CN108964874B - AES encryption method against path difference attack - Google Patents
AES encryption method against path difference attackDownload PDFInfo
- Publication number
- CN108964874B CN108964874BCN201710348988.4ACN201710348988ACN108964874BCN 108964874 BCN108964874 BCN 108964874BCN 201710348988 ACN201710348988 ACN 201710348988ACN 108964874 BCN108964874 BCN 108964874B
- Authority
- CN
- China
- Prior art keywords
- round
- key
- path
- register
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Multi Processors (AREA)
Abstract
Translated fromChinese
Description
Translated fromChinese技术领域technical field
本发明涉及AES加密技术领域,尤其涉及一种抗路径差异攻击的AES加密方法。The invention relates to the technical field of AES encryption, in particular to an AES encryption method against path difference attack.
背景技术Background technique
Advanced Encryption Standard(AES)由两个比利时密码学家Vincent Rijmen和Joan Daemen创建,取代了旧的数据加密标准(DES)。AES算法总共分为10轮,每一轮均包含字节替换、行位移、列混淆以及轮密钥加4个操作(最后一轮除外,它没有列混淆)。该标准属于分组密码算法,也是目前被广泛使用的对称密码算法。在不同的场合下,对AES算法的要求也就不同,有时需要其体积小,方便写入在一些容量小的芯片中,有的时候又需要其加密速度非常快,所以针对AES算法实现的设计也是在不断更新。Advanced Encryption Standard (AES) was created by two Belgian cryptographers, Vincent Rijmen and Joan Daemen, to replace the old Data Encryption Standard (DES). The AES algorithm is divided into 10 rounds in total, and each round includes byte replacement, row shifting, column obfuscation, and round key plus 4 operations (except the last round, which has no column obfuscation). This standard belongs to the block cipher algorithm, and it is also a widely used symmetric cipher algorithm. In different occasions, the requirements for the AES algorithm are also different. Sometimes it needs to be small in size, which is convenient for writing in some small-capacity chips, and sometimes it needs to have a very fast encryption speed. Therefore, the design for the implementation of the AES algorithm It is also constantly updated.
另外,也正是由于AES被广泛使用,也就面临着各种攻击。路径差异攻击就是最近出现的一种针对每一轮中轮密钥与轮数据到达下一个计算单元的时间存在一定的差异,从而来攻击AES算法的一种侧信道攻击;但是,目前还没有较为有效的抵御方案。In addition, it is precisely because AES is widely used that it faces various attacks. Path difference attack is a recent side-channel attack that attacks the AES algorithm due to the difference in the time between the round key and the round data arriving at the next computing unit in each round. effective defense plan.
发明内容SUMMARY OF THE INVENTION
本发明的目的是提供一种抗路径差异攻击的AES加密方法,可以有效的保证了AES算法不会被进行路径差异攻击,同时,还能提高整个AES加密算法的速度和效率。The purpose of the present invention is to provide an AES encryption method against path difference attacks, which can effectively ensure that the AES algorithm will not be subjected to path difference attacks, and at the same time, can also improve the speed and efficiency of the entire AES encryption algorithm.
本发明的目的是通过以下技术方案实现的:The purpose of this invention is to realize through the following technical solutions:
一种抗路径差异攻击的AES加密方法,包括:An AES encryption method resistant to path difference attacks, including:
将AES加密算法中原本的密钥扩展子程序拆分,分配到每一轮中去;Split the original key expansion subroutine in the AES encryption algorithm and distribute it to each round;
在AES加密算法执行到第i轮时,从数据寄存器中取出上一轮计算出的轮数据,然后依次进行本轮的S置换、行变换以及列混淆计算,获得本轮的轮数据,上述计算路径称为轮数据路径;同时,从轮密钥寄存器中取出上一轮的轮密钥,并用该轮密钥进行轮密钥扩展计算,从而得出本轮的轮密钥,上述计算路径称为轮密钥路径;When the AES encryption algorithm is executed to the i-th round, the round data calculated in the previous round is taken out from the data register, and then the S permutation, row transformation and column confusion calculation of the current round are performed in turn to obtain the round data of the current round. The above calculation The path is called the round data path; at the same time, the round key of the previous round is taken out from the round key register, and the round key is used for the round key expansion calculation to obtain the round key of the current round. The above calculation path is called is the round key path;
在第i轮的最后一步轮密钥加计算到来之前,通过对比两条路径差异,通过延时单元对本轮的轮密钥进行延时处理,使得延时处理后的本轮的轮密钥与本轮的轮数据同时达到用于轮密钥加操作的计算单元;Before the final round key addition calculation of the i-th round arrives, by comparing the difference between the two paths, the delay unit performs delay processing on the round key of the current round, so that the round key of the current round after the delayed processing is processed. reach the computing unit for the round key addition operation at the same time as the round data of the current round;
当进行轮密钥加操作之后,分别对应的将本轮的轮数据、本轮的轮密钥放入到这一轮结尾的数据寄存器、轮密钥寄存器中。After the round key addition operation is performed, the round data of the current round and the round key of the current round are put into the data register and the round key register at the end of the round, respectively.
该方法基于流水线技术来分割整个AES加密过程;The method is based on pipeline technology to split the entire AES encryption process;
其中,对于轮与轮之间使用寄存器将每一轮分割;Among them, each round is divided using registers between rounds;
对于轮内分割,在轮数据路径部分,如果S置换部分采用查找表实现时,则在进行S置换、行变换以及列混淆之后分别设置一寄存器来进行分割,寄存器的设置位置称为分割点;如果S置换采用扩域的方法实现,则还要利用寄存器对S置换内的各个操作进行分割;对于轮密钥路径部分,进行轮密钥扩展计算设置一寄存器,其位置与轮数据路径部分进行S置换后的寄存器位置一致,而后续的延时处理,则根据轮数据路径部分的分割结果来增加相应数量的寄存器,且保持寄存器位置一一对应,从而构成轮数据路径中的延时单元。For the intra-round division, in the round data path part, if the S replacement part is implemented by a look-up table, a register is respectively set to perform the division after S replacement, row transformation and column confusion, and the setting position of the register is called the division point; If the S permutation is implemented by the method of expanding the field, then each operation in the S permutation is also divided by the register; for the round key path part, a register is set for the round key expansion calculation, and its position is compared with the round data path part. The positions of the registers replaced by S are the same, and the subsequent delay processing adds a corresponding number of registers according to the division result of the round data path part, and keeps the register positions in a one-to-one correspondence, thus forming a delay unit in the round data path.
该方法基于高速FPGA实现。The method is implemented based on high-speed FPGA.
由上述本发明提供的技术方案可以看出,基于每一轮分别计算各自的轮密钥,以及每一轮中对轮密钥路径与轮数据路径的精确控制,使得两者到达下一个计算单元的时间保持一致,以消除了路径差异,从而防止基于路径差异的侧信道攻击;同时,利用硬件电路中的流水线技术,针对AES加密算法的每一轮都进行流水线分割,使得被分割的各个部分间可以并行工作,从而大大加快整个加密算法的速度和效率。It can be seen from the above technical solution provided by the present invention that the respective round key is calculated based on each round, and the precise control of the round key path and the round data path in each round, so that the two reach the next computing unit. The time of the AES encryption algorithm is kept consistent to eliminate the path difference, thereby preventing side-channel attacks based on the path difference; at the same time, using the pipeline technology in the hardware circuit, pipeline segmentation is performed for each round of the AES encryption algorithm, so that the divided parts are divided. It can work in parallel, thereby greatly speeding up the speed and efficiency of the entire encryption algorithm.
附图说明Description of drawings
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他附图。In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1为本发明实施例提供的一种抗路径差异攻击的AES加密方法的示意图;1 is a schematic diagram of an AES encryption method for resisting path difference attacks according to an embodiment of the present invention;
图2为本发明实施例提供的轮间流水线分割示意图;FIG. 2 is a schematic diagram of an inter-wheel pipeline segmentation provided by an embodiment of the present invention;
图3为本发明实施例提供的轮内流水线分割示意图。FIG. 3 is a schematic diagram of in-round pipeline segmentation according to an embodiment of the present invention.
具体实施方式Detailed ways
下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明的保护范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present invention.
本发明实施例提供一种抗路径差异攻击的AES加密方法,该方法通过逐轮分开计算AES的轮密钥,然后通过计算轮数据的传输路径与轮密钥的传输路径之间的时间差,在轮密钥传输的路径上加入该时间差的延时单元,从而使得最终两条路径的传输时间是一致的,具体如图1所示,主要包括:The embodiment of the present invention provides an AES encryption method against path difference attack. The method calculates the round key of the AES separately round by round, and then calculates the time difference between the transmission path of the round data and the transmission path of the round key. The delay unit of the time difference is added to the path of the round key transmission, so that the transmission time of the two paths is consistent in the end, as shown in Figure 1, which mainly includes:
1、将AES加密算法中原本的密钥扩展子程序拆分,分配到每一轮中去。1. Split the original key expansion subroutine in the AES encryption algorithm and distribute it to each round.
2、在AES加密算法执行到第i轮时,从数据寄存器中取出上一轮计算出的轮数据,然后依次进行本轮的S置换、行变换以及列混淆计算,获得本轮的轮数据,上述计算路径称为轮数据路径;同时,从轮密钥寄存器中取出上一轮的轮密钥,并用该轮密钥进行轮密钥扩展计算,从而得出本轮的轮密钥,上述计算路径称为轮密钥路径。2. When the AES encryption algorithm is executed to the i-th round, the round data calculated in the previous round is taken out from the data register, and then the S permutation, row transformation and column confusion calculation of the current round are performed in turn to obtain the round data of the current round. The above calculation path is called the round data path; at the same time, the round key of the previous round is taken out from the round key register, and the round key is used for the round key expansion calculation, so as to obtain the round key of the current round. The above calculation The path is called the round key path.
3、在第i轮的最后一步轮密钥加计算到来之前,通过对比两条路径差异,通过延时单元对本轮的轮密钥进行延时处理(一般情况下都是轮数据路径比轮密钥路径耗时久),使得延时处理后的本轮的轮密钥与本轮的轮数据同时达到用于轮密钥加操作(轮密钥与轮数据异或操作)的计算单元。3. Before the final round key addition calculation of the i-th round arrives, by comparing the difference between the two paths, delay processing of the round key of the current round through the delay unit (generally, the round data path is longer than the round key. The key path takes a long time), so that the round key of the current round and the round data of the current round after the delayed processing reach the calculation unit for the round key addition operation (the round key and the round data XOR operation) at the same time.
4、当进行轮密钥加操作之后,分别对应的将本轮的轮数据、本轮的轮密钥放入到这一轮结尾的数据寄存器、轮密钥寄存器中。4. After the round key addition operation is performed, the round data of the current round and the round key of the current round are put into the data register and the round key register at the end of the round, respectively.
另外,本发明实施例还利用硬件电路中的流水线技术,针对AES加密算法的每一轮都进行流水线分割。流水线技术是一种能够将多个连续但没有反馈的计算单元进行分割,使得各部分能够同时并行工作的技术。在AES加密算法中,各部分之间没有反馈,利用图2和图3所示的流水线分割方法,可以大大加快整个算法的计算速度,从而实现高速加密。In addition, the embodiment of the present invention also utilizes the pipeline technology in the hardware circuit to perform pipeline segmentation for each round of the AES encryption algorithm. Pipeline technology is a technology that can divide multiple consecutive computing units without feedback, so that each part can work in parallel at the same time. In the AES encryption algorithm, there is no feedback between each part. Using the pipeline segmentation method shown in Figure 2 and Figure 3, the calculation speed of the entire algorithm can be greatly accelerated, thereby achieving high-speed encryption.
如图2所示,由于AES每一轮之间都没有反馈环节,所以我们可以对它进行流水线分割,并且AES每一轮进行的操作都是一样的(最后一轮稍有不同),那么对其进行轮与轮之间的分割就比较简单,只需要用寄存器将每一轮分割开来(如附图2所示)。As shown in Figure 2, since there is no feedback link between each round of AES, we can pipeline it, and the operations performed in each round of AES are the same (the last round is slightly different), then for It is relatively simple to perform the division between rounds, and only need to use a register to divide each round (as shown in FIG. 2 ).
对于轮内分割,如图3所示,在轮数据路径部分,分为两种情况:1)如果S置换部分采用查找表实现时,则在进行S置换、行变换以及列混淆之后分别设置一寄存器来进行分割,寄存器的设置位置称为分割点;2)如果S置换采用扩域的方法实现,则还要利用寄存器对S置换内的各个操作进行分割,以达到最优(图3中未示出);对于轮密钥路径部分,进行轮密钥扩展计算设置一寄存器,其位置与轮数据路径部分进行S置换后的寄存器位置一致,而后续的延时处理,则根据轮数据路径部分的分割结果来增加相应数量的寄存器,且保持寄存器位置一一对应(这些参与延时处理的寄存器构成了轮密钥路径中的延时单元),从图3中可以看出,轮密钥路径部分设置的寄存器数量与轮数据路径部分设置的寄存器数量与位置相同。For intra-round segmentation, as shown in Figure 3, in the data path part of the round, there are two cases: 1) If the S replacement part is implemented with a look-up table, after performing S replacement, row transformation and column confusion, set a 2) If the S replacement is implemented by the method of expanding the domain, the registers are also used to divide each operation in the S replacement to achieve the optimal (not shown in Figure 3). shown); for the round key path part, perform the round key expansion calculation to set a register whose position is consistent with the register position after the S replacement of the round data path part, and the subsequent delay processing is based on the round data path part. The corresponding number of registers is increased by dividing the result of the split, and the register positions are kept in a one-to-one correspondence (these registers participating in the delay processing constitute the delay unit in the round key path). As can be seen from Figure 3, the round key path The number of registers set by the section is the same as the number and location of registers set by the wheel datapath section.
示例性的,本发明上述方法可以基于高速FPGA实现。Exemplarily, the above method of the present invention can be implemented based on a high-speed FPGA.
上述方法和现有技术相比,主要具有以下的优点和技术效果:Compared with the prior art, the above method mainly has the following advantages and technical effects:
1、基于每一轮分别计算各自的轮密钥,以及每一轮中对轮密钥路径与轮数据路径的精确控制,使得两者到达下一个计算单元的时间保持一致,以消除了路径差异,从而防止基于路径差异的侧信道攻击。1. Calculate the respective round key based on each round, and precisely control the round key path and the round data path in each round, so that the time for the two to reach the next computing unit is consistent, so as to eliminate the path difference , thereby preventing side-channel attacks based on path differences.
2、利用硬件电路中的流水线技术,针对AES加密算法的每一轮都进行流水线分割,使得被分割的各个部分间可以并行工作,从而大大加快整个加密算法的速度和效率。2. Using the pipeline technology in the hardware circuit, pipeline segmentation is performed for each round of the AES encryption algorithm, so that the divided parts can work in parallel, thereby greatly accelerating the speed and efficiency of the entire encryption algorithm.
以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明披露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求书的保护范围为准。The above description is only a preferred embodiment of the present invention, but the protection scope of the present invention is not limited to this. Substitutions should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.
Claims (3)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710348988.4ACN108964874B (en) | 2017-05-17 | 2017-05-17 | AES encryption method against path difference attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710348988.4ACN108964874B (en) | 2017-05-17 | 2017-05-17 | AES encryption method against path difference attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108964874A CN108964874A (en) | 2018-12-07 |
| CN108964874Btrue CN108964874B (en) | 2020-10-27 |
Family
ID=64461731
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710348988.4AActiveCN108964874B (en) | 2017-05-17 | 2017-05-17 | AES encryption method against path difference attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108964874B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114915395B (en)* | 2021-02-09 | 2025-01-10 | 中国科学院上海微系统与信息技术研究所 | Superconducting anti-bypass attack encryption device and encryption method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729241A (en)* | 2008-10-23 | 2010-06-09 | 国民技术股份有限公司 | AES encryption method for resisting differential power attacks |
| CN103516512A (en)* | 2013-10-21 | 2014-01-15 | 深圳市芯通信息科技有限公司 | Encryption and decryption method and encryption and decryption device based on AES (advanced encryption standard) algorithm |
| CN105871536A (en)* | 2016-06-14 | 2016-08-17 | 东南大学 | AES-algorithm-oriented power analysis attack resistant method based on random time delay |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101847195B (en)* | 2010-06-26 | 2012-01-04 | 上海交通大学 | Defensive attack method based on Cache time characteristics |
| US8958550B2 (en)* | 2011-09-13 | 2015-02-17 | Combined Conditional Access Development & Support. LLC (CCAD) | Encryption operation with real data rounds, dummy data rounds, and delay periods |
| CN104639314A (en)* | 2014-12-31 | 2015-05-20 | 深圳先进技术研究院 | Device based on AES (advanced encryption standard) encryption/decryption algorithm and pipelining control method |
| CN106452725B (en)* | 2016-06-14 | 2019-05-31 | 东南大学 | A kind of anti-power consumption attack method towards aes algorithm based on register mask |
- 2017
- 2017-05-17CNCN201710348988.4Apatent/CN108964874B/enactiveActive
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729241A (en)* | 2008-10-23 | 2010-06-09 | 国民技术股份有限公司 | AES encryption method for resisting differential power attacks |
| CN103516512A (en)* | 2013-10-21 | 2014-01-15 | 深圳市芯通信息科技有限公司 | Encryption and decryption method and encryption and decryption device based on AES (advanced encryption standard) algorithm |
| CN105871536A (en)* | 2016-06-14 | 2016-08-17 | 东南大学 | AES-algorithm-oriented power analysis attack resistant method based on random time delay |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108964874A (en) | 2018-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111464308B (en) | Method and system for realizing reconstruction of multiple Hash algorithms | |
| Wang et al. | FPGA-based 40.9-Gbits/s masked AES with area optimization for storage area network | |
| US10771235B2 (en) | Protecting block cipher computation operations from external monitoring attacks | |
| US10044625B2 (en) | Hash level load balancing for deduplication of network packets | |
| Diehl et al. | Face-off between the CAESAR Lightweight Finalists: ACORN vs. Ascon | |
| CN113078996B (en) | FPGA optimization implementation method, system and application of SM4 cryptographic algorithm | |
| Ahmad et al. | A new ASIC implementation of an advanced encryption standard (AES) crypto-hardware accelerator | |
| CN114175572A (en) | System and method for performing equality and less than operations on encrypted data using quasigroup operations | |
| Wang et al. | High throughput and resource efficient AES encryption/decryption for SANs | |
| CN104753665A (en) | Side channel energy attack method aiming at SM4 password round function output | |
| CN105871536A (en) | AES-algorithm-oriented power analysis attack resistant method based on random time delay | |
| CN108964874B (en) | AES encryption method against path difference attack | |
| CN104484615B (en) | Suitable for reconfigurable arrays framework based on space randomization fault-resistant attack method | |
| CN109347621B (en) | High-speed AES encryption circuit based on random delay S-box to defend against collision attack | |
| CN113676476B (en) | An Encryption Hopping Method Based on Action Programmable Software-Defined Networking | |
| CN104301096A (en) | AES round operation method and circuit | |
| Singha et al. | Implementation of AES using composite field arithmetic for IoT applications | |
| CN104917852A (en) | Data rapid processing method aiming at IPv6 address | |
| CN112865960B (en) | System, method and device for realizing high-speed key chain pre-calculation based on stream cipher | |
| CN114244510B (en) | Hardware acceleration device, method, equipment and storage medium | |
| CN114329524A (en) | Encryption method and system for resisting bypass attack | |
| Li et al. | High throughput AES encryption/decryption with efficient reordering and merging techniques | |
| Oukili et al. | FPGA implementation of Data Encryption Standard using time variable permutations | |
| US9900149B2 (en) | Area efficient cryptographic method and apparatus | |
| CN114553424A (en) | ZUC-256 stream cipher light-weight hardware system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |