the S-box attack in the circle operation process, and there are fewer defense actions against the register attack and the Hamming distance attack.
  • the existing anti-attack method mainly covers the data in the operation process.
  • the commonly used MASK technology is to perform defensive energy differential attack through the data in the mask operation process, but the MASK technology is hard.
  • the cost of the parts is relatively large. .
  • the present invention provides an electric circuit for providing an anti-defense against the sub-grouping algorithm.
  • the 55-core chip and the method of the square, the operation and the use of random machine disturbance and chaos and random machine disturbances also restore the original algorithm, to cover the cover directly with a small amount of small price.
  • the text and the circle data are stored in the information stored in the register, so that the anti-defense effect is better. .
  • the present invention provides an electrical circuit for providing an anti-defense against the sub-grouping algorithm, an energy energy attack attack, and a package thereof.
  • the circle operation algorithm module block and the circle key key generation to generate the module module Including: the circle operation algorithm module block and the circle key key generation to generate the module module;; the circuit circuit also includes:: the data data according to the random machine disturbance and also restore the original The unit element and the circle number data are restored with the random machine disturbance and also restore the original single unit element and the MMUUXX22 __11 module block;; the data data is restored with the random machine disturbance and also restores the original single unit element, MMUUXX22 __ 11 mode
  • the modulo 1100 block, the number of lap data, and the random machine disturbance are also restored to the original single unit element and the circle operation algorithm module block is connected in sequence; the circle key key generation generates a model
  • the module block transmits and transmits the generated secret key key to the circle operation arithmetic module block. .
  • the data is stored in accordance with the random machine disturbance and also restores the original single unit element package including: The random machine disturbance scrambling module block ((11)), the data data register register, and the random machine disturbance are also restored to the original module block ((22)). .
  • the number of data of the circle is reduced with the random machine disturbance and the original single unit element is restored.
  • the following includes: 1157 times
  • the secondary connection is connected with the random machine disturbance scrambling module block ((33)), the circle number data register register, and the random machine disturbance is also restored to the original module block ((44) ). .
  • the random module disturbs the modular module block ((11,, 33)) and uses the random machine number.
  • the number of pairs of logarithmic data is processed in accordance with the disturbance. .
  • the MMUUXX22___11 module module is a two-two-choice selection device;
  • the energy energy attack attack circuit is the SSSSMMPP1111 model number. .
  • the invention provides a fifth-five-preferred preferred technique in the present invention, and provides an energy-saving method for the one-to-one package including the anti-defense against the sub-grouping algorithm
  • the electric power of the electric circuit that attacks the attack is transmitted to the safety of the whole core chip. .
  • the present invention provides a method for providing an anti-defense against the sub-grouping algorithm.
  • the method of the square, the package includes the following steps:
  • ((11)) .. configuration configuration control and control register to store the input data, and judge whether it is necessary or not to perform the chaotic sequence of the log data Processing, 2255 If there is no need to need, then the storage and storage input and input data, and the logarithmic data according to the line plus / / decryption and decryption operation calculation, jump jump Go to the step ((66));; otherwise, proceed to the step ((22));
  • the random number is used to perform the scrambling process on the data.
  • the data is scrambled and stored after the end of the circle operation; wherein each stored circle operation result is disturbed.
  • the present invention provides a circuit, a chip and a method for defending an energy attack on a packet algorithm, and uses a random scrambling and random scrambling reduction algorithm without using expensive MASK technology, which is low in cost and directly at a small cost. Covers the information in the register of plaintext and circle data, thus achieving a good anti-P effect.
  • FIG. 1 is a schematic structural diagram of a prior art grouping algorithm encryption/decryption operation.
  • FIG. 2 is a schematic structural diagram of Embodiment 1 of a defense energy attack circuit according to the present invention.
  • FIG. 3 is a flowchart of Embodiment 1 of a method for defensive energy attack according to the present invention.
  • FIG. 4 is a schematic diagram of an embodiment of a loop processing result scrambling process flow in the method of the present invention. detailed description
  • the data in the input register is disturbed. It is scrambled when the plaintext or key is input, for example, by using a random number mask method to mask the plaintext or the key, to prevent the attacker from obtaining plaintext or key information through a register attack or a Hamming attack.
  • the loop operation result in the circle data register is disturbed and protected. Prevent attackers from obtaining circular operation result information through register attack or Hamming distance attack.
  • a circuit for defending against energy attacks on a grouping algorithm includes: a circle operation module, a circle key generation module, a data random disturbance recovery unit, a loop data random disturbance reduction unit, and a MUX2_1 module;
  • the disturbance recovery unit, the MUX2_1 module, the loop data random scrambling restore unit, and the circle operation module are sequentially connected; the circle key generation module transmits the generated key to the circle operation module.
  • the data random scrambling and restoring unit may include: a random scrambling module (1) connected in sequence, a data register, and a random scrambling and restoring module (2).
  • the loop data random scrambling and restoring unit may include: a random scrambling module (3), a loop data register, and a random scrambling and restoring module (4) connected in sequence.
  • the random scrambling module (1, 3) uses random numbers to scramble the data.
  • the circle data register stores the out-of-sequence data after the circle operation ends.
  • the MUX2_1 module can be a two-choice selector; the defense against the grouping algorithm energy attack circuit is the SSMP11 model.
  • a power communication security chip that includes circuitry to defend against energy attacks on packet algorithms.
  • a defensive energy attack method includes the following steps:
  • the data is subjected to scrambling processing using a random number.
  • the data is scrambled and stored after the end of the circle operation; wherein, the result of the circle operation stored each time is disturbed.
  • the invention is mainly applied to a grouping algorithm of a security chip. That is, a random scrambling and random scrambling reduction algorithm is added to the grouping algorithm.
  • the specific hardware implementation method is to disturb the data in the input register and the circle operation result in the circle data register.
  • the method of the disturbance may be a simple scrambling algorithm such as shifting out-of-order, XORing with a random number.
  • the disturbed data should be restored to the original data during the operation, that is, the data must be restored before the encryption/decryption operation to disturb the data in the input register.
  • the specific implementation method is as follows: Store the data in the corresponding register. Before the disturbance, the data is restored and the encryption/decryption loop operation is performed after starting the circle calculation, as shown in Fig. 3.
  • Step 1 As shown in Figure 3 (steps 201-202), configure the control register input data as needed, and set whether data is out of order.
  • Step 2 As shown in Figure 3 (step 203), if you need to process out of order, enter the data.
  • Step 3 As shown in Fig. 3 (step 204), the scrambling process is performed, and the method of scrambling the data before being stored in the data register (step 205) is to perform simple scrambling by using random numbers.
  • Step 4 As shown in Fig. 3 (step 205), the disturbed data is stored, and the disturbed data is stored in the data register, and it is judged whether or not the encryption and decryption circle operation is started. If you start the operation, you need to restore the data.
  • Step 5 As shown in Figure 3 (step 206), the data is restored. Before starting the operation, the data must be restored back to the original data, and the restored data is stored in the intermediate operation data register. The data at this time is processed by the random disturbance reduction algorithm.
  • Step 6 As shown in FIG. 3 (step 207), the data is subjected to an encryption/decryption loop operation.
  • the specific implementation method for the circle operation result stored in the circle data register is as follows: After the loop operation is completed, the data is disturbed and stored in the register. In the present invention, the result of the loop operation stored in the loop data register each time is disturbed, and the scrambling algorithm is different for each operation, as shown in Fig. 3.
  • Step 7 As shown in Figure 3 (step 208), the encryption and decryption result is output.
  • Step 8 As shown in FIG. 3 (steps 209-211), if out-of-order processing is not required, the data may skip the out-of-order processing of step 1, the data restoration processing of step 4 and step 5, and perform normal encryption/decryption loop operations on the data. After the process, the encryption and decryption results are output.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a circuit, a chip and a method against power attack for grouping algorithms, the circuit comprising: a round operation module, a round key generation module, a data random perturbation and recovery unit, a round data random perturbation and recovery unit, and a MUX2_1 module; the method comprising: a random perturbation and a random perturbation and recovery algorithms. The circuit, the chip and the method against power attack for grouping algorithms provided by the present invention, use the random perturbation and the random perturbation and recovery algorithms, to directly conceal the information of the plain text and the round data in registers with little cost, thus making defense effects better.

Description

一种防御对分组算法能量攻击的电路、 芯片和方法 技术领域 本发明属于信息安全领域, 具体涉及一种防御对分组算法能量攻击的电 路、 芯片和方法。 背景技术 随着信息技术的发展, 计算机应用渗透到社会生活的各个领域, 特别是 在电子商务中的应用, 使人们对信息的依赖程度越来越大, 从而使信息安全 技术显得格外重要。 加密作为信息安全领域的一个重要部分也越来越受到重 视。 加密学历史悠久,密码算法多种多样。 密码算法按照对明文数据的处理可 分为分组算法和流密码算法。 分组算法即对固定长度的一组明文进行加密的 算法, 它将明文按一定的位长分组, 明文组和密钥组的全部经过加密运算得 到密文组。 解密时, 密文组和密钥组经过解密运算, 还原成明文组。 分组算 法的特点是: 密钥可以在一定时间内固定, 不必每次变换, 因此给密钥配发 带来了方便, 但同时也存在密钥容易被攻击等安全隐患。  FIELD OF THE INVENTION The present invention relates to the field of information security, and in particular to a circuit, a chip and a method for defending against energy attacks on a packet algorithm. BACKGROUND OF THE INVENTION With the development of information technology, computer applications have penetrated into various fields of social life, especially in e-commerce, making people rely more and more on information, making information security technology particularly important. Encryption is also gaining more and more attention as an important part of the information security field. Encryption has a long history and a variety of cryptographic algorithms. The cryptographic algorithm can be divided into a grouping algorithm and a stream cipher algorithm according to the processing of plaintext data. The grouping algorithm is an algorithm for encrypting a fixed length of a set of plaintext, which groups the plaintext according to a certain bit length, and all of the plaintext group and the key group are encrypted to obtain a ciphertext group. When decrypting, the ciphertext group and the key group are decrypted and restored to a plaintext group. The characteristics of the grouping algorithm are as follows: The key can be fixed for a certain period of time, and it is not necessary to change each time. Therefore, it is convenient for key distribution, but there are also security risks such as the key being vulnerable to attack.
目前比较流行的分组算法有 DES、 AES等。 分组算法现在已经得到了广泛 的推广和应用。 但随着攻击算法方法的发展, 分组算法的防攻击措施也在不 断进步。 现在比较常见的能量攻击的手段是: 通过给出大量数据进行加密运 算, 然后对运算产生的功耗进行差分分析从而推算出密钥, 达到攻击的目的。 而常用的防御上述攻击的方法是: 在运算过程中对数据或密钥进行掩码或打 L运算时序的方法。  Currently popular packet algorithms are DES, AES, and so on. The grouping algorithm has now been widely promoted and applied. However, with the development of attack algorithm methods, the anti-attack measures of packet algorithms are also constantly improving. Nowadays, the more common means of energy attack is: by giving a large amount of data for encryption operation, and then performing differential analysis on the power consumption of the operation to derive the key to achieve the purpose of the attack. The commonly used methods to defend against the above attacks are: Masking data or keys or calculating the timing of operations during the operation.
加密算法的运算过程包括: 在密钥 K控制之下的加密算法 E记为 E_K , 明文消息 m对应的密文记为 E_K (m)。 类似地, 在密钥 K控制之下的解密算法 D记为 D_K , 密文消息 c对应的明文记为!) _K (c)。 显然, 对所有的明文 m, 都 有1)_1 _1 (111) ) =111。 分组算法运算的一般简化结构如图 1所示。  The operation process of the encryption algorithm includes: The encryption algorithm E under the control of the key K is denoted as E_K, and the ciphertext corresponding to the plaintext message m is E_K (m). Similarly, the decryption algorithm D under the control of the key K is denoted as D_K, and the plaintext message c corresponds to the plaintext note! ) _K (c). Obviously, for all plaintext m, there is 1)_1 _1 (111) ) =111. The general simplified structure of the grouping algorithm operation is shown in Figure 1.
现有技术主要是针对圈运算过程中 S盒的攻击而釆取的防御措施, 而对 于圈运算结果的寄存器攻击以及汉明距攻击的防御措施较少。  The prior art is mainly for the defense measures taken by the S-box attack in the circle operation process, and there are fewer defense actions against the register attack and the Hamming distance attack.
现有的防攻击方法主要是掩盖运算过程中的数据,比如常用的 MASK技术 就是通过掩膜运算过程中的数据进行防御能量差分攻击的,但 MASK技术的硬 件件代代价价较较大大。。 发发明明内内容容 The existing anti-attack method mainly covers the data in the operation process. For example, the commonly used MASK technology is to perform defensive energy differential attack through the data in the mask operation process, but the MASK technology is hard. The cost of the parts is relatively large. . Invent the contents of the invention
为为克克服服上上述述缺缺陷陷,, 本本发发明明提提供供了了一一种种防防御御对对分分组组算算法法能能量量攻攻击击的的电电路路、、 In order to overcome the defects described above, the present invention provides an electric circuit for providing an anti-defense against the sub-grouping algorithm.
55 芯芯片片和和方方法法,, 运运用用随随机机扰扰乱乱和和随随机机扰扰乱乱还还原原算算法法,, 以以微微小小代代价价直直接接掩掩盖盖明明文文 和和圈圈数数据据在在寄寄存存器器里里的的信信息息,, 从从而而使使防防御御效效果果更更好好。。 The 55-core chip and the method of the square, the operation and the use of random machine disturbance and chaos and random machine disturbances also restore the original algorithm, to cover the cover directly with a small amount of small price. Obviously, the text and the circle data are stored in the information stored in the register, so that the anti-defense effect is better. .
为为实实现现上上述述目目的的,, 本本发发明明提提供供一一种种防防御御对对分分组组算算法法能能量量攻攻击击的的电电路路,, 其其 包包括括:: 圈圈运运算算模模块块和和圈圈密密钥钥生生成成模模块块;; 电电路路还还包包括括:: 数数据据随随机机扰扰乱乱还还原原单单元元、、 圈圈数数据据随随机机扰扰乱乱还还原原单单元元和和 MMUUXX22 __ 11模模块块;; 数数据据随随机机扰扰乱乱还还原原单单元元、、 MMUUXX22 __ 11模模 1100 块块、、 圈圈数数据据随随机机扰扰乱乱还还原原单单元元和和圈圈运运算算模模块块依依次次连连接接;; 圈圈密密钥钥生生成成模模块块将将生生 成成的的密密钥钥传传输输到到圈圈运运算算模模块块。。  In order to achieve the above-mentioned purpose, the present invention provides an electrical circuit for providing an anti-defense against the sub-grouping algorithm, an energy energy attack attack, and a package thereof. Including: the circle operation algorithm module block and the circle key key generation to generate the module module;; the circuit circuit also includes:: the data data according to the random machine disturbance and also restore the original The unit element and the circle number data are restored with the random machine disturbance and also restore the original single unit element and the MMUUXX22 __11 module block;; the data data is restored with the random machine disturbance and also restores the original single unit element, MMUUXX22 __ 11 mode The modulo 1100 block, the number of lap data, and the random machine disturbance are also restored to the original single unit element and the circle operation algorithm module block is connected in sequence; the circle key key generation generates a model The module block transmits and transmits the generated secret key key to the circle operation arithmetic module block. .
本本发发明明提提供供的的优优选选技技术术方方案案中中,, 数数据据随随机机扰扰乱乱还还原原单单元元包包括括:: 依依次次连连接接 的的随随机机扰扰乱乱模模块块((11))、、 数数据据寄寄存存器器和和随随机机扰扰乱乱还还原原模模块块((22))。。  In the preferred embodiment of the present invention, the data is stored in accordance with the random machine disturbance and also restores the original single unit element package including: The random machine disturbance scrambling module block ((11)), the data data register register, and the random machine disturbance are also restored to the original module block ((22)). .
本本发发明明提提供供的的第第二二优优选选技技术术方方案案中中,, 圈圈数数据据随随机机扰扰乱乱还还原原单单元元包包括括:: 依依 1155 次次连连接接的的随随机机扰扰乱乱模模块块((33))、、 圈圈数数据据寄寄存存器器和和随随机机扰扰乱乱还还原原模模块块((44))。。  In the second preferred embodiment of the present invention, the number of data of the circle is reduced with the random machine disturbance and the original single unit element is restored. The following includes: 1157 times The secondary connection is connected with the random machine disturbance scrambling module block ((33)), the circle number data register register, and the random machine disturbance is also restored to the original module block ((44) ). .
本本发发明明提提供供的的第第三三优优选选技技术术方方案案中中,,随随机机扰扰乱乱模模块块((11,, 33))利利用用随随机机数数对对数数 据据进进行行扰扰乱乱处处理理。。  In the third preferred embodiment of the present invention, the random module disturbs the modular module block ((11,, 33)) and uses the random machine number. The number of pairs of logarithmic data is processed in accordance with the disturbance. .
本本发发明明提提供供的的第第四四优优选选技技术术方方案案中中,, MMUUXX22 __ 11 模模块块是是二二选选一一选选择择器器;; 防防 御御对对分分组组算算法法能能量量攻攻击击电电路路为为 SSSSMMPP1111型型号号。。  In the fourth preferred embodiment of the present invention, the MMUUXX22__11 module module is a two-two-choice selection device; For the halving grouping algorithm algorithm, the energy energy attack attack circuit is the SSSSMMPP1111 model number. .
2200 本本发发明明提提供供的的第第五五优优选选技技术术方方案案中中,, 提提供供一一种种包包括括防防御御对对分分组组算算法法能能量量 攻攻击击的的电电路路的的电电力力通通信信安安全全芯芯片片。。 2200 The invention provides a fifth-five-preferred preferred technique in the present invention, and provides an energy-saving method for the one-to-one package including the anti-defense against the sub-grouping algorithm The electric power of the electric circuit that attacks the attack is transmitted to the safety of the whole core chip. .
本本发发明明提提供供的的第第六六优优选选技技术术方方案案中中,, 提提供供一一种种防防御御对对分分组组算算法法能能量量攻攻击击 的的方方法法,, 包包括括如如下下步步骤骤::  In the sixth sixth preferred method of the present invention, the present invention provides a method for providing an anti-defense against the sub-grouping algorithm. The method of the square, the package includes the following steps:
((11)) ..配配置置控控制制寄寄存存器器输输入入数数据据,, 并并判判断断是是否否需需要要对对数数据据进进行行乱乱序序处处理理,, 2255 若若不不需需要要,, 则则存存储储输输入入数数据据,, 对对数数据据进进行行加加 //解解密密运运算算,, 跳跳转转至至步步骤骤((66)) ;; 否否 则则进进行行步步骤骤((22)) ;;  ((11)) .. configuration configuration control and control register to store the input data, and judge whether it is necessary or not to perform the chaotic sequence of the log data Processing, 2255 If there is no need to need, then the storage and storage input and input data, and the logarithmic data according to the line plus / / decryption and decryption operation calculation, jump jump Go to the step ((66));; otherwise, proceed to the step ((22));
((22)) ..对对数数据据进进行行扰扰乱乱处处理理;;  ((22)) .. for the logarithmic data to be harassed and disturbed;
((33)) ..存存储储扰扰乱乱后后的的数数据据;;  ((33)) .. stored data storage disturbances after the chaos of the data;
((44)) ..对对数数据据进进行行还还原原处处理理;; (6) .输出加解密结果。 ((44)) .. to the logarithmic data according to the line to restore the original processing;; (6) . Output encryption and decryption results.
本发明提供的第七优选技术方案中, 在所述步骤(2)中, 利用随机数对数 据进行扰乱处理。  In a seventh preferred embodiment of the present invention, in the step (2), the random number is used to perform the scrambling process on the data.
本发明提供的第八优选技术方案中, 在所述步骤(5)中, 在圈运算结束后 将数据扰乱并进行存储; 其中, 每次存储的圈运算结果都是经过扰乱的。  In the eighth preferred technical solution provided by the present invention, in the step (5), the data is scrambled and stored after the end of the circle operation; wherein each stored circle operation result is disturbed.
与现有技术相比, 本发明提供的一种防御对分组算法能量攻击的电路、 芯片和方法,利用随机扰乱和随机扰乱还原算法,不需使用昂贵的 MASK技术, 成本低, 以微小代价直接掩盖明文和圈数据在寄存器里的信息, 从而达到好 的防 P效果。 附图说明  Compared with the prior art, the present invention provides a circuit, a chip and a method for defending an energy attack on a packet algorithm, and uses a random scrambling and random scrambling reduction algorithm without using expensive MASK technology, which is low in cost and directly at a small cost. Covers the information in the register of plaintext and circle data, thus achieving a good anti-P effect. DRAWINGS
图 1为现有技术的分组算法加 /解密运算的结构示意图。  FIG. 1 is a schematic structural diagram of a prior art grouping algorithm encryption/decryption operation.
图 2为本发明防御能量攻击电路的实施例一结构示意图。  FIG. 2 is a schematic structural diagram of Embodiment 1 of a defense energy attack circuit according to the present invention.
图 3为本发明防御能量攻击方法的实施例一流程图。  FIG. 3 is a flowchart of Embodiment 1 of a method for defensive energy attack according to the present invention.
图 4为本发明方法中圈运算结果扰乱处理流程实施例示意图。 具体实施方式  FIG. 4 is a schematic diagram of an embodiment of a loop processing result scrambling process flow in the method of the present invention. detailed description
本技术对以下两部分进行扰乱保护。  This technology disrupts the following two parts.
将输入寄存器的数据进行扰乱。 在明文或者密钥输入时对其进行扰乱, 例如利用随机数掩膜方法, 来掩盖明文或密钥, 防止攻击者通过寄存器攻击 或汉明距攻击得到明文或密钥信息。  The data in the input register is disturbed. It is scrambled when the plaintext or key is input, for example, by using a random number mask method to mask the plaintext or the key, to prevent the attacker from obtaining plaintext or key information through a register attack or a Hamming attack.
对圈数据寄存器里的圈运算结果进行扰乱保护。 防止攻击者通过寄存器 攻击或汉明距攻击得到圈运算结果信息。  The loop operation result in the circle data register is disturbed and protected. Prevent attackers from obtaining circular operation result information through register attack or Hamming distance attack.
如图 2所示, 一种防御对分组算法能量攻击的电路, 其包括: 圈运算模 块、 圈密钥生成模块、 数据随机扰乱还原单元、 圈数据随机扰乱还原单元和 MUX2 _ 1模块; 数据随机扰乱还原单元、 MUX2 _ 1模块、 圈数据随机扰乱还原单 元和圈运算模块依次连接; 圈密钥生成模块将生成的密钥传输到圈运算模块。  As shown in FIG. 2, a circuit for defending against energy attacks on a grouping algorithm includes: a circle operation module, a circle key generation module, a data random disturbance recovery unit, a loop data random disturbance reduction unit, and a MUX2_1 module; The disturbance recovery unit, the MUX2_1 module, the loop data random scrambling restore unit, and the circle operation module are sequentially connected; the circle key generation module transmits the generated key to the circle operation module.
数据随机扰乱还原单元可以包括: 依次连接的随机扰乱模块(1)、数据寄 存器和随机扰乱还原模块(2)。 圈数据随机扰乱还原单元可以包括: 依次连接 的随机扰乱模块(3)、 圈数据寄存器和随机扰乱还原模块(4)。 随机扰乱模块(1, 3)利用随机数对数据进行扰乱处理。圈数据寄存器在圈 运算结束后将乱序后的数据进行存储。 MUX2_ 1模块可以是二选一选择器; 防 御对分组算法能量攻击电路为 SSMP11型号。 The data random scrambling and restoring unit may include: a random scrambling module (1) connected in sequence, a data register, and a random scrambling and restoring module (2). The loop data random scrambling and restoring unit may include: a random scrambling module (3), a loop data register, and a random scrambling and restoring module (4) connected in sequence. The random scrambling module (1, 3) uses random numbers to scramble the data. The circle data register stores the out-of-sequence data after the circle operation ends. The MUX2_1 module can be a two-choice selector; the defense against the grouping algorithm energy attack circuit is the SSMP11 model.
一种包括防御对分组算法能量攻击的电路的电力通信安全芯片。  A power communication security chip that includes circuitry to defend against energy attacks on packet algorithms.
如图 3、 4所示, 一种防御能量攻击方法, 包括如下步骤:  As shown in FIG. 3 and FIG. 4, a defensive energy attack method includes the following steps:
(1) .配置控制寄存器输入数据, 并判断是否需要对数据进行乱序处理, 若不需要, 则存储输入数据, 对数据进行加 /解密运算, 跳转至步骤(6) ; 否 则进行步骤(2) ; (2) .对数据进行扰乱处理; (3) .存储扰乱后的数据; (4) . 对数据进行还原处理; (5) .对数据进行加 /解密圈运算; (6) .输出加解密结果。  (1) Configure the control register input data, and determine whether it is necessary to process the data out of order, if not, store the input data, add/decrypt the data, and jump to step (6); otherwise, perform the steps ( 2); (2) . Disrupting the data; (3) storing the disturbed data; (4) . Restoring the data; (5) . Adding/decrypting the data to the circle; (6) . Output encryption and decryption results.
在所述步骤(2)中, 利用随机数对数据进行扰乱处理。 在所述步骤(5)中, 在圈运算结束后将数据扰乱并进行存储; 其中, 每次存储的圈运算结果都是 经过扰乱的。  In the step (2), the data is subjected to scrambling processing using a random number. In the step (5), the data is scrambled and stored after the end of the circle operation; wherein, the result of the circle operation stored each time is disturbed.
本发明主要应用于安全芯片的分组算法中。 即在分组算法中加入随机扰 乱和随机扰乱还原算法。 具体硬件实现方法是将输入寄存器里的数据和圈数 据寄存器里的圈运算结果进行扰乱, 扰乱的方法可以是移位乱序、 与随机数 进行异或等简单的扰乱算法。 经过扰乱后的数据在进行运算时应保证还原成 原始数据,即在加 /解密运算之前还需将数据进行还原对输入寄存器里的数据 进行扰乱的具体实施方法为: 在数据存储到相应的寄存器前先经过扰乱, 再 启动圈运算时将数据还原后进行加 /解密圈运算, 如图 3所示。  The invention is mainly applied to a grouping algorithm of a security chip. That is, a random scrambling and random scrambling reduction algorithm is added to the grouping algorithm. The specific hardware implementation method is to disturb the data in the input register and the circle operation result in the circle data register. The method of the disturbance may be a simple scrambling algorithm such as shifting out-of-order, XORing with a random number. The disturbed data should be restored to the original data during the operation, that is, the data must be restored before the encryption/decryption operation to disturb the data in the input register. The specific implementation method is as follows: Store the data in the corresponding register. Before the disturbance, the data is restored and the encryption/decryption loop operation is performed after starting the circle calculation, as shown in Fig. 3.
具体步骤如下:  Specific steps are as follows:
步骤 1 : 如图 3 (步骤 201-202 ), 根据需要配置控制寄存器输入数据, 并设置是否需要数据乱序。  Step 1: As shown in Figure 3 (steps 201-202), configure the control register input data as needed, and set whether data is out of order.
步骤 2: 如图 3 (步骤 203 ), 如果需要乱序处理, 则输入数据。  Step 2: As shown in Figure 3 (step 203), if you need to process out of order, enter the data.
步骤 3: 如图 3 (步骤 204 ), 进行扰乱处理, 数据在存入数据寄存器 (步 骤 205 )前先进行扰乱的方法是利用随机数进行简单扰乱。  Step 3: As shown in Fig. 3 (step 204), the scrambling process is performed, and the method of scrambling the data before being stored in the data register (step 205) is to perform simple scrambling by using random numbers.
步骤 4: 如图 3 (步骤 205 ), 存储扰乱后的数据, 扰乱后的数据存入数 据寄存器中, 并判断是否启动加解密圈运算。 如果启动运算, 需将数据还原。  Step 4: As shown in Fig. 3 (step 205), the disturbed data is stored, and the disturbed data is stored in the data register, and it is judged whether or not the encryption and decryption circle operation is started. If you start the operation, you need to restore the data.
步骤 5: 如图 3 (步骤 206 ), 数据还原, 启动运算前数据须先还原回原 始数据, 并将还原后的数据存入中间运算数据寄存器, 此时的数据经过了随 机扰乱还原算法处理。 步骤 6: 如图 3 (步骤 207 ), 对数据进行加 /解密圈运算。 Step 5: As shown in Figure 3 (step 206), the data is restored. Before starting the operation, the data must be restored back to the original data, and the restored data is stored in the intermediate operation data register. The data at this time is processed by the random disturbance reduction algorithm. Step 6: As shown in FIG. 3 (step 207), the data is subjected to an encryption/decryption loop operation.
对于存放到圈数据寄存器里的圈运算结果的具体实施方法为: 圈运算结 束后再将数据扰乱并存储到寄存器。 本发明中可以是每次存储到圈数据寄存 器的圈运算结果都是经过扰乱的, 并且每次运算时的扰乱算法都不相同, 如 图 3所示。  The specific implementation method for the circle operation result stored in the circle data register is as follows: After the loop operation is completed, the data is disturbed and stored in the register. In the present invention, the result of the loop operation stored in the loop data register each time is disturbed, and the scrambling algorithm is different for each operation, as shown in Fig. 3.
步骤 7: 如图 3 (步骤 208 ), 输出加解密结果。  Step 7: As shown in Figure 3 (step 208), the encryption and decryption result is output.
步骤 8: 如图 3 (步骤 209-211 ), 如果不需要乱序处理, 数据可跳过步 骤 1的乱序处理、 步骤 4和步骤 5的数据还原处理, 对数据进行正常加 /解密 圈运算流程后, 输出加解密结果。  Step 8: As shown in FIG. 3 (steps 209-211), if out-of-order processing is not required, the data may skip the out-of-order processing of step 1, the data restoration processing of step 4 and step 5, and perform normal encryption/decryption loop operations on the data. After the process, the encryption and decryption results are output.
需要声明的是, 本发明内容及具体实施方式意在证明本发明所提供技术 方案的实际应用, 不应解释为对本发明保护范围的限定。 本领域技术人员在 本发明的精神和原理启发下, 可作各种修改、 等同替换、 或改进。 但这些变 更或修改均在申请待批的保护范围内。  It is to be understood that the present invention and the specific embodiments thereof are intended to clarify the practical application of the technical solutions provided by the present invention, and should not be construed as limiting the scope of the present invention. Various modifications, equivalent substitutions, or improvements can be made by those skilled in the art in light of the spirit and principles of the invention. However, these changes or modifications are within the scope of the application for approval.

Claims

权 利 要 求 书 Claim
1、 一种防御对分组算法能量攻击的电路, 其包括: 圈运算模块和圈密钥 生成模块; 其特征在于, 还包括: 数据随机扰乱还原单元、 圈数据随机扰乱 还原单元和 MUX2 _ 1模块; 所述数据随机扰乱还原单元、 所述 MUX2 _ 1模块、 所 述圈数据随机扰乱还原单元和所述圈运算模块依次连接; 所述圈密钥生成模 块将生成的密钥传输到所述圈运算模块。 A circuit for defending energy attacks on a grouping algorithm, comprising: a circle operation module and a circle key generation module; and the method further comprises: a data random disturbance reduction unit, a loop data random disturbance reduction unit, and a MUX2_1 module The data random scrambling and restoring unit, the MUX2_1 module, the loop data random scrambling and restoring unit, and the circle computing module are sequentially connected; the circle key generating module transmits the generated key to the circle Arithmetic module.
2、 根据权利要求 1所述的电路, 其特征在于, 所述数据随机扰乱还原单 元包括: 依次连接的随机扰乱模块(1)、数据寄存器和随机扰乱还原模块(2)。  2. The circuit according to claim 1, wherein the data random scrambling and restoring unit comprises: a random scrambling module (1), a data register and a random scrambling and restoring module (2) connected in sequence.
3、 根据权利要求 1所述的电路, 其特征在于, 所述圈数据随机扰乱还原 单元包括: 依次连接的随机扰乱模块(3)、 圈数据寄存器和随机扰乱还原模块 (4)。  3. The circuit according to claim 1, wherein the loop data random scrambling and restoring unit comprises: a random scrambling module (3), a loop data register and a random scrambling and restoring module (4) connected in sequence.
4、根据权利要求 2或 3所述的电路,其特征在于,所述随机扰乱模块(1, 3) 利用随机数对数据进行扰乱处理。  4. Circuit according to claim 2 or 3, characterized in that the random scrambling module (1, 3) performs a scrambling process on the data using random numbers.
5、 根据权利要求 1-3任一项所述的电路, 其特征在于, 所述 MUX2 _ 1模 块是二选一选择器; 所述防御对分组算法能量攻击电路为 SSMP11型号。  The circuit according to any one of claims 1 to 3, wherein the MUX2_1 module is a second-choice selector; and the defense-to-grouping algorithm energy attack circuit is an SSMP11 model.
6、 一种包括上述权利要求 1-5任意一项所述电路的电力通信安全芯片。 6. A power communication security chip comprising the circuit of any of the preceding claims 1-5.
7、 一种防御对分组算法能量攻击的方法, 其特征在于, 所述方法包括如 下步骤: A method for defending an energy attack on a packet algorithm, characterized in that the method comprises the following steps:
(1) .配置控制寄存器输入数据, 并判断是否需要对数据进行乱序处理, 若不需要, 则存储输入数据, 对数据进行加 /解密运算, 跳转至步骤(6) ; 否 则进行步骤(2) ;  (1) Configure the control register input data, and determine whether it is necessary to process the data out of order, if not, store the input data, add/decrypt the data, and jump to step (6); otherwise, perform the steps ( 2) ;
(2) .对数据进行扰乱处理;  (2). Disturbing the data;
(3) .存储扰乱后的数据;  (3) storing the disturbed data;
(4) .对数据进行还原处理;  (4) . Restore the data;
(5) .对数据进行加 /解密圈运算;  (5). Add/decrypt loop operations on the data;
(6) .输出加解密结果。  (6) . Output encryption and decryption results.
8、 根据权利要求 7所述的方法, 其特征在于, 在所述步骤(2)中, 利用 随机数对数据进行扰乱处理。  8. The method according to claim 7, wherein in the step (2), the data is subjected to a scrambling process using a random number.
9、 根据权利要求 7所述的方法, 其特征在于, 在所述步骤(5)中, 在圈 运算结束后将数据扰乱并进行存储; 其中, 每次存储的圈运算结果都经过扰 乱处理。 9. The method according to claim 7, wherein in the step (5), the data is scrambled and stored after the end of the circle operation; wherein each stored circle operation result is disturbed Disorganized.
PCT/CN2012/081145 2012-05-03 2012-09-07 Circuit, chip and method against power attack for grouping algorithms WO2013163854A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210134619.2 2012-05-03
CN201210134619.2A CN103384197B (en) 2012-05-03 2012-05-03 A kind of defence circuit, chip and method to grouping algorithm Attacks

Publications (1)

Publication Number Publication Date
WO2013163854A1 true WO2013163854A1 (en) 2013-11-07

Family

ID=49491900

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/081145 WO2013163854A1 (en) 2012-05-03 2012-09-07 Circuit, chip and method against power attack for grouping algorithms

Country Status (2)

Country Link
CN (1) CN103384197B (en)
WO (1) WO2013163854A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105376047B (en) * 2014-08-08 2020-03-17 国民技术股份有限公司 Security module protection method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197660A (en) * 2006-12-07 2008-06-11 上海安创信息科技有限公司 Encrypting method and chip for anti-attack standard encryption criterion

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2298990A1 (en) * 2000-02-18 2001-08-18 Cloakware Corporation Method and system for resistance to power analysis
KR100594265B1 (en) * 2004-03-16 2006-06-30 삼성전자주식회사 A cipher processing unit, an advanced encryption standard cipher system and an advanced encryption standard cipher method with masking method
CN1761185B (en) * 2005-11-18 2011-08-17 清华大学 AES encrypted circuit structure for data stream executed in desequencing
CN100573540C (en) * 2008-09-16 2009-12-23 中国人民解放军国防科学技术大学 A kind of method for designing of asynchronous block cipher algorithm coprocessor

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197660A (en) * 2006-12-07 2008-06-11 上海安创信息科技有限公司 Encrypting method and chip for anti-attack standard encryption criterion

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JIANG, HUIPING ET AL.: "Advanced DES Algorithm Against Differential Power Analysis and Its Hardware Implementation", CHINESE JOURNAL OF COMPUTERS, vol. 27, no. 3, March 2004 (2004-03-01), pages 334 - 338 *

Also Published As

Publication number Publication date
CN103384197B (en) 2016-08-31
CN103384197A (en) 2013-11-06

Similar Documents

Publication Publication Date Title
Merkle A fast software one-way hash function
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
US20150222421A1 (en) Countermeasures against side-channel attacks on cryptographic algorithms
CN103634102B (en) A kind of means of defence of side-channel attack and fault attacks
KR20240015147A (en) Block cryptographic method for encrypting/decrypting messages and cryptographic devices for implementing this method
US20150215117A1 (en) White box encryption apparatus and method
CN103716157A (en) Grouped multiple-key encryption method and grouped multiple-key encryption device
CN105871550A (en) System for realizing digital signal encryption transmission
Saddam et al. A lightweight image encryption and blowfish decryption for the secure internet of things
US8958556B2 (en) Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component
MAQABLEH Analysis and design security primitives based on chaotic systems for ecommerce
Abbasi et al. Cryptography: Security and integrity of data management
Tang et al. A one-time pad encryption algorithm based on one-way hash and conventional block cipher
Subramanian et al. Adaptive counter clock gated S-Box transformation based AES algorithm of low power consumption and dissipation in VLSI system design
WO2013163854A1 (en) Circuit, chip and method against power attack for grouping algorithms
CN103634113B (en) Encryption and decryption method and device with user/equipment identity authentication
CN105376046B (en) A kind of encipher-decipher method and device of block cipher attack protection
CN111740818A (en) Data processing method, device, equipment and storage medium
Tang et al. Power analysis attacks against FPGA implementation of KLEIN
Sharma et al. Comparative analysis of block key encryption algorithms
Liu et al. Meet‐in‐the‐middle fault analysis on word‐oriented substitution‐permutation network block ciphers
Momeni et al. A practical fault induction attack against an FPGA implementation of AES cryptosystem
Kim et al. Protecting secret keys in networked devices with table encoding against power analysis attacks
Sarkar et al. A Survey on the Advanced Encryption Standard (AES): A Pillar of Modern Cryptography
Huang et al. A true random-number encryption method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12875941

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12875941

Country of ref document: EP

Kind code of ref document: A1