CN108173642A - A hardware implementation method of AES against high-order differential power attack - Google Patents

Abstract

The invention belongs to technical field of integrated circuits, and in particular to a kind of AES hardware implementation methods of anti-higher difference power consumption attack.The core concept of the present invention is that complicated nonlinear Sbox is decomposed into the non-linear partial and linear segment of low dimensional, so as to reduce the complexity for adding to non-linear partial and covering.Beneficial effects of the present invention are that the present invention has the effect of anti-d ranks DPA attacks, and is revealed without any low order；Algorithm it is complicated relatively low, linear segment only has O (d), and non-linear partial only has O (d (d 1))；And the extremely suitable application-specific integrated circuit of this method (ASIC) is realized, is very easy to allow it is suitable for the scenes of different rates with the algorithm for folding and being inserted into flowing water.

Description

A hardware implementation method of AES against high-order differential power attack

technical field

The invention belongs to the technical field of integrated circuits, and in particular relates to an AES hardware implementation method against high-order differential power consumption attacks.

Background technique

The Advanced Encryption Standard (AES) is an encryption technology released by the National Institute of Standards and Technology in 2001. It is widely used because it is difficult to be attacked frontally and it is beneficial to realize by hardware. AES encryption has always been difficult to crack from the front, but the Differential Power Attack (DPA) technology makes it possible to obtain the key by analyzing the power consumption.

DPA finds out the key through statistical analysis and segmentation attack. First, the attacker selects a certain bit of a function that is the result of computing the plaintext with a partial key. A common choice is a certain bit of the output of the first round of byte substitution for AES encryption or decryption. Or a certain bit of the result of the XOR operation between the key and the plaintext for the first time can also be selected. By performing each step of the attack step by step, the attacker can find out some bits of the key. In the worst case, the attacker needs to test all possible cases of part of the key, but because the attacker is attacking the key fragments, the actual attack strength is reduced exponentially. For example, if the attacker chooses the first bit of the output of the first Sbox (non-linear replacement component in cryptography) of the first round of AES encryption to attack, then the object of each attack is an 8-bit subkey, then he In the worst case, 256 guesses are required, and if the total number of bits in the key is 128, he needs to divide the attack into 16. The total is 256*16, or 2 ¹² . And if the 128-bit key is directly guessed, the strength is 2 ¹²⁸ , and this strength cannot be attacked within a meaningful time range.

In response to DPA attacks, the IBM team proposed in the paper [CRYPTO 1999] that a scheme using a mask can effectively suppress the leakage of side channel information, but the implementation scheme is difficult to implement with hardware. Graz University of Technology proposed in the paper [ACNS2006] to use random numbers to cover up the leakage of side channel information, but it was found that the effect was not satisfactory. The anti-DPA scheme proposed in the paper [Chari-Jutla-Rao-Rohatgi CRYPTO'99] has also been proved to be established under certain conditions. The Ishai-Sahai-Wagner Scheme (ISW) protection scheme against d-order DPA attack is proved by Ishai to be only d/2-order safe. The classic RP10 algorithm also has a d/2 order security leak in the d-masking process of Sbox. Moreover, the ISW algorithm is too large for hardware implementation, and the complexity of the algorithm increases exponentially with the increase of the order of the RP10 algorithm, which is not conducive to hardware implementation.

Contents of the invention

The purpose of the present invention is to propose a new anti-high-order AES hardware implementation method for the above-mentioned problems, which can effectively hide the key.

The technical scheme adopted in the present invention is:

The AES hardware implementation method of anti-high-order differential power consumption attack is characterized in that, comprising the following steps:

a. Divide the encrypted input plaintext x of AES into the XOR sum of d+1 random variables:

x＝x ₀ +x ₁ +...+x _d (1)

b. For the modules of row shifting, column confusion and round key addition in the AES encryption circuit, anti-d-order masking is performed according to the linear function:

addRound(x)＝addRound(x ₀ )+addRound(x ₁ )+…+addRound(x _d ) (2)

shiftRows(x)＝shiftRows(x ₀ )+shiftRows(x ₁ )+…+shiftRows(x _d ) (3)

mixColumns(x)＝mixColumns(x ₀ )+mixColumns(x ₁ )+…+mixColumns(x _d ) (4)

Among them, shiftRows represents the row shift of the AES circuit, mixColumns represents the column confusion of the AES circuit, and addRoundKey represents the round key addition of the AES circuit;

c, to the non-linear part Sbox, the anti-DPA design of the non-linear part Sbox is the core of the present invention, and the main idea is exactly to decompose the complicated non-linear Sbox into the non-linear part and the linear part of low dimension, thereby reduce the non-linear part The complexity of masking is decomposed into low-dimensional nonlinear parts and linear parts, specifically:

Sbox decomposes 128-bit data into 8-bit parallel data for processing, that is, x=(x ₀ ,x ₁ ,…,x ₇ ), each 8-bit data processing is the same, so the first 8bitx ₀ for explanation:

c1. Decompose Sbox into affine transformation Af and multiplicative inverse Inv of GF(2 ⁸ ) domain:

Sbox(x)=Af(Inv(x)) (5)

c2. The affine transformation Af is a linear operation, and the following formula is used for masking:

Af(x)＝Af(x ₀ +x ₁ +…+x _d ) (6)

c3. Reduce the multiplication inverse operation of GF(2 ⁸ ) domain to GF((2 ⁴ ) ² ) domain, and obtain the linear part GF(2 ⁸ ) domain mapping, constant multiplication of GF(2 ⁴ )×λ after dimension reduction And addition, the multiplicative inverse Inv4 of the nonlinear part GF(2 ⁴ ) and the multiplicative Mult, the masking of the linear part is the same as the previous steps;

The masking process of the multiplication Mult of c4 and GF(2 ⁴ ) is as follows:

c41. Setting a and b are two multipliers respectively, a=a ₀ +a ₁ +...+a _d , b=b ₀ +b ₁ +...+b _d ;

c42, setting parameter i, from i=0 to d, iteratively executing step c43:

c43, set parameter j, from j=i+1 to d, r represents random number, n is random number seed, execute iteratively:

r _{i, j} ← rand(n)

c44, from i=0 to d, c is the product of a and b, execute iteratively:

c _i ← a _j b _i

c45. From i=0 to d, under the constraint condition j≠i, execute iteratively:

The multiplicative inverse of c5 and GF(2 ⁴ ) is masked as follows:

x ^-1 = x ¹⁴ = x ² x ⁴ x ⁸ (7)

x ² , x ⁴ , and x ⁸ are linear, and adopt a linear masking method.

The beneficial effects of the present invention are that the present invention has the effect of resisting d-order DPA attacks, and does not have any low-order leakage; the complexity of the algorithm is relatively low, and the linear part only has O(d), and the nonlinear part only has O(d(d -1)); and this method is extremely suitable for application-specific integrated circuit (ASIC) implementation, and it is very easy to use the algorithm of folding and inserting pipelines to make it applicable to scenarios of different rates.

Description of drawings

Fig.1 The circuit structure diagram of Sbox dropping from GF(2 ⁸ ) domain to GF(2 ⁴ );

The square operation circuit diagram of Fig. 2GF(2 ⁴ );

The constant multiplication operation circuit diagram of Fig. 3GF (2 ⁴ );

The multiplication operation structure diagram of Fig. 4GF(2 ⁴ );

The anti-d-order DPA attack protection of the multiplication of Fig. 5GF(2 ⁴ );

Fig. 6 Defense against d-order DPA attack of the multiplicative inverse of GF(2 ⁴ ).

Detailed ways

Provide concrete implementation method of the present invention below in conjunction with accompanying drawing:

In the solution of the present invention, the generation of random numbers is generated using a linear feedback shift register (LSFR), and then the input plaintext is expressed as the sum of d+1 random numbers;

shiftRows, mixColumns, and addRoundKey are the original algorithm modules of the AES circuit, which can be directly referenced and implemented according to the algorithm standard;

The circuit implementation block diagram of Sbox dimensionality reduction is shown in Figure 1. FIG. 2 , FIG. 3 , and FIG. 4 respectively represent the realization of the corresponding block diagram in FIG. 1 . After dimension reduction, the linear module of the circuit is processed by the method described in the content of the invention, and the nonlinear module is processed by the method described below:

Fig. 5 implements a GF(2 ⁴ ) multiplicative anti-DPA scheme against d=4th order. Where x=x ₀ +x ₁ +x ₂ +x ₃ , y=y ₀ +y ₁ +y ₂ +y ₃ . represents the ordinary multiplication of the GF(2 ⁴ ) field, represents the addition operation of the GF(2 ⁴ ) field, and r represents a random number. output

Figure 6 realizes the anti-DPA attack of the multiplicative inverse of GF(2 ⁴ ). X is the number in the field of GF(2 ⁴ ), where Represents the square operation of the GF(2 ⁴ ) field. If z=X ⁴ ＝z ₁ +z ₂ +z ₃ +z ₄ , then the refresh module means to refresh the random number of the z component, so that z=X ⁴ =z ₅ +z ₆ +z ₇ +z ₈ , so that The correlation with the random number component of X ² can be removed, so as to resist DPA attack.

Claims (1)

1. the AES hardware implementation methods of anti-higher difference power consumption attack, which is characterized in that include the following steps：

A, by the encrypted input plaintext x of AES point for the exclusive or of d+1 stochastic variable and：

X=x₀+x₁+…+x_d (1)

B, the row in AES encryption circuit shifted, arrange the module obscured and taken turns secret key and add, anti-d ranks are carried out according to linear function Add and cover：

AddRound (x)=addRound (x₀)+addRound(x₁)+…+addRound(x_d) (2)

ShiftRows (x)=shiftRows (x₀)+shiftRows(x₁)+…+shiftRows(x_d) (3)

MixColumns (x)=mixColumns (x₀)+mixColumns(x₁)+…+mixColumns(x_d) (4)

Wherein, shiftRows represents the row displacement of AES circuits, and the row that mixColumns represents AES circuits are obscured, AddRoundKey represents the InvAddRoundKey of AES circuits；

C, to non-linear partial Sbox, the non-linear partial and linear segment of low dimensional are broken down into, specially：

C1, Sbox is decomposed into affine transformation Af and GF (2⁸) domain multiplication against Inv：

Sbox (x)=Af (Inv (x)) (5)

C2, affine transformation Af are linear operations, are carried out plus are covered using following formula：

Af (x)=Af (x₀+x₁+…+x_d) (6)

C3, by GF (2⁸) domain inverse of multiplication dimensionality reduction to GF ((2⁴)²) domain, linear segment GF (2 is obtained after dimensionality reduction⁸) domain reflects It penetrates, GF (2⁴) constant multiplication × λ and addition, non-linear partial GF (2⁴) multiplication against Inv4 and multiplication Mult, linear segment Plus cover with abovementioned steps similarly；

c4、GF(2⁴) multiplication Mult's plus to cover process as follows：

C41, a, b is set to be two multipliers respectively, a=a₀+a₁+…+a_d, b=b₀+b₁+…+b_d；

C42, arrange parameter i, from i=0 to d, iteration performs step c43：

C43, arrange parameter j, from j=i+1 to d, iteration performs：

r_i,j←rand(n)

r_j,i←(r_j,i⊕a_ib_j)⊕a_jb_i

Wherein r is random number, and n is random number seed；

C44, from i=0 to d, iteration perform：

c_i←a_jb_i

C is the intermediate variable of a and b products；

C45, from i=0 to d, under constraints j ≠ i, iteration perform：

c_i←c_i⊕r_j,i

c5、GF(2⁴) multiplication it is inverse plus cover such as following formula：

x^-1=x¹⁴=x²x⁴x⁸ (7)

x², x⁴, x⁸It is linear, mode is covered using linearly adding.