针对ECC密码芯片的CPA分析研究

相关性功率分析（CPA）方法可有效地对加密的集成电路芯片进行攻击解密,它绕过了加解密算法繁琐的数学分析,从而获取密码和信息。应用CPA分析攻击嵌有椭圆曲线算法的芯片,搭建实验平台,获取加密时的电磁数据,并用统计学、密码分析学和信号处理的方法推导分析得出结论,从而成功破解加密系统。     

一种低功耗抗差分功耗分析攻击的SM4算法实现

128位的SM4算法是我国公布的第一个商用密码算法,主要应用于无线局域网.为了提高算法的抗差分功耗分析攻击能力,SM4算法采用了加法掩码的方法来抵抗一阶差分功耗分析攻击.通过功耗分析攻击实心眼可以发现,加法掩码后的SM4算法能够有效地抵抗差分功耗分析攻击.为了实现一款面积小、功耗低SM4算法硬件电路,SM4S盒硬件电路采用了PPRM结构.在SMIC 0.18μm的工艺库下功耗仿真值为0.74mW@10MHz,PPRM结构的S盒与复合域方法实现的S盒相比功耗减少了70%.     

采用数据流模式提高乱序执行密码芯片的安全性

乱序执行是密码芯片设计中一种低冗余、低功耗的抵抗功耗分析攻击的方法.芯片安全性随着操作执行时刻不确定度的增加而提高.基于数据流模式的乱序执行AES加密集成电路采用动态数据流结构、对并发操作串行地随机服务,通过增加顺序无关操作的数量和成批处理令牌提高不确定度.其中采用了新的令牌暂存-匹配-发射结构完成令牌的同步和对随机执行的控制.实验芯片的所有操作均实现了不确定执行,可以抵抗样本数小于15000的相关功耗分析攻击,芯片功耗低于所知的其它抗功耗分析攻击AES芯片.     

DES芯片抵御高阶差分功耗分析攻击方法研究

分析独特的屏蔽方法及改进方法的不足,提出了逻辑层和算法层相结合抵御高阶差分功耗分析攻击的新方法,并给出芯片半定制设计流程.芯片关键部分电路采用自定义功耗恒定逻辑单元实现,非关键部分电路采用CMOS逻辑以减少功耗和面积.整体电路采用独特的屏蔽方法自定义轮实现.结果表明芯片能够抵御高阶差分功耗分析攻击,运算速度与现有方法相当,而所需资源比现有方法少.     

一种抗DPA攻击的DES设计

DES是中国信息传递领域中通常采用的密码算法，在金卡工程中得到广泛应用．文中分析了DES算法的加密和解密规则，介绍了差分功耗分析对DES进行攻击的方法，并从设计实现角度提出改进措施以达到抗差分功耗分析攻击的效果．     

DES芯片抵御高阶差分功耗分析攻击方法研究

分析独特的屏蔽方法及改进方法的不足,提出了逻辑层和算法层相结合抵御高阶差分功耗分析攻击的新方法,并给出芯片半定制设计流程.芯片关键部分电路采用自定义功耗恒定逻辑单元实现,非关键部分电路采用CMOS逻辑以减少功耗和面积.整体电路采用独特的屏蔽方法自定义轮实现.结果表明芯片能够抵御高阶差分功耗分析攻击,运算速度与现有方法相当,而所需资源比现有方法少.     

ECC密码算法的差分功耗分析攻击研究

对基于有限域GF(2m)上椭圆曲线密码算法的Montgomery Ladder点乘算法进行了差分功耗分析攻击.首先用Verilog HDL实现了该算法并且用Chartered 0.35 μm CMOS工艺将RTL代码综合成电路网表,以便更精确的获取电路运行中所产生的功耗信息.然后用差分功耗分析攻击中的ZEMD攻击方法,并采用算法中P2的横坐标作为中间变量对功耗曲线进行分类,攻击结果显示,Montgomery Ladder算法不能抗ZEMD差分功耗分析攻击.证明了该算法并不安全,在实际应用中还应该采取一些保护措施.     

一种抗DPA的AES的设计

为了防止智能卡在做加密运算时,旁路信息会通过功耗的变化而泄露,提出了一种抗差分功耗分析攻击的方法.首先研究了AES算法的加密规则,然后采用8位的处理器模拟智能卡,在智能卡上实现了对AES算法中的轮密钥加的差分功耗攻击.为了抵抗轮密钥加的差分功耗攻击,文中在算法级别上提出了一种掩码技术,其核心是用不同的随机量对密码运算过程中明文和密钥进行掩码,实验结果表明,该方法成功地抵抗了差分功耗攻击.     

基于模板和KNN算法的能量分析攻击对比研究

能量分析攻击至今仍是针对密码芯片最具威胁的攻击方法之一,针对传统的模板分析攻击和KNN算法的攻击进行对比研究,对比模板攻击和机器学习中的KNN优缺点。首先对皮尔逊相关系数、互信息和最大信息系数、距离相关系数3种降维方法进行了研究;然后对比了相同数量功耗曲线下,特征点数量对两种能量分析的成功率等性能的影响;同时研究了不同降维技术在相同功耗曲线数量和不同功耗曲线数量时对两种能量分析攻击的影响。结果表明,模板攻击在运行速度、占用内存方面优于KNN算法攻击,而在攻击成功率和鲁棒性方面,KNN算法攻击具有更好的表现。     

AES密码分析的若干新进展

2001年11月,美国国家标准和技术研究所(NIST)确定Rijndael算法为新的数据加密标准-高级数据加密标准(AES).AES的密码分析是目前最受注目的一个研究问题.本综述介绍AES密码分析的一些新进展:包括积分密码分析,功耗分析和代数攻击等.作者就目前国内外的研究现状作了评述,并提出了AES密码分析的一些研究方向,希望能引起大家的重视.     

Low-power clock-less hardware implementation of the rijndael S-box for wireless sensor networks

The recent development of microelectronics techniques and advances in wireless communications have made it feasible to design low-cost, low-power, multifunctional and intelligent sensor nodes for wireless sensor networks (WSN). The design challenges for an efficient WSN mainly lie in two issues power and security. The Rijindael algorithm is a candidate algorithm for encrypting data in WSN. The SubByte (S-box) transformation is the main building block of the Rijindael algorithm. It dominates the hardware complexity and power consumption of the Rijindael cryptographic engine. This article proposes a clock-less hardware implementation of the S-box. In this S-box, 1) The composite field arithmetic in GF((24))2 was used to implement the compact datapath circuit; 2) A high-efficiency latch controller was attained by utilizing the four-phase micropipeline. The presented hardware circuit is an application specific integrated circuit (ASIC) on 0.25 μm complementary mental oxide semiconductor (CMOS) process using three metal layers. The layout simulation results show that the proposed S-box offers low-power consumption and high speed with moderate area penalty. This study also proves that the clock-less design methodology can implement high- performance cryptographic intellectual property (IP) core for the wireless sensor node chips.     

一种ECC加密芯片抗功耗攻击研究

设计了随机掩码在ECC加密算法中的应用方法,为了降低加密芯片的功耗和面积,提高运算性能,研究设计了关键步固定值掩码算法,实验证明提出的方法在资源增加非常有限的情况下可以有效抵抗一阶差分功耗攻击.同时,其他加密算法也可参考此关键步固定值掩码算法来高效设计抗功耗攻击加密芯片.     

Dynamic inhomogeneous S-Boxes design for efficient AES masking mechanisms

It is an important challenge to implement a lowcost power analysis immune advanced encryption standard （AES） circuit. The previous study proves that substitution boxes （S-Boxes） in AES are prone to being attacked, and hard to mask for its non-linear characteristic. Besides, large amounts of circuit resources in chips and power consumption are spent in protecting S-Boxes against power analysis. Thus, a novel power analysis immune scheme is proposed, which divides the data-path of AES into two parts： inhomogeneous S-Boxes instead of fixed S-Boxes are selected randomly to disturb power and logic delay in the non-linear module; at the same time, the general masking strategy is applied in the linear part of AES. This improved AES circuit was synthesized with united microelectronics corporation （UMC） 0.25 μm 1.8 V complementary metal-oxide-semiconductor （CMOS） standard cell library, and correlation power analysis experiments were executed. The results demonstrate that this secure AES implementation has very low hardware cost and can enhance the AES security effectually against power analysis.     

The research of DPA attacks against AES implementations

This article examines vulnerabilities to power analysis attacks between software and hardware implementations of cryptographic algorithms. Representative platforms including an Atmel 89S8252 8-bit processor and a 0.25 um 1.8 v standard cell circuit are proposed to implement the advance encryption standard （AES）. A simulation-based experimental environment is built to acquire power data, and single-bit differential power analysis （DPA）, and multi-bit DPA and correlation power analysis （CPA） attacks are conducted on two implementations respectively. The experimental results show that the hardware implementation has less data-dependent power leakages to resist power attacks. Furthermore, an improved DPA approach is proposed. It adopts hamming distance of intermediate results as power model and arranges plaintext inputs to differentiate power traces to the maximal probability. Compared with the original power attacks, our improved DPA performs a successful attack on AES hardware implementations with acceptable power measurements and fewer computations.     

基于正交混淆的多硬件IP核安全防护设计

为了解决集成电路设计中多方合作的成员信息泄漏问题,该文提出一种基于正交混淆的多硬件IP核安全防护方案。该方案首先利用正交混淆矩阵产生正交密钥数据,结合硬件特征的物理不可克隆函数(PUF)电路,产生多硬件IP核的混淆密钥;然后,在正交混淆状态机的基础上,实现多硬件IP核的正交混淆安全防护算法;最后,利用ISCAS-85基准电路和密码算法,验证正交混淆方法的有效性。在台湾积体电路制造股份有限公司(TSMC) 65 nm工艺下测试正交混淆的多硬件IP核方案,正确密钥和错误密钥下的Toggle翻转率小于5%,在较大规模的测试电路中面积和功耗开销占比小于2%。实验结果表明,采用正交混淆的方式能够提高多硬件IP核的安全性,可以有效防御成员信息泄漏、状态翻转率分析等攻击。     

Novel Reversible Design of Advanced Encryption Standard Cryptographic Algorithm for Wireless Sensor Networks

The quantum of power consumption in wireless sensor nodes plays a vital role in power management since more number of functional elements are integrated in a smaller space and operated at very high frequencies. In addition, the variations in the power consumption pave the way for power analysis attacks in which the attacker gains control of the secret parameters involved in the cryptographic implementation embedded in the wireless sensor nodes. Hence, a strong countermeasure is required to provide adequate security in these systems. Traditional digital logic gates are used to build the circuits in wireless sensor nodes and the primary reason for its power consumption is the absence of reversibility property in those gates. These irreversible logic gates consume power as heat due to the loss of per bit information. In order to minimize the power consumption and in turn to circumvent the issues related to power analysis attacks, reversible logic gates can be used in wireless sensor nodes. This shifts the focus from power-hungry irreversible gates to potentially powerful circuits based on controllable quantum systems. Reversible logic gates theoretically consume zero power and have accurate quantum circuit model for practical realization such as quantum computers and implementations based on quantum dot cellular automata. One of the key components in wireless sensor nodes is the cryptographic algorithm implementation which is used to secure the information collected by the sensor nodes. In this work, a novel reversible gate design of 128-bit Advanced Encryption Standard (AES) cryptographic algorithm is presented. The complete structure of AES algorithm is designed by using combinational logic circuits and further they are mapped to reversible logic circuits. The proposed architectures make use of Toffoli family of reversible gates. The performance metrics such as gate count and quantum cost of the proposed designs are rigorously analyzed with respect to the existing designs and are properly tabulated. Our proposed reversible design of AES algorithm shows considerable improvements in the performance metrics when compared to existing designs.     

High-Throughput Area-Efficient Processor for Cryptography

Cryptography circuits for portable elec-tronic devices provide user authentication and secure data communication. These circuits should, achieve high per-formance, occupy small chip area, and handle several cryptographic algorithms. This paper proposes a high-performance ASIP (Application specific instruction set processor) for five standard cryptographic algorithms in-cluding both block ciphers (AES, Camellia, and ARIA) and stream ciphers (ZUC and SNOW 3G). The processor reaches ASIC-like performance such as 11.6 Gb/s for AES encryption, 16.0 Gb/s for ZUC, and 32.0 Gb/s for SNOW 3G, etc under the clock frequency of 1.0 GHz with the area consumption of 0.56 mm2 (65 nm). Compared with state-of-the-art VLSI designs, our design achieves high perfor-mance, low silicon cost, low power consumption, and suf-ficient programmability. For its programmability, our de-sign can offer algorithm modification when an algorithm supported is unfortunately cracked and invalid to use. The product lifetime of our design can thus be extended.     

基于SM4轮函数设计的认证加密算法

认证加密算法,作为一种对称密码算法,能够同时保护数据的机密性和完整性,在信息安全领域有着重要作用.现有的认证加密算法大多是基于分组密码的工作模式设计的,底层需要调用全轮的分组密码,效率受到很大限制.本文主要考虑从基本部件出发直接设计一个高效的认证加密算法.首先结合国产分组密码标准SM4与广义Feistel结构给出了一种通用的结构设计.然后以抵抗碰撞攻击为安全性目标,利用混合整数规划（MILP）方法搜索得到了一些状态大小和效率各不相同的结构,这些结构可以被用来构造消息认证码和认证加密算法.最后,利用目前搜索得到的状态大小和效率较优的结构设计了一个认证加密算法,并进行了初步的安全性分析和软件实现,其速度约为SM4-GCM速度的10倍.     

An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays

Since their introduction by Kocher in 1998, power analysis attacks have attracted significant attention within the cryptographic community. While early works in the field mainly threatened the security of smart cards and simple processors, several recent publications have shown the vulnerability of hardware implementations as well. In particular, field programmable gate arrays are attractive options for hardware implementation of encryption algorithms,but their security against power analysis is a serious concern, as we discuss in this paper. For this purpose, we present recent results of attacks attempted against standard encryption algorithms, provide a theoretical estimation of these attacks based on simple statistical parameters and evaluate the cost and security of different possible countermeasures.     

防御差分功耗分析攻击技术研究

差分功耗分析(DPA)攻击依赖于密码芯片在执行加密/解密过程中功耗与数据及指令的相关性,利用统计学等方法对收集到的功耗曲线进行分析,盗取关键信息,对密码芯片的安全性构成极大威胁。防御DPA攻击技术的开发与研究,已经成为信息安全领域的迫切需求。该文在归纳DPA攻击原理的基础上,对主流防御DPA攻击技术的理论与设计方法进行概述与分析,指出防御DPA前沿技术的研究进展。重点讨论防御DPA攻击技术的原理、算法流程和电路实现,包括随机掩码技术、功耗隐藏技术、功耗扰乱技术等等,并详细分析这些技术存在的优缺点。最后,对该领域潜在的研究方向与研究热点进行探讨。