| With the development of cryptography and information technology,the current cryptographic algorithm itself is strong enough to resist traditional cryptanalysis methods,but due to the technological characteristics of the device itself,it will leak information such as power consumption,electromagnetic,time and other information during operation.This information can be exploited by attackers to crack the key.This method is called Side Channel Analysis(SCA).Due to the appearance of the side channel,the encryption algorithm is very destructive,and the attacker can easily crack the key of the encryption chip by using this method.Many chips that apply encryption algorithms are vulnerable to this attack,in which power consumption attacks play an important role and pose a great threat to cryptographic chips.The AES(Advanced Encryption Standard)encryption algorithm is widely used in cryptographic chips.Because the cryptographic chip resources are limited,it is necessary to design an encryption algorithm that is low-cost and resistant to side-channel attacks.The AES encryption algorithm is vulnerable to side-channel attacks,which are usually solved by adding one or more random values or masks.When d-order is involved,each value uses a mask,and the complexity of performing SCA increases exponentially.Therefore,designing a masking scheme with d-order as a security parameter is of great significance to the physical security of cryptographic implementations.This paper proposes a d-order masking scheme based on the power consumption attack technology commonly used in AES.This scheme is based on the hardwareoriented masking scheme published by Ishai et al.in Crypto.The main improvement of the scheme designed in this paper is in two aspects.First,in Chapter three,aiming at the problem of low security of ordinary ASE multiplication,the security multiplication algorithm in the hardware circuit mask scheme of Ishai et al.is applied to the algorithm of this paper to protect the multiplication.The security of the operation is also improved on the random value acquisition algorithm to ensure the efficiency of random value acquisition and the randomness of random values.All random values are added to ensure the security of the intermediate value.Finally,we also added mask protection for the most important key extension of the AES algorithm.After that,the coding design experiment of the scheme in this paper is carried out.By comparing the ordinary AES algorithm and the fixed value mask algorithm,the experimental results show that the scheme in this paper effectively reduces the correlation between theoretical power consumption and practical power consumption,and protects the intermediate value well.It is not leaked,which improves the anti-power attack ability of the AES encryption algorithm,and also verifies the security of the scheme in this paper. |
PDF Full Text Request