半导体与微电子技术 印制电路与集成电路

062595045nm节点在悄悄行动〔刊,中〕/翁寿松//中国集成电路.—2006,15(5).—51-54(C2)0625951分组密码算法芯片的模块保护设计〔刊,中〕/罗岚//信息安全与通信保密.—2006,(7).—21-22(L)为了降低简单能量算法、差分能量分析对分组密码攻击的可能性,针对分组密码芯片能量消耗情况,实施了对密码芯片的模块保护设计。通过对密码芯片中算法的线性部分与非线性部分进行抗能量攻击的模块保护设计,提高了密码芯片抗能量攻击性能。参30625952IP核的可重用验证方案研究〔刊,中〕/温国忠//深圳职业技术学院学报.—2006,5(2).—10-12(C)在IP产品开…     

芯片密码引擎抗能量攻击的几种设计措施

随着能量攻击技术已经日渐成熟,其对密码安全芯片威胁也越来越大,抗能量攻击设计也成为密码芯片设计不可或缺的一部分。论文介绍了密码芯片所面临的能量攻击的理论原理,并基于目前芯片密码引擎设计,提出了几种常用的抗能量攻击设计措施。     

分组密码线性部件的抗功耗攻击特性

通过对FPGA实现的分组密码SM4进行实际攻击,发现了SM4的线性部件使其具有抗差分功耗攻击的能力,研究并归纳了一般分组密码中线性部件的结构特性和其抗功耗攻击能力的关系,从而提出了一种针对分组密码的算法设计层面的功耗攻击防护措施.完成了对硬件实现的国密SM4算法的成功的DPA攻击.     

反熔丝FPGA在密码芯片设计中的运用

详细介绍了反熔线FPGA在提高密码芯片速度和对密码算法进行保护方面的应用,并给出了密码算法芯片中部分模块的实现方法。     

FPGA密码芯片改进掩码防护方法研究

功耗攻击已对密码芯片物理安全性构成严峻威胁,对其攻击和防御的研究是密码旁路分析的热点问题。文中给出了一种DES伪随机掩码算法的设计和实现方法,分析了算法抗功耗攻击的安全性。结果表明:一般的DES伪随机掩码算法只能抵抗一阶差分功耗攻击,不能有效防御二阶差分功耗攻击。为抵御二阶DPA攻击,采用掩码方法对DES掩码算法结构进行了改进,在理论上具有抗DPA攻击的能力。     

基于可变S盒的分组密码算法及其在媒体网关中的应用

分组密码算法是信息安全领域中最为重要的加解密技术之一。与传统的分组密码不同，该算法具有可变的S盒和变化的循环加密结构，从而大大提高了抗差分攻击和线性攻击的能力。结合某媒体网关的设计项目，研究了该算法并详细探导了其设计方法。员后，测试了算法的实际性能。     

3D密码的Square攻击

3D密码是CANS 2008提出的新的分组密码算法,与以往的分组密码算法不同,该密码采用3维结构。该文根据3D密码的结构特性,得到了3D密码的5.25轮和6.25轮新的Square区分器,重新评估了其抗Square攻击的强度。攻击结果表明:新区分器对6轮3D密码攻击的数据复杂度和时间复杂度比已有的结果好,并且还可应用到7轮,8轮和9轮的3D密码攻击中。     

针对密码芯片频域互信息能量分析攻击

在对密码芯片进行时域上互信息能量分析基础上,提出频域上最大互信息系数能量分析攻击的方法。该方法结合了密码芯片在频域上信息泄露的原理和互信息能量分析攻击的原理,引入了最大互信息系数的概念,避免了在时域上进行曲线精确对齐的操作,并针对国产密码算法SMS4进行了攻击测试。实验表明,频域上最大互信息系数攻击的有效性扩展了侧信道能量分析攻击的方法。     

基于多重加密技术的一个三重加密方案

分组密码的应用非常广泛,但由于差分密码攻击和线性密码攻击的出现,使分组密码受到致命的打击,文章基于能够保护已有软件和硬件使用分组密码投资的目的,采用多重加密的思想,通过对密码体制强化的方法,提出了一个新的三重加密方案,并分析了其安全性特征,得到了安全性更强的一种算法。     

一种抗错误注入攻击的S盒的构造

分组密码是现代密码学的重要组成部分,而S盒又是分组密码中必不可少的非线性组件,为密码算法提供了很好的混淆作用.无论是传统分组密码中的S盒还是轻量级分组密码中的S盒都非常容易受到错误注入攻击.本文通过具有线性或非线性邻域函数的元胞自动机设计了一种可以检测两个字节错误并纠正一个字节错误的S盒,以抵抗错误注入攻击.对比Advanced Encryption Standard(AES)中的S盒,虽然密码性能有所下降,但是可以抵抗错误注入攻击.并且,本文还考虑了回旋镖均匀度这个密码安全性指标,用于衡量S盒抗回旋镖攻击的能力.     

A Single-Key Attack on the Full GOST Block Cipher

The GOST block cipher is the Russian encryption standard published in 1989. In spite of considerable cryptanalytic efforts over the past 20 years, a key recovery attack on the full GOST block cipher without any key conditions (e.g., weak keys and related keys) has not been published yet. In this paper, we show the first single-key attack, which works for all key classes, on the full GOST block cipher. To begin, we develop a new attack framework called Reflection-Meet-in-the-Middle Attack. This approach combines techniques of the reflection attack and the meet-in-the-middle (MITM) attack. Then we apply it to the GOST block cipher employing bijective S-boxes. In order to construct the full-round attack, we use additional novel techniques which are the effective MITM techniques using equivalent keys on a small number of rounds. As a result, a key can be recovered with a time complexity of 2²²⁵ encryptions and 2³² known plaintexts. Moreover, we show that our attack is applicable to the full GOST block cipher using any S-boxes, including non-bijective S-boxes.     

一类分组密码变换簇抵抗线性密码分析的安全性评估

线性密码分析是针对分组密码的强有力的攻击方法，估计分组密码抵抗线性密码分析的能力是分组密码安全性评估的重要内容之一.基于实际应用背景，提出了"四分组类CLEFIA变换簇"的概念，并利用变换簇中两种特殊分组密码结构的线性逼近之间的关系，给出了变换簇中所有密码结构抵抗线性密码分析的安全性评估结果，并提出了需要进一步探讨的若干问题.这种利用变换簇对分组密码进行研究的方法，为分组密码的安全性评估提供了一个较为新颖的思路.     

分组密码中的陷门设计

介绍了近年来出现在公开文献上的关于在分组密码中加入陷门的几种方法,并对它们的可用性进行了分析研究,结果证明这些设计方法都存在适用性不强的问题。     

对完整轮数ARIRANG加密模式的相关密钥矩形攻击

对SHA-3计划候选算法ARIRANG采用的分组密码组件进行了安全性分析,利用初始密钥的一个线性变换和轮函数的全1差分特征,给出了一个完整40轮ARIRANG加密模式的相关密钥矩形攻击,该攻击是第一个对ARIRANG加密模式的密码分析结果。攻击结果表明:ARIRANG加密模式作为分组密码是不抵抗相关密钥矩形攻击的。     

分组密码算法CTC的立方分析

立方攻击是在2009年欧洲密码年会上由Dinur和Shamir提出的一种新型密码分析方法,该方法旨在寻找密钥比特之间的线性关系。CTC(Courtois Toy Cipher)是N.Courtois设计的一种用于密码分析研究的分组密码算法,该算法的密钥长度、明文长度和迭代轮数都是可变的。文中利用立方攻击方法针对密钥长度为60bit的4轮CTC进行了分析,在选择明文攻击条件下,结合二次测试可恢复全部密钥,密钥恢复阶段仅需要不到2~10次加密算法。     

An enhanced chaotic key‐based RC5 block cipher adapted to image encryption

RC5 is a block cipher that has several salient features such as adaptability to process different word lengths with a variable block size, a variable number of rounds and a variable‐length secret key. However, RC5 can be broken with various attacks such as correlation attack, timing attack, known plaintext correlation attack and differential attacks, revealing weak security. We aimed to enhance the RC5 block cipher to be more secure and efficient for real‐time applications while preserving its advantages. For this purpose, this article introduces a new approach based on strengthening both the confusion and diffusion operations by combining chaos and cryptographic primitive operations to produce round keys with better pseudo‐random sequences. Comparative security analysis and performance evaluation of the enhanced RC5 block cipher (ERC5) with RC5, RC6 and chaotic block cipher algorithm (CBCA) are addressed. Several test images are used for inspecting the validity of the encryption and decryption algorithms. The experimental results show the superiority of the suggested enhanced RC5 (ERC5) block cipher to image encryption algorithms such as RC5, RC6 and CBCA from the security analysis and performance evaluation points of view.     

基于混沌的双模块Feistel结构高安全性高速分组密码算法安全性分析

该文对基于混沌的双模块Feistel结构(CFE)高安全性高速分组算法的安全性进行了分析。分析结果表明,算法不适合用积分攻击、中间相遇攻击、不变量攻击、插值攻击和循环移位攻击分析其安全性;可以抵抗相关密钥攻击;更进一步地构造出了5轮不可能差分特征链,并利用其进行区分攻击;求得算法的活性S盒下界为6,概率约为2–21;算法存在5轮零相关线性特征。     

基于混沌的双模块Feistel结构高安全性高速分组密码算法安全性分析

该文对基于混沌的双模块Feistel结构(CFE)高安全性高速分组算法的安全性进行了分析。分析结果表明,算法不适合用积分攻击、中间相遇攻击、不变量攻击、插值攻击和循环移位攻击分析其安全性;可以抵抗相关密钥攻击;更进一步地构造出了5轮不可能差分特征链,并利用其进行区分攻击;求得算法的活性S盒下界为6,概率约为2–21;算法存在5轮零相关线性特征。     

Information leakage of Feistel ciphers

We examine the information leakage between sets of plaintext and ciphertext bits in symmetric-key block ciphers. The paper demonstrates the effectiveness of information leakage as a measure of cipher security by relating information leakage to linear cryptanalysis and by determining a lower bound on the amount of data required in an attack from an upper bound on information leakage. As well, a model is developed which is used to estimate the upper bound on the information leakage of a general Feistel (1975) block cipher. For a cipher that fits the model well, the results of the analysis can be used as a measure in determining the number of rounds required for security against attacks based on information leakage. It is conjectured that the CAST-128 cipher fits the model well and using the model it is predicted that information leaked from 20 or fewer plaintext bits is small enough to make an attack on CAST-128 infeasible     

Secure Hardware Implementation of ARIA Based on Adaptive Random Masking Technique

The block cipher ARIA has been threatened by side‐channel analysis, and much research on countermeasures of this attack has also been produced. However, studies on countermeasures of ARIA are focused on software implementation, and there are no reports about hardware designs and their performance evaluation. Therefore, this article presents an advanced masking algorithm which is strong against second‐order differential power analysis (SODPA) and implements a secure ARIA hardware. As there is no comparable report, the proposed masking algorithm used in our hardware module is evaluated using a comparison result of software implementations. Furthermore, we implement the proposed algorithm in three types of hardware architectures and compare them. The smallest module is 10,740 gates in size and consumes an average of 47.47 μW in power consumption. Finally, we make ASIC chips with the proposed design, and then perform security verification. As a result, the proposed module is small, energy efficient, and secure against SODPA.