高级搜索

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

秘密共享:高阶掩码S盒和有限域安全乘法设计

唐啸霖 冯燕 李明达 李志强

唐啸霖, 冯燕, 李明达, 李志强. 秘密共享:高阶掩码S盒和有限域安全乘法设计[J]. 电子与信息学报, 2024, 46(8): 3400-3409. doi: 10.11999/JEIT231272
引用本文: 唐啸霖, 冯燕, 李明达, 李志强. 秘密共享:高阶掩码S盒和有限域安全乘法设计[J]. 电子与信息学报, 2024, 46(8): 3400-3409. doi: 10.11999/JEIT231272
TANG Xiaolin, FENG Yan, LI Mingda, LI Zhiqiang. Secret Sharing: Design of Higher-Order Masking S-box and Secure Multiplication in Galois Field[J]. Journal of Electronics & Information Technology, 2024, 46(8): 3400-3409. doi: 10.11999/JEIT231272
Citation: TANG Xiaolin, FENG Yan, LI Mingda, LI Zhiqiang. Secret Sharing: Design of Higher-Order Masking S-box and Secure Multiplication in Galois Field[J]. Journal of Electronics & Information Technology, 2024, 46(8): 3400-3409. doi: 10.11999/JEIT231272

秘密共享:高阶掩码S盒和有限域安全乘法设计

doi: 10.11999/JEIT231272 cstr: 32379.14.JEIT231272
基金项目: 国家重点研发计划(2020YFB2104601)
详细信息
    作者简介:

    唐啸霖:男,博士生,研究方向为集成电路硬件安全

    冯燕:女,博士,正高级工程师,研究方向为集成电路硬件安全、IP/SoC设计与验证等

    李明达:男,硕士生,研究方向为集成电路硬件安全

    李志强:男,博士,研究员,博士生导师,研究方向为模拟/射频/毫米波集成电路设计

    通讯作者:

    冯燕 fengyan@ime.ac.cn

  • 中图分类号: TN402

Secret Sharing: Design of Higher-Order Masking S-box and Secure Multiplication in Galois Field

Funds: The National Key R&D Program (2020YFB2104601)
  • 摘要: 在信息时代,信息安全是最不能忽视的重要问题,对密码设备的攻击和防护是该领域的研究热点。近年来,多种对密码设备的攻击已为人所知,其目的都是为了获取设备中的密钥,在众多攻击中,功耗侧信道攻击是最受关注的攻击技术之一 。掩码技术是对抗功耗侧信道攻击的有效方法,然而随着攻击手段的不断进步,1阶掩码的防护已经不足以应对2阶及以上的功耗分析攻击,因此对高阶掩码的研究具有重要的意义。为了提升加密电路抗攻击能力,该文基于秘密共享的思想,对分组密码算法的S盒变换实施了高阶掩码防护——共享型掩码,并基于Ishai等人在Crypto 2003上发表的安全方案(ISW框架)提出了有限域安全乘法的通用设计方法。通过实验表明,该文提出的共享型掩码方案不影响加密算法的功能,同时能抵御1阶和2阶相关功耗分析攻击。
  • 图  1  1阶掩码AES加密流程图

    图  2  共享型AES示意图

    图  3  安全与门电路

    图  4  GF(((22)2)2)求逆操作

    图  5  利用新基底实现求逆运算

    图  6  开发板总体验证方案

    图  7  两种AES能量迹对比

    图  8  1阶相关能量分析攻击验证

    图  9  2阶相关能量分析攻击1阶掩码

    图  10  2阶相关能量分析攻击共享型掩码

    图  11  ${x^{254}}$的最优计算步骤

    1  确定下标(i,j)所属集合

     输入:软件上定义的GF(28)乘法:Gfmult。
     输出:集合Ukk=0,1,2,3,4,5,6,7。
     (1) for ( k=0; k<7; k++ ) do
     (2)  Uk=$\varnothing $;
     (3)  for ( j=0; j<7; j++ ) do
     (4)   b=2 j
     (5)   for ( i=0; i<7; i++ ) do
     (6)    a=2i
     (7)    if (Gfmult(a,b)的二进制表示的第k位等于1) then
     (8)     Uk=Uk ∪ {(i,j)};
      //有限域上乘积的某一比特等于1,将下标加入对应的集合
     (9)    end if
     (10)   end for
     (11) end for
     (12) end for
     (13) return Ukk=0,1,2,3,4,5,6,7;
    下载: 导出CSV

    表  1  下标$(i,j)$分布表

    ai
    c7c6c5c4c3c2c1c0
    bjb076543210
    b16543,72,710,77
    b2543,72,6,71,60,76,76
    b343,72,6,71,5,60,5,76,75,65
    b43,72,6,71,5,60,4,5,74,6,75,64,54
    b52,6,71,5,70,4,5,73,4,63,5,6,74,53,4,73,7
    b61,5,60,4,5,73,4,62,3,52,4,5,6,73,4,72,3,62,6,7
    b70,4,5,73,4,62,3,51,2,4,71,3,4,5,6,72,3,61,2,5,71,5,6
    下载: 导出CSV

    表  2  安全求逆电路面积对比

    实现方式 vivado综合 理论计算
    LUT FF 安全与门 异或门
    文献[8] 992 0 256 740
    文献[9] 299 0 80 234
    3.3.1节两次同构映射 259 0 60 201
    3.3.2节基于正规基的单次映射 285 0 60 246
    下载: 导出CSV
  • [1] 王永娟, 樊昊鹏, 代政一, 等. 侧信道攻击与防御技术研究进展[J]. 计算机学报, 2023, 46(1): 202–228. doi: 10.11897/SP.J.1016.2023.00202.

    WANG Yongjuan, FAN Haopeng, DAI Zhengyi, et al. Advances in side channel attacks and countermeasures[J]. Chinese Journal of Computers, 2023, 46(1): 202–228. doi: 10.11897/SP.J.1016.2023.00202.
    [2] HASNAIN A, ASFIA Y, and KHAWAJA S G. Power profiling-based side-channel attacks on FPGA and Countermeasures: A survey[C]. The 2nd International Conference on Digital Futures and Transformative Technologies (ICoDT2), Rawalpindi, Pakistan, 2022: 106–113. doi: 10.1109/ICoDT255437.2022.9787473.
    [3] KOCHER P, JAFFE J, and JUN B. Differential power analysis[C]. The 19th Annual International Cryptology Conference on Advances in Cryptology - CRYPTO’99, Santa Barbara, USA, 1999: 388–397. doi: 10.1007/3-540-48405-1_25.
    [4] BRIER E, CLAVIER C, and OLIVIER F. Correlation power analysis with a leakage model[C]. The 6th International Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, USA, 2004: 16–29. doi: 10.1007/978-3-540-28632-5_2.
    [5] CHARI S, JUTLA C S, RAO J R, et al. Towards sound approaches to counteract power-analysis attacks[C]. The 19th Annual International Cryptology Conference on Advances in Cryptology - CRYPTO’99, Santa Barbara, USA, 1999: 398–412. doi: 10.1007/3-540-48405-1_26.
    [6] GOLIĆ J D and TYMEN C. Multiplicative masking and power analysis of AES[C]. The 4th International Workshop on Cryptographic Hardware and Embedded Systems - CHES 2002, Redwood Shores, USA, 2002: 198–212. doi: 10.1007/3-540-36400-5_16.
    [7] ISHAI Y, SAHAI A, and WAGNER D. Private circuits: Securing hardware against probing attacks[C]. The 23rd Annual International Cryptology Conference on Advances in Cryptology -- CRYPTO 2003, Santa Barbara, USA, 2003: 463–481. doi: 10.1007/978-3-540-45146-4_27.
    [8] RIVAIN M and PROUFF E. Provably secure higher-order masking of AES[C]. The 12th International Conference on Cryptographic Hardware and Embedded Systems - CHES 2010, Santa Barbara, USA, 2010: 413–427. doi: 10.1007/978-3-642-15031-9_28.
    [9] KIM H S, HONG S, and LIM J. A fast and provably secure higher-order masking of AES S-Box[C]. The 13th International Workshop on Cryptographic Hardware and Embedded Systems – CHES 2011, Nara, Japan, 2011: 95–107. doi: 10.1007/978-3-642-23951-9_7.
    [10] TAOUIL M, ALJUFFRI A, and HAMDIOU S. Power side channel attacks: Where are we standing?[C]. The 16th International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS), Montpellier, France, 2021: 1–6. doi: 10.1109/DTIS53253.2021.9505075.
    [11] SINGHA T B, PALATHINKAL R P, and AHAMED S R. Securing AES designs against power analysis attacks: A survey[J]. IEEE Internet of Things Journal, 2023, 10(16): 14332–14356. doi: 10.1109/JIOT.2023.3265683.
    [12] XU Yongkang, DENG Feng, XU Weihan, et al. Unified coprocessor for high-speed AES-128 and SM4 encryption[C]. The IEEE 6th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), Beijing, China, 2022: 640–644. doi: 10.1109/IAEAC54830.2022.9929737.
    [13] SATOH A, MORIOKA S, TAKANO K, et al. A compact rijndael hardware architecture with S-Box optimization[C]. The 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, Gold Coast, Australia, 2001: 239–254. doi: 10.1007/3-540-45682-1_15.
    [14] WOLKERSTORFER J, OSWALD E, and LAMBERGER M. An ASIC implementation of the AES SBoxes[C]. The Cryptographer’s Track at the RSA Conference 2002, San Jose, USA, 2002: 29–52. doi: 10.1007/3-540-45760-7_6.
    [15] CANRIGHT D. A very compact Rijndael S-box[C]. Cryptographic Hardware and Embedded Systems – CHES 2005, Edinburgh, UK, 2005: 441–455.
    [16] IYER V, WANG Meizhi, KULKARNI J, et al. A systematic evaluation of EM and power side-channel analysis attacks on AES implementations[C]. 2021 IEEE International Conference on Intelligence and Security Informatics (ISI), San Antonio, USA, 2021: 46–51. doi: 10.1109/ISI53945.2021.9624778.
    [17] 段晓毅, 王思翔, 崔琦, 等. 一种带掩码AES算法的高阶差分功耗分析攻击方案[J]. 计算机工程, 2017, 43(10): 120–125. doi: 10.3969/j.issn.1000-3428.2017.10.021.

    DUAN Xiaoyi, WANG Sixiang, CUI Qi, et al. A high-order differential power analysis attack scheme with Masked AES algorithm[J]. Computer Engineering, 2017, 43(10): 120–125. doi: 10.3969/j.issn.1000-3428.2017.10.021.
    [18] 郭筝, 杨正文, 张效林, 等. 一种基于乘法掩码的AES 防护方案[J]. 密码学报, 2023, 10(1): 209–218. doi: 10.13868/j.cnki.jcr.000590.

    GUO Zheng, YANG Zhengwen, ZHANG Xiaolin, et al. A side-channel countermeasure for AES based on multiplication mask[J]. Journal of Cryptologic Research, 2023, 10(1): 209–218. doi: 10.13868/j.cnki.jcr.000590.
    [19] 郭志鹏. 高阶掩码防护方案设计及安全检测技术研究[D]. [博士论文], 武汉大学, 2019.

    GUO Zhipeng. Design of high-order masking scheme and security detection technology[D]. [Ph. D. dissertation], Wuhan University, 2019.
    [20] RAMEZANPOUR K, AMPADU P, and DIEHL W. RS-mask: Random space masking as an integrated countermeasure against power and fault analysis[C]. 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, USA, 2020: 176–187. doi: 10.1109/HOST45689.2020.9300266.
  • 加载中
图(11) / 表(3)
计量
  • 文章访问数:  276
  • HTML全文浏览量:  118
  • PDF下载量:  49
  • 被引次数: 0
出版历程
  • 收稿日期:  2023-11-17
  • 修回日期:  2024-06-19
  • 网络出版日期:  2024-06-30
  • 刊出日期:  2024-08-10

目录

    /

    返回文章
    返回