Research On Automatic Masking Method Of Block Cipher

As a mainstream information encryption method,block cipher plays an important role in the area of communication networks and information security.However,when the block cipher runs in a physical device,the power consumption would be leaked.In this case,the leaked information can be captured to mount the side channel analysis by the attackers,which usually poses a serious threat to the block cipher.Masking schemes can effectively increase the ability of cryptographic algorithms against side-channel analysis in the level of algorithm,but manual construction of masking schemes reduces the efficiency of masking design.How to automatically generate masking schemes with consumption of less chip area,fresh randomness,registers and other hardware resources appears to be an important task in industry.This thesis focuses on the research topic that designs automated masking schemes with less hardware resources and fresh randomness and its application.The main research results are as follows:1.A new automatic threshold implementation is proposed,and its application of masking protection in LBlock cipher is also investigated.Based on the algebraic structure of the cryptographical S-box,a new first-order automatic threshold implementation without any fresh randomness is presented,where the minimum shared number of the masking scheme is related to the algebraic degree of S-box.Moreover,the experimental results illustrate that the peak value of T-test without masking protection is 10 times the size of the case that this masking scheme is used to the LBlock cipher.Meanwhile,none of any secret key bits can be recovered by collecting 1 million energy traces under differential power analysis.Furthermore,the first-order masking schemes without any fresh randomness for the S-boxes used in SKINNY,Midori,PRESENT,and PRINCE ciphers are also given.2.Some new first-order and second-order d+1 shared masking schemes are proposed,and their application in DEFAULT block cipher is also described.Based on the algebraic structure of its cryptographical S-box,a new first-order and second-order automatic masking scheme without any fresh randomness is respectively presented.Moreover,the experimental results show that the peak value of T-test without masking protection is 10 times the size of the case that this masking scheme is used to the DEFAULT cipher.In particular,none of the secret key bits of DEFAULT cipher with the masking protection can be recovered by using 1 million energy traces.It also implies the masking protection is novel and effective.Furthermore,comparison with the previous first-order and secondorder mask schemes,the fresh randomness of this new scheme is significantly reduced.On the other hand,under the SMIC 130 nm standard cell library,the second-order DEFAULT masking scheme only spends 118.1GE chip area.3.An automatic masking and formal verification tool is presented.In order to avoid the limitations of tedious manual deduction and empirical testing,a tool for automatic firstorder masking generation and verification is designed by using the basic properties of the threshold implementation.The simulation results illustrate that the tool can provide the secure first-order masking scheme for any 4-bit cryptographical S-boxes.More precisely,the correctness,the incompleteness and the uniformity of a given first-order masking scheme can also be effectively verified.