+

WO2018165949A1 - Des software dpa attack prevention method and device - Google Patents

Des software dpa attack prevention method and device Download PDF

Info

Publication number
WO2018165949A1
WO2018165949A1 PCT/CN2017/076972 CN2017076972W WO2018165949A1 WO 2018165949 A1 WO2018165949 A1 WO 2018165949A1 CN 2017076972 W CN2017076972 W CN 2017076972W WO 2018165949 A1 WO2018165949 A1 WO 2018165949A1
Authority
WO
WIPO (PCT)
Prior art keywords
mask
des
msp
dynamic
random number
Prior art date
Application number
PCT/CN2017/076972
Other languages
French (fr)
Chinese (zh)
Inventor
宋孝亮
Original Assignee
深圳大趋智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大趋智能科技有限公司 filed Critical 深圳大趋智能科技有限公司
Priority to PCT/CN2017/076972 priority Critical patent/WO2018165949A1/en
Priority to CN201780000957.8A priority patent/CN107466453B/en
Publication of WO2018165949A1 publication Critical patent/WO2018165949A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]

Definitions

  • the present invention relates to the field of information security technologies, and in particular, to a method and apparatus for defending against DPA attacks by DES software.
  • the DES algorithm is a widely used symmetric encryption/decryption algorithm.
  • the DES algorithm changes a 64-bit plaintext input block into a 64-bit ciphertext output block. Its function is to re-enter the input 64-bit data block. Combine, and divide the output into two parts, L0 and R0, each part is 32 bits long, and the initial replacement is performed, that is, the ciphertext output is obtained.
  • the F functions of each round of the DES algorithm include extended permutation, XOR with key, S-box substitution, and P-box permutation.
  • the S box whose English name is Substitution-box, is the basic structure for the symmetric key algorithm to perform permutation calculations.
  • the S-box is used in the block cipher algorithm and is a non-linear structure.
  • the cipher strength directly determines the quality of the cipher algorithm.
  • the DES mask scheme is convenient for hardware implementation against DPA attacks, but in the hardware DES cryptographic device, the 8 S-box implementations of each round of operation in the DES coprocessor are parallel, and the output of each S-box is parallel. It accounts for 4 bits (l/8 length) after P replacement, so the effect on the energy of the S box output always exists regardless of the position after the P replacement. If the 6-bit subkey of an S box is used as the target, then the remaining 28 bits of the output result are noise except for the 4 bit output of the S box. In response to this weakness, there are now related high-level cracking methods.
  • the main object of the present invention is to provide a DES software anti-DPA attack method and apparatus, aiming at solving the problem that the DE S software is attacked by DPA high-order attacks.
  • the present invention provides a method for defending against DPA attacks by DES software, including
  • the IP is inversely permuted by the mask RX12 and the mask RXwork to obtain IjDES encrypted data.
  • the step of generating a dynamic mask MSP according to the mask SP is characterized in that,
  • a dynamic mask MSP is generated by the mask SP.
  • the obtaining the random number as the mask S, before the step of assigning the mask RX12 and the mask SP includes,
  • the IP is generated by a basic DES mask scheme.
  • the step of acquiring a random number as the mask S includes:
  • a 32-byte random number is obtained as the mask S.
  • the present invention also provides a device for preventing DPA attacks by DES software, including
  • obtaining an assignment unit configured to obtain a random number as a mask S, and assign the value of the mask S to the mask RX12 and the mask SP;
  • the first generating unit is configured to generate a dynamic mask MSP according to the mask SP;
  • an initial replacement unit configured to perform initial replacement on the IP using the mask RX12;
  • an arithmetic unit configured to perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP
  • an inverse permutation unit configured to perform inverse permutation of the IP by the mask RX12 and the mask RXwork to obtain DES encrypted data.
  • the first generating unit includes a production module, configured to generate a dynamic mask MSP by using a mask SP on the basis of the static masks SP1-SP8.
  • a second generating unit is further included, configured to generate an IP by using a basic DES masking scheme.
  • the acquisition and assignment unit includes an acquisition module, configured to acquire a 32-byte random number as Mask s.
  • the beneficial effects of the present invention are: based on the static masks SP1-SP8, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and can be realized for high Protection against DPA attacks.
  • FIG. 1 is a schematic flowchart of a method for preventing a DPA attack by a DES software according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for preventing a DPA attack by a DES software according to another embodiment of the present invention
  • FIG. 3 is a structural block diagram of an apparatus for preventing a DPA attack by a DES software according to an embodiment of the present invention.
  • first, second and the like in the present invention are used for the purpose of description only, and are not to be construed as indicating or implying their relative importance or implicitly indicating the number of technical features indicated.
  • features defining “first” and “second” may include at least one of the features, either explicitly or implicitly.
  • the technical solutions between the various embodiments may be combined with each other, but must be based on the realization of those skilled in the art, and when the combination of the technical solutions is contradictory or impossible to implement, it should be considered that the combination of the technical solutions does not exist. It is also within the scope of protection required by the present invention.
  • DES English full name: Data Encryption Standard
  • DES is a group symmetric cryptographic algorithm
  • DES algorithm changes 64-bit plaintext input block into 64-bit ciphertext output block
  • Its function is to recombine the input 64-bit data block in bits, and divide the output into two parts, L0 and R0. Each part is 32 bits long, and the initial replacement is performed, that is, the ciphertext output is obtained.
  • the F functions of each round of the DES algorithm include extended permutation, XOR with key, S-box substitution, and P-box permutation.
  • the S box is the basic structure of the symmetric key algorithm to perform permutation calculation.
  • the S-box is used in the block cipher algorithm and is a non-linear structure.
  • the cipher strength directly determines the quality of the cipher algorithm.
  • the present invention provides a method for defending against DPA attacks by a DES software, including the following steps:
  • [0045] 514 Perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP.
  • step S1 l a random number is obtained as the mask S, and the random number can be a 32-byte random number.
  • the value of the mask S is assigned to the mask RX12 and the mask SP.
  • the mask RX12 is required for subsequent calculations, such as the initial replacement of IP and the inverse of IP.
  • step S12 the dynamic mask MSP is generated according to the mask SP, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and the DES algorithm pair can be implemented. Protection against high-level DPA attacks improves the security of cryptographic devices.
  • the specific execution code of step S12 is as follows:
  • dynamicSPx[i][j] SPx[j A maskbits] A MSP[l].
  • step S13 the IP is initialized and replaced by the mask RX12, and the initialization is replaced by: the input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is 32 bits long. .
  • the mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm.
  • the specific execution code of step S13 is as follows:
  • step S14 16 rounds of the same calculation are performed by using the mask RX12, the mask S, and the dynamic mask MSP to ensure the complexity of the encryption, and 16 rounds of the same calculation can be performed by using the dynamic mask MSP to improve the DES algorithm pair.
  • the protection of high-order DPA attacks further improves the security of cryptographic devices.
  • step S15 finally, the IP processed by the above step is inversely replaced by the mask RX12 and the mask RXwork, and the final DES encrypted data can be obtained.
  • the execution code of step S15 is:
  • a DES software anti-DPA attack method based on the static mask SP1-SP8, generates a dynamic mask MSP through a mask SP, and performs 16 round operations through a dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.
  • a method for preventing a DPA attack by a DES software includes the following steps:
  • S20 Generate an IP by using a basic DES masking scheme.
  • S21 Obtain a 32-byte random number as the mask S, and assign the value of the mask S to the mask RX12 and the mask. Code SP.
  • step S20 the IP generation scheme is consistent with the basic DES mask scheme, which is simple and straightforward, and no additional design is required.
  • step S21 a random number is obtained as the mask S, and the random number is a 32-byte random number.
  • the value of the mask S is assigned to the mask RX12 and the mask SP, For subsequent calculations, such as the initial replacement of IP and the inverse of IP, the mask RX12 is required.
  • step S22 a dynamic mask MSP is generated according to the mask SP described above, and a dynamic mask MSP is generated by the mask SP on the basis of the static masks SP1-SP8, and then performed by the dynamic mask MSP.
  • the round operation is simple and effective, and the DES algorithm can be protected against high-order DPA attacks, and the security of the cryptographic device can be improved.
  • the specific execution code of step S22 is as follows:
  • dynamicSPx[i][j] SPx[j A maskbits] A MSP[l].
  • step S23 the IP is initialized and replaced by the mask RX12, and the initialization is replaced by: the input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is 32 bits long. .
  • the mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm.
  • the specific execution code of step S23 is as follows:
  • step S24 16 rounds of the same calculation are performed by using the mask RX12, the mask S, and the dynamic mask MSP to ensure the complexity of the encryption, and 16 rounds of the same calculation can be performed by using the dynamic mask MSP to improve the DES algorithm pair.
  • the protection of high-order DPA attacks further improves the security of cryptographic devices.
  • step S25 finally, the IP processed by the above step is processed by the mask RX12 and the mask RXwork. Inverse permutation, the final DES encrypted data can be obtained.
  • the execution code of step S25 is:
  • a DES software anti-DPA attack method based on the static mask SP1-SP8, generates a dynamic mask MSP through a mask SP, and performs 16 round operations through a dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.
  • the present invention also provides a device for preventing DPA attacks by DES software, including:
  • the second generating unit 10 is configured to generate an IP by using a basic DES masking scheme.
  • the obtaining value unit 20 is configured to obtain a random number as the mask S, and the value of the mask S is given to the mask RX1 2 and the mask SP.
  • the first generating unit 30 is configured to generate a dynamic mask MSP according to the mask SP.
  • an initial replacement unit 40 configured to perform initial replacement on the IP using the mask RX12;
  • the operation unit 50 is configured to perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP.
  • the inverse permutation unit 60 is configured to perform inverse permutation of the IP by using the mask RX12 and the mask RXwork to obtain DES encrypted data.
  • the IP generation scheme is consistent with the basic DES mask scheme, which is simple and straightforward, and no additional design is required.
  • a random number is obtained as the mask S, and the random number may be a 32-byte random number.
  • the value of the mask S is assigned to the mask RX12 and the mask. SP, for subsequent calculations, such as initial replacement of IP and inverse IP replacement, need to use mask RX12.
  • the acquisition assignment unit 20 includes an acquisition module for acquiring a 32-byte random number as the mask S.
  • the dynamic mask MSP is generated according to the mask SP, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and can implement DES.
  • the algorithm protects against high-order DPA attacks and improves the security of cryptographic devices.
  • First generating unit including There is a production module for generating a dynamic mask M SP by mask SP on the basis of static masks SP1-SP8.
  • the IP is initialized and replaced by the mask RX12, and the initialization is replaced by:
  • the input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is long. 3 2 digits.
  • the mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm.
  • the over-mask RX12, the mask S, and the dynamic mask MSP perform 16 rounds of the same calculation to ensure the complexity of encryption, and the same calculation can be performed by dynamic mask MSP for 16 rounds, and the DES algorithm can be improved. Protection against high-level DPA attacks further enhances the security of cryptographic devices.
  • the inverse permutation unit 60 finally obtains the final DES encrypted data by performing inverse permutation on the IP processed in the above step by using the mask RX12 and the mask RXwork.
  • a device for preventing DPA attacks by the DES software based on the static mask SP1-SP8, generates a dynamic mask MSP through the mask SP, and performs 16 round operations through the dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a DES software DPA attack prevention method and device, the method comprising: obtaining a random number to act as a mask S, and giving the value to masks RX12 and SP; generating a dynamic mask according to the mask SP; using the mask RX12 to perform initialisation replacement on an IP; using the masks RX12 and S and the dynamic mask to perform a 16-round operation; performing inverse replacement on the IP via the mask RX12 and a mask RXwork to obtain encrypted data. The present invention prevents higher order DPA attacks.

Description

DES软件防 DPA攻击的方法及装置 技术领域  Method and device for preventing DES software against DPA attack
[0001] 本发明涉及到信息安全技术领域, 特别是涉及到一种 DES软件防 DPA攻击的方 法及装置。  [0001] The present invention relates to the field of information security technologies, and in particular, to a method and apparatus for defending against DPA attacks by DES software.
背景技术  Background technique
[0002] DES算法是一种应用较广的对称加 /解密算法, DES算法将 64位的明文输入块变 化成 64位的密文输出块, 其功能是把输入的 64位数据块按位重新组合, 并把输 出分为 L0、 R0两部分, 每部分各长 32位, 进行初始置换, 即得密文输出。 其中 每一轮 DES算法的 F函数包括扩展置换、 与密钥的异或、 S盒代换和 P盒置换。 S 盒, 英文名称为 Substitution-box, 是对称密钥算法执行置换计算的基本结构。 S 盒用在分组密码算法中, 是非线性结构, 其密码强度直接决定了密码算法的好 坏。  [0002] The DES algorithm is a widely used symmetric encryption/decryption algorithm. The DES algorithm changes a 64-bit plaintext input block into a 64-bit ciphertext output block. Its function is to re-enter the input 64-bit data block. Combine, and divide the output into two parts, L0 and R0, each part is 32 bits long, and the initial replacement is performed, that is, the ciphertext output is obtained. The F functions of each round of the DES algorithm include extended permutation, XOR with key, S-box substitution, and P-box permutation. The S box, whose English name is Substitution-box, is the basic structure for the symmetric key algorithm to perform permutation calculations. The S-box is used in the block cipher algorithm and is a non-linear structure. The cipher strength directly determines the quality of the cipher algorithm.
[0003] 随着金融 P0S终端的安全要求越来越高, 作为金融 P0S终端采用的重要的加密 算法 DES对 DPA攻击的防护要求也越来越高。 采用掩码算法的密码算法仍然可以 用高阶 DPA进行攻击, 为了防护高阶 DPA攻击, 需要对 S盒算法进行改造, 使得 改造后的算法可以防护高级 DPA攻击。  [0003] With the increasing security requirements of financial P0S terminals, the important encryption algorithm used by financial P0S terminals is more and more effective in protecting DPA attacks. The cryptographic algorithm using the mask algorithm can still be attacked by high-order DPA. In order to protect against high-order DPA attacks, the S-box algorithm needs to be modified, so that the modified algorithm can protect against advanced DPA attacks.
[0004] 当前, DES掩码方案进行防 DPA攻击用硬件实现方便, 但是在硬件 DES密码设 备中, DES协处理器中每轮运算的 8个 S盒实现是并行的, 每个 S盒的输出占 P置 换后的 4bit(l/8长度), 因此不管 S盒输出在 P置换后位置如何变化, 其对能量的影 响是始终存在的。 如果以一个 S盒的 6bit子密钥作为攻击目标, 那么在 P置换输出 结果中除了改 S盒的 4bit输出外, 其余 28bit输出结果都是噪声。 针对此弱点, 现 在已有相关高阶破解方法。  [0004] Currently, the DES mask scheme is convenient for hardware implementation against DPA attacks, but in the hardware DES cryptographic device, the 8 S-box implementations of each round of operation in the DES coprocessor are parallel, and the output of each S-box is parallel. It accounts for 4 bits (l/8 length) after P replacement, so the effect on the energy of the S box output always exists regardless of the position after the P replacement. If the 6-bit subkey of an S box is used as the target, then the remaining 28 bits of the output result are noise except for the 4 bit output of the S box. In response to this weakness, there are now related high-level cracking methods.
技术问题  technical problem
[0005] 本发明的主要目的为提供一种 DES软件防 DPA攻击的方法及装置, 旨在解决 DE S软件被 DPA高阶攻击的问题。  [0005] The main object of the present invention is to provide a DES software anti-DPA attack method and apparatus, aiming at solving the problem that the DE S software is attacked by DPA high-order attacks.
问题的解决方案 技术解决方案 Problem solution Technical solution
[0006] 本发明提出一种 DES软件防 DPA攻击的方法, 包括,  [0006] The present invention provides a method for defending against DPA attacks by DES software, including
[0007] 获取随机数作为掩码 S, 同吋将掩码 S的值赋予掩码 RX12和掩码 SP;  [0007] Obtain a random number as the mask S, and assign the value of the mask S to the mask RX12 and the mask SP;
[0008] 根据掩码 SP生成动态掩码 MSP;  [0008] generating a dynamic mask MSP according to the mask SP;
[0009] 使用掩码 RX12对 IP进行初始化置换;  [0009] Initializing and replacing IP using mask RX12;
[0010] 使用掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的运算;  [0010] performing 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP;
[0011] 通过掩码 RX12和掩码 RXwork对 IP进行逆置换得至 IjDES加密数据。  [0011] The IP is inversely permuted by the mask RX12 and the mask RXwork to obtain IjDES encrypted data.
[0012] 进一步地, 所述根据掩码 SP生成动态掩码 MSP的步骤, 其特征在于, 包括, [0012] Further, the step of generating a dynamic mask MSP according to the mask SP is characterized in that,
[0013] 在静态的掩码 SP1-SP8的基础上, 通过掩码 SP生成动态掩码 MSP。 [0013] Based on the static masks SP1-SP8, a dynamic mask MSP is generated by the mask SP.
[0014] 进一步地, 所述获取随机数作为掩码 S, 同吋赋予掩码 RX12和掩码 SP的步骤之 前, 包括,  [0014] Further, the obtaining the random number as the mask S, before the step of assigning the mask RX12 and the mask SP, includes,
[0015] 通过基础 DES掩码方案生成 IP。  [0015] The IP is generated by a basic DES mask scheme.
[0016] 进一步地, 所述获取随机数作为掩码 S的步骤, 包括,  [0016] Further, the step of acquiring a random number as the mask S includes:
[0017] 获取 32个字节的随机数作为掩码 S。  [0017] A 32-byte random number is obtained as the mask S.
[0018]  [0018]
[0019] 本发明还提出了一种 DES软件防 DPA攻击的装置, 包括,  [0019] The present invention also provides a device for preventing DPA attacks by DES software, including
[0020] 获取赋值单元, 用于获取随机数作为掩码 S, 同吋将掩码 S的值赋予掩码 RX12 和掩码 SP;  [0020] obtaining an assignment unit, configured to obtain a random number as a mask S, and assign the value of the mask S to the mask RX12 and the mask SP;
[0021] 第一生成单元, 用于根据掩码 SP生成动态掩码 MSP;  [0021] The first generating unit is configured to generate a dynamic mask MSP according to the mask SP;
[0022] 初始置换单元, 用于使用掩码 RX12对 IP进行初始化置换;  [0022] an initial replacement unit, configured to perform initial replacement on the IP using the mask RX12;
[0023] 运算单元, 用于使用掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的运算  [0023] an arithmetic unit, configured to perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP
[0024] 逆置换单元, 用于通过掩码 RX12和掩码 RXwork对 IP进行逆置换得到 DES加密 数据。 [0024] an inverse permutation unit, configured to perform inverse permutation of the IP by the mask RX12 and the mask RXwork to obtain DES encrypted data.
[0025] 进一步地, 所述第一生成单元包括有生产模块, 用于在静态的掩码 SP1-SP8的 基础上, 通过掩码 SP生成动态掩码 MSP。  [0025] Further, the first generating unit includes a production module, configured to generate a dynamic mask MSP by using a mask SP on the basis of the static masks SP1-SP8.
[0026] 进一步地, 还包括有第二生成单元, 用于通过基础 DES掩码方案生成 IP。 [0026] Further, a second generating unit is further included, configured to generate an IP by using a basic DES masking scheme.
[0027] 进一步地, 所述获取赋值单元包括获取模块, 用于获取 32个字节的随机数作为 掩码 s。 [0027] Further, the acquisition and assignment unit includes an acquisition module, configured to acquire a 32-byte random number as Mask s.
发明的有益效果  Advantageous effects of the invention
有益效果  Beneficial effect
[0028] 本发明的有益效果是: 在静态的掩码 SP1-SP8的基础上, 通过掩码 SP生成动态 掩码 MSP, 再通过动态掩码 MSP进行 16轮运算, 简单有效, 可以实现对于高阶 D PA攻击的防护。  [0028] The beneficial effects of the present invention are: based on the static masks SP1-SP8, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and can be realized for high Protection against DPA attacks.
对附图的简要说明  Brief description of the drawing
附图说明  DRAWINGS
[0029] 图 1为本发明一实施例的 DES软件防 DPA攻击的方法的流程示意图;  1 is a schematic flowchart of a method for preventing a DPA attack by a DES software according to an embodiment of the present invention;
[0030] 图 2为本发明另一实施例的 DES软件防 DPA攻击的方法的流程示意图; 2 is a schematic flowchart of a method for preventing a DPA attack by a DES software according to another embodiment of the present invention;
[0031] 图 3为本发明一实施例的 DES软件防 DPA攻击的装置的结构框图。 3 is a structural block diagram of an apparatus for preventing a DPA attack by a DES software according to an embodiment of the present invention.
[0032] [0032]
[0033] 本发明目的的实现、 功能特点及优点将结合实施例, 参照附图做进一步说明。  [0033] The implementation, functional features, and advantages of the present invention will be further described with reference to the accompanying drawings.
实施该发明的最佳实施例  BEST MODE FOR CARRYING OUT THE INVENTION
本发明的最佳实施方式  BEST MODE FOR CARRYING OUT THE INVENTION
[0034] 应当理解, 此处所描述的具体实施例仅仅用以解释本发明, 并不用于限定本发 明。 The specific embodiments described herein are intended to be illustrative only and not to limit the invention.
[0035] 在本发明中涉及"第一"、 "第二"等的描述仅用于描述目的, 而不能理解为指示 或暗示其相对重要性或者隐含指明所指示的技术特征的数量。 由此, 限定有 "第 一"、 "第二 "的特征可以明示或者隐含地包括至少一个该特征。 另外, 各个实施 例之间的技术方案可以相互结合, 但是必须是以本领域普通技术人员能够实现 为基础, 当技术方案的结合出现相互矛盾或无法实现吋应当认为这种技术方案 的结合不存在, 也不在本发明要求的保护范围之内。  The descriptions of "first", "second" and the like in the present invention are used for the purpose of description only, and are not to be construed as indicating or implying their relative importance or implicitly indicating the number of technical features indicated. Thus, features defining "first" and "second" may include at least one of the features, either explicitly or implicitly. In addition, the technical solutions between the various embodiments may be combined with each other, but must be based on the realization of those skilled in the art, and when the combination of the technical solutions is contradictory or impossible to implement, it should be considered that the combination of the technical solutions does not exist. It is also within the scope of protection required by the present invention.
[0036] 本技术领域技术人员可以理解, 除非特意声明, 这里使用的单数形式"一"、 " 一个"、 "所述 "和"该"也可包括复数形式。 应该进一步理解的是, 本实用新型的 说明书中使用的措辞"包括"是指存在所述特征、 整数、 步骤、 操作、 元件和 /或 组件, 但是并不排除存在或添加一个或多个其他特征、 整数、 步骤、 操作、 元 件、 组件和 /或它们的组。 这里使用的措辞"和 /或"包括一个或更多个相关联的列 出项的全部或任一单元和全部组合。 [0036] The singular forms "a", "an", "the" It will be further understood that the phrase "comprising", used in the <RTI ID=0.0></RTI><RTIgt;</RTI><RTIgt;</RTI> the meaning of the present invention means that the features, integers, steps, operations, components and/or components are present, but one or more other features are not excluded or added. , integer, step, operation, element Pieces, components, and/or their groups. The phrase "and/or" used herein includes all or any of the elements and all combinations of one or more of the associated listed.
[0037] 本技术领域技术人员可以理解, 除非另外定义, 这里使用的所有术语 (包括技 术术语和科学术语) , 具有与本实用新型所属领域中的普通技术人员的一般理 解相同的意义。 还应该理解的是, 诸如通用字典中定义的那些术语, 应该被理 解为具有与现有技术的上下文中的意义一致的意义, 并且除非像这里一样被特 定定义, 否则不会用理想化或过于正式的含义来解释。  [0037] Those skilled in the art will understand that all terms (including technical and scientific terms) used herein have the same meaning as the ordinary meanings of the ordinary skill in the art to which the present invention belongs, unless otherwise defined. It should also be understood that terms such as those defined in a general dictionary should be understood to have meaning consistent with the meaning in the context of the prior art, and will not be idealized or excessive unless specifically defined as here. The formal meaning is explained.
[0038] DES, 英文全称: Data Encryption Standard, 是分组对称密码算法, 是一种应 用较广的对称加 /解密算法, DES算法将 64位的明文输入块变化成 64位的密文输 出块, 其功能是把输入的 64位数据块按位重新组合, 并把输出分为 L0、 R0两部 分, 每部分各长 32位, 进行初始置换, 即得密文输出。 其中每一轮 DES算法的 F 函数包括扩展置换、 与密钥的异或、 S盒代换和 P盒置换。  [0038] DES, English full name: Data Encryption Standard, is a group symmetric cryptographic algorithm, is a widely used symmetric encryption/decryption algorithm, DES algorithm changes 64-bit plaintext input block into 64-bit ciphertext output block, Its function is to recombine the input 64-bit data block in bits, and divide the output into two parts, L0 and R0. Each part is 32 bits long, and the initial replacement is performed, that is, the ciphertext output is obtained. The F functions of each round of the DES algorithm include extended permutation, XOR with key, S-box substitution, and P-box permutation.
[0039] S盒, 英文名称为 Substitution-box, 是对称密钥算法执行置换计算的基本结构。  [0039] The S box, the English name is Substitution-box, is the basic structure of the symmetric key algorithm to perform permutation calculation.
S盒用在分组密码算法中, 是非线性结构, 其密码强度直接决定了密码算法的好 坏。  The S-box is used in the block cipher algorithm and is a non-linear structure. The cipher strength directly determines the quality of the cipher algorithm.
[0040]  [0040]
[0041] 参照图 1, 提出本发明一实施例, 本发明提出一种 DES软件防 DPA攻击的方法 , 包括以下步骤: [0041] Referring to FIG. 1, an embodiment of the present invention is provided. The present invention provides a method for defending against DPA attacks by a DES software, including the following steps:
[0042] 511、 获取随机数作为掩码 S, 同吋将掩码 S的值赋予掩码 RX12和掩码 SP。  [0042] 511. Obtain a random number as the mask S, and assign the value of the mask S to the mask RX12 and the mask SP.
[0043] 512、 根据掩码 SP生成动态掩码 MSP。 [0043] 512. Generate a dynamic mask MSP according to the mask SP.
[0044] 513、 使用掩码 RX12对 IP进行初始化置换。 [0044] 513. Initialize the IP by using the mask RX12.
[0045] 514、 使用掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的运算。 [0045] 514. Perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP.
[0046] 515、 通过掩码 RX12和掩码 RXwork对 IP进行逆置换得到 DES加密数据。 [0046] 515. Perform inverse multiplexing on the IP through the mask RX12 and the mask RXwork to obtain DES encrypted data.
[0047] 对于步骤 Sl l, 获取一个随机数作为掩码 S, 随机数可以为 32个字节的随机数, 掩码 S的值之后, 将掩码 S的值赋予掩码 RX12和掩码 SP, 以用于后续的计算, 例 如对 IP的初始置换和对 IP逆置换都需要用到掩码 RX12。 [0047] For step S1 l, a random number is obtained as the mask S, and the random number can be a 32-byte random number. After the value of the mask S, the value of the mask S is assigned to the mask RX12 and the mask SP. For subsequent calculations, such as the initial replacement of IP and the inverse of IP, the mask RX12 is required.
[0048] 对于步骤 S12, 根据上述的掩码 SP, 生成动态掩码 MSP, 通过掩码 SP生成动态 掩码 MSP, 再通过动态掩码 MSP进行 16轮运算, 简单有效, 可以实现 DES算法对 于高阶 DPA攻击的防护, 提高密码设备的安全性。 在本发明一具体实施例中, 步骤 S12具体的执行代码如下: [0048] For the step S12, the dynamic mask MSP is generated according to the mask SP, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and the DES algorithm pair can be implemented. Protection against high-level DPA attacks improves the security of cryptographic devices. In a specific embodiment of the present invention, the specific execution code of step S12 is as follows:
[0049] maskbits = (MSP[0]»24)&0x3F; [0049] maskbits = (MSP[0]»24)&0x3F;
[0050] dynamicSPx[i][j] = SPx[jAmaskbits]AMSP[l]。 [0050] dynamicSPx[i][j] = SPx[j A maskbits] A MSP[l].
[0051] 对于步骤 S13, 利用掩码 RX12, 对 IP进行初始化置换, 初始化置换为: 输入的 64位数据块按位重新组合, 并把输出分为 L0、 R0两部分, 每部分各长 32位。 在 对 IP进行初始化置换的过程中加入掩码 RX12, 提高 DES算法的安全性。 在本发 明一具体实施例中, 步骤 S13具体的执行代码如下:  [0051] For step S13, the IP is initialized and replaced by the mask RX12, and the initialization is replaced by: the input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is 32 bits long. . The mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm. In a specific embodiment of the present invention, the specific execution code of step S13 is as follows:
[0052] leftt= block[0];  [0052] leftt=block[0];
[0053] right= block[l];  Right=block[l];
[0054] lefttA= RX12[0]; Leftt A = RX12[0];
[0055] rightA= RX12[l]; Right A = RX12[l];
[0056] 对于步骤 S14, 通过掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的计算 , 确保加密的复杂度, 通过动态掩码 MSP进行 16轮相同的计算可以, 提高 DES算 法对高阶 DPA攻击的防护, 进一步提高密码设备的安全性。  [0056] For step S14, 16 rounds of the same calculation are performed by using the mask RX12, the mask S, and the dynamic mask MSP to ensure the complexity of the encryption, and 16 rounds of the same calculation can be performed by using the dynamic mask MSP to improve the DES algorithm pair. The protection of high-order DPA attacks further improves the security of cryptographic devices.
[0057] 对于步骤 S 15, 最终, 通过掩码 RX12和掩码 RXwork对上述步骤处理后的 IP进 行逆置换, 可以得到最终的 DES加密数据。 在本发明一实施例中, 步骤 S15的执 行代码为:  [0057] For step S15, finally, the IP processed by the above step is inversely replaced by the mask RX12 and the mask RXwork, and the final DES encrypted data can be obtained. In an embodiment of the invention, the execution code of step S15 is:
[0058] lefttA= RX12[0]; Leftt A = RX12[0];
[0059] rightA= RX12[l]; Right A = RX12[l];
[0060] workA= RXwork; [0060] work A = RXwork;
[0061] 一种 DES软件防 DPA攻击的方法, 在静态的掩码 SP1-SP8的基础上, 通过掩码 S P生成动态掩码 MSP, 再通过动态掩码 MSP进行 16轮运算, 简单有效, 可以实现 对于高阶 DPA攻击的防护。  [0061] A DES software anti-DPA attack method, based on the static mask SP1-SP8, generates a dynamic mask MSP through a mask SP, and performs 16 round operations through a dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.
[0062]  [0062]
[0063] 本发明另一实施例中, 一种 DES软件防 DPA攻击的方法, 包括以下步骤:  [0063] In another embodiment of the present invention, a method for preventing a DPA attack by a DES software includes the following steps:
[0064] S20、 通过基础 DES掩码方案生成 IP。 [0064] S20. Generate an IP by using a basic DES masking scheme.
[0065] S21、 获取 32个字节的随机数作为掩码 S, 同吋将掩码 S的值赋予掩码 RX12和掩 码 SP。 [0065] S21: Obtain a 32-byte random number as the mask S, and assign the value of the mask S to the mask RX12 and the mask. Code SP.
[0066] S22、 在静态的掩码 SP1-SP8的基础上, 通过掩码 SP生成动态掩码 MSP。  [0066] S22. Generate a dynamic mask MSP by using a mask SP on the basis of the static masks SP1-SP8.
[0067] S23、 使用掩码 RX12对 IP进行初始化置换。 [0067] S23: Initializing and replacing the IP by using the mask RX12.
[0068] S24、 使用掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的运算。  [0068] S24. Perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP.
[0069] S25、 通过掩码 RX12和掩码 RXwork对 IP进行逆置换得到 DES加密数据。 [0069] S25. Perform inverse multiplexing on the IP through the mask RX12 and the mask RXwork to obtain DES encrypted data.
[0070] 对于步骤 S20, IP的生成方案与基础的 DES掩码方案一致, 简单直接, 无需再 进行额外的设计。 [0070] For step S20, the IP generation scheme is consistent with the basic DES mask scheme, which is simple and straightforward, and no additional design is required.
[0071] 对于步骤 S21, 获取一个随机数作为掩码 S, 随机数为 32个字节的随机数, 掩码 S的值之后, 将掩码 S的值赋予掩码 RX12和掩码 SP, 以用于后续的计算, 例如对 I P的初始置换和对 IP逆置换都需要用到掩码 RX12。  [0071] For step S21, a random number is obtained as the mask S, and the random number is a 32-byte random number. After the value of the mask S, the value of the mask S is assigned to the mask RX12 and the mask SP, For subsequent calculations, such as the initial replacement of IP and the inverse of IP, the mask RX12 is required.
[0072] 对于步骤 S22, 根据上述的掩码 SP, 生成动态掩码 MSP, 在静态的掩码 SP1-SP8 的基础上, 通过掩码 SP生成动态掩码 MSP, 再通过动态掩码 MSP进行 16轮运算 , 简单有效, 可以实现 DES算法对于高阶 DPA攻击的防护, 提高密码设备的安全 性。 在本发明一实施例中, 步骤 S22具体的执行代码如下:  [0072] For step S22, a dynamic mask MSP is generated according to the mask SP described above, and a dynamic mask MSP is generated by the mask SP on the basis of the static masks SP1-SP8, and then performed by the dynamic mask MSP. The round operation is simple and effective, and the DES algorithm can be protected against high-order DPA attacks, and the security of the cryptographic device can be improved. In an embodiment of the present invention, the specific execution code of step S22 is as follows:
[0073] maskbits = (MSP[0]»24)&0x3F;  [0073] maskbits = (MSP[0]»24)&0x3F;
[0074] dynamicSPx[i][j] = SPx[jAmaskbits]AMSP[l]。 [0074] dynamicSPx[i][j] = SPx[j A maskbits] A MSP[l].
[0075] 对于步骤 S23, 利用掩码 RX12, 对 IP进行初始化置换, 初始化置换为: 输入的 64位数据块按位重新组合, 并把输出分为 L0、 R0两部分, 每部分各长 32位。 在 对 IP进行初始化置换的过程中加入掩码 RX12, 提高 DES算法的安全性。 在本发 明一具体实施例中, 步骤 S23具体的执行代码如下:  [0075] For step S23, the IP is initialized and replaced by the mask RX12, and the initialization is replaced by: the input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is 32 bits long. . The mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm. In a specific embodiment of the present invention, the specific execution code of step S23 is as follows:
[0076] leftt= block[0];  [0076] leftt=block[0];
[0077] right= block[l];  Right=block[l];
[0078] lefttA= RX12[0]; Leftt A = RX12[0];
[0079] rightA= RX12[l]; Right A = RX12[l];
[0080] 对于步骤 S24, 通过掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的计算 , 确保加密的复杂度, 通过动态掩码 MSP进行 16轮相同的计算可以, 提高 DES算 法对高阶 DPA攻击的防护, 进一步提高密码设备的安全性。  [0080] For step S24, 16 rounds of the same calculation are performed by using the mask RX12, the mask S, and the dynamic mask MSP to ensure the complexity of the encryption, and 16 rounds of the same calculation can be performed by using the dynamic mask MSP to improve the DES algorithm pair. The protection of high-order DPA attacks further improves the security of cryptographic devices.
[0081] 对于步骤 S25, 最终, 通过掩码 RX12和掩码 RXwork对上述步骤处理后的 IP进 行逆置换, 可以得到最终的 DES加密数据。 在本发明一具体实施例中, 步骤 S25 的执行代码为: [0081] For step S25, finally, the IP processed by the above step is processed by the mask RX12 and the mask RXwork. Inverse permutation, the final DES encrypted data can be obtained. In a specific embodiment of the present invention, the execution code of step S25 is:
[0082] lefttA= RX12[0]; Leftt A = RX12[0];
[0083] rightA= RX12[l]; Right A = RX12[l];
[0084] workA= RXwork; [0084] work A = RXwork;
[0085] 一种 DES软件防 DPA攻击的方法, 在静态的掩码 SP1-SP8的基础上, 通过掩码 S P生成动态掩码 MSP, 再通过动态掩码 MSP进行 16轮运算, 简单有效, 可以实现 对于高阶 DPA攻击的防护。 [0085] A DES software anti-DPA attack method, based on the static mask SP1-SP8, generates a dynamic mask MSP through a mask SP, and performs 16 round operations through a dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.
[0086]  [0086]
[0087] 本发明还提出了一种 DES软件防 DPA攻击的装置, 包括: [0087] The present invention also provides a device for preventing DPA attacks by DES software, including:
[0088] 第二生成单元 10, 用于通过基础 DES掩码方案生成 IP。 [0088] The second generating unit 10 is configured to generate an IP by using a basic DES masking scheme.
[0089] 获取赋值单元 20, 用于获取随机数作为掩码 S, 同吋将掩码 S的值赋予掩码 RX1 2和掩码 SP。 [0089] The obtaining value unit 20 is configured to obtain a random number as the mask S, and the value of the mask S is given to the mask RX1 2 and the mask SP.
[0090] 第一生成单元 30, 用于根据掩码 SP生成动态掩码 MSP。  [0090] The first generating unit 30 is configured to generate a dynamic mask MSP according to the mask SP.
[0091] 初始置换单元 40, 用于使用掩码 RX12对 IP进行初始化置换; [0091] an initial replacement unit 40, configured to perform initial replacement on the IP using the mask RX12;
[0092] 运算单元 50, 用于使用掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的运 算。 [0092] The operation unit 50 is configured to perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP.
[0093] 逆置换单元 60, 用于通过掩码 RX12和掩码 RXwork对 IP进行逆置换得到 DES加 密数据。  [0093] The inverse permutation unit 60 is configured to perform inverse permutation of the IP by using the mask RX12 and the mask RXwork to obtain DES encrypted data.
[0094] 对于第二生成单元 10, IP的生成方案与基础的 DES掩码方案一致, 简单直接, 无需再进行额外的设计。  [0094] For the second generation unit 10, the IP generation scheme is consistent with the basic DES mask scheme, which is simple and straightforward, and no additional design is required.
[0095] 对于获取赋值单元 20, 获取一个随机数作为掩码 S, 随机数可以为 32个字节的 随机数, 掩码 S的值之后, 将掩码 S的值赋予掩码 RX12和掩码 SP, 以用于后续的 计算, 例如对 IP的初始置换和对 IP逆置换都需要用到掩码 RX12。  [0095] For the acquisition assignment unit 20, a random number is obtained as the mask S, and the random number may be a 32-byte random number. After the value of the mask S, the value of the mask S is assigned to the mask RX12 and the mask. SP, for subsequent calculations, such as initial replacement of IP and inverse IP replacement, need to use mask RX12.
[0096] 获取赋值单元 20包括获取模块, 用于获取 32个字节的随机数作为掩码 S。  [0096] The acquisition assignment unit 20 includes an acquisition module for acquiring a 32-byte random number as the mask S.
[0097] 对于第一生成单元 30, 根据上述的掩码 SP, 生成动态掩码 MSP, 通过掩码 SP生 成动态掩码 MSP, 再通过动态掩码 MSP进行 16轮运算, 简单有效, 可以实现 DES 算法对于高阶 DPA攻击的防护, 提高密码设备的安全性。 第一生成单元, 包括 有生产模块, 用于在静态的掩码 SP1-SP8的基础上, 通过掩码 SP生成动态掩码 M SP。 [0097] For the first generating unit 30, the dynamic mask MSP is generated according to the mask SP, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and can implement DES. The algorithm protects against high-order DPA attacks and improves the security of cryptographic devices. First generating unit, including There is a production module for generating a dynamic mask M SP by mask SP on the basis of static masks SP1-SP8.
[0098] 对于初始置换单元 40, 利用掩码 RX12, 对 IP进行初始化置换, 初始化置换为 : 输入的 64位数据块按位重新组合, 并把输出分为 L0、 R0两部分, 每部分各长 3 2位。 在对 IP进行初始化置换的过程中加入掩码 RX12, 提高 DES算法的安全性。  [0098] For the initial replacement unit 40, the IP is initialized and replaced by the mask RX12, and the initialization is replaced by: The input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is long. 3 2 digits. The mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm.
[0099] 对于运算单元 50, 过掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的计算 , 确保加密的复杂度, 通过动态掩码 MSP进行 16轮相同的计算可以, 提高 DES算 法对高阶 DPA攻击的防护, 进一步提高密码设备的安全性。  [0099] For the operation unit 50, the over-mask RX12, the mask S, and the dynamic mask MSP perform 16 rounds of the same calculation to ensure the complexity of encryption, and the same calculation can be performed by dynamic mask MSP for 16 rounds, and the DES algorithm can be improved. Protection against high-level DPA attacks further enhances the security of cryptographic devices.
[0100] 逆置换单元 60, 最终, 通过掩码 RX12和掩码 RXwork对上述步骤处理后的 IP进 行逆置换, 可以得到最终的 DES加密数据。  [0100] The inverse permutation unit 60 finally obtains the final DES encrypted data by performing inverse permutation on the IP processed in the above step by using the mask RX12 and the mask RXwork.
[0101] 一种 DES软件防 DPA攻击的装置, 在静态的掩码 SP1-SP8的基础上, 通过掩码 S P生成动态掩码 MSP, 再通过动态掩码 MSP进行 16轮运算, 简单有效, 可以实现 对于高阶 DPA攻击的防护。  [0101] A device for preventing DPA attacks by the DES software, based on the static mask SP1-SP8, generates a dynamic mask MSP through the mask SP, and performs 16 round operations through the dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.
[0102]  [0102]
[0103] 以上所述仅为本发明的优选实施例, 并非因此限制本发明的专利范围, 凡是利 用本发明说明书及附图内容所作的等效结构或等效流程变换, 或直接或间接运 用在其他相关的技术领域, 均同理包括在本发明的专利保护范围内。  The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the invention and the drawings are used directly or indirectly. Other related technical fields are equally included in the scope of patent protection of the present invention.

Claims

权利要求书 Claim
一种 DES软件防 DPA攻击的方法, 其特征在于, 包括, A method for preventing a DPA attack by a DES software, characterized in that,
获取随机数作为掩码 S, 同吋将掩码 S的值赋予掩码 RX12和掩码 SP; 根据掩码 SP生成动态掩码 MSP; Obtain a random number as the mask S, and assign the value of the mask S to the mask RX12 and the mask SP; generate a dynamic mask MSP according to the mask SP;
使用掩码 RX12对 IP进行初始化置换; Use the mask RX12 to initialize the IP;
使用掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相同的运算; 通过掩码 RX12和掩码 RXwork对 IP进行逆置换得到 DES加密数据。 如权利要求 1所述的 DES软件防 DPA攻击的方法, 其特征在于, 所述 根据掩码 SP生成动态 MSP的步骤, 其特征在于, 包括, The same operation is performed for 16 rounds using the mask RX12, the mask S, and the dynamic mask MSP; the DES encrypted data is obtained by inversely transposing the IP through the mask RX12 and the mask RXwork. The method for preventing a DPA attack by the DES software according to claim 1, wherein the step of generating a dynamic MSP according to the mask SP is characterized in that:
在静态的掩码 SP1-SP8的基础上, 通过掩码 SP生成动态掩码 MSP。 如权利要求 1所述的 DES软件防 DPA攻击的方法, 其特征在于, 所述 获取随机数作为掩码 S, 同吋赋予掩码 RX12和掩码 SP的步骤之前, 包 括, Based on the static mask SP1-SP8, the dynamic mask MSP is generated by the mask SP. The method for preventing a DPA attack by the DES software according to claim 1, wherein the obtaining the random number as the mask S, before the step of assigning the mask RX12 and the mask SP, includes,
通过基础 DES掩码方案生成 IP。 The IP is generated by the basic DES mask scheme.
如权利要求 1所述的 DES软件防 DPA攻击的方法, 其特征在于, 所述 获取随机数作为掩码 S的步骤, 包括, The method for preventing a DPA attack by the DES software according to claim 1, wherein the step of acquiring a random number as the mask S includes:
获取 32个字节的随机数作为掩码 S。 Obtain a 32-byte random number as the mask S.
一种 DES软件防 DPA攻击的装置, 其特征在于, 包括, A device for preventing DPA attacks by a DES software, characterized in that,
获取赋值单元, 用于获取随机数作为掩码 S, 同吋将掩码 S的值赋予 掩码 RX12和掩码 SP; Obtaining an assignment unit for obtaining a random number as a mask S, and assigning the value of the mask S to the mask RX12 and the mask SP;
第一生成单元, 用于根据掩码 SP生成动态掩码 MSP; a first generating unit, configured to generate a dynamic mask MSP according to the mask SP;
初始置换单元, 用于使用掩码 RX12对 IP进行初始化置换; 运算单元, 用于使用掩码 RX12、 掩码 S以及动态掩码 MSP进行 16轮相 同的运算; An initial permutation unit for initializing and replacing IP using a mask RX12; and an arithmetic unit for performing 16 rounds of the same operation using a mask RX12, a mask S, and a dynamic mask MSP;
逆置换单元, 用于通过掩码 RX12和掩码 RXwork对 IP进行逆置换得到 DES加密数据。 The inverse permutation unit is configured to inversely replace the IP by using the mask RX12 and the mask RXwork to obtain the DES encrypted data.
如权利要求 5所述的 DES软件防 DPA攻击的装置, 其特征在于, 所述 第一生成单元包括有生产模块, 用于在静态的掩码 SP1-SP8的基础上 , 通过掩码 SP生成动态掩码 MSP。 The device for preventing DPA attacks by the DES software according to claim 5, wherein the first generating unit comprises a production module for using on a static mask SP1-SP8 , Generate a dynamic mask MSP by mask SP.
[权利要求 7] 如权利要求 5所述的 DES软件防 DPA攻击的装置, 其特征在于, 还包 括有第二生成单元, 用于通过基础 DES掩码方案生成 IP。 The apparatus for preventing DPA attacks by the DES software according to claim 5, further comprising a second generating unit, configured to generate an IP by using a basic DES masking scheme.
[权利要求 8] 如权利要求 5所述的 DES软件防 DPA攻击的装置, 其特征在于, 所述 获取赋值单元包括获取模块, 用于获取 32个字节的随机数作为掩码 S The apparatus for preventing DPA attacks by the DES software according to claim 5, wherein the obtaining and assigning unit comprises an obtaining module, configured to acquire a 32-byte random number as a mask S.
PCT/CN2017/076972 2017-03-16 2017-03-16 Des software dpa attack prevention method and device WO2018165949A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/076972 WO2018165949A1 (en) 2017-03-16 2017-03-16 Des software dpa attack prevention method and device
CN201780000957.8A CN107466453B (en) 2017-03-16 2017-03-16 Method and device for preventing DPA attack of DES software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/076972 WO2018165949A1 (en) 2017-03-16 2017-03-16 Des software dpa attack prevention method and device

Publications (1)

Publication Number Publication Date
WO2018165949A1 true WO2018165949A1 (en) 2018-09-20

Family

ID=60554257

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/076972 WO2018165949A1 (en) 2017-03-16 2017-03-16 Des software dpa attack prevention method and device

Country Status (2)

Country Link
CN (1) CN107466453B (en)
WO (1) WO2018165949A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109165531B (en) * 2018-09-11 2020-04-07 网御安全技术(深圳)有限公司 AES mask method, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1798888A1 (en) * 2005-12-19 2007-06-20 St Microelectronics S.A. DES-algorithm execution protection
CN103067155A (en) * 2012-12-27 2013-04-24 东南大学 Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN103905462A (en) * 2014-04-16 2014-07-02 深圳国微技术有限公司 Encryption processing device and method capable of defending differential power analysis attack

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2967322B1 (en) * 2010-11-08 2012-12-28 Morpho PROTECTION AGAINST PASSIVE OCCURS
CN103888245A (en) * 2012-12-20 2014-06-25 北京握奇数据系统有限公司 S box randomized method and system for smart card
CN104125061A (en) * 2014-08-12 2014-10-29 昆腾微电子股份有限公司 RSA encryption algorithm based attack defending method applied to electronic component
CN104618094B (en) * 2015-01-28 2015-12-30 山东华翼微电子技术股份有限公司 A kind of password Mask method strengthening anti-attack ability

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1798888A1 (en) * 2005-12-19 2007-06-20 St Microelectronics S.A. DES-algorithm execution protection
CN103067155A (en) * 2012-12-27 2013-04-24 东南大学 Method and test circuit for preventing data encryption algorithm (DES) attack based on power analysis
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN103905462A (en) * 2014-04-16 2014-07-02 深圳国微技术有限公司 Encryption processing device and method capable of defending differential power analysis attack

Also Published As

Publication number Publication date
CN107466453B (en) 2020-11-24
CN107466453A (en) 2017-12-12

Similar Documents

Publication Publication Date Title
Nir et al. ChaCha20 and Poly1305 for IETF Protocols
KR101345083B1 (en) Encryption protection method
Akkar et al. An implementation of DES and AES, secure against some attacks
JP7076482B2 (en) How to secure cryptographic processes with SBOX from higher-order side-channel attacks
JP2015158665A (en) Variable-length block encrypting device and method for form storage encryption
JPWO2008010441A1 (en) Cryptographic apparatus, program and method
CN111555862A (en) White-box AES implementation method of random redundancy round function based on mask protection
Teh et al. A Chaos‐Based Authenticated Cipher with Associated Data
CN104410490B (en) The method of non-linear extruding protection password S boxes
CN105656622A (en) White-box password nonlinear coding protection method based on combination of table look-up and disturbance scrambling
US20110150225A1 (en) Encryption devices for block having double block length, decryption devices, encryption method, decryption method, and programs thereof
US8958556B2 (en) Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component
Preneel Modes of operation of a block cipher
EP2702720A1 (en) Method for applying a high entropy masking countermeasure in a block encryption algorithm, and a logic integrated circuit implementing such a method
US11201724B2 (en) Method to counter DCA attacks of order 2 and higher on table-based implementations
WO2018165949A1 (en) Des software dpa attack prevention method and device
EP3286869B1 (en) High-speed aes with transformed keys
Noura et al. Tresc: Towards redesigning existing symmetric ciphers
CN110417540B (en) Information encryption method for resisting differential power analysis
Liu et al. Improving tag generation for memory data authentication in embedded processor systems
Reddy et al. A new symmetric probabilistic encryption scheme based on random numbers
RU2186467C2 (en) Method for iterative block encryption
CN105553644A (en) 32-bit-packet length lightweight encryption and decryption method
JP2015082077A (en) ENCRYPTION DEVICE, CONTROL METHOD, AND PROGRAM
Kushwah et al. Chaotic Map based Block Encryption

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17900342

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 15-01-2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17900342

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载