低面积复杂度AES低熵掩码方案的研究

doi:10.11959/j.issn.1000-436x.2019100

通信学报 ›› 2019, Vol. 40 ›› Issue (5): 201-210.doi: 10.11959/j.issn.1000-436x.2019100

低面积复杂度AES低熵掩码方案的研究

姜久兴¹,厚娇¹,黄海²(),赵玉迎¹,冯新新³

¹ 哈尔滨理工大学理学院，黑龙江哈尔滨 150080
² 哈尔滨理工大学软件与微电子学院，黑龙江哈尔滨 150080
³ 哈尔滨理工大学计算机科学与技术学院，黑龙江哈尔滨 150080

修回日期:2019-03-29 出版日期:2019-05-25 发布日期:2019-05-30
作者简介:姜久兴（1963- ），男，黑龙江哈尔滨人，博士，哈尔滨理工大学教授、硕士生导师，主要研究方向为集成电路设计。|厚娇（1988- ），女，黑龙江哈尔滨人，哈尔滨理工大学硕士生，主要研究方向为信息安全和集成电路设计。|黄海（1982- ），男，内蒙古巴彦淖尔人，博士，哈尔滨理工大学副教授、硕士生导师，主要研究方向为信息安全、数字信号处理和集成电路设计。|赵玉迎（1990- ），女，黑龙江哈尔滨人，哈尔滨理工大学硕士生，主要研究方向为信息安全和集成电路设计。|冯新新（1991- ），男，江苏淮安人，哈尔滨理工大学硕士生，主要研究方向为计算机网络和信息安全。
基金资助:
国家自然科学基金资助项目(61604050);国家自然科学基金资助项目(51672062)

Research on area-efficient low-entropy masking scheme for AES

Jiuxing JIANG¹,Jiao HOU¹,Hai HUANG²(),Yuying ZHAO¹,Xinxin FENG³

¹ School of Science,Harbin University of Science and Technology,Harbin 150080,China
² School of Software and Microelectronics,Harbin University of Science and Technology,Harbin 150080,China
³ School of Computer Science and Technology,Harbin University of Science and Technology,Harbin 150080,China

Revised:2019-03-29 Online:2019-05-25 Published:2019-05-30
Supported by:
The National Natural Science Foundation of China(61604050);The National Natural Science Foundation of China(51672062)

摘要/Abstract

摘要：

在Nassar等提出的循环移位S盒掩码方案（RSM）的基础上，提出了一种针对高级加密标准（AES）算法低熵掩码方案。该方案的核心思想是利用S盒共用思想降低面积复杂度，采用乱序技术提高系统安全性，并通过流水线技术提高系统的吞吐量。对于AES，所提方案可将其S盒的数量从16个降低为4个（不包括密钥扩展模块）。实验表明，与RSM相比，组合逻辑、时序逻辑和存储面积分别降低了69%、60%和80%，能够抵御基于偏移量CPA攻击，具有更高的安全性。

关键词: 循环移位S盒掩码方案, 低熵掩码方案, S盒共用, 高级加密标准, 流水线

Abstract:

Based on the rotating S-box masking (RSM) proposed by Nassar et al,a low-entropy masking scheme for the advanced encryption standard (AES) was proposed.Reducing the area complexity by reusing the S-boxes,improving the hardware security by shuffling operation and improving the throughput by pipelining operation were the main idea of the proposed scheme.For the AES,the number of S-boxes could be reduced from 16 to 4 (key expansion module wasn’t included).Compared with the RSM,the combinational logic,the dedicated logic and the memory size are reduced to 69%,60% and 80% respectively.In addition,the theoretical analysis shows that the proposed scheme can resist offset based CPA attack,thus has higher security than the RSM.

Key words: rotating S-box masking, low-entropy masking scheme, S-box reusing, AES, pipeline

中图分类号:

TP309.2

姜久兴,厚娇,黄海,赵玉迎,冯新新. 低面积复杂度AES低熵掩码方案的研究[J]. 通信学报, 2019, 40(5): 201-210.

Jiuxing JIANG,Jiao HOU,Hai HUANG,Yuying ZHAO,Xinxin FENG. Research on area-efficient low-entropy masking scheme for AES[J]. Journal on Communications, 2019, 40(5): 201-210.

图/表 15

图1

图2

图3

图4

图6

图5

图7

图8

图9

图10

图11

图12

表1

表2

表3

参考文献 22

[1]	KOCHER P C , . Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[C]// International Cryptology Conference on Advances in Cryptology. Springer, 1996: 104-113.
[2]	肖国镇, 白恩健, 刘晓娟 . AES 密码分析的若干新进展[J]. 电子学报, 2003,31(10): 1549-1554.
	XIAO G Z , BAI E J , LIU X J . Some new developments on the cryptanalysis of AES[J]. ACTA Electronica sinica, 2003,31(10): 1549-1554.
[3]	KOCHER P C , JAFFE J , JUN B . Differential power analysis[C]// International Cryptology Conference on Advances in Cryptology. Springer, 1999: 388-397.
[4]	TANG M , QIU Z L , GUO Z P ,et al. A generic table recomputation-based higher-order masking[J]. IEEE Transactions on Computer Aided Design of Integrated Circuits and Systems, 2017,36(11): 1779-1789.
[5]	PAMMU A A , CHONG K S , NE K Z L ,et al. High secured low power multiplexer-LUT based AES S-box implementation[C]// International Conference on Information Systems Engineering. Springer, 2016: 3-7.
[6]	黄海, 冯新新, 刘红雨 ,等. 基于随机加法链的高级加密标准抗侧信道攻击对策[J]. 电子与信息学报, 2019,41(2): 348-354.
	HUANG H , FENG X X , LIU H Y ,et al. Random addition-chain based countermeasure against side-channel attack for advanced encryption standard[J]. Journal of Electronics ＆ Information Technology, 2019,41(2): 348-354.
[7]	AHN S , CHOI D . An improved masking scheme for S-box software implementations[C]// 16th International Workshop on Information Security Applications. KISSC, 2016: 200-212.
[8]	NASSAR M , SOUISSI Y , GUILLEY S ,et al. RSM:a small and fast countermeasure for AES,secure against 1st and 2nd-order zero-offset SCAs[C]// Design,Automation ＆ Test in Europe Conference ＆ Exhibition. IEEE, 2012: 1173-1178.
[9]	HUANG H , LIU L B , HUANG Q H ,et al. Low area-overhead low-entropy masking scheme (LEMS) against correlation power analysis attack[J]. IEEE Transactions on Computer Aided Design of Integrated Circuits and Systems, 2019,38(2): 208-219.
[10]	CHARI S , JUTLA C S , RAO J R ,et al. Towards sound approaches to counteract power-analysis attacks[C]// International Cryptology Conference on Advances in Cryptology. Springer, 1999: 398-412.
[11]	FAHN P N , PEARSON P K . IPA:a new class of power attacks[C]// International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 1999: 173-186.
[12]	ITOH K , TAKEBAKA M , TORII N . DPA countermeasure based on the "masking method"[C]// International Conference Seoul on Information Security and Cryptology. Springer, 2001: 440-456.
[13]	YAMASHITA N , MINEMATSU K , OKAMURA T ,et al. A smaller and faster variant of RSM[C]// Design,Automation and Test in Europe Conference and Exhibition. IEEE, 2014: 205-209.
[14]	徐佩 . 智能卡AES加密模块抗侧信道攻击掩码技术研究与实现[D]. 重庆:重庆大学, 2015： 20-37.
	XU P . Research and implementation with mask technology on AES encryption module of smartcard against side channel attack[D]. Chongqing:Chongqing University, 2015： 20-37.
[15]	BHASIN S , BRUNEAU N , DANGER J L ,et al. Analysis and improvements of the DPA contest v4 implementation[C]// International Conference on Security,Privacy,and Applied Cryptography Engineering. Springer, 2014: 201-218.
[16]	LEUNG Y W , WANG Y . An orthogonal genetic algorithm with quantization for global numerical optimization[J]. IEEE Transactions on Evolutionary Computation, 2002,5(1): 41-53.
[17]	李濛 . 基于FPGA的AES算法优化与实现[D]. 哈尔滨:黑龙江大学, 2018: 30-50.
	LI M . Optimization and implementation of AES algorithms based on FPGA[D]. Harbin:Heilongjiang University, 2018: 30-50.
[18]	PAMMU A A , CHONG K S , GWEE B H . Secured low power overhead compensator look-up-table (LUT) substitution box (S-Box) architecture[C]// IEEE International Conference on Networking. Springer, 2016: 3-6.
[19]	KARTHIGAIKUMAR P , CHRISTY N A , MANGAI N M S . PSP CO2:an efficient hardware architecture for AES algorithm for high throughput[J]. Wireless Personal Communications, 2015,85(1): 305-323.
[20]	汪鹏君, 郝李鹏, 张跃军 . 防御零值功耗攻击的AES SubByte模块设计及其VLSI实现[J]. 电子学报, 2012,40(11): 2183-2187.
	WANG P J , HAO L P , ZHANG Y J . Design of AES SubByte module of anti-zero value power attack and its VLSI implementation[J]. ACTA Electronica sinica, 2012,40(11): 2183-2187.
[21]	PROUFF E , RIVAIN M , VAN R . Statistical analysis of second order differential power analysis[J]. IEEE Transactions on Computer, 2009: 799-811.
[22]	NASSAR M , GUILLEY S , DANGER J L . Formal analysis of the entropy/security trade-off in first-order masking countermeasures against side-channel attacks[C]// International Conference on Cryptology. Springer, 2011: 22-39.

方案	一阶SCA	高阶SCA	基于偏移量的一阶CPA
无掩码AES方案	×	×	×
RSM方案^[8]	○	○	×
vRSM方案^[13]	○	○	×
S盒共用掩码方案	○	○	○

方案	S盒数目/个	掩码选取	总逻辑单元/个	时序逻辑单元/个	组合逻辑单元/个	存储大小/位	128位数据加密所需周期
无掩码AES方案	16	-	5 080	1 500	5 065	409 600	10
RSM方案^[8]	16	16	5 512（+9%）	220（-85%）	5 497（+9%）	409 600（+0%）	10
vRSM方案^[13]	16	16	5 202（+2%）	220（-85%）	5 399（+7%）	409 600（+0%）	10
S盒共用掩码方案	4	6 144	3 184（-37%）	2 766（+84%）	1 838（-64%）	84 545（-79%）	40

方案	总逻辑单元/个	时序逻辑单元/个	组合逻辑单元/个	存储大小/位	4×128位数据加密所需周期
无掩码AES方案	9 975	9 369	5 915	409 600	42
RSM方案^[8]	11 119（+11%）	10 530（+12%）	6 459（+9%）	409 600（+0%）	52
S盒共用掩码方案	4 352（-56%）	4 220（-55%）	1 986（-66%）	81 956（-80%）	91

低面积复杂度AES低熵掩码方案的研究

Research on area-efficient low-entropy masking scheme for AES

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 22

相关文章 1

Metrics

推荐阅读 0