[go: up one dir, main page]

CN114218588B - Anti-attack block cipher encryption method for multi-scene application - Google Patents

Anti-attack block cipher encryption method for multi-scene application

Info

Publication number
CN114218588B
CN114218588B CN202111504497.7A CN202111504497A CN114218588B CN 114218588 B CN114218588 B CN 114218588B CN 202111504497 A CN202111504497 A CN 202111504497A CN 114218588 B CN114218588 B CN 114218588B
Authority
CN
China
Prior art keywords
encryption
plaintext
round
random number
register
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111504497.7A
Other languages
Chinese (zh)
Other versions
CN114218588A (en
Inventor
赵力强
陈晓棠
王爽
韩旭东
唐虹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
No47 Institute Of China Electronics Technology Group Corp
Original Assignee
No47 Institute Of China Electronics Technology Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by No47 Institute Of China Electronics Technology Group Corp filed Critical No47 Institute Of China Electronics Technology Group Corp
Priority to CN202111504497.7A priority Critical patent/CN114218588B/en
Publication of CN114218588A publication Critical patent/CN114218588A/en
Application granted granted Critical
Publication of CN114218588B publication Critical patent/CN114218588B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明涉及多场景应用的防攻击分组密码加密方法。先通过随机数模块产生的一组随机数预存到寄存器中,通过设计两组轮函数同时加密明文,在加密正确的明文同时用无关密钥加密无关数据干扰当前芯片的功耗曲线,使得攻击者获取的功耗曲线包含无关功耗,加大功耗曲线分析难度,同时在正常运行的10轮加密中插入随机的伪轮,防止故障注入攻击;当无攻击者攻击时,可将两组轮函数同时使用,同时加密两组明文,提升加密速度。

This invention relates to a block cipher encryption method for multi-scenario applications to prevent attacks. First, a set of random numbers generated by a random number module is pre-stored in a register. Two sets of round functions are designed to simultaneously encrypt plaintext. While the plaintext is being encrypted correctly, irrelevant data is encrypted with an irrelevant key to interfere with the current chip's power consumption curve. This causes the power consumption curve obtained by an attacker to include irrelevant power consumption, increasing the difficulty of power consumption curve analysis. Simultaneously, random pseudo-rounds are inserted into the 10 rounds of encryption during normal operation to prevent fault injection attacks. When there is no attacker, both sets of round functions can be used simultaneously to encrypt two sets of plaintext, improving encryption speed.

Description

Anti-attack block cipher encryption method for multi-scene application
Technical Field
The invention belongs to the field of embedded microcontrollers and provides a block cipher encryption method capable of preventing attacks to a certain extent.
Background
With the wide range of applications of smart devices, data security during data encryption will be a matter of concern, and how to defend against an attacker's attack during encryption will be an important aspect of data security. The encryption algorithm has been proved by strict mathematical reasoning when being proposed, and is confirmed to be irreversible under the condition of known ciphertext, but when the encryption process is actually realized, other vulnerabilities are always accompanied, and the secret key can be obtained through simple analysis.
The information leakage in the encryption process is accompanied by the information leakage of the attacker, so that the attacker researches a plurality of attack modes such as energy attack, fault attack and the like, the defense in the encryption process is an important ring in the defense process, different defense means exist for different attack means, new loopholes can be introduced for certain defense means, and the attacker is difficult to obtain effective information by adopting an interference and insertion mode.
Disclosure of Invention
The invention relates to an anti-attack block cipher encryption scheme design applicable to multiple scenes. A group of random numbers generated by a random number module (RNG) are prestored in a register, plaintext is encrypted simultaneously by designing two groups of round functions, and irrelevant data are encrypted by using irrelevant keys at the same time when correct plaintext is encrypted to interfere with a power consumption curve of a current chip, so that the power consumption curve acquired by an attacker contains irrelevant power consumption, the analysis difficulty of the power consumption curve is increased, meanwhile, a random pseudo wheel is inserted into a 10-round AES encryption algorithm which normally operates to prevent fault injection attack, and when no attacker attacks, the two groups of round functions can be used simultaneously, and two groups of plaintext are encrypted simultaneously, thereby improving the encryption speed.
The technical scheme adopted by the invention for realizing the purpose is that the anti-attack block cipher encryption method for multi-scene application is characterized in that before encryption operation is carried out, a random number module writes a plurality of groups of random numbers into a register for use when encryption and random number fetching operations are not carried out, and simultaneously generates a signal that the random numbers are not null, and after plaintext writing, round key generation and encryption operation are carried out simultaneously so as to interfere with the power consumption information in the encryption process.
When idle, the random number module writes random numbers into the random number register to finish the preparation work before encryption and generate data non-idle signals to the controller;
starting an anti-attack mode, starting an encryption mode, and performing a first round of encryption operation and key expansion after writing a plaintext;
Meanwhile, an unequal pseudo round is randomly inserted in the 10 rounds of AES encryption process, after encryption is completed, a correct ciphertext and an interference ciphertext are stored in a corresponding register at the same time, and the correct ciphertext is read;
When the anti-attack mode is not enabled, two plaintext can be written simultaneously for encryption for different application scenarios.
The anti-attack block cipher encryption method for the multi-scene application comprises the following steps:
1) The random number module writes a random number into a random number register in the encryption control module and updates the random number when the random number module is idle;
2) When encryption operation is started, a controller in an encryption control module reads one group of random numbers, and k pseudo-wheels are inserted into an ith wheel according to the value of the first group of random numbers so as to ensure that the real encryption position is random;
3) Writing plaintext, round secret key and random number into round function A, round function B, key expansion A and key expansion B by the controller respectively, starting round function A, round function B, key expansion A and key expansion B at the same time, so that the power consumption generated by round function A, round function B, key expansion A and key expansion B are mutually interfered, writing current ciphertext and round secret key into a certain register after current round encryption is finished, and writing ciphertext and round secret key generated by random number back into the random number register for next use;
4) And 3) returning to the step 3) to circulate the multiple round function encryption process until the current plaintext encryption is completed, and writing the ciphertext into a ciphertext register which can be read by a user to complete one encryption operation.
4. The method for encrypting a block cipher against attack for a multi-scene application according to claim 1, wherein for the encryption of the plaintext, the i-th plaintext is written by the user, the plaintext register is in a full state, the plaintext is read into the controller after the operation is started, and the plaintext register is in an empty state to be written in the i+1th plaintext successively;
after the encryption of the ith plaintext is completed, the ciphertext register is changed into a full state and is read by a user, at the moment, the controller is encrypting the (i+1) th plaintext, and the step 2) is returned until all the plaintext encryption of the user is completed.
And (3) adopting 10 rounds of serial operation, performing one round of encryption data in one period operation, and re-writing the result of the previous round into the round function to perform the next round of operation.
The invention has the following beneficial effects and advantages:
1. The invention adopts the linkage mode of the random number module and the encryption module, the random number module writes data into a specific register when in idle, and the data is called when in encryption, so that the influence on the encryption speed caused by slower data generation of the random number module is prevented, and after the random number is prepared, the control logic can automatically call the random number after the attack prevention is enabled, and the random number is applied in the encryption process.
2. The invention adopts the parallel operation design of two round functions, and the design of one true and one false interferes with the power consumption of the chip, so that an attacker has interference when collecting the power consumption, the attack difficulty is increased, and the false round is inserted between each round function, so that the attacker has increased difficulty when carrying out fault injection.
3. The invention can be applied to other block cipher algorithms as well, in the implementation process, the equivalent cipher algorithms such as AES and DES are designed in the same control logic to reduce the area consumption of a chip, and meanwhile, the same logic part can be designed in a multiplexing way to further reduce the area consumption.
Drawings
Fig. 1 is a block diagram of an encryption algorithm with anti-attack function according to the present invention.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings.
The design idea of the controller with the encryption algorithm with the anti-attack function is as shown in fig. 1:
The operation process of the encryption algorithm is to write data into an algorithm control register through a random number module, and then the controller performs encryption operation until the operation is finished. The method comprises the steps that a random number module (RNG) writes random numbers into a register in an encryption control module, the random numbers are updated when the random number module (RNG) is idle, after 128bit plaintext is written into the register by a user, under the condition that all anti-attack modes are started, when encryption operation is started, one group of random numbers are read by a controller, k pseudo-wheels are inserted into an ith round according to the value of the first group of 128bit random numbers and according to user setting, the fact that the true encryption positions are random is ensured, plaintext and round keys are written into a round function A, a round function B, a key expansion A and a key expansion B by the controller, meanwhile, the power consumption generated by the round function A, the round function B, the key expansion A and the key expansion B are mutually interfered, after current round encryption is finished, the current ciphertext and the round key are written into an internal register, meanwhile, the ciphertext generated by the random numbers and the round key are written into the original register for later use, the random numbers are prevented from being excessively slow to greatly prolong encryption time, the random numbers are reused, the random numbers used for different random numbers are prevented from being used, the round encryption operation is prevented from being repeatedly used, the same for multiple times, the current round encryption operation is written into the register by the user, and the encryption operation is completed after the current round function is repeatedly used, and the encryption process is read by the user, and the encryption process is repeatedly accomplished for multiple times. When the first plaintext is encrypted, the ciphertext register becomes full, and is to be read by a user, at the moment, the controller is in encryption of the second plaintext, the encryption process is performed and the like until all the plaintext encryption of the user is completed.
The round function includes byte substitution, row shifting, column mixing, round key addition. The byte substitution comprises an S box, and 8 bits of data of 16 multiplied by 16 are stored, and as each byte in the S box maps the inverse of the byte in the finite field GF (2 8), the corresponding relation between the input and the output of the S box can be calculated through an extended Euclidean algorithm and matrix transformation. The line shift can be directly transformed and then column mixed, the column mixing is realized by multiplying an operation matrix, and the value after the line shift is multiplied by the matrixWhere the multiplication and addition between matrix elements is a binary operation of the irreducible polynomial m (x) =x 8+x4+x3 +x+1 construct GF (2 8) defined in Z 2 [ x ]. And finally, carrying out round key addition to finish one round of encryption operation.
The control register contains pseudo-round control enabling, parallel operation interference enabling, pseudo-round number and the like. The user can start part of functions according to actual use conditions, and under the condition that parallel operation interference enabling is not started, the round function B can also be applied to an encryption algorithm to operate, so that two groups of plaintext can be encrypted at the same time, and the efficiency is improved.
According to the invention, the encryption algorithm controller uses the random number generated by the random number module to randomly insert the pseudo-wheel and interfere, so that the attack is difficult to acquire correct power consumption and the ongoing process of the chip at the position cannot be judged, and further means such as power consumption analysis, fault attack and the like cannot be used in a targeted manner, and the attack difficulty is increased. In the design, a controller is not only provided with a single encryption algorithm, but also is connected with a plurality of grouping algorithms, such as DES, AES and the like, so that multiplexing design is carried out on part of functions, and the chip area consumption of a control logic part is reduced, so that the control logic can be applied to different use environments according to different requirements by combining different grouping algorithms.

Claims (3)

1. Before encryption operation, a random number module writes several groups of random numbers into a register for use when encryption and random number fetching operations are not performed, and simultaneously generates a signal that the random numbers are not null, and after plaintext writing, round key generation and encryption operations are performed at the same time to interfere with power consumption information in an encryption process;
when idle, the random number module writes random numbers into the random number register to finish the preparation work before encryption and generate data non-idle signals to the controller;
starting an anti-attack mode, starting an encryption mode, and performing a first round of encryption operation and key expansion after writing a plaintext;
Meanwhile, an unequal pseudo round is randomly inserted in the 10 rounds of AES encryption process, after encryption is completed, a correct ciphertext and an interference ciphertext are stored in a corresponding register at the same time, and the correct ciphertext is read;
When the anti-attack mode is not started, two plaintext can be written in simultaneously for encryption so as to be used for different application scenes;
The method comprises the following steps:
1) The random number module writes a random number into a random number register in the encryption control module and updates the random number when the random number module is idle;
2) When encryption operation is started, a controller in an encryption control module reads one group of random numbers, and k pseudo-wheels are inserted into an ith wheel according to the value of the first group of random numbers so as to ensure that the real encryption position is random;
3) Writing plaintext, round keys and random numbers into the round function A, the round function B, the key expansion A and the key expansion B by the controller respectively, starting the round function A, the round function B, the key expansion A and the key expansion B at the same time, so that the power consumption generated by the round function A, the round function B, the key expansion A and the key expansion B are mutually interfered, writing the current ciphertext and the round key into a certain register in the interior after the current round encryption is finished, and writing the ciphertext and the round key generated by the random numbers back into the random number register for the next use;
4) And 3) returning to the step 3) to circulate the multiple round function encryption process until the current plaintext encryption is completed, and writing the ciphertext into a ciphertext register which can be read by a user to complete one encryption operation.
2. The method for encrypting a block cipher against attack for a multi-scene application according to claim 1, wherein for the encryption of the plaintext, the i-th plaintext is written by the user, the plaintext register is in a full state, the plaintext is read into the controller after the operation is started, and the plaintext register is in an empty state to be written in the i+1th plaintext successively;
after the encryption of the ith plaintext is completed, the ciphertext register is changed into a full state and is read by a user, at the moment, the controller is encrypting the (i+1) th plaintext, and the step 2) is returned until all the plaintext encryption of the user is completed.
3. The method for encrypting a multi-scene application anti-attack block cipher according to claim 1, wherein 10 rounds of serial operation are adopted, one round of encrypted data is operated for one cycle, and the result of the previous round is rewritten into the round function for the next round of operation.
CN202111504497.7A 2021-12-10 2021-12-10 Anti-attack block cipher encryption method for multi-scene application Active CN114218588B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111504497.7A CN114218588B (en) 2021-12-10 2021-12-10 Anti-attack block cipher encryption method for multi-scene application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111504497.7A CN114218588B (en) 2021-12-10 2021-12-10 Anti-attack block cipher encryption method for multi-scene application

Publications (2)

Publication Number Publication Date
CN114218588A CN114218588A (en) 2022-03-22
CN114218588B true CN114218588B (en) 2025-11-21

Family

ID=80700764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111504497.7A Active CN114218588B (en) 2021-12-10 2021-12-10 Anti-attack block cipher encryption method for multi-scene application

Country Status (1)

Country Link
CN (1) CN114218588B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI785952B (en) * 2021-12-30 2022-12-01 新唐科技股份有限公司 Cipher accelerator and differential fault analysis method for encryption and decryption operations
CN114531239B (en) * 2022-04-20 2022-08-12 广州万协通信息技术有限公司 Data transmission method and system for multiple encryption keys
CN116722970B (en) * 2023-08-09 2023-11-14 中国科学院长春光学精密机械与物理研究所 Anti-attack gateway security system based on hardware implementation

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101754205A (en) * 2009-12-25 2010-06-23 西安交通大学 Parallelized multi-receiver signcryption method
CN103916235A (en) * 2012-12-28 2014-07-09 北京中电华大电子设计有限责任公司 Power consumption attack defending method by inserting pseudo wheel operation pair randomly
CN112765686A (en) * 2021-01-06 2021-05-07 苏州裕太微电子有限公司 Power consumption attack prevention framework and method for algorithm key in chip

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103647638A (en) * 2013-12-03 2014-03-19 北京中电华大电子设计有限责任公司 DES masking method for resisting side-channel attack
CN105656619B (en) * 2016-02-02 2019-02-26 清华大学无锡应用技术研究院 An AES encryption method and an anti-power attack method based thereon

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101754205A (en) * 2009-12-25 2010-06-23 西安交通大学 Parallelized multi-receiver signcryption method
CN103916235A (en) * 2012-12-28 2014-07-09 北京中电华大电子设计有限责任公司 Power consumption attack defending method by inserting pseudo wheel operation pair randomly
CN112765686A (en) * 2021-01-06 2021-05-07 苏州裕太微电子有限公司 Power consumption attack prevention framework and method for algorithm key in chip

Also Published As

Publication number Publication date
CN114218588A (en) 2022-03-22

Similar Documents

Publication Publication Date Title
CN114218588B (en) Anti-attack block cipher encryption method for multi-scene application
US11743028B2 (en) Protecting block cipher computation operations from external monitoring attacks
CN104734842B (en) Method is resisted in circuits bypass attack based on pseudo-operation
US8428251B2 (en) System and method for stream/block cipher with internal random states
CN104734845B (en) Bypass attack means of defence based on full Encryption Algorithm pseudo-operation
US6295606B1 (en) Method and apparatus for preventing information leakage attacks on a microelectronic assembly
EP1398901B1 (en) Feistel type encryption method and apparatus protected against DPA attacks
AU773982B2 (en) Method for making data processing resistant to extraction of data by analysis of unintended side-channel signals
US10210776B2 (en) DPA protection of a rijndael algorithm
US10187198B2 (en) Protection of a rijndael algorithm
US11258579B2 (en) Method and circuit for implementing a substitution table
Clavier et al. Reverse engineering of a secret AES-like cipher by ineffective fault analysis
JP5136416B2 (en) Pseudorandom number generator, stream cipher processor, and program
CN114428979A (en) Data processing method, device, equipment and system
CA2508160C (en) Table masking for resistance to power analysis attacks
EP1800430A1 (en) Method and apparatus for generating cryptographic sets of instructions automatically and code generation
CN111082918B (en) A two-dimensional random scrambling AES anti-power attack system and method
CN112532373A (en) Differential fault analysis method, system and storage medium for stream cipher algorithm
WO2006067665A1 (en) Data processing device and method for operating such data processing device
KR100737171B1 (en) Low memory masking method for power analysis attack against aria
CN107766725B (en) Template attack resistant data transmission method and system
KR20240046850A (en) Encryption processing apparatus, encryption processing method for encryption processing apparatus, and storage medium
Chen et al. Meet-in-the-middle attack on 4+ 4 rounds of SCARF under single-tweak setting
Montoya et al. Energy-efficient masking of the trivium stream cipher
KR20060068006A (en) Random Bus Scramble Device to Prevent Data Bus Attack by Power Analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant