CN104734842B - Method is resisted in circuits bypass attack based on pseudo-operation - Google Patents
Method is resisted in circuits bypass attack based on pseudo-operation Download PDFInfo
- Publication number
- CN104734842B CN104734842B CN201510112314.5A CN201510112314A CN104734842B CN 104734842 B CN104734842 B CN 104734842B CN 201510112314 A CN201510112314 A CN 201510112314A CN 104734842 B CN104734842 B CN 104734842B
- Authority
- CN
- China
- Prior art keywords
- round
- round key
- key
- sms4
- true
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Method is resisted in a kind of circuits bypass based on the pseudo-operation attack in computer security technique field, round key sequence is formed with m pseudo- round key and 1 true round key and carries out first round SMS4 computations, and the first round SMS4 cryptographic calculation results for participating in true round key carry out the second wheel SMS4 computations, obtain required ciphertext.The position of the first round true operation that the present invention generates is random, makes attacker that can not be aligned power consumption profile, so as to realize attack.In addition for the present invention relative to unguarded circuit, energy consumption does not exceed twice of proper energy consumption.
Description
Technical field
The present invention relates to a kind of technology of computer safety field, specifically a kind of circuits bypass based on pseudo-operation
Method is resisted in attack, is applicable to SMS4 scheduling algorithms.
Background technology
In reality, cryptographic system is typically to realize using hardware or using hardware as the software of the form of expression, for example:Intelligence
Energy card, RFID, password coprocessor, SoC crypto chips, cipher machine etc..In the realization environment of these cryptographic systems, attacker
The information such as energy expenditure, the electromagnetic radiation of cryptographic transformation can be observed and measure, using these additional information it is possible that realizing
Than traditional mathematical analysis more effectively code breaking.Attack under this environment is usually known as " bypass attack (Side by people
Channel Attack)”.In the method for bypass attack, simple power consumption analysis (SPA) and differential power consumption analysis are generally included
(DPA).SPA attacks are to lead to too small amount of power consumption profile (corresponding a small amount of plaintext), feature and its reflection using cryptographic algorithm
On power consumption profile the characteristics of, key or associated sensitive information are directly disclosed.DPA attacks are by recording password
Equipment is encrypted by a large amount of different data or power consumption profile during decryption oprerations, is recovered from power consumption profile using statistical method close
Key in decoding apparatus.
The appearance of bypass attack method, which constitutes many present chips, has big threat, therefore, corresponding to occur
The means of defence of a variety of bypass attacks.More commonly used guard technology has concealing technology and mask technology.The mesh of hiding strategy
Mark is the power consumption and the correlation between the operation performed by equipment and handled median for eliminating encryption device.And mask skill
Art is by randomized message and key so that can not establish the relationship of key and power consumption.In concealing technology, wherein having time
Hiding in dimension, this includes two kinds of hidden methods of radom insertion pseudo-operation and out of order operation.Radom insertion pseudo-operation is close
Code algorithm performs are front and rear and some false operations of radom insertion in performing.This method can destroy the alignment of true operation,
So that attack effect substantially reduces in by bypass attack.Out of order operation is in certain cryptographic algorithms, and specific operation is held
Row sequence can arbitrarily change, thus can introduce randomness by changing the execution sequence of these operations.
The shortcomings that mask means of defence, is that the mask for nonlinear operation (such as S boxes) can be so that circuit area becomes
Very big, cost can be very high, and can not protect and reveal completely.And concealing technology is only reduction of the noise of leakage signal
Than not protecting bypass attack fundamentally.And the pseudo-operation and the combination of out of order operation that we design, it on the one hand will be true close
Key has been accomplished to hide really, and still further aspect also reduces signal-to-noise ratio, alternatively, it is also possible to be combined to use with mask technology,
Any conflict will not be generated.
SM4 is based on national standard GM/T 0002-2012《SM4 block ciphers》(former SMS4 block ciphers)
Encryption Algorithm, which is symmetry algorithm, and key length and block length are 128, and Encryption Algorithm and cipher key spreading are calculated
Method is all using 32 wheel nonlinear iteration structures.Decipherment algorithm is identical with the structure of Encryption Algorithm, only the use sequence of round key
On the contrary, decryption round key is the backward of encryption round key.
By the retrieval discovery to the prior art, Chinese patent literature CN103546277A discloses (bulletin) day
2014.01.29, disclose a kind of smart card SM4 algorithms DPA attack with key recovery method and system, method include with
Lower step:Step 1 carries out DPA attacks, the sub-key of 4 wheels before acquisition to 4 wheels before SM4 algorithm for encryption processes;Step 2, profit
Restore SM4 keys with 4 obtained respective loops.It can realize that SM4 is calculated on smart card using the method and system described in the technology
The DPA attacks of method, restore SM4 encryption keys, verify the anti-attack ability of SM4 algorithms on smart card.
Chinese patent literature CN103227717A discloses (bulletin) day 2013.07.31, discloses a kind of selection round key
Exclusive or input carries out the application of SM4 cryptographic algorithms side channel energy analysis, and core is to carry out SM4 cryptographic algorithms side channel energy
It measures in analytic process, S boxes or round function is selected to establish Hamming distance model as the point of attack, using the input of round key exclusive or as the Chinese
The front and continued state v1 of prescribed distance model, when attacking S boxes, the successor states v2 of Hamming distance (HD (v1, v2)) model is S
Box exports;When attacking round function, the successor states v2 of Hamming distance (HD (v1, v2)) model is round function output/defeated
Enter.
Chinese patent literature CN102546157A discloses (bulletin) day 2012.07.04, discloses a kind of resistance energy point
The random Hybrid Encryption system and its implementation of analysis, the technological system are updated by pseudo-random sequence PN128 generation modules, S boxes
Module, mask correction value generation module, plaintext input register, pseudo-random sequence PN64 generation modules, gating circuit A, gating
11 circuit B, SMS4 encrypting module, AES encryption module, Port Multiplier, ciphertext output register parts form.The technology is for the first time
A kind of random Hybrid Encryption system and its implementation for resisting energy spectrometer is proposed, by pseudo-random sequence PN64, to bright
It is literary to be encrypted at random using AES the SMS4 algorithms based on mask technology, hardware algorithm basic circuit all in realizing
Unit is realized by symmetric circuit, has fundamentally prevented simple and differential power analysis, and encryption system has a variety of work
Pattern, suitable for different scenes.But the technology can not in the case of certain be distinctly claimed using single algorithm such as SMS4 algorithms
Processing, if in addition, only considered from hybrid protective (the not considering mask) angle of algorithm, this protection can not completely eliminate
DPA is attacked, because we can malfunction conjecture algorithm as a kind of noise, therefore, this protectiving scheme is only the reduction of letter
It makes an uproar and compares, increase the difficulty of DPA attacks.
Chinese patent literature CN102412963A and CN102360414A individually disclose a kind of based on random sequence
The encryption method for having the function of to mislead and a kind of encryption method misled for correcting pseudo-random sequence, the technology can be with
Pseudo- key is obtained, so as to mislead cryptanalysis person, this misleading is decided by internal layer key, arbitrary in order to carry out
Misleading, sub-key is generated using long random sequence, long random sequence can be generated by quantum-key distribution.For in document
Label use special processing mode so that even if it is defined label be likely to occur in the text, will not still obscure.Encryption
When need there are one keyword database, internal layer encryption carries out the expansion of keyword using database, and outer layer is encrypted and adopted
With traditional encryption method.Support without database when the technology is decrypted, the problem of avoiding database synchronization.The technology
Certain use value is respectively provided in the encryption application of various occasions, particularly in military affairs.But the technology is directed to that " buffing is hard
Bubble " attack method, is protected by misleading the readability of the plaintext after decrypting.This method does not have effect for bypass attack.
Invention content
The present invention proposes that a kind of circuits bypass attack based on pseudo-operation is resisted for deficiencies of the prior art
Method.
The present invention is achieved by the following technical solutions:
The present invention relates to a kind of circuits bypass attacks based on pseudo-operation to resist method, true with m pseudo- round key and 1
Round key composition round key sequence carries out first round SMS4 computations, and the first round SMS4 that true round key is participated in is encrypted
Result of calculation carries out the second wheel SMS4 computations, obtains required ciphertext.
The key wheel sequence randomly selects circuit by round key or upsets circuit at random by round key memory
It selects to obtain from round key memory, specially:
1. a m puppet round key and true round key of generation, then using round key memory upset at random circuit into
Row upset at random, and record true round key position or
2. determine the serial number K that true round key performs, and in round key sequence other m puppet round key by round key with
Machine selecting circuit selects to obtain from round key memory.
The first round SMS4 computations refer to:By plaintext to be encrypted and the key in round key sequence successively into
Row round function iterates to calculate.
The second wheel SMS4 computations refer to:The encryption that true key in first round SMS4 computations is participated in
As input, the round function that cycle carries out 32 iteration calculates result of calculation, takes last wheel, i.e., the round function of the 32nd wheel calculates
As a result it is exported as ciphertext.
The present invention relates to a kind of system for realizing the above method, including:First round cycle wheel functional circuit module, the first round
The round key generation of round key selection circuit module, (m+1) a round key register, the round function circuit module of SMS4, SMS4
Circuit module, wherein:First round cycle wheel functional circuit module is connected with the round function circuit module of SMS4 and transmits true wheel
Operation result, (m+1) a round key memory are connected with round key selection circuit and transmit true and false round key, the round key of SMS4
Generative circuit is connected with the round function circuit module of SMS4 and (m+1) a round key memory and transmits true round key.
Technique effect
Compared with prior art, the position of the first round true operation that the present invention generates is random, makes attacker that can not be aligned
Power consumption profile, so as to realize attack.In addition for the present invention relative to unguarded circuit, energy consumption does not exceed proper energy consumption
Twice.
Description of the drawings
Fig. 1 is 1 flow diagram of embodiment;
In figure:R1, R2 are register, and Count is the counter variable name that cycle performs first round operation.
Fig. 2 is that embodiment 1 arranges the logarithm that true and false round key uses and shuffles schematic diagram.
Fig. 3 is 2 flow diagram of embodiment;
In figure:R1, R2 are register, and Count is the counter variable name that cycle performs first round operation.
Specific embodiment
It elaborates below to the embodiment of the present invention, the present embodiment is carried out lower based on the technical solution of the present invention
Implement, give detailed embodiment and specific operating process, but protection scope of the present invention is not limited to following implementation
Example.
Embodiment 1
As shown in Figure 1, N=m+1 in the present embodiment.N and m represents the execution number of the first round and false ring cipher key number respectively
Amount.
The present embodiment realization device includes:A round key memory of round function generation module, (m+1) of based on SMS 4, week
Phase round key circuit, round key memory upset circuit at random, wherein:First round round function is connected and passes with round key reservoir
It is connected between defeated, round function and transmits, round key reservoir upsets circuit with round key and is connected and transmits at random.
The round function generation module of the based on SMS 4 is:I.e. normal SMS4 round functions
The round key memory is:The register of 32, to be used for storing the round key of 32
The round key memory upsets circuit at random:M pseudo- round key and a true round key are placed on
Upset together and then at random circuit using round key memory at random to be upset, record the position of true round key.
According to upper described, the present embodiment refers to the operation of (n times) first round is performed a plurality of times, and others 31 take turns Exactly-onces, this
The course of work that embodiment is related to above device is as follows:
1. firstly the need of m pseudo- round key is preserved, these pseudo- round key needs have the characteristics that:False ring key is corresponding
Each byte is different, this is used for ensureing that the pseudo- round key for some S box is different.
2. encryption starts every time, m pseudo- round key and a true round key are put and then utilized together round key
Memory is upset circuit and is upset at random at random, record true round key position (i.e. true round key perform when
It carves).
3. then being started to perform n times round function according to the round key upset at random successively, the result of each round function will
It is preserved.
4. the and then operation that true round function result is taken to enter after the second wheel continues to execute.
Embodiment 2
As shown in figure 3, N in the present embodiment>m.N and m represents the execution number of the first round and false ring number of keys respectively.
The present embodiment realization device includes:A round key memory of round function generation module, (m+1) of based on SMS 4, week
Phase round key circuit, round key randomly select circuit, wherein:First round round function is connected and is transmitted with round key reservoir, taken turns
It is connected between function and transmits, round key reservoir and round key randomly selects circuit and be connected and transmit.
The round key randomly selects circuit:At the time of first positioning true key performs, and other pseudo- round key
Selection be to repeat to choose at random from optional pseudo- round key.
It is different in the selection method of round key when the present embodiment is to operate the first round from the differentiation of embodiment 1.This reality
The mode for applying example selection round key is at the time of first positioning true round key to perform, and the selection of other pseudo- round key is from can
It repeats and chooses at random in the pseudo- round key of choosing.
Effect analysis
SMS4 pseudo-operations protectiving scheme resists the explanation of DPA attacks:
For hard-wired SMS4, due to the presence that key is obscured, median in the register of each round and
32 round key have relationship.It is attacked to carry out common DPA, it is necessary to while guess 32 round key, in current attack
Under the conditions of cannot still reach, therefore currently for the bypass attack of such hard-wired SMS4, it is known that DPA methods be all to use
Select the mode of plaintext.
It is merely able to attack the realization of SMS4 since the first round using the DPA attack methods of selection clear-text way.Above-mentioned reality
Apply the method that example employs pseudo-operation so that when attacker is when the first round is attacked, for embodiment 1, theoretically come
It says, it is the same to obtain true key and the probability of pseudo- key.Therefore, it is impossible to distinguish true operation and pseudo-operation, accomplish
True key is fully obscured with pseudo- key.In addition, when the number (i.e. security parameter) of pseudo-operation is equal to 255 (maximum),
Attacker can not obtain any key information from DPA attacks completely at this time, so as to from theoretical and actually resisted and be directed to
The hard-wired DPA of SMS4.For embodiment 2, m=N -1 can also be allowed, at this point, it is same as Example 1 from probability,
The only difference on realization method.But m can also be adjusted so that m<N -1, the probability for obtaining pseudo- round key at this time instead will
More than the probability of true key, create a false impression to attack.
Another protectiving scheme implied in scheme is radom insertion pseudo-operation.Position is used due to true round key
It is random, therefore, is equivalent to and has used radom insertion pseudo-operation safeguard procedures.Radom insertion pseudo-operation will cause really to grasp
Work can not realize alignment.In the present embodiment, if the position that true operation performs be meet it is random equally distributed, then,
Possibility of the true operation at that moment only has 1/N.This signal-to-noise ratio that will substantially reduce bypass attack.
Claims (4)
1. system is resisted in a kind of circuits bypass attack based on pseudo-operation, which is characterized in that including:Period first round round function electricity
Road module, round key selection circuit module, m+1 round key register, the round function circuit module of SMS4, SMS4 round key
Generative circuit, wherein:First round cycle wheel functional circuit module is connected with the round function circuit module of SMS4 and transmits true wheel
Operation result, m+1 round key memory are connected with round key selection circuit and transmit true round key and pseudo- round key, SMS4
Round key generative circuit be connected with the round function circuit module of SMS4 and m+1 round key memory and transmit really take turns it is close
Key;The system forms round key sequence with m pseudo- round key and 1 true round key and carries out first round SMS4 computations,
And the first round SMS4 cryptographic calculation results for participating in true round key carry out the second wheel SMS4 computations, obtain required close
Text;
The round key sequence is obtained especially by any one following mode:
1. the pseudo- round key of generation m and a true round key, then using round key memory upset at random circuit progress with
Machine is upset, and record true round key position or
2. determine the serial number K that true round key performs, and other m pseudo- round key are selected at random by round key in round key sequence
Sense circuit selects to obtain from round key memory.
2. system according to claim 1, it is characterized in that, the round key sequence randomly selects circuit by round key
Or circuit is upset by round key memory at random and selects to obtain from round key memory.
3. system according to claim 1, it is characterized in that, the first round SMS4 computations refer to:It will be to be encrypted
Plaintext carry out round function iterative calculation successively with the key in round key sequence.
4. system according to claim 1, it is characterized in that, the described second wheel SMS4 computations refer to:By the first round
The cryptographic calculation results that true round key participates in SMS4 computations carry out the round function meter of 32 iteration as input, cycle
It calculates, takes last wheel, i.e., the round function result of calculation of the 32nd wheel is exported as ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510112314.5A CN104734842B (en) | 2015-03-13 | 2015-03-13 | Method is resisted in circuits bypass attack based on pseudo-operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510112314.5A CN104734842B (en) | 2015-03-13 | 2015-03-13 | Method is resisted in circuits bypass attack based on pseudo-operation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104734842A CN104734842A (en) | 2015-06-24 |
| CN104734842B true CN104734842B (en) | 2018-06-08 |
Family
ID=53458306
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510112314.5A Active CN104734842B (en) | 2015-03-13 | 2015-03-13 | Method is resisted in circuits bypass attack based on pseudo-operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104734842B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737073A (en) * | 2018-06-22 | 2018-11-02 | 北京智芯微电子科技有限公司 | The method and apparatus that power analysis is resisted in block encryption operation |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897401B (en) * | 2016-06-21 | 2018-12-07 | 上海观源信息科技有限公司 | General differential power consumption analysis method and system based on bit |
| CN106817215B (en) * | 2016-12-07 | 2019-09-20 | 清华大学 | A kind of on piece supply network verification method for bypass attack |
| WO2018174819A1 (en) * | 2017-03-20 | 2018-09-27 | Nanyang Technological University | Hardware security to countermeasure side-channel attacks |
| CN107154843A (en) * | 2017-05-18 | 2017-09-12 | 北京万协通信息技术有限公司 | A kind of system for implementing hardware of the SM4 algorithms of anti-power consumption attack |
| CN109039590A (en) * | 2017-06-09 | 2018-12-18 | 深圳九磊科技有限公司 | Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack |
| WO2019047062A1 (en) * | 2017-09-06 | 2019-03-14 | 福建联迪商用设备有限公司 | Anti-dpa attack encryption method and computer-readable storage medium |
| FR3078464A1 (en) * | 2018-02-26 | 2019-08-30 | Stmicroelectronics (Rousset) Sas | METHOD AND CIRCUIT FOR IMPLEMENTING A SUBSTITUTION TABLE |
| US11218291B2 (en) | 2018-02-26 | 2022-01-04 | Stmicroelectronics (Rousset) Sas | Method and circuit for performing a substitution operation |
| FR3078463A1 (en) | 2018-02-26 | 2019-08-30 | Stmicroelectronics (Rousset) Sas | METHOD AND DEVICE FOR REALIZING SUBSTITUTED TABLE OPERATIONS |
| CN108650072B (en) * | 2018-03-28 | 2021-04-20 | 杭州朔天科技有限公司 | Anti-attack circuit implementation method of chip supporting multiple symmetric cryptographic algorithms |
| CN108847924A (en) * | 2018-04-22 | 2018-11-20 | 平安科技(深圳)有限公司 | Encryption method, device, computer equipment and storage medium |
| US11177933B2 (en) * | 2019-03-24 | 2021-11-16 | Google Llc | Side channel timing attack mitigation in securing data in transit |
| CN110263586A (en) * | 2019-06-19 | 2019-09-20 | 广西师范大学 | A kind of hardware security appraisal procedure of chaos cipher system |
| CN117614608B (en) * | 2024-01-22 | 2024-04-16 | 南京航空航天大学 | NTT (network time Table) defense method for resisting energy analysis attack |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753357A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Differential power consumption analysis shield circuit for DES encrypted chip |
| CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
| CN102447556A (en) * | 2010-10-14 | 2012-05-09 | 上海华虹集成电路有限责任公司 | DES (data encryption standard) encryption method of resisting differential power analysis based on random offset |
| CN102970132A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm |
| CN103138917A (en) * | 2013-01-25 | 2013-06-05 | 国家密码管理局商用密码检测中心 | Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input |
| CN104202145A (en) * | 2014-09-04 | 2014-12-10 | 成都信息工程学院 | Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm |
| CN104301088A (en) * | 2014-09-20 | 2015-01-21 | 北京电子科技学院 | Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method |
| CN104333447A (en) * | 2014-11-26 | 2015-02-04 | 上海爱信诺航芯电子科技有限公司 | SM4 method capable of resisting energy analysis attack |
| CN104378196A (en) * | 2014-11-07 | 2015-02-25 | 昆腾微电子股份有限公司 | Method and device for safely executing encryption and decryption algorithm |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5198526B2 (en) * | 2010-09-21 | 2013-05-15 | 株式会社東芝 | Encryption device and decryption device |
-
2015
- 2015-03-13 CN CN201510112314.5A patent/CN104734842B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753357A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Differential power consumption analysis shield circuit for DES encrypted chip |
| CN101371480A (en) * | 2005-11-21 | 2009-02-18 | 爱特梅尔公司 | Encryption protection method |
| CN102447556A (en) * | 2010-10-14 | 2012-05-09 | 上海华虹集成电路有限责任公司 | DES (data encryption standard) encryption method of resisting differential power analysis based on random offset |
| CN102970132A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm |
| CN103138917A (en) * | 2013-01-25 | 2013-06-05 | 国家密码管理局商用密码检测中心 | Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input |
| CN104202145A (en) * | 2014-09-04 | 2014-12-10 | 成都信息工程学院 | Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm |
| CN104301088A (en) * | 2014-09-20 | 2015-01-21 | 北京电子科技学院 | Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method |
| CN104378196A (en) * | 2014-11-07 | 2015-02-25 | 昆腾微电子股份有限公司 | Method and device for safely executing encryption and decryption algorithm |
| CN104333447A (en) * | 2014-11-26 | 2015-02-04 | 上海爱信诺航芯电子科技有限公司 | SM4 method capable of resisting energy analysis attack |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737073A (en) * | 2018-06-22 | 2018-11-02 | 北京智芯微电子科技有限公司 | The method and apparatus that power analysis is resisted in block encryption operation |
| CN108737073B (en) * | 2018-06-22 | 2021-09-28 | 北京智芯微电子科技有限公司 | Method and device for resisting energy analysis attack in block encryption operation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104734842A (en) | 2015-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104734842B (en) | Method is resisted in circuits bypass attack based on pseudo-operation | |
| CN104734845B (en) | Bypass attack means of defence based on full Encryption Algorithm pseudo-operation | |
| US20170373832A1 (en) | Methods and devices against a side-channel analysis | |
| CN108521325B (en) | Side channel attack prevention method suitable for system data full life cycle | |
| KR101680918B1 (en) | Cryptography circuit protected against observation attacks, in particular of a high order | |
| US20150222421A1 (en) | Countermeasures against side-channel attacks on cryptographic algorithms | |
| EP2955871B1 (en) | Cryptographic method for securely exchanging messages and device and system for implementing this method | |
| CN107005415A (en) | For encrypting/decrypting the block encryption method of message and realize the encryption device of this method | |
| US11431491B2 (en) | Protection of the execution of cipher algorithms | |
| CN105406957B (en) | Encryption device confrontation is protected to realize attack | |
| CN102970132B (en) | Protection method for preventing power analysis and electromagnetic radiation analysis on grouping algorithm | |
| CN103795527A (en) | Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis | |
| CN109165531B (en) | AES mask method, electronic equipment and storage medium | |
| CN106487499A (en) | The protection of Rijndael algorithm | |
| CN104301095A (en) | DES round operation method and circuit | |
| Pan et al. | One fault is all it needs: Breaking higher-order masking with persistent fault analysis | |
| CN108737073B (en) | Method and device for resisting energy analysis attack in block encryption operation | |
| US8958556B2 (en) | Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component | |
| CN103023634A (en) | Data encryption standard (DES) device capable of preventing difference power analysis | |
| CN108123792B (en) | Power consumption scrambling method of SM4 algorithm circuit | |
| CN106936822B (en) | Mask implementation method and system for resisting high-order bypass analysis aiming at SMS4 | |
| CN105897398A (en) | Key protection method and system for use in DES (Data Encryption Standard) encryption process | |
| CN203180936U (en) | DES device preventing differential power analysis (DPA) | |
| Putra et al. | Security analysis of BC3 algorithm for differential power analysis attack | |
| CN107766725B (en) | Template attack resistant data transmission method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |