一种基于随机求反的S盒抗DPA攻击安全结构-《计算机技术与发展》

文章信息/Info

Title:: A Secure Structure of S-Box Against DPA Attack Based on Random Complement

文章编号:: 1673-629X(2024)11-0109-08

作者:: 胡晓婷1; 戴泽龙1*; 覃中平2; 巩固1; 1. 江苏师范大学计算机科学与技术学院,江苏徐州 221000;2. 华中科技大学软件学院,湖北武汉 430070

Author(s):: HU Xiao-ting1; DAI Ze-long1*; QIN Zhong-ping2; GONG Gu1; 1. School of Computer Science and Technology,Jiangsu Normal University,Xuzhou 221000,China;2. School of Software,Huazhong University of Science and Technology,Wuhan 430070,China

关键词:: 复合域; S盒; 随机求反; 抗DPA攻击; 安全结构; 高级加密标准

Keywords:: composite field; S-box; random complement; anti-DPA attack; secure structure; advanced encryption standard (AES)

分类号:: TP309.2;TN918.4

DOI:: 10.20165/j.cnki.ISSN1673-629X.2024.0229

摘要:: DPA 攻击(差分功耗攻击)作为一种重要的侧信道攻击方法,因其成功率较高而成为加密算法面临的主要威胁之一。 S 盒是分组加密算法(高级加密标准(AES)、国产商业密码(SM4)等)中唯一的非线性运算,很大程度上决定了相关加密算法的安全性。 S 盒的实现主要分为:查表法、组合逻辑和复合域方法。复合域方法因将 S 盒中的 GF(28)域上的求逆运算分解到低阶域上而使其硬件实现具有高性能、低面积等优势。该文提出了一种基于随机求反的复合域 S 盒抗 DPA 攻击安全结构,并据此设计了两类抗 DPA 攻击的 AES 安全结构:一种是基于随机取反的 AES 安全结构(RC-AES 安全结构),另一种是基于随机取反与一阶掩码结合的 AES 安全结构(RC-M-AES 安全结构)。实验证明,相较于已知文献中基于掩码保护的 AES,该文提出的 RC-AES 结构只需增加微小的面积开销就能有效抵抗 DPA 攻击,展现出显著的面积优势。同时,RC-M-AES 安全结构能在微小面积开销下,构建出比单独掩码方案更安全的密码芯片结构。此外,提出的 S 盒安全结构不仅适用于 AES,也适用于任何以替换函数作为唯一非线性运算的加密算法,具有较好的通用性。

Abstract:: As an important side channel attack method,DPA attack ( differential power analysis attack) has become one of the main threats to encryption algorithms due to its high success rate. In the block cipher algorithms (AES,SM4,etc. ),S-box is the only one non-linear operation,which significantly influences the security of the corresponding encryption algorithms. Typically,there are usually three methods that can be employed to implement S - Box: look - up table method, combination logic, and composite field method.Comparatively,composite field method can offer advantages in hardware implementation such as high performance and low area by de-composing the inversion operation on GF(28) in S-Box into a low-order field. We propose a composite field S-box secure structure against DPA attack based on random complement,and accordingly design two types of AES security structures against DPA attacks. One is based on random complement of S-box (RC-AES),the other is based on the combination of random complement of S-box and first-order masking (RC-M-AES). Experimental results demonstrated that RC-AES structure can effectively anti-DPA attacks with only a small increase in area overhead compared with AES based on masking protection in known literatures. It implies that the proposed RC-AES structure has a significant area advantage. At the same time,RC-M-AES structure can gain a higher security by combining random complement and first-order masking with a small area overhead compared with that based on pure masking technology. Furthermore,the proposed S-box secure structure has good generality,and it can be applied to not only AES but also any encryption algorithm using sub-stitution functions to be the only non-linear operation.

相似文献/References:

[1]郑东王友仁张砦.AES中字节代换和列混合的硬件可逆设计[J].计算机技术与发展,2009,(07):191.
　ZHENG Dong,WANG You-ren,ZHANG Zhai.Reversible Hardware Designs of ByteSub and MixColunm in AES[J].,2009,(11):191.
[2]吴杨矫文成赵新杰王韬吴克辉.引入Hash函数的抗差分故障分析模型研究[J].计算机技术与发展,2011,(05):166.
　WU Yang,JIAO Wen-cheng,ZHAO Xin-jie,et al.Research in Anti-DFA Model with Hash Function[J].,2011,(11):166.
[3]解双建原亮谢方方.DES算法原理及其FPGA实现[J].计算机技术与发展,2011,(07):158.
　XIE Shuang-jian,YUAN Liang,XIE Fang-fang.The Principle of DES Algorithm and Realization on FPGA[J].,2011,(11):158.
[4]闫庆文,郭影*,刘文芬,等.一种灵活性高的16比特S盒设计方法[J].计算机技术与发展,2025,(03):91.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0339]
　YAN Qing-wen,GUO Ying*,LIU Wen-fen,et al.A Design Method of 16-bit S-box with High Flexibility[J].,2025,(11):91.[doi:10.20165/j.cnki.ISSN1673-629X.2024.0339]

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

文章信息/Info

相似文献/References:

常用功能

导航/Navigate

工具/Tools

统计/Statistics