CN106656465A - Energy analysis attack resistant addition mask hardware implementation method and circuit - Google Patents

Energy analysis attack resistant addition mask hardware implementation method and circuit Download PDF

Info

Publication number
CN106656465A
CN106656465A CN201611125767.2A CN201611125767A CN106656465A CN 106656465 A CN106656465 A CN 106656465A CN 201611125767 A CN201611125767 A CN 201611125767A CN 106656465 A CN106656465 A CN 106656465A
Authority
CN
China
Prior art keywords
mask
circuit
bit
carry
xor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611125767.2A
Other languages
Chinese (zh)
Other versions
CN106656465B (en
Inventor
朱念好
周玉洁
谭永伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Hangxin Electronic Technology Co ltd
Original Assignee
SHANGHAI AISINO CHIP ELECTRONIC TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANGHAI AISINO CHIP ELECTRONIC TECHNOLOGY Co Ltd filed Critical SHANGHAI AISINO CHIP ELECTRONIC TECHNOLOGY Co Ltd
Priority to CN201611125767.2A priority Critical patent/CN106656465B/en
Publication of CN106656465A publication Critical patent/CN106656465A/en
Application granted granted Critical
Publication of CN106656465B publication Critical patent/CN106656465B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Design And Manufacture Of Integrated Circuits (AREA)

Abstract

The invention provides an energy analysis attack resistant addition mask hardware implementation method and circuit. The method comprises the following steps of S1.setting an input of an addition mask circuit as addend data after a mask and a random number m, wherein the random number m is a mask of the addend data after the mask; and S2.adopting the addition mask circuit to carry out n-stage serial carry addition on the addend data after the mask, and carrying out XOR on a carry of the last bit sum and a bit of current addend data to obtain addends and data with the mask when a sum of bits is computed. The addition mask circuit corresponding to the method has no mask removing operation in a computing process, the mask operation of modulo-n addition operation on GF(2<n>) domain is realized, and n is suitable for any integer which is greater than and smaller than 0.

Description

A kind of addition mask Hardware Implementation of resisting energy analysis attacks and circuit
Technical field
The present invention relates to information security chip design field, more particularly to a kind of addition of resisting energy analysis attacks Mask Hardware Implementation and circuit, are widely used in the cryptographic calculation equipment of tight security.
Background technology
Now, human society is just being marched toward the advanced IT application epoch, and requirement mesh benefit of the people to communication capacity increases.It is how real Existing " anyone can transmit any information to any other people at any time and any place " is that modern communication networks are pursued Target.Mobile communication technology exactly realizes the key technology of the target.Mobile intelligent terminal is gradually popularized, is become one and is melted Hop communication, personal Business Processing, payment, the information processing centre of data storage.The safety issue of mobile intelligent terminal is drawn Play the extensive attention of people.
Mobile intelligent terminal equally in the face of how defensive attack and the problem spied out, in the last few years, occurs in that one kind New strong attack method, people are referred to as bypass attack (SCA).Bypass attack is exactly to utilize equipment in running The bypass message of leakage, power consumption, time, electromagnetic wave and error message etc., are carried out using above- mentioned information to cryptographic system Attack and spy out.Bypass attack has become grave danger of information security chip product, and its harm is far longer than traditional mathematics Analysis means.
Power consumption attack is one kind of bypass attack, and the power consumption consumed when performing cryptographic calculation using crypto chip is come to key Attacked.DPA (differential power consumption analysis) attack principle using by attack equipment in ciphering process institute's actual consumption The correlation of power consumption and AES median, so as to draw a kind of attack method of key.Plaintext and conjecture according to input Key, the median of AES can be always calculating.The plaintext of input is carried out mask by MASK mask technology, is so added The median of close algorithm is not known, so as to reach the purpose of anti-power consumption attack.MASK mask technology is current information security core The measure of the conventional a kind of anti-power consumption attack of piece.
MASK mask methods have substantial amounts of application in the operation such as the conversion of S boxes, shift transformation, but for add circuit MASK mask methods can only be completed by table lookup operation, if the digit of two addends is very big, need to consume by table lookup operation Substantial amounts of ROM, it is at all unrealistic for the mobile device for pursuing cost advantage.
The content of the invention
It is an object of the invention to provide the addition mask Hardware Implementation and circuit of a kind of resisting energy analysis attacks, With solve existing for the MASK mask methods of existing add circuit due to can only table lookup operation, the needs for causing consume a large amount of ROM, relatively costly problem.
For achieving the above object, the invention provides a kind of addition mask hardware realization side of resisting energy analysis attacks Method, comprises the following steps:
S1:The input for arranging addition mask circuit is the addend data and random number m after mask, and random number m is after mask Addend data mask;
S2:The cascaded carry that addend data after mask carry out n levels is added by position using the addition mask circuit, wherein, Calculate each bit and when, by a upper bit and carry carry out XOR with the bit of current addend data, to obtain Sum with mask.
It is preferred that in step S2, arranging the addition mask circuit for XOR circuit, the addend number after the mask According to each bit and a upper bit with the carry corresponding input XOR circuit input, carry out being exported after XOR The sum with mask.
It is preferred that the XOR circuit is one-level or two grades, and when the XOR circuit is one-level, adding after the mask Each bit of number data and the carry of upper bit sum obtain the bit while being input into the XOR circuit and carrying out XOR The sum with mask of position;When the XOR circuit is two grades, each bit input the of the addend data after the mask After one-level XOR circuit, export first order XOR result, the first order XOR result again with a upper bit and enter Position input second level XOR circuit carries out the sum with mask that XOR obtains the bit.
It is preferred that the first order circuit and second level circuit of series connection is set, for each ratio of addend data after mask A upper bit after special position and mask and the carry addend that carried out using the first order circuit between any two and after mask A upper bit after each bit of data, mask and carry and each bit of random number m between and computing, with fortune The result of calculation is carried out or computing by second level circuit, obtains the carry of the current bit position sum after mask.
It is preferred that the first order circuit includes that several are arranged side by side with door, each bit of addend data after mask With the upper bit after mask and the carry addend data that carried out using the first order circuit between any two and after mask Each bit, a upper bit and carry and each bit of random number m between be input into corresponding and door respectively, obtain institute State the result with computing.
It is preferred that the second level circuit includes the OR gate of several cascades, the input institute corresponding with the result of computing Stating OR gate is carried out or computing, obtains the carry of the current bit position sum after mask.
Present invention also offers a kind of addition mask hardware circuit of resisting energy analysis attacks, including input circuit and add Method mask circuit, addend data and random number m that the input circuit is used for after input mask, random number m is adding after mask The mask of number data;
The addition mask circuit is used to for the cascaded carry that the addend data after mask carry out n levels to add position, wherein, calculate Each bit and when, by mask after a upper bit and carry carry out XOR with the bit of current addend data, with Obtain the sum with mask.
It is preferred that the addition mask circuit is one-level or two grades of XOR circuits, and when the XOR circuit is one-level, institute State each bit of the addend data after mask and the carry of upper bit sum at the same be input into the XOR circuit carry out it is different Or obtain the sum with mask of the bit;When the XOR circuit be two grades when, the addend data after the mask it is each After bit input first order XOR circuit, first order XOR result is exported, the first order XOR result is again with described upper one The carry input second level XOR circuit of bit sum carries out the sum with mask that XOR obtains the bit.
It is preferred that also including the counting circuit of the carry of bit sum, the counting circuit includes the first order electricity of series connection Road and second level circuit, for the upper bit after each bit of addend data after mask and mask and carry adopt Carried out with the first order circuit each bit of addend data between any two and after mask, the carry of upper bit sum and Between first bit of random number m and computing, is carried out or computing, after obtaining mask with the result of computing by second level circuit Current bit position sum carry.
It is preferred that the first order circuit includes that several are arranged side by side with door, each bit of addend data after mask With a upper bit and the carry each bit of addend data that carried out using the first order circuit between any two and after mask Position, a upper bit and carry and each bit of random number m between be input into corresponding and door respectively, obtain described and computing Result;
The second level circuit includes the OR gate of several cascades, described corresponding with the result of computing to be input into the OR gate and enter Row or computing, obtain the carry of the current bit position sum after mask.
Compared with prior art, the addition mask Hardware Implementation and electricity of the resisting energy analysis attacks that the present invention is provided Road has the advantages that:
First, present invention achieves GF (2n) modulo-n addition computing on domain mask operation, n is applied to the whole of any size 0 Number.
Secondly, this bright addition mask circuit, its input is only the data after mask, am, bm and random number m, and structure is simple Single, it is easy to perform.
Again, the addition mask circuit of Ben Mingfa, is not in the operation of mask in its calculating process, can be effective Avoid the leakage of information during add operation.
Description of the drawings
Fig. 1 is the inventive method flow chart;
The addition mask hardware circuit composition figure of the resisting energy analysis attacks that Fig. 2 is provided for the present invention;
Fig. 3 is the addition mask circuit building-block of logic of preferred embodiment;
Fig. 4 is the circuits for carrying-over building-block of logic of the bit sum of preferred embodiment.
Specific embodiment
For the present invention is better described, hereby with preferred embodiment, and accompanying drawing is coordinated to elaborate the present invention, specifically such as Under:
The present embodiment provides a kind of addition mask hardware circuit implementation of resisting energy analysis attacks.The circuit is to carry out The sum of addend is calculated with mask, and the sum with mask is obtained so that is not in any behaviour for removing mask to addend calculating process Make.Specifically, finite field gf (2n) in two addends be respectively a, b, m is GF (2n) domain random number.The number of a, b two and note For sum, that is, there is equation below to set up:
Sum=a+b (1)
Wherein, a, b, sum are GF (2n) in data, "+" is defined as the addition of mould n computings.
Then a, b mask method is as follows
A^m=am (2)
B^m=bm (3)
Wherein, " ^ " is defined as step-by-step XOR.
The present invention needs to construct an addition mask circuit, for realizing the mask of with mask two addend sums, in meter During calculation, there is not any mask that goes and operate, the leakage of key information during add operation can be effectively prevented. The addition mask circuit of present invention construction, needs to realize following logic:
Mask_sum (am, bm, m)=sum^m (3)
To realize above-mentioned logic, the symmetry algorithm round function that the inventive method is adopted includes GF (2n) modulo-n addition on base Computing, and the input of addition mask circuit is GF (2n) mask value am, bm on domain and random number m, its output sum and m's Mask value.
Above-mentioned logic implementation is specifically described below:
A kind of addition mask Hardware Implementation of resisting energy analysis attacks is present embodiments provided, as shown in figure 1, should Method is comprised the following steps:
S1:The input for arranging addition mask circuit is the addend data and random number m after mask, and random number m is after mask Addend data mask;
S2:The cascaded carry that addend data after mask carry out n levels is added by position using the addition mask circuit, wherein, Calculate each bit and when, by a upper bit and carry carry out XOR with the bit of current addend data, to obtain Sum with mask.
Wherein, in step S2, it is XOR circuit to arrange addition mask circuit, then each bit of the addend data after mask Position and a upper bit with the corresponding input for being input into the XOR circuit of carry, carry out exporting the sum with mask after XOR.
Above-mentioned XOR circuit is one-level or two grades, when XOR circuit is one-level, the addend data after mask it is each The carry of bit and upper bit sum is input into XOR circuit and carries out the sum with mask that XOR obtains the bit simultaneously;When It is defeated after each bit input first order XOR circuit of the addend data after the mask when XOR circuit is two grades Go out first order XOR result, the first order XOR result again with a upper bit and carry input second level XOR electricity Road carries out the sum with mask that XOR obtains the bit.
Preferably, the first order circuit and second level circuit of series connection are set, for each ratio of addend data after mask A upper bit after special position and mask and the carry addend that carried out using the first order circuit between any two and after mask A upper bit after each bit of data, mask and carry and each bit of random number m between and computing, with fortune The result of calculation is carried out or computing by second level circuit, obtains the carry of the current bit position sum after mask.
First order circuit includes that several are arranged side by side with door, upper after each bit of addend data after mask and mask The carry of one bit sum carries out each bit of addend data, the upper ratio between any two and after mask using first order circuit Special position and carry and each bit of random number m between be input into corresponding and door respectively, obtain the result with computing.
Second level circuit includes the OR gate of several cascades, it is described it is corresponding with the result of computing be input into the OR gate carry out or Computing, obtains the carry of the current bit position sum after mask.
To realize above-mentioned logic, present invention also offers a kind of addition mask hardware circuit of resisting energy analysis attacks, As shown in Fig. 2 the circuit includes input circuit 201 and addition mask circuit 202, input circuit 201 is used for after input mask Addend data am, bm and random number m, random number m is the mask of the addend data after mask.Input circuit is by the addend after mask Data am, bm and random number m input addition mask circuit, addition mask circuit carries out the mask value sum^m that computing exports sum.
Wherein, addition mask circuit is used to for the cascaded carry that the addend data after mask carry out n levels to add position, wherein, meter Calculate each bit and when, by a upper bit and carry carry out XOR with the bit of current addend data, to obtain band The addend and data of mask.
GF (2 in the present embodiment foregoing circuit and corresponding methodn) domain, take GF (216) domain, but it is applied to n in the present invention Any number for being more than 0 is taken, n takes 16 merely to narration is convenient.
As shown in figure 3, the addition mask circuit in the present embodiment is two grades of XOR circuits, the addend data after mask Each bit input first order XOR circuit after, export first order XOR result, first order XOR result again with upper one ratio The carry input second level XOR circuit of special position sum carries out the addend with mask and data bit that XOR obtains the bit.Fig. 3 The date expression of shown circuit is:
ami^bmi^cmi-1=smi (4)
Wherein, amiRepresent the ith bit of am, bmiRepresent the ith bit of bm, cmi-1Represent with mask carry cm i-th -1 Bit.In circuit shown in Fig. 3, there is not any circuit for removing mask and operation, addition mask circuit can be prevented effectively from By power analysis.
Certainly in other preferred embodiments, the XOR circuit shown in Fig. 3 can also be the form of one-level XOR circuit.Then cover Each bit of addend data am, bm after code and the carry of upper bit sum are obtained while being input into XOR circuit and carrying out XOR To the addend with mask and data bit of the bit, and then obtain sum.
As shown in figure 4, the addition mask hardware circuit also includes the counting circuit of carry cm of bit sum, calculating electricity Road includes the first order circuit and second level circuit of series connection, for each bit of addend data after mask and a upper bit The carry of position sum carries out each bit of addend data, the upper bit between any two and after mask using the first order circuit Position and carry and random number m between and computing, carry out by second level circuit or computing with the result of computing, obtain currently The carry of bit sum.
Specifically, first order circuit includes multiple arranged side by side with door, each bit of addend data and upper after mask The carry of bit sum carried out using the first order circuit each bit of addend data between any two and after mask, upper one Bit and carry and random number m between be input into corresponding and door respectively, obtain the result with computing.Second level circuit includes The OR gate of several cascades, input OR gate corresponding with the result of computing is carried out or computing, obtains the carry of current bit position sum.
The present embodiment calculates the implementation process with mask carry cm referring in detail to Fig. 4, obtains initially with first order circuit amiAnd bmiWith result, the am of (to herein refer to "AND" logical operation)iAnd cmi-1With result, bmiAnd cmi-1With result and ami、bmi、cmi-1With m and result, four are input into again second level circuit with the result of door, carry out "or" logical operation, are made It is the carry value with mask.Realized using the hardware circuit of equation below:
(ami&bmi)|(ami&cmi-1)|(bmi&cmi-1)|(ami&bmi&cmi-1&m)=cmi (5)
Will be proven below formula (5) establishment.
Generally calculate as follows into the method for bitmask:
cmi=(ai&bi|ai&ci-1|bi&ci-1)^mi (6)
Then formula (6) can further be melted into equation below:
Further, equation below sets up:
And,
It is apparent that the result that formula (8) and (9) carry out "or" logical operation is formula (7), so as to illustrate the present invention in Hardware circuit implementation shown in Fig. 4 realizes the carry addition with mask, and does not occur the behaviour of mask in calculating process Make.It is not in following operation:
am^m
bm^m
In the calculating process of circuit, there is not any mask that goes and operate, add operation can be effectively prevented The leakage of key information in journey.
The above, the only specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, any Those skilled in the art the invention discloses technical scope in, to the deformation done of the present invention or replacement, all should cover Within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by described scope of the claims.

Claims (10)

1. the addition mask Hardware Implementation of a kind of resisting energy analysis attacks, it is characterised in that comprise the following steps:
S1:The input for arranging addition mask circuit is the addend data and random number m after mask, and random number m is adding after mask The mask of number data;
S2:The cascaded carry that addend data after mask carry out n levels is added by position using the addition mask circuit, wherein, calculate Each bit and when, by a upper bit and carry carry out XOR with the bit of current addend data, covered with obtaining band The sum of code.
2. the addition mask Hardware Implementation of resisting energy analysis attacks according to claim 1, it is characterised in that institute In stating step S2, it is XOR circuit to arrange the addition mask circuit, each bit of the addend data after the mask and A upper bit with the carry corresponding input XOR circuit input, carry out exporting the sum with mask after XOR.
3. the addition mask Hardware Implementation of resisting energy analysis attacks according to claim 2, it is characterised in that institute XOR circuit is stated for one-level or two grades, when the XOR circuit is one-level, each bit of the addend data after the mask The carry of position and upper bit sum be input into simultaneously the XOR circuit carry out XOR obtain the bit band mask and;Work as institute State XOR circuit for two grades when, the addend data after the mask each bit input first order XOR circuit after, output First order XOR result, the first order XOR result again with a upper bit and carry input second level XOR circuit Carry out XOR obtain the bit band mask and.
4. the addition mask Hardware Implementation of resisting energy analysis attacks according to claim 2, it is characterised in that set The first order circuit and second level circuit of series connection are put, for upper after each bit of addend data after mask and mask The carry of bit sum carries out each bit of addend data, the mask between any two and after mask using the first order circuit A rear upper bit and carry and each bit of random number m between and computing, pass through the second level with the result of computing Circuit is carried out or computing, obtains the carry of the current bit position sum after mask.
5. the addition mask Hardware Implementation of resisting energy analysis attacks according to claim 4, it is characterised in that institute State that first order circuit is arranged side by side with door including several, the upper bit after each bit of addend data after mask and mask The carry of position sum carries out each bit of addend data, the upper bit between any two and after mask using the first order circuit Position and carry and each bit of random number m between be input into corresponding and door respectively, obtain the result with computing.
6. the addition mask Hardware Implementation of the resisting energy analysis attacks according to claim 4 or 5, its feature exists Include the OR gate of several cascades in, the second level circuit, it is described it is corresponding with the result of computing be input into the OR gate carry out or Computing, obtains the carry of the current bit position sum after mask.
7. the addition mask hardware circuit of a kind of resisting energy analysis attacks, it is characterised in that cover including input circuit and addition Code circuit, addend data and random number m that the input circuit is used for after input mask, random number m is the addend number after mask According to mask;
The addition mask circuit is used to for the cascaded carry that the addend data after mask carry out n levels to add position, wherein, calculate each Bit and when, by mask after a upper bit and carry carry out XOR with the bit of current addend data, to obtain Sum with mask.
8. the addition mask hardware circuit of resisting energy analysis attacks according to claim 7, it is characterised in that it is described plus Method mask circuit is one-level or two grades of XOR circuits, when the XOR circuit is one-level, the addend data after the mask The carry of each bit and upper bit sum is input into the XOR circuit and carries out XOR and obtain the band of the bit covering simultaneously Code and;When the XOR circuit is two grades, each bit input first order XOR electricity of the addend data after the mask Lu Hou, export first order XOR result, the first order XOR result again with a upper bit and carry be input into second Level XOR circuit carries out the sum with mask that XOR obtains the bit.
9. the addition mask hardware circuit of resisting energy analysis attacks according to claim 8, it is characterised in that also include The counting circuit of the carry of bit sum, the counting circuit includes the first order circuit and second level circuit of series connection, for right A upper bit after each bit of addend data after mask and mask and carry carried out using the first order circuit First bit of each bit of addend data, the carry of upper bit sum and random number m between any two and after mask it Between and computing, carried out by second level circuit or computing with the result of computing, obtain entering for the current bit position sum after mask Position.
10. the addition mask hardware circuit of resisting energy analysis attacks according to claim 9, it is characterised in that described First order circuit includes that several are arranged side by side with door, each bit of addend data after mask and a upper bit and carry The carry of each bit of addend data between any two and after mask, upper bit sum is carried out using the first order circuit And corresponding and door is input into respectively between each bit of random number m, obtain the result with computing;
The second level circuit includes the OR gate of several cascades, it is described it is corresponding with the result of computing be input into the OR gate carry out or Computing, obtains the carry of the current bit position sum after mask.
CN201611125767.2A 2016-12-08 2016-12-08 A kind of the addition mask hardware implementation method and circuit of resisting energy analysis attacks Active CN106656465B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611125767.2A CN106656465B (en) 2016-12-08 2016-12-08 A kind of the addition mask hardware implementation method and circuit of resisting energy analysis attacks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611125767.2A CN106656465B (en) 2016-12-08 2016-12-08 A kind of the addition mask hardware implementation method and circuit of resisting energy analysis attacks

Publications (2)

Publication Number Publication Date
CN106656465A true CN106656465A (en) 2017-05-10
CN106656465B CN106656465B (en) 2019-09-06

Family

ID=58825654

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611125767.2A Active CN106656465B (en) 2016-12-08 2016-12-08 A kind of the addition mask hardware implementation method and circuit of resisting energy analysis attacks

Country Status (1)

Country Link
CN (1) CN106656465B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294700A (en) * 2017-08-22 2017-10-24 兆讯恒达微电子技术(北京)有限公司 Defend bypass attack with logic circuit apparatus and processing method
CN107508663A (en) * 2017-09-05 2017-12-22 成都三零嘉微电子有限公司 A kind of Boolean XOR mask turns the protection circuit of arithmetic addition mask
CN107689863A (en) * 2017-09-05 2018-02-13 成都三零嘉微电子有限公司 A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask
CN112650469A (en) * 2019-10-11 2021-04-13 意法半导体(格勒诺布尔2)公司 Circuit and method for binary flag determination

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752103A (en) * 2012-07-26 2012-10-24 上海爱信诺航芯电子科技有限公司 Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN103888247A (en) * 2014-03-10 2014-06-25 深圳华视微电子有限公司 Data processing system resistant to differential power attack analysis and data processing method thereof
CN104967509A (en) * 2015-05-05 2015-10-07 国家密码管理局商用密码检测中心 ZUC sequence cipher algorithm mask protection method of which the round output is arithmetic mask
CN105790923A (en) * 2016-04-26 2016-07-20 深圳市证通电子股份有限公司 Cipher algorithm anti-power consumption analysis realization method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102752103A (en) * 2012-07-26 2012-10-24 上海爱信诺航芯电子科技有限公司 Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN103888247A (en) * 2014-03-10 2014-06-25 深圳华视微电子有限公司 Data processing system resistant to differential power attack analysis and data processing method thereof
CN104967509A (en) * 2015-05-05 2015-10-07 国家密码管理局商用密码检测中心 ZUC sequence cipher algorithm mask protection method of which the round output is arithmetic mask
CN105790923A (en) * 2016-04-26 2016-07-20 深圳市证通电子股份有限公司 Cipher algorithm anti-power consumption analysis realization method and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294700A (en) * 2017-08-22 2017-10-24 兆讯恒达微电子技术(北京)有限公司 Defend bypass attack with logic circuit apparatus and processing method
CN107294700B (en) * 2017-08-22 2019-11-08 兆讯恒达微电子技术(北京)有限公司 Defend bypass attack with logic circuit apparatus and processing method
CN107508663A (en) * 2017-09-05 2017-12-22 成都三零嘉微电子有限公司 A kind of Boolean XOR mask turns the protection circuit of arithmetic addition mask
CN107689863A (en) * 2017-09-05 2018-02-13 成都三零嘉微电子有限公司 A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask
CN112650469A (en) * 2019-10-11 2021-04-13 意法半导体(格勒诺布尔2)公司 Circuit and method for binary flag determination

Also Published As

Publication number Publication date
CN106656465B (en) 2019-09-06

Similar Documents

Publication Publication Date Title
CN104333447B (en) It is a kind of can resisting energy analysis attacks SM4 methods
CN102752103B (en) Enhanced MASK code method for resisting DES (data encryption standard) power consumption attack
CN106656465A (en) Energy analysis attack resistant addition mask hardware implementation method and circuit
CN103888247A (en) Data processing system resistant to differential power attack analysis and data processing method thereof
CN105846814B (en) For the building method of the quantum current distribution of encryption technology field multiplying
CN103916236B (en) Power attack prevention method oriented at AES algorithm and circuit achieving method thereof
CN106452789B (en) A kind of endorsement method of multi-faceted anti-side-channel attack
CN103795527A (en) Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
CN103986571B (en) A kind of smart card multi-core processor system and its method for defending differential power consumption analysis
CN102546157A (en) Random mixed encryption system for resisting energy analysis and implementation method thereof
CN101938349A (en) S box applicable to hardware realization and circuit realization method thereof
CN106357380B (en) The mask method and device of SM4 algorithm
CN104639502A (en) Mask method and device for resisting power attack in SM4 algorithm
CN104967509B (en) It is a kind of to take turns ZUC stream cipher algorithm mask means of defence of the output for arithmetic mask
CN107306180A (en) Ciphering and deciphering device and its power analysis defence method
CN103199992A (en) Safe frequency hopping sequence construction method based on evolution codes
Xian et al. Fractal sorting vector-based least significant bit chaotic permutation for image encryption
Luo et al. A block cryptographic algorithm for wireless sensor networks based on hybrid chaotic map
CN102932147B (en) Based on the elliptic curve cipher timing attack method of HMM
CN107689863A (en) A kind of arithmetic addition mask turns the protection circuit of Boolean XOR mask
CN106936822A (en) For the mask realization method and system of the anti-high-order bypass analysis of SMS4
CN106788978A (en) Argument decomposes limit door mask new method
Shan et al. A chosen-plaintext method of CPA on SM4 block cipher
CN103684748B (en) Symmetric encryption and decryption method, and symmetric encryption and decryption system
CN105577362B (en) A kind of byte replacement method and system applied to aes algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 200233 Room 704, Building 2, No. 2570 Hechuan Road, Minhang District, Shanghai

Patentee after: Shanghai Hangxin Electronic Technology Co.,Ltd.

Address before: Room 5058, building B, 555 Dongchuan Road, Minhang District, Shanghai

Patentee before: SHANGHAI AISINOCHIP ELECTRONIC TECHNOLOGY Co.,Ltd.