ZHAO Jia,ZENG Xiao-yang,HAN Jun,CHEN Jun

DOI: https://doi.org/10.1109/icsict.2006.306534

2007-01-01

Abstract:This paper proposes a simplified AES algorithm resistant to zero-value DPA (differential power analysis) attack and its VLSI implementation. This paper makes some improvements to the additive masking AES algorithm to decrease its complexity. Moreover, such methods as module reuse and calculation order alteration are used to reduce chip area while maintaining its speed. Using the HHNEC 0.25mum CMOS process, the scale of the design is about 43K equivalent gates and its system frequency is up to 40MHz. The throughputs of the 128-bit data encryption and decryption are as high as 470Mbit/s

韩军,曾晓洋,赵佳

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.01.004

2010-01-01

Abstract:A VLSI implementation of AES algorithm against both differential power attack and differential fault attack was proposed. The main countermeasures employed in this hardware design are masking technique and two-dimensional parity-based concurrent error detection method. And exploits such methods as separating 128bit calculation into four 32bit calculations, module reuse and optimization of calculation order was exploited to reduce hardware cost. Moreover, a 3 level pipelined structure of AES encryption and decryption is used to improve hardware speed and throughput. The AES IP core based on these techniques can resist two kinds of side channel attacks with reasonable performance and cost.

CHEN Jun,WANG Jing,ZENG Xiaoyang,HAN Jun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.04.049

2007-01-01

Abstract:This paper proposes a compact and low cost architecture for AES encrypt and decrypt.As the mathematical manipulation lies on finite filed computation,the orders of the round operation are modified so that the design can reuse some modules to save the area.Meanwhile the element inversion in the SubByte module is performed by composite field technique and the area and power consumption is reduced significantly.Based on the HHNEC 0.25μm CMOS technology,area of the design is about 30k equivalent gates and its system frequency will be up to 100MHz.The operation speed of the 128bits data encryption and decryption is as high as 800Mbps.

ZHAO Jia,ZENG Xiao-yang,HAN Jun,CHEN Jun

DOI: https://doi.org/10.1109/asscc.2006.357891

2006-01-01

Abstract:This paper proposes a very low-cost VLSI implementation of AES algorithm. This design splits the 128 bit computation in every round into four 32 bit calculations and exploits 2-level pipeline to finish the process. Moreover, such improvements as module reuse and calculation order optimization, especially low-cost key expansion structure, are used to achieve high performance with very low hardware cost. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 12 K equivalent gates and its system frequency is up to 100 MHz. The throughputs of the 128 bit data encryption and decryption are as high as 256 Mbit/s.

Yu Bo,Li Xiangyu,Chen Cong,Sun Yihe,Wu Liji,Zhang Xiangmin

DOI: https://doi.org/10.1088/1674-4926/33/6/065009

2012-01-01

Abstract:This paper presents an AES (advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution. Both decryption and encryption procedures of an AES are implemented on the chip. A fine-grained dataflow architecture is proposed, which dynamically exploits intrinsic byte-level independence in the algorithm. A novel circuit called an HMF (Hold-Match-Fetch) unit is proposed for random control, which randomly sets execution orders for concurrent operations. The AES chip was manufactured in SMIC 0.18 μm technology. The average energy for encrypting one group of plain texts (128 bits secrete keys) is 19 nJ. The core area is 0.43 mm2. A sophisticated experimental setup was built to test the DPA resistance. Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack. Compared with the corresponding fixed order execution, the hardware based random order execution is improved by at least 21 times the DPA resistance.

Bo Yu,Xiangyu Li,Naiwen Zhang,Yihe Sun

DOI: https://doi.org/10.1109/ASSCC.2009.5357254

2009-01-01

Abstract:THUAES06 that implements the standard AES algorithm is characterized by low cost, low power and high differential power analysis (DPA) resisting ability enhancement. The DPA resisting ability enhancement is achieved by using fine grained shuffling as the DPA countermeasure of the main part and implementing vulnerable function unit with dual rail asynchronous circuits. THUAES06 is implemented in SMIC 0.18 mu m technology. Its average energy of encrypting or decrypting one 128 bits plaintext or cipher text is 19nJ if initial key need not be changed. Its core area is 0.43mm(2). The power traces needed to disclose the secrete keys are more than 33,000.

Yingjie Ji,Liji Wu,Xiangmin Zhang,

DOI: https://doi.org/10.1109/ASICON.2009.5351540

2009-01-01

Abstract:In a high performance network security co-processor, the low power masking technique is used to promote the power attack resistant level of the AES crypto engine. Based on the original AES module which shares one S-box when ciphering and decoding, in order to achieve higher security, the novel circuit design of masking is achieved by two ways respectively, one utilized SRAM, the other replicated some modules. Over 1000 different power curves are recorded and compared between the two masked engines and the original one respectively, and over 10000 curves are recorded to show the strength of the masking architecture. The design is verified to be feasible by FPGA.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Ye Yuan,Yijun Yang,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/edssc.2018.8487056

2018-01-01

Abstract:Advanced Encryption Standards (AES) defined by National Institute of Standards and Technology (NIST) is widely used for symmetric cryptography. In this paper, a high performance encryption system based on AES is proposed, in which AES can work at all three modes including AES-128, AES-192, and AES-256. In addition, the proposed AES implementation is piped into 4 stages for each round operation with decryption module reusing some circuits of encryption module, which leads to a performance improvement in term of area and throughput. Furthermore, a design of 1 st order mask has been proposed which can resist 1 st order differential (or correlation) power attack. Our design can be easily expanded to other SPN-based primitives.

Xuefei Bai,Yanhua Xu,Li Guo

DOI: https://doi.org/10.1109/ICCS.2008.4737165

2008-01-01

Abstract:Differential power analysis is of great concern because it can be used to break implementations of almost any symmetric or asymmetric algorithm, and several countermeasures have been proposed to protect implementations of cryptographic algorithms except SMS4 cipher. In the present paper, we focus on the differential power analysis attack on SMS4 cipher, and suggest a secure masking scheme for SMS4 cipher, which is particularly suited for implementation in dedicated hardware. The masking scheme for the inversion presented in this article is based on composite field arithmetic, in which the inversion is shifted from GF(28) down to GF(22). In addition, several methods such as module reuse and changing computing order are employed to reduce circuit area and maintain its speed. Using SMIC 0.18 ¿m CMOS technology, the area of this improved SMS4 cipher is only about 25 k-gates and the frequency could be up to 50 MHz.

Ying Zhou,Guoyu Qian,Yueying Xing,Hongying Liu,Satoshi Goto,Yukiyasu Tsunoo

DOI: https://doi.org/10.1109/ISECS.2010.56

2010-01-01

Abstract:Advanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on revealing the key, more and more people become interested in how to defend DPA attack. In this paper, we propose a method by adding a set of register and a random generator to defend DPA attack. The proposed method has been implemented on SASEBO board. It can process data with 2.56 Gbps at 200 MHz frequency. And we use the DPA attack to prove it can effectively defend the normal DPA attack.

Hongying Liu,Ying Zhou,Yibo Fan,Yukiyasu Tsunoo,Satoshi Goto

DOI: https://doi.org/10.1016/j.proeng.2011.08.395

2011-01-01

Abstract:Advanced Encryption Standard (AES) is widely used symmetric cryptographic algorithm due to its ease in implementation on hardware and software. A number of works have been carried out on the reduction of power consumption of AES cores. Furthermore, the security of its implementation against side channel attacks also draws extensive attention. Various countermeasures that protect it from attack have been proposed. However not all of them is sufficient for high throughput applications. In this paper, we design and implement a differential power analysis (DPA) resistant AES core on Side-channel Attack Standard Evaluation Board. It is not only compact but also secure. The throughput is 2.56Gbps at 200MHz. By adding a set of registers and a random generator, the data-dependent encryption is hidden from observation. The experiments of DPA attack substantiate its effectiveness.

Xiaoxin Cui,Rui Li,Wei Wei,Juan Gu,Xiaole Cui

DOI: https://doi.org/10.1109/ASICON.2013.6812024

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two countermeasures against DPA attack. But masking or RDI alone does not prevent DPA attack, they only enhance the difficulty of the attack. This paper proposes a novel countermeasure which associating masking with RDI. Furthermore, multi-masking instead of transformed masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented and verified on Data Encryption Standard (DES) algorithm. The results show that the combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA with only 28% performance penalty.

Weiwei Yan,Kaidi You,Jun Han,Xiaoyang Zeng

DOI: https://doi.org/10.1109/asicon.2009.5351588

2009-01-01

Abstract:SMS4 algorithm is the first Chinese encryption standard for WLAN released by the Office of State Commercial Cryptography Administrator (OSCCA). AES is an international encryption standard substituting DES in wider range of applications. SMS4 and AES have the similar operation scheme, and both can be employed by the security protocols for robust network. To save cost and improve flexibility, a folded and reconfigurable architecture is proposed in this paper to implement the SMS4 and AES algorithm And it is demonstrated that the VLSI implementation of this design based on SMIC 0.13 um CMOS technology can achieve 200MHz working frequency at very low cost of 22k gates. The simulation results show that the throughput of the proposed design is 800Mbps and 512Mbps when SMS4 and AES are computed respectively, which stratifies the performance requirement of security application in WLAN.1

Wei Wei,Cui Xiaoxin,Wu Di,Li Rui,Ma Kaisheng,Yu Dunshan,Cui Xiaole

DOI: https://doi.org/10.1109/icsict.2012.6466685

2012-01-01

Abstract:A masking scheme of AES algorithm is analyzed, and the optimal masked S-box is implemented in this paper. By using the "tower field" representation, all nonlinear process of unmasked S-box is mapped to multiplication in GF(2), which is a single AND gate in circuits, and power consumption is hidden by using additive masked. In order to further reduce the hardware cost, a simplified masked AND gate is adopted and masks are reused safely. Both gate-level simulation and FPGA testing result have proved that our implementation provides good resistance against DPA attack.

Xiangyu Li,Chaoqun Yang,Jiangsha Ma,Yongchang Liu,Shujuan Yin

DOI: https://doi.org/10.1109/tvlsi.2017.2752212

2017-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Energy-efficient countermeasures to side-channel attacks are required for Internet of Things hardware. This paper proposes a special hiding technique for the substitution operation in block ciphers, which equalizes the power consumption of a circuit by appropriate feedforward compensation and is called power-aware hiding (PAH). A hybrid application configuration, in which PAH is applied to the S-boxes while the left linear operations are protected with a general masking method, is proposed as well. This solution not only has higher energy efficiency but can also be implemented automatically in a semicustom manner. The Advanced Encryption Standard VLSI adopting this solution was implemented and manufactured in 180-nm technology as a demonstration. The implementation issues regarding the countermeasures are discussed in this paper. Testing shows that the chip has a throughput up to 1.175 Gb/s with 18.1-mW power consumption and its number of measurements to disclosure is 13.4 million.

Xiuyuan Bi,Liji Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/asicon.2009.5351582

2009-01-01

Abstract:The Power Analysis Attacks have become a major threat to the cryptographic chips, especially in financial fields. Many countermeasures against these attacks have been proposed, and most of these countermeasures are focused on the microcontroller-based implementations. In this paper, a novel VLSI design of 3DES circuit is achieved for IC bankcard, and “Random Insertion of Dummy Cycles” is used against Power Analysis Attacks. Compared with the pure 3DES circuit, the extra cost for performance and extra area are significantly lowered by design optimization. The design has been verified to be feasible by FPGA, and it can keep the secret key secure under the Differential Power Analysis Attacks when the amount of power traces is less than 22,0001.

Qingfu Cao,Shuguo Li

DOI: https://doi.org/10.1109/ASICON.2009.5351572

2009-01-01

Abstract:This paper proposes a high-throughput cost-effective implementation of AES supporting encryption and decryption with 128-, 192-, and 256-bit cipher key. Optimum irreducible polynomial coefficients are selected to construct the composite field GF(((2(2))(2))(2)) on standard and normal base in order to minimize the gate count in SubBytes/InvSubBytes transformation. In addition, MixCoulmn/InvMixColumn transformations are optimized and the gate count is the least as we know. And then, a novel on-the-fly key expansion structure is applied to improve the throughput. The performance is evaluated on SMIC 0.18 mu m CMOS technology and the design has been verified on FPGA. The throughput can achieve at 1.16Gbps with the cost of only 19476 equivalent NAND2 gates, which outperforms prior works with respect to the parameter throughput per kilo gates with the same process(1).

Jia Zhao,Jun Han,Xiaoyang Zeng,Yunsong Deng

DOI: https://doi.org/10.1109/sips.2007.4387536

2009-01-01

Journal of Computer Research and Development

Abstract:This paper proposes a two-dimensional parity-based concurrent error detection method for AES algorithm against differential fault attack. Compared with previous parity-based CED methods, this scheme is able to detect errors in both horizontal and vertical direction in data matrix, therefore it has much higher fault coverage of multiple errors while remains 100% coverage of odd-bit errors. Since all of the parity calculation modules can be used for both horizontal and vertical parity computation, hardware cost of this two-dimensional parity-based CED method is 18%(maximal) higher than those of the traditional methods, whereas the critical path and throughput of this approach remain the same as the ones of traditional ways. It is a novel CED method for AES algorithm against differential fault attack, due to its high efficiency and low cost.

Wenyi Tang,Song Jia,Yuan Wang

DOI: https://doi.org/10.1587/transele.e99.c.956

2016-01-01

IEICE Transactions on Electronics

Abstract:Side channel attacks (SCAs) on security devices have become a major concern for system security. Existing SCA countermeasures are costly in terms of area and power consumption. This paper presents a novel differential power analysis (DPA) countermeasure referred to as short-time three-phase single-rail precharge logic (STSPL). The proposed logic is based on a single-rail three-phase operation scheme providing effective DPA-resistance with low cost. In the scheme, a controller is inserted to discharge logic gates by reusing evaluation paths to achieve more balanced power consumption. This reduces the latency between different phases, increasing the difficult of the adversary to conduct DPA, compared with the state-of-the-art DPA-resistance logics. To verify the chip's power consumption in practice, a 4-bit ripple carry adder and a 4-bit inverter of AES-SBOX were implemented. The testing and simulation results of DPA attacks prove the security and efficiency of the proposed logic.