Yingjie Ji,Liji Wu,Xiangmin Zhang,

DOI: https://doi.org/10.1109/ASICON.2009.5351540

2009-01-01

Abstract:In a high performance network security co-processor, the low power masking technique is used to promote the power attack resistant level of the AES crypto engine. Based on the original AES module which shares one S-box when ciphering and decoding, in order to achieve higher security, the novel circuit design of masking is achieved by two ways respectively, one utilized SRAM, the other replicated some modules. Over 1000 different power curves are recorded and compared between the two masked engines and the original one respectively, and over 10000 curves are recorded to show the strength of the masking architecture. The design is verified to be feasible by FPGA.

Jia Zhao,Jun Han,Xiaoyang Zeng,Liang Li,Yunsong Deng

DOI: https://doi.org/10.1109/icasic.2007.4415761

2007-01-01

Abstract:This paper proposes a low cost VLSI implementation of a masked AES algorithm resistant to DPA (Differential Power Analysis) attack. In order to minimize the influence of the modification to the hardware cost while enabling it resistant to DPA, such methods as altering calculation order, module reuse and composite field computation are employed to reduce chip area and maintain its speed. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 48 K equivalent gates and its system frequency is up to 70 MHz. The throughput of the 128-bit data encryption and decryption are as high as 380 Mbit/s.

ZHANG Hui-xia,ZHAO Jian-ping,LI Xiao-li,LU Na

DOI: https://doi.org/10.3969/j.issn.1002-0802.2013.09.024

2013-01-01

Abstract:AES(Advanced encryption standard) is analyzed,and the specific design process and method is given.The AES Algorithm is designed in sequential architecture.As both the encryption module and decryption module use relevant and different initial key and key expansion module,the security of the communication could be strengthened.The 16-bit parallel bus communication interface is used,and the input and 128 output of FIFO data buffer is also employed to cache input data and finish the data encryption.The correctness of algorithm design is verified by ISE 13.1 simulation software.

Anh-Tuan Hoang,Takeshi Fujino

DOI: https://doi.org/10.1145/2617595

IF: 2.837

2014-06-01

ACM Transactions on Reconfigurable Technology and Systems

Abstract:In current countermeasure design trends against differential power analysis (DPA), security at gate level is required in addition to the security algorithm. Several dual-rail pre-charge logics (DPL) have been proposed to achieve this goal. Designs using ASIC can attain this goal owing to its backend design restrictions on placement and routing. However, implementing these designs on field programmable gate arrays (FPGA) without information leakage is still a problem because of the difficulty involved in the restrictions on placement and routing on FPGA. This article describes our novel masked dual-rail pre-charged memory approach, called “intra-masking dual-rail memory (IMDRM) on LUT”, and its implementation on FPGA for Side-Channel Attack-resistant (SCA-resistant) AES. In the proposed design, all unsafe nodes, such as unmasking and masking, and parts of dual-rail memory with unsafe buses (buses that are not masked) are packed into a single LUT. This makes them balanced and independent of the placement and routing tools. Inputs and outputs of all LUTs are masked, and so can be considered safe signals. Several LUTs can be combined to create a safe SBox. The design is independent of the cryptographic algorithm, and hence, it can be applied to available cryptographic standards such as DES or AES as well as future standards. It requires no special placement or route constraints in its implementation. A correlation power analysis (CPA) attack on 1,000,000 traces of AES implementation on FPGA showed that the secret information is well protected against first-order side-channel attacks. Even though the number of LUTs used for memory in this implementation is seven times greater than that of the conventional unprotected single-rail memory table-lookup AES and three times greater than the implementation based on a composite field, it requires a smaller number of LUTs than all other advanced SCA-resistant implementations such as the wave dynamic differential logic, masked dual-rail pre-charge logic, and threshold.

computer science, hardware & architecture

Lijuan Li,Shuguo Li

DOI: https://doi.org/10.23919/FPL.2017.8056803

2017-01-01

Abstract:This paper proposes a high throughput architecture for AES encryption/decryption targeting on the recent FPGAs with 6-input LUTs. Unlike previous works which share multiplicative inverse logics to realize SubBytes and InvSubBytes, the proposed architecture directly employs the look-up-table based Sbox for both SubBytes and InvSubBytes. Efficient reordering and merging techniques are applied to achieve a highly integrated encryption/decryption datapath with reduced area and delay. By sharing Sbox instead of inversion, the encryption datapath remains simple with unchanged MixColumns. For decryption, the linear operations including two inverse Affine functions and InvMixColumns between SubBytes are merged into a new InvMixColumns (NIMC-I) transformation. The NIMC-I is further optimized to reduce resources and share logics with MixColumns. Through loop-unrolling and fair pipelining, the proposed 3-stage subpipelined design achieves 68.82 Gbps on XC7VX330T using 3930 slices and the 5-stage deep-pipelined one achieves 76.19 Gbps on XC6VLX240T using 4426 slices, which outperform previous equivalent designs in terms of throughput per area.

Qiang Liu,Zhenyu Xu,Ye Yuan

DOI: https://doi.org/10.1049/iet-cdt.2014.0101

2015-01-01

IET Computers & Digital Techniques

Abstract:Aiming at protection of high speed data, field programmable gate array (FPGA)-based advanced encryption standard (AES) design is proposed here. Deep investigation into the logical operations of AES with regard to FPGA architectures leads to two efficient pipelining structures for the AES hardware implementation. The two design options allow users to make a trade-off among speed, resource usage and power consumption. In addition, a new key expansion scheme is proposed to address the potential issues of existing key expansion scheme used in AES. The proposed key expansion scheme with additional non-linear operations increases the complexity of cracking keys by up to 2(N - 1) times for N-round AES. The proposed design is evaluated on various FPGA devices and is compared with several existing AES implementations. In terms of both throughput and throughput per slice, the proposed design can overcome most existing designs and achieves a throughput of 75.9 Gbps on a latest FPGA device. Two parallel implementations of the proposed design can meet the real-time encryption/decryption demand for 100 Gbps data rate. Furthermore, the proposed AES design is implemented on the Zynq xc7z020 FPGA platform, demonstrating its application to image encryption.

Wei Wei,Cui Xiaoxin,Wu Di,Li Rui,Ma Kaisheng,Yu Dunshan,Cui Xiaole

DOI: https://doi.org/10.1109/icsict.2012.6466685

2012-01-01

Abstract:A masking scheme of AES algorithm is analyzed, and the optimal masked S-box is implemented in this paper. By using the "tower field" representation, all nonlinear process of unmasked S-box is mapped to multiplication in GF(2), which is a single AND gate in circuits, and power consumption is hidden by using additive masked. In order to further reduce the hardware cost, a simplified masked AND gate is adopted and masks are reused safely. Both gate-level simulation and FPGA testing result have proved that our implementation provides good resistance against DPA attack.

Wei ZHANG,Junxiong GAO,Yunbo WANG,Wenbin WU

DOI: https://doi.org/10.3969/j.issn.1672-9722.2017.03.020

2017-01-01

Abstract:For the encryption and decryption structure of AES is not consistent,an optimized AES algorithm with a unified encryption and decryption process is proposed in this paper.Using the fully pipelined architecture, the proposed circuit achieves an effective tradeoff between speed and resources, among which the S-box and inverse S-box are implemented applying the finite field algorithm based on regular basis.With the analysis of the path delay of each module, the AES round transformation is divided into 6 stages.Results implemented in the Xilinx`s XC7VX485T FPGA show that the hardware resource consumption is 19006LUTs,the maximum frequency is 724.323MHz and the throughput can get to 92.713Gbps, thus obtaining a very good acceleration effect.

Yi-cheng CHEN,Xue-cheng ZOU,Zheng-lin LIU,Xiao-fei CHEN,Yu HAN

DOI: https://doi.org/10.1016/s1005-8885(08)60087-4

2008-01-01

Abstract:It is an important challenge to implement a low- cost power analysis immune advanced encryption standard (AES) circuit. The previous study proves that substitution boxes (S-Boxes) in AES are prone to being attacked, and hard to mask for its non-linear characteristic. Besides, large amounts of circuit resources in chips and power consumption are spent in protecting S-Boxes against power analysis. Thus, a novel power analysis immune scheme is proposed, which divides the data-path of AES into two parts: inhomogeneous S-Boxes instead of fixed S-Boxes are selected randomly to disturb power and logic delay in the non-linear module; at the same time, the general masking strategy is applied in the linear part of AES. This improved AES circuit was synthesized with united microelectronics corporation (UMC) 0.25 μm 1.8 V complementary metal-oxide-semiconductor (CMOS) standard cell library, and correlation power analysis experiments were executed. The results demonstrate that this secure AES implementation has very low hardware cost and can enhance the AES security effectually against power analysis.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

Ye Yuan,Yijun Yang,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/edssc.2018.8487056

2018-01-01

Abstract:Advanced Encryption Standards (AES) defined by National Institute of Standards and Technology (NIST) is widely used for symmetric cryptography. In this paper, a high performance encryption system based on AES is proposed, in which AES can work at all three modes including AES-128, AES-192, and AES-256. In addition, the proposed AES implementation is piped into 4 stages for each round operation with decryption module reusing some circuits of encryption module, which leads to a performance improvement in term of area and throughput. Furthermore, a design of 1 st order mask has been proposed which can resist 1 st order differential (or correlation) power attack. Our design can be easily expanded to other SPN-based primitives.

JI Xiao-yong

2010-01-01

Abstract:This paper mainly describes a less-area FPGA implementation of AES (advanced encryption standard) Encryption algorithm.It tells of AES Algorithm,and its optimal implementation on FPGA with a 16-bit parallel bus communication interface.The AES Algorithm is designed in sequential architecture,and the encryption module and the decryption module share one key expansion module,thus to reduce logic area.Simulation and test indicate that,the data throughput rate could reach 530 Mb/s with a 50 MHz clock.

ZHAO Jia,ZENG Xiao-yang,HAN Jun,CHEN Jun

DOI: https://doi.org/10.1109/icsict.2006.306534

2007-01-01

Abstract:This paper proposes a simplified AES algorithm resistant to zero-value DPA (differential power analysis) attack and its VLSI implementation. This paper makes some improvements to the additive masking AES algorithm to decrease its complexity. Moreover, such methods as module reuse and calculation order alteration are used to reduce chip area while maintaining its speed. Using the HHNEC 0.25mum CMOS process, the scale of the design is about 43K equivalent gates and its system frequency is up to 40MHz. The throughputs of the 128-bit data encryption and decryption are as high as 470Mbit/s

Zhenhao He,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2018.8693229

2018-01-01

Abstract:In order to speed up the HMAC SHA-256 algorithm, this paper proposes a three-stage pipeline hardware implementation of this algorithm. The 3:2 compressor is used to optimize the critical path delay of the hardware. The synthesis verification is performed on Altera’s Cyclone II FPGA platform. The throughput rate reaches 875.22Mbps. After that, the simulation of the correlation power analysis (CPA) is carried out to recover the key of the designed HMAC SHA-256 hardware by using 4000 simulated energy traces, which proves the design’s shortcomings in resisting the power analysis attack. Therefore, a masking scheme is proposed for this CPA attack, and its FPGA synthesis is also fulfilled. The throughput rate of the masked HMAC SHA-256 algorithm reaches 655.66Mbps, which is 25% lower than the one without masking.

Zhiying Wang

2009-01-01

Computer Engineering and Applications Journal

Abstract:Based on the random masking scheme,several fine grained masked primitives are defined.Then all the transformations in AES are decomposed to these primitives.And all the intermediate results are masked by different random values.To implement AES based on randomly masked primitives efficiently,three kinds of extended instructions are defined.Combined with random scheduling scheme,the whole execution flow of AES is presented.It is pointed out that this approach can prevent against first order and high order power analysis attack.Experiment results show that it has the advantage of security,performance and hardware complexity in comparison with several other countermeasures.

An Wang,Man Chen,Zongyue Wang,Xiaoyun Wang

DOI: https://doi.org/10.1109/TCSII.2013.2268379

2013-01-01

Abstract:In 2011, Li presented clockwise collision analysis on nonprotected Advanced Encryption Standard (AES) hardware implementation. In this brief, we first propose a new clockwise collision attack, called fault rate analysis (FRA), on masked AES. Then, we analyze the critical and noncritical paths of the S-box and find that, for its three input bytes, namely, the input value, the input mask, and the output mask, the path relating to the output mask is much shorter than those relating to the other two inputs. Therefore, some sophisticated glitch cycles can be chosen such that the values in the critical path of the whole S-box are destroyed but this short path is not affected. As a result, the output mask does not offer protection to the S-box, which leads to a more efficient attack. Compared with three attacks on masking countermeasures at the Workshop on Cryptographic Hardware and Embedded Systems 2010 and 2011, our method only costs about 8% of their time and 4% of their storage space.

Yongzhuang Wei,Fu Yao,Enes Pasalic,An Wang

DOI: https://doi.org/10.1049/iet-ifs.2018.5244

2019-01-01

IET Information Security

Abstract:In this work, the authors propose some alternative hardware efficient masking schemes dedicated to protect the Advanced Encryption Standard (AES) against higher order differential power analysis (DPA). In general, the existing masking schemes all have in common an intrinsic trade-off between the two main parameters of interest, namely the generation of fresh random masking values and the cost of hardware implementation. The design of efficient masking schemes which are non-expensive in both aspects appears to be a difficult task. In this study, the authors propose a second-order threshold implementation of AES, which is characterised by a beneficial trade-off between the two parameters. More precisely, compared to the masking scheme of De Cnudde <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</italic> at CHES 2016, which currently attains the best practical trade-off, the proposed masking scheme requires 28.4% less random masking bits, whereas the implementation cost is slightly increased for about 13.7% (thus the chip area is 1.4 kGE larger). This masking scheme has been used to implement AES on an field-programmable gate array (FPGA) platform and its resistance against the second-order DPA in a simulated attack environment has been confirmed.

Yuzhuo Fu

2010-01-01

Abstract:Aiming at safety requirements of high speed networks,a study of the hardware implementation of AES encryption algorithm is carried out.According to RFC 3686,AES-CTR working mode is chosen,and the algorithm is analyzed with the method of algebraic induction.The top-down approach is practiced through the design.The complete hardware architecture is constructed in the beginning,the internal modules and external interfaces are defined,the control algorithm is modeled with the finite state machine.The internal logic of function module is designed and the time delay calculated.4-stadge pipeline is used in the design.The codes of AES-128 module Design is simulated and synthesized.The throughput of system reaches 18.13 Gbps on Vitex 5.

Qingfu Cao,Shuguo Li

DOI: https://doi.org/10.1109/ASICON.2009.5351572

2009-01-01

Abstract:This paper proposes a high-throughput cost-effective implementation of AES supporting encryption and decryption with 128-, 192-, and 256-bit cipher key. Optimum irreducible polynomial coefficients are selected to construct the composite field GF(((2(2))(2))(2)) on standard and normal base in order to minimize the gate count in SubBytes/InvSubBytes transformation. In addition, MixCoulmn/InvMixColumn transformations are optimized and the gate count is the least as we know. And then, a novel on-the-fly key expansion structure is applied to improve the throughput. The performance is evaluated on SMIC 0.18 mu m CMOS technology and the design has been verified on FPGA. The throughput can achieve at 1.16Gbps with the cost of only 19476 equivalent NAND2 gates, which outperforms prior works with respect to the parameter throughput per kilo gates with the same process(1).

易立华,邹雪城,刘政林,但永平

DOI: https://doi.org/10.3969/j.issn.1001-3695.2009.06.041

2009-01-01

Abstract:This paper presented a high throughput and low lost AES coprocessor.Reduced area by employing sharing between the encryption and decryption processes,employing composite field Sbox for the SubByte.Improved data throughput by four-stage pipeline in round inner.Inserted registers in key expansion module,assuring synchronization between round and round-key.With an implementation of the this architecture with Virtex II Pro FPGA(90 nm process technology),this area optimized consumes 2 118 slices.The speed of this implementation is 1.8 Gbps.Compared to previous similar implementations,the design achieve high the ratio of throughput/area.