+

WO2018165949A1 - Procédé et dispositif de prévention d'attaque dpa de logiciel des - Google Patents

Procédé et dispositif de prévention d'attaque dpa de logiciel des Download PDF

Info

Publication number
WO2018165949A1
WO2018165949A1 PCT/CN2017/076972 CN2017076972W WO2018165949A1 WO 2018165949 A1 WO2018165949 A1 WO 2018165949A1 CN 2017076972 W CN2017076972 W CN 2017076972W WO 2018165949 A1 WO2018165949 A1 WO 2018165949A1
Authority
WO
WIPO (PCT)
Prior art keywords
mask
des
msp
dynamic
random number
Prior art date
Application number
PCT/CN2017/076972
Other languages
English (en)
Chinese (zh)
Inventor
宋孝亮
Original Assignee
深圳大趋智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大趋智能科技有限公司 filed Critical 深圳大趋智能科技有限公司
Priority to PCT/CN2017/076972 priority Critical patent/WO2018165949A1/fr
Priority to CN201780000957.8A priority patent/CN107466453B/zh
Publication of WO2018165949A1 publication Critical patent/WO2018165949A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]

Definitions

  • the present invention relates to the field of information security technologies, and in particular, to a method and apparatus for defending against DPA attacks by DES software.
  • the DES algorithm is a widely used symmetric encryption/decryption algorithm.
  • the DES algorithm changes a 64-bit plaintext input block into a 64-bit ciphertext output block. Its function is to re-enter the input 64-bit data block. Combine, and divide the output into two parts, L0 and R0, each part is 32 bits long, and the initial replacement is performed, that is, the ciphertext output is obtained.
  • the F functions of each round of the DES algorithm include extended permutation, XOR with key, S-box substitution, and P-box permutation.
  • the S box whose English name is Substitution-box, is the basic structure for the symmetric key algorithm to perform permutation calculations.
  • the S-box is used in the block cipher algorithm and is a non-linear structure.
  • the cipher strength directly determines the quality of the cipher algorithm.
  • the DES mask scheme is convenient for hardware implementation against DPA attacks, but in the hardware DES cryptographic device, the 8 S-box implementations of each round of operation in the DES coprocessor are parallel, and the output of each S-box is parallel. It accounts for 4 bits (l/8 length) after P replacement, so the effect on the energy of the S box output always exists regardless of the position after the P replacement. If the 6-bit subkey of an S box is used as the target, then the remaining 28 bits of the output result are noise except for the 4 bit output of the S box. In response to this weakness, there are now related high-level cracking methods.
  • the main object of the present invention is to provide a DES software anti-DPA attack method and apparatus, aiming at solving the problem that the DE S software is attacked by DPA high-order attacks.
  • the present invention provides a method for defending against DPA attacks by DES software, including
  • the IP is inversely permuted by the mask RX12 and the mask RXwork to obtain IjDES encrypted data.
  • the step of generating a dynamic mask MSP according to the mask SP is characterized in that,
  • a dynamic mask MSP is generated by the mask SP.
  • the obtaining the random number as the mask S, before the step of assigning the mask RX12 and the mask SP includes,
  • the IP is generated by a basic DES mask scheme.
  • the step of acquiring a random number as the mask S includes:
  • a 32-byte random number is obtained as the mask S.
  • the present invention also provides a device for preventing DPA attacks by DES software, including
  • obtaining an assignment unit configured to obtain a random number as a mask S, and assign the value of the mask S to the mask RX12 and the mask SP;
  • the first generating unit is configured to generate a dynamic mask MSP according to the mask SP;
  • an initial replacement unit configured to perform initial replacement on the IP using the mask RX12;
  • an arithmetic unit configured to perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP
  • an inverse permutation unit configured to perform inverse permutation of the IP by the mask RX12 and the mask RXwork to obtain DES encrypted data.
  • the first generating unit includes a production module, configured to generate a dynamic mask MSP by using a mask SP on the basis of the static masks SP1-SP8.
  • a second generating unit is further included, configured to generate an IP by using a basic DES masking scheme.
  • the acquisition and assignment unit includes an acquisition module, configured to acquire a 32-byte random number as Mask s.
  • the beneficial effects of the present invention are: based on the static masks SP1-SP8, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and can be realized for high Protection against DPA attacks.
  • FIG. 1 is a schematic flowchart of a method for preventing a DPA attack by a DES software according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for preventing a DPA attack by a DES software according to another embodiment of the present invention
  • FIG. 3 is a structural block diagram of an apparatus for preventing a DPA attack by a DES software according to an embodiment of the present invention.
  • first, second and the like in the present invention are used for the purpose of description only, and are not to be construed as indicating or implying their relative importance or implicitly indicating the number of technical features indicated.
  • features defining “first” and “second” may include at least one of the features, either explicitly or implicitly.
  • the technical solutions between the various embodiments may be combined with each other, but must be based on the realization of those skilled in the art, and when the combination of the technical solutions is contradictory or impossible to implement, it should be considered that the combination of the technical solutions does not exist. It is also within the scope of protection required by the present invention.
  • DES English full name: Data Encryption Standard
  • DES is a group symmetric cryptographic algorithm
  • DES algorithm changes 64-bit plaintext input block into 64-bit ciphertext output block
  • Its function is to recombine the input 64-bit data block in bits, and divide the output into two parts, L0 and R0. Each part is 32 bits long, and the initial replacement is performed, that is, the ciphertext output is obtained.
  • the F functions of each round of the DES algorithm include extended permutation, XOR with key, S-box substitution, and P-box permutation.
  • the S box is the basic structure of the symmetric key algorithm to perform permutation calculation.
  • the S-box is used in the block cipher algorithm and is a non-linear structure.
  • the cipher strength directly determines the quality of the cipher algorithm.
  • the present invention provides a method for defending against DPA attacks by a DES software, including the following steps:
  • [0045] 514 Perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP.
  • step S1 l a random number is obtained as the mask S, and the random number can be a 32-byte random number.
  • the value of the mask S is assigned to the mask RX12 and the mask SP.
  • the mask RX12 is required for subsequent calculations, such as the initial replacement of IP and the inverse of IP.
  • step S12 the dynamic mask MSP is generated according to the mask SP, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and the DES algorithm pair can be implemented. Protection against high-level DPA attacks improves the security of cryptographic devices.
  • the specific execution code of step S12 is as follows:
  • dynamicSPx[i][j] SPx[j A maskbits] A MSP[l].
  • step S13 the IP is initialized and replaced by the mask RX12, and the initialization is replaced by: the input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is 32 bits long. .
  • the mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm.
  • the specific execution code of step S13 is as follows:
  • step S14 16 rounds of the same calculation are performed by using the mask RX12, the mask S, and the dynamic mask MSP to ensure the complexity of the encryption, and 16 rounds of the same calculation can be performed by using the dynamic mask MSP to improve the DES algorithm pair.
  • the protection of high-order DPA attacks further improves the security of cryptographic devices.
  • step S15 finally, the IP processed by the above step is inversely replaced by the mask RX12 and the mask RXwork, and the final DES encrypted data can be obtained.
  • the execution code of step S15 is:
  • a DES software anti-DPA attack method based on the static mask SP1-SP8, generates a dynamic mask MSP through a mask SP, and performs 16 round operations through a dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.
  • a method for preventing a DPA attack by a DES software includes the following steps:
  • S20 Generate an IP by using a basic DES masking scheme.
  • S21 Obtain a 32-byte random number as the mask S, and assign the value of the mask S to the mask RX12 and the mask. Code SP.
  • step S20 the IP generation scheme is consistent with the basic DES mask scheme, which is simple and straightforward, and no additional design is required.
  • step S21 a random number is obtained as the mask S, and the random number is a 32-byte random number.
  • the value of the mask S is assigned to the mask RX12 and the mask SP, For subsequent calculations, such as the initial replacement of IP and the inverse of IP, the mask RX12 is required.
  • step S22 a dynamic mask MSP is generated according to the mask SP described above, and a dynamic mask MSP is generated by the mask SP on the basis of the static masks SP1-SP8, and then performed by the dynamic mask MSP.
  • the round operation is simple and effective, and the DES algorithm can be protected against high-order DPA attacks, and the security of the cryptographic device can be improved.
  • the specific execution code of step S22 is as follows:
  • dynamicSPx[i][j] SPx[j A maskbits] A MSP[l].
  • step S23 the IP is initialized and replaced by the mask RX12, and the initialization is replaced by: the input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is 32 bits long. .
  • the mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm.
  • the specific execution code of step S23 is as follows:
  • step S24 16 rounds of the same calculation are performed by using the mask RX12, the mask S, and the dynamic mask MSP to ensure the complexity of the encryption, and 16 rounds of the same calculation can be performed by using the dynamic mask MSP to improve the DES algorithm pair.
  • the protection of high-order DPA attacks further improves the security of cryptographic devices.
  • step S25 finally, the IP processed by the above step is processed by the mask RX12 and the mask RXwork. Inverse permutation, the final DES encrypted data can be obtained.
  • the execution code of step S25 is:
  • a DES software anti-DPA attack method based on the static mask SP1-SP8, generates a dynamic mask MSP through a mask SP, and performs 16 round operations through a dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.
  • the present invention also provides a device for preventing DPA attacks by DES software, including:
  • the second generating unit 10 is configured to generate an IP by using a basic DES masking scheme.
  • the obtaining value unit 20 is configured to obtain a random number as the mask S, and the value of the mask S is given to the mask RX1 2 and the mask SP.
  • the first generating unit 30 is configured to generate a dynamic mask MSP according to the mask SP.
  • an initial replacement unit 40 configured to perform initial replacement on the IP using the mask RX12;
  • the operation unit 50 is configured to perform 16 rounds of the same operation using the mask RX12, the mask S, and the dynamic mask MSP.
  • the inverse permutation unit 60 is configured to perform inverse permutation of the IP by using the mask RX12 and the mask RXwork to obtain DES encrypted data.
  • the IP generation scheme is consistent with the basic DES mask scheme, which is simple and straightforward, and no additional design is required.
  • a random number is obtained as the mask S, and the random number may be a 32-byte random number.
  • the value of the mask S is assigned to the mask RX12 and the mask. SP, for subsequent calculations, such as initial replacement of IP and inverse IP replacement, need to use mask RX12.
  • the acquisition assignment unit 20 includes an acquisition module for acquiring a 32-byte random number as the mask S.
  • the dynamic mask MSP is generated according to the mask SP, the dynamic mask MSP is generated by the mask SP, and the 16-round operation is performed by the dynamic mask MSP, which is simple and effective, and can implement DES.
  • the algorithm protects against high-order DPA attacks and improves the security of cryptographic devices.
  • First generating unit including There is a production module for generating a dynamic mask M SP by mask SP on the basis of static masks SP1-SP8.
  • the IP is initialized and replaced by the mask RX12, and the initialization is replaced by:
  • the input 64-bit data block is recombined in bits, and the output is divided into two parts, L0 and R0, each part is long. 3 2 digits.
  • the mask RX12 is added during the initialization and replacement of the IP to improve the security of the DES algorithm.
  • the over-mask RX12, the mask S, and the dynamic mask MSP perform 16 rounds of the same calculation to ensure the complexity of encryption, and the same calculation can be performed by dynamic mask MSP for 16 rounds, and the DES algorithm can be improved. Protection against high-level DPA attacks further enhances the security of cryptographic devices.
  • the inverse permutation unit 60 finally obtains the final DES encrypted data by performing inverse permutation on the IP processed in the above step by using the mask RX12 and the mask RXwork.
  • a device for preventing DPA attacks by the DES software based on the static mask SP1-SP8, generates a dynamic mask MSP through the mask SP, and performs 16 round operations through the dynamic mask MSP, which is simple and effective, and can be Implement protection against high-level DPA attacks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un dispositif de prévention d'attaque DPA de logiciel DES, le procédé consistant : à obtenir un nombre aléatoire pour agir comme un masque S, et à donner la valeur à des masques RX12 et SP ; à générer un masque dynamique selon le masque SP ; à utiliser le masque RX12 pour effectuer un remplacement d'initialisation sur un IP ; à utiliser les masques RX12 et S et le masque dynamique pour effectuer une opération à 16 étapes ; à effectuer un remplacement inverse sur l'IP par l'intermédiaire du masque RX12 et d'un masque RXwork pour obtenir des données chiffrées. La présente invention empêche des attaques DPA d'ordre supérieur.
PCT/CN2017/076972 2017-03-16 2017-03-16 Procédé et dispositif de prévention d'attaque dpa de logiciel des WO2018165949A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/076972 WO2018165949A1 (fr) 2017-03-16 2017-03-16 Procédé et dispositif de prévention d'attaque dpa de logiciel des
CN201780000957.8A CN107466453B (zh) 2017-03-16 2017-03-16 Des软件防dpa攻击的方法及装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/076972 WO2018165949A1 (fr) 2017-03-16 2017-03-16 Procédé et dispositif de prévention d'attaque dpa de logiciel des

Publications (1)

Publication Number Publication Date
WO2018165949A1 true WO2018165949A1 (fr) 2018-09-20

Family

ID=60554257

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/076972 WO2018165949A1 (fr) 2017-03-16 2017-03-16 Procédé et dispositif de prévention d'attaque dpa de logiciel des

Country Status (2)

Country Link
CN (1) CN107466453B (fr)
WO (1) WO2018165949A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109165531B (zh) * 2018-09-11 2020-04-07 网御安全技术(深圳)有限公司 一种aes掩码方法、电子设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1798888A1 (fr) * 2005-12-19 2007-06-20 St Microelectronics S.A. Protection de l'exécution d'un algorithme DES
CN103067155A (zh) * 2012-12-27 2013-04-24 东南大学 一种防止基于功耗分析的des算法攻击的方法及测试电路
CN103647638A (zh) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 一种抵抗侧信道攻击的des掩码方法
CN103905462A (zh) * 2014-04-16 2014-07-02 深圳国微技术有限公司 可抵御差分功耗分析攻击的加密处理装置及方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2967322B1 (fr) * 2010-11-08 2012-12-28 Morpho Protection contre les ecoutes passives
CN103888245A (zh) * 2012-12-20 2014-06-25 北京握奇数据系统有限公司 一种智能卡的s盒随机化方法和系统
CN104125061A (zh) * 2014-08-12 2014-10-29 昆腾微电子股份有限公司 使用rsa加密算法的电子部件中的防攻击方法
CN104618094B (zh) * 2015-01-28 2015-12-30 山东华翼微电子技术股份有限公司 一种增强抗攻击能力的密码Mask方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1798888A1 (fr) * 2005-12-19 2007-06-20 St Microelectronics S.A. Protection de l'exécution d'un algorithme DES
CN103067155A (zh) * 2012-12-27 2013-04-24 东南大学 一种防止基于功耗分析的des算法攻击的方法及测试电路
CN103647638A (zh) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 一种抵抗侧信道攻击的des掩码方法
CN103905462A (zh) * 2014-04-16 2014-07-02 深圳国微技术有限公司 可抵御差分功耗分析攻击的加密处理装置及方法

Also Published As

Publication number Publication date
CN107466453B (zh) 2020-11-24
CN107466453A (zh) 2017-12-12

Similar Documents

Publication Publication Date Title
Nir et al. ChaCha20 and Poly1305 for IETF Protocols
KR101345083B1 (ko) 암호화 보호 방법
Akkar et al. An implementation of DES and AES, secure against some attacks
JP7076482B2 (ja) Sboxを有する暗号プロセスを高次サイドチャネル攻撃からセキュアにする方法
JP2015158665A (ja) 形態保存暗号化のための可変長ブロック暗号装置および方法
JPWO2008010441A1 (ja) 暗号装置及びプログラムと方法
CN111555862A (zh) 基于掩码保护的随机冗余轮函数的白盒aes实现方法
Teh et al. A Chaos‐Based Authenticated Cipher with Associated Data
CN104410490B (zh) 非线性挤压保护密码s盒的方法
CN105656622A (zh) 一种基于查表和扰动置乱相结合的白盒密码非线性编码保护方法
US20110150225A1 (en) Encryption devices for block having double block length, decryption devices, encryption method, decryption method, and programs thereof
US8958556B2 (en) Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component
Preneel Modes of operation of a block cipher
EP2702720A1 (fr) Procédé d'application d'une contre-mesure de masquage à entropie élevée dans un algorithme de cryptage de bloc et circuit intégré logique mettant en uvre ce procédé
US11201724B2 (en) Method to counter DCA attacks of order 2 and higher on table-based implementations
WO2018165949A1 (fr) Procédé et dispositif de prévention d'attaque dpa de logiciel des
EP3286869B1 (fr) Aes à grande vitesse avec touches transformées
Noura et al. Tresc: Towards redesigning existing symmetric ciphers
CN110417540B (zh) 一种抗差分功耗分析的信息加密方法
Liu et al. Improving tag generation for memory data authentication in embedded processor systems
Reddy et al. A new symmetric probabilistic encryption scheme based on random numbers
RU2186467C2 (ru) Способ блочного итеративного шифрования
CN105553644A (zh) 32比特分组长度的轻量级加密解密方法
JP2015082077A (ja) 暗号化装置、制御方法、及びプログラム
Kushwah et al. Chaotic Map based Block Encryption

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17900342

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 15-01-2020)

122 Ep: pct application non-entry in european phase

Ref document number: 17900342

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载