低面积复杂度AES低熵掩码方案的研究

doi:10.11959/j.issn.1000-436x.2019100

Abstract

Abstract:

Based on the rotating S-box masking (RSM) proposed by Nassar et al,a low-entropy masking scheme for the advanced encryption standard (AES) was proposed.Reducing the area complexity by reusing the S-boxes,improving the hardware security by shuffling operation and improving the throughput by pipelining operation were the main idea of the proposed scheme.For the AES,the number of S-boxes could be reduced from 16 to 4 (key expansion module wasn’t included).Compared with the RSM,the combinational logic,the dedicated logic and the memory size are reduced to 69%,60% and 80% respectively.In addition,the theoretical analysis shows that the proposed scheme can resist offset based CPA attack,thus has higher security than the RSM.

Key words: rotating S-box masking, low-entropy masking scheme, S-box reusing, AES, pipeline

CLC Number:

TP309.2

Jiuxing JIANG,Jiao HOU,Hai HUANG,Yuying ZHAO,Xinxin FENG. Research on area-efficient low-entropy masking scheme for AES[J]. Journal on Communications, 2019, 40(5): 201-210.

Figures/Tables 15

References 22

[1]	KOCHER P C , . Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[C]// International Cryptology Conference on Advances in Cryptology. Springer, 1996: 104-113.
[2]	肖国镇, 白恩健, 刘晓娟 . AES 密码分析的若干新进展[J]. 电子学报, 2003,31(10): 1549-1554.
	XIAO G Z , BAI E J , LIU X J . Some new developments on the cryptanalysis of AES[J]. ACTA Electronica sinica, 2003,31(10): 1549-1554.
[3]	KOCHER P C , JAFFE J , JUN B . Differential power analysis[C]// International Cryptology Conference on Advances in Cryptology. Springer, 1999: 388-397.
[4]	TANG M , QIU Z L , GUO Z P ,et al. A generic table recomputation-based higher-order masking[J]. IEEE Transactions on Computer Aided Design of Integrated Circuits and Systems, 2017,36(11): 1779-1789.
[5]	PAMMU A A , CHONG K S , NE K Z L ,et al. High secured low power multiplexer-LUT based AES S-box implementation[C]// International Conference on Information Systems Engineering. Springer, 2016: 3-7.
[6]	黄海, 冯新新, 刘红雨 ,等. 基于随机加法链的高级加密标准抗侧信道攻击对策[J]. 电子与信息学报, 2019,41(2): 348-354.
	HUANG H , FENG X X , LIU H Y ,et al. Random addition-chain based countermeasure against side-channel attack for advanced encryption standard[J]. Journal of Electronics ＆ Information Technology, 2019,41(2): 348-354.
[7]	AHN S , CHOI D . An improved masking scheme for S-box software implementations[C]// 16th International Workshop on Information Security Applications. KISSC, 2016: 200-212.
[8]	NASSAR M , SOUISSI Y , GUILLEY S ,et al. RSM:a small and fast countermeasure for AES,secure against 1st and 2nd-order zero-offset SCAs[C]// Design,Automation ＆ Test in Europe Conference ＆ Exhibition. IEEE, 2012: 1173-1178.
[9]	HUANG H , LIU L B , HUANG Q H ,et al. Low area-overhead low-entropy masking scheme (LEMS) against correlation power analysis attack[J]. IEEE Transactions on Computer Aided Design of Integrated Circuits and Systems, 2019,38(2): 208-219.
[10]	CHARI S , JUTLA C S , RAO J R ,et al. Towards sound approaches to counteract power-analysis attacks[C]// International Cryptology Conference on Advances in Cryptology. Springer, 1999: 398-412.
[11]	FAHN P N , PEARSON P K . IPA:a new class of power attacks[C]// International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 1999: 173-186.
[12]	ITOH K , TAKEBAKA M , TORII N . DPA countermeasure based on the "masking method"[C]// International Conference Seoul on Information Security and Cryptology. Springer, 2001: 440-456.
[13]	YAMASHITA N , MINEMATSU K , OKAMURA T ,et al. A smaller and faster variant of RSM[C]// Design,Automation and Test in Europe Conference and Exhibition. IEEE, 2014: 205-209.
[14]	徐佩 . 智能卡AES加密模块抗侧信道攻击掩码技术研究与实现[D]. 重庆:重庆大学, 2015： 20-37.
	XU P . Research and implementation with mask technology on AES encryption module of smartcard against side channel attack[D]. Chongqing:Chongqing University, 2015： 20-37.
[15]	BHASIN S , BRUNEAU N , DANGER J L ,et al. Analysis and improvements of the DPA contest v4 implementation[C]// International Conference on Security,Privacy,and Applied Cryptography Engineering. Springer, 2014: 201-218.
[16]	LEUNG Y W , WANG Y . An orthogonal genetic algorithm with quantization for global numerical optimization[J]. IEEE Transactions on Evolutionary Computation, 2002,5(1): 41-53.
[17]	李濛 . 基于FPGA的AES算法优化与实现[D]. 哈尔滨:黑龙江大学, 2018: 30-50.
	LI M . Optimization and implementation of AES algorithms based on FPGA[D]. Harbin:Heilongjiang University, 2018: 30-50.
[18]	PAMMU A A , CHONG K S , GWEE B H . Secured low power overhead compensator look-up-table (LUT) substitution box (S-Box) architecture[C]// IEEE International Conference on Networking. Springer, 2016: 3-6.
[19]	KARTHIGAIKUMAR P , CHRISTY N A , MANGAI N M S . PSP CO2:an efficient hardware architecture for AES algorithm for high throughput[J]. Wireless Personal Communications, 2015,85(1): 305-323.
[20]	汪鹏君, 郝李鹏, 张跃军 . 防御零值功耗攻击的AES SubByte模块设计及其VLSI实现[J]. 电子学报, 2012,40(11): 2183-2187.
	WANG P J , HAO L P , ZHANG Y J . Design of AES SubByte module of anti-zero value power attack and its VLSI implementation[J]. ACTA Electronica sinica, 2012,40(11): 2183-2187.
[21]	PROUFF E , RIVAIN M , VAN R . Statistical analysis of second order differential power analysis[J]. IEEE Transactions on Computer, 2009: 799-811.
[22]	NASSAR M , GUILLEY S , DANGER J L . Formal analysis of the entropy/security trade-off in first-order masking countermeasures against side-channel attacks[C]// International Conference on Cryptology. Springer, 2011: 22-39.

Metrics

Recommended 0

No Suggested Reading articles found!

方案	一阶SCA	高阶SCA	基于偏移量的一阶CPA
无掩码AES方案	×	×	×
RSM方案^[8]	○	○	×
vRSM方案^[13]	○	○	×
S盒共用掩码方案	○	○	○

方案	S盒数目/个	掩码选取	总逻辑单元/个	时序逻辑单元/个	组合逻辑单元/个	存储大小/位	128位数据加密所需周期
无掩码AES方案	16	-	5 080	1 500	5 065	409 600	10
RSM方案^[8]	16	16	5 512（+9%）	220（-85%）	5 497（+9%）	409 600（+0%）	10
vRSM方案^[13]	16	16	5 202（+2%）	220（-85%）	5 399（+7%）	409 600（+0%）	10
S盒共用掩码方案	4	6 144	3 184（-37%）	2 766（+84%）	1 838（-64%）	84 545（-79%）	40

方案	总逻辑单元/个	时序逻辑单元/个	组合逻辑单元/个	存储大小/位	4×128位数据加密所需周期
无掩码AES方案	9 975	9 369	5 915	409 600	42
RSM方案^[8]	11 119（+11%）	10 530（+12%）	6 459（+9%）	409 600（+0%）	52
S盒共用掩码方案	4 352（-56%）	4 220（-55%）	1 986（-66%）	81 956（-80%）	91

Research on area-efficient low-entropy masking scheme for AES

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 15

References 22

Related Articles 11

Metrics

Recommended 0

[1]	Zijing JIANG, Qun DING. Nove lincidence matrix differential power analysis for resisting ghost peak [J]. Journal on Communications, 2023, 44(4): 38-49.
[2]	Ming TANG, Yifan HU. Load-to-store: exploit the time leakage of store buffer transient window [J]. Journal on Communications, 2023, 44(4): 64-77.
[3]	Shaoyu DU. Improved integral attack——random linear distinguish and key recovery attack [J]. Journal on Communications, 2023, 44(4): 145-153.
[4]	Bin WANG, Si CHEN, Jiadong CHEN, Xing WANG. DWB-AES: an implementation of dynamic white-box based on AES [J]. Journal on Communications, 2021, 42(2): 177-186.
[5]	Zhi-bo DU,UNYuan-hua S,ANGYi W. Multi-point joint power analysis attack against AES [J]. Journal on Communications, 2016, 37(Z1): 78-84.
[6]	Le DONG,Wen-ling WU,Shuang WU,Jian ZHOU. Novel method of constructing the zero-sum distinguishers [J]. Journal on Communications, 2012, 33(11): 91-99.
[7]	Xin-jie ZHAO,Shi-ze GUO,Tao WANG,Hui-ying LIU. Improved Cache trace driven attack on AES and CLEFIA [J]. Journal on Communications, 2011, 32(8): 101-110.
[8]	Xiao-li DONG,Yu-pu HU,Jie CHEN,Shun-bo LI,Yang YANG. Improved meet-in-the-middle attacks on 7-round AES-192 and 8-round AES-256 [J]. Journal on Communications, 2010, 31(9A): 197-201.
[9]	Jun HAN,Xiao-yang ZENG,Jia ZHAO. VLSI implementation of AES algorithm against differential power attack and differential fault attack [J]. Journal on Communications, 2010, 31(1): 20-29.
[10]	Jian-jun GUO,Ming CHEN,Jian-yin ZHANG,Zhi-chao ZHAO. Research on DRM system design and real-time content protection in IPTV [J]. Journal on Communications, 2008, 29(11A): 66-71.
[11]	Ming-fei WANG,Lin-lin CI,Ping ZHAN,Yong-jun XU. Study on capacity analytical model for multi-channel wireless sensor networks [J]. Journal on Communications, 2008, 29(11): 50-61.