Yi-cheng CHEN,Xue-cheng ZOU,Zheng-lin LIU,Xiao-fei CHEN,Yu HAN

DOI: https://doi.org/10.1016/s1005-8885(08)60087-4

2008-01-01

Abstract:It is an important challenge to implement a low- cost power analysis immune advanced encryption standard (AES) circuit. The previous study proves that substitution boxes (S-Boxes) in AES are prone to being attacked, and hard to mask for its non-linear characteristic. Besides, large amounts of circuit resources in chips and power consumption are spent in protecting S-Boxes against power analysis. Thus, a novel power analysis immune scheme is proposed, which divides the data-path of AES into two parts: inhomogeneous S-Boxes instead of fixed S-Boxes are selected randomly to disturb power and logic delay in the non-linear module; at the same time, the general masking strategy is applied in the linear part of AES. This improved AES circuit was synthesized with united microelectronics corporation (UMC) 0.25 μm 1.8 V complementary metal-oxide-semiconductor (CMOS) standard cell library, and correlation power analysis experiments were executed. The results demonstrate that this secure AES implementation has very low hardware cost and can enhance the AES security effectually against power analysis.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

Xiangyu Li,Pengyuan Jiao,Chaoqun Yang

DOI: https://doi.org/10.1088/1674-4926/42/3/032402

2021-01-01

Abstract:A side-channel attack (SCA)-resistant AES S-box implementation is proposed, which is an improvement from the power-aware hiding (PAH) S-box but with higher security and a smaller area. We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts. In addition, a delay-matched enable control technique is used to suppress glitches in the masked parts. The evaluation results show that its area is contracted to 63.3% of the full PAH S-box, and its power-delay product is much lower than that of the masking implementation. The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665 000 noiseless traces.

Jiang Jiuxing,Zhao Yuying,Huang Hai,Xie Guanghui,Hou Jiao,Feng Xinxin

DOI: https://doi.org/10.11999/jeit190257

2020-01-01

Abstract:Based on the in-depth research on the S-box constitution arithmetic of composite, an area optimized generic low-entropy higher-order masking scheme is proposed in this paper. The low entropy masking method is introduced on GF(2(4)), and the partial module reusing design is adopted, which reduces effectively the number of multiplications based on the S-box inversion operation of the composite. The algorithm can be applied to any order masking scheme of arbitrary S-box composed of inversion operation. This scheme is applied to AES, gives detailed simulation results and optimizes the layout area, compared with the traditional masking scheme, reduces effectively the use of logical resources. In addition, the security is theoretically proved.

Chaoqun Yang,Xiangyu Li,Shujuan Yin

DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2018.00217

2018-01-01

Abstract:Power-Aware Hiding (PAH) has been proposed as a kind of energy-efficient Side Channel Attacks (SCA) countermeasure for S-boxes. However, it has large area overhead. In this paper, an improved SCA-resistant AES S-box implementation, which is based on PAH technique but has smaller area, is proposed. It implements the S-Box in the masked composited field approach but applies the PAH method to the inversion in GF(2^4). Evaluation result shows that its area is shrunken to 47.7% of the full PAH S-box, and that its power-delay product is about 81% lower than that of the traditional masking implementation. Simulation shows that the PAH inverteru0027s power difference is smaller than the other candidates, including the PAH S-box. It is secure under moment-correlating power analysis with 70,000 noiseless power traces at least.

Yicheng Chen,Xuecheng Zou,Zhenglin Liu,Yu Han,Zhaoxia Zheng

2008-01-01

Abstract:Substitution boxes (S-Boxes) in advanced encryption standard (AES) are vulnerable to attacks by power analysis.The general S-Boxes masking schemes in circuit level need to adjust the design flow and library databases.The masking strategies in algorithm level view each S-Box as an independent module and mask them respectively,which are costly in size and power for non-linear characteristic of S-Boxes. The new method uses dynamic inhomogeneous S-Boxes instead of traditional homogeneous S-Boxes,and arranges the S-Boxes randomly.So the power and data path delay of substitution unit become unpre- dictable.The experimental results demonstrate that this scheme takes advantages of the circuit character- istics of various S-Box implementations to eliminate the correlation between crypto operation and power.It needs less extra circuits and suits resource constrained applications.

Hao Liang,Liji Wu,Xiangmin Zhang,Jiabin Wang

DOI: https://doi.org/10.1109/cis.2014.59

2014-01-01

Abstract:This paper propose a new masking scheme for SM4 s-box based on composite field. Through isomorphism bit matrices, we simplify the calculation by changing finite field inversion from GF(28) toGF(((22)2)2) to reduce the computational difficulty. We carefully modify the inversion to ensure every intermediate value is masked during the process. The theoretical analysis and simulated CPA proves the effectiveness of this method. Thus our method can eliminate the need to pre-compute the s-box every time when the mask is updated, as a result, saves a lot of time and storage room. This method is suitable for implementations with limited resources such as smart cards.

Yongzhuang Wei,Fu Yao,Enes Pasalic,An Wang

DOI: https://doi.org/10.1049/iet-ifs.2018.5244

2019-01-01

IET Information Security

Abstract:In this work, the authors propose some alternative hardware efficient masking schemes dedicated to protect the Advanced Encryption Standard (AES) against higher order differential power analysis (DPA). In general, the existing masking schemes all have in common an intrinsic trade-off between the two main parameters of interest, namely the generation of fresh random masking values and the cost of hardware implementation. The design of efficient masking schemes which are non-expensive in both aspects appears to be a difficult task. In this study, the authors propose a second-order threshold implementation of AES, which is characterised by a beneficial trade-off between the two parameters. More precisely, compared to the masking scheme of De Cnudde <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">et al.</italic> at CHES 2016, which currently attains the best practical trade-off, the proposed masking scheme requires 28.4% less random masking bits, whereas the implementation cost is slightly increased for about 13.7% (thus the chip area is 1.4 kGE larger). This masking scheme has been used to implement AES on an field-programmable gate array (FPGA) platform and its resistance against the second-order DPA in a simulated attack environment has been confirmed.

Thomas De Cnudde,Oscar Reparaz,Begül Bilgin,Svetla Nikova,Ventzislav Nikov,Vincent Rijmen

DOI: https://doi.org/10.1145/2996366.2996428

2016-10-24

Abstract:Masking requires splitting sensitive variables into at least d+1 shares to provide security against DPA attacks at order d. To this date, this minimal number has only been deployed in software implementations of cryptographic algorithms and in the linear parts of their hardware counterparts. So far there is no hardware construction that achieves this lower bound if the function is nonlinear and the underlying logic gates can glitch. In this paper, we give practical implementations of the AES using d+1 shares aiming at first- and second-order security even in the presence of glitches. To achieve this, we follow the conditions presented by Reparaz et al. at CRYPTO 2015 to allow hardware masking schemes, like Threshold Implementations, to provide theoretical higher-order security with d+1 shares. The decrease in number of shares has a direct impact in the area requirements: our second-order DPA resistant core is the smallest in area so far, and its S-box is 50% smaller than the current smallest Threshold Implementation of the AES S-box with similar security and attacker model. We assess the security of our masked cores by practical side-channel evaluations. The security guarantees are met with 100 million traces.

Qianmei Wu,Wei Cheng,Sylvain Guilley,Fan Zhang,Wei Fu

DOI: https://doi.org/10.46586/tches.v2022.i3.192-222

2022-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Code-based masking is a highly generalized type of masking schemes, which can be instantiated into specific cases by assigning different encoders. It captivates by its side-channel resistance against higher-order attacks and the potential to withstand fault injection attacks. However, similar to other algebraically-involved masking schemes, code-based masking is also burdened with expensive computational overhead. To mitigate such cost and make it efficient, we contribute to several improvements to the original scheme proposed by Wang et al. in TCHES 2020. Specifically, we devise a computationally friendly encoder and accordingly accelerate masked gadgets to leverage efficient implementations. In addition, we highlight that the amortization technique introduced by Wang et al. does not always lead to efficient implementations as expected, but actually decreases the efficiency in some cases. From the perspective of practical security, we carry out an extensive evaluation of the concrete security of code-based masking in the real world. On one hand, we select three representative variations of code-based masking as targets for an extensive evaluation. On the other hand, we aim at security assessment of both encoding and computations to investigate whether the state-of-the-art computational framework for code-based masking reaches the security of the corresponding encoding. By leveraging both leakage assessment tool and side-channel attacks, we verify the existence of “security order amplification” in practice and validate the reliability of the leakage quantification method proposed by Cheng et al. in TCHES 2021. In addition, we also study the security decrease caused by the “cost amortization” technique and redundancy of code-based masking. We identify a security bottleneck in the gadgets computations which limits the whole masked implementation. To the best of our knowledge, this is the first time that allows us to narrow down the gap between the theoretical security order under the probing model (sometimes with simulation experiments) and the concrete side-channel security level of protected implementations by code-based masking in practice.

刘政林,曾永红,邹雪城,陈黎明,陈毅成,韩煜

DOI: https://doi.org/10.3969/j.issn.0255-8297.2008.06.013

2008-01-01

Journal of Applied Sciences

Abstract:A full-custom AES S-box architecture based on composite field is proposed.In this S-box,pass transmission gate(PTG) logic style is used to obtain a compact and low-power data-path circuit.Latches controlled by an asynchronous handshake circuit are inserted in the data-path to prevent propagation of the signal glitch,resulting in reduction of the total S-box circuit power.The property of resisting differential power analysis(DPA) attack of the S-box is improved by inserting random delay chains.The layout-simulations for the S-box circuit using 0.25 μm CMOS technology show that it has low power consumption and highsecurity,and remains small-area overhead as in the corresponding composite field S-box.

PAN Hong-liang,GAO De-yuan,ZHANG Sheng-bing,CAO Liang-shuai

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.03.031

2006-01-01

Abstract:S-Box is the key step of hardware implementation of AES, which can be designed by two approaches. The first method is constructing a single circuit directly from the look-up table. The second method is using the inverse transformation in Galois field. This paper first maps an element in GF(28) to the corresponding element in GF(24)2 and expresses the element in GF(24)2 by the linear sum of two elements in GF(24), and then presents a low hardware overhead implementation algorithm of S-Box based on the inverse transformation approach from GF(28) to GF(24). Compared with look-up tables' implementation, this algorithm can reduce area by 57% and is suitable for smart cards or mobile devices that need small area.

Jiangsha Ma,Xiangyu Li,Moyang Wang

DOI: https://doi.org/10.1049/el.2014.1559

2014-01-01

Electronics Letters

Abstract:A power analysis attack countermeasure, called power-awareness-based hiding, is proposed. It is effective in implementing nonlinear operations, S-boxes, in cryptographic algorithms. An advanced encryption standard (AES) S-box circuit has been implemented in this approach using the Domino logic array style. The post-layout simulation results show that the power-aware hiding AES S-box achieves a delay of 1.56 ns and a mean power consumption of 3.57 mW. The proposed method improves the power delay product by 65%, the normalised energy deviation by 43% and the normalised standard deviation by 30% compared to other secure methods.

Yingjie Ji,Liji Wu,Xiangmin Zhang,

DOI: https://doi.org/10.1109/ASICON.2009.5351540

2009-01-01

Abstract:In a high performance network security co-processor, the low power masking technique is used to promote the power attack resistant level of the AES crypto engine. Based on the original AES module which shares one S-box when ciphering and decoding, in order to achieve higher security, the novel circuit design of masking is achieved by two ways respectively, one utilized SRAM, the other replicated some modules. Over 1000 different power curves are recorded and compared between the two masked engines and the original one respectively, and over 10000 curves are recorded to show the strength of the masking architecture. The design is verified to be feasible by FPGA.

ZENG Yong-hong,ZOU Xue-cheng,LIU Zheng-lin,LEI Jian-ming

DOI: https://doi.org/10.3969/j.issn.1004-3365.2007.04.034

IF: 1.992

2007-01-01

Microelectronics Journal

Abstract:S-box is the key step of hardware implementation of Advanced Encryption Standard(AES) and it consumes much of the total power for AES.A new architecture of asynchronous pipeline over composite field was proposed to reduce the total S-box power.In this implementation,level-sensitive latches were inserted in datapath to block the propagation of the dynamic hazards.The opens and closes of latches were controlled by the latch controller based on an asynchronous handshake element,H-element.The circuit was an ASIC based on 0.25 μm CMOS process.Layout simulation shows that the S-box circuit consumes less power than composite field S-box,whilst there is moderate area penalty.The proposed S-box circuit can be embedded in AES cryptographic engine for such applications as smart cards and wireless sensors network node chips.

Zhiying Wang

2009-01-01

Computer Engineering and Applications Journal

Abstract:Based on the random masking scheme,several fine grained masked primitives are defined.Then all the transformations in AES are decomposed to these primitives.And all the intermediate results are masked by different random values.To implement AES based on randomly masked primitives efficiently,three kinds of extended instructions are defined.Combined with random scheduling scheme,the whole execution flow of AES is presented.It is pointed out that this approach can prevent against first order and high order power analysis attack.Experiment results show that it has the advantage of security,performance and hardware complexity in comparison with several other countermeasures.

XUE Bo,ZHOU Yu-jie

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.09.061

2007-01-01

Abstract:S-BOX is one of the most important module of the Advanced Encryption Standard Algorithm. At present, there are two implementation methods, based on look-up table or finite field. However, the former takes up lots of chip area while the latter is not suitable for high speed application. In this paper, an optimized implementation of S-BOX proposed by Chih-Chung Lu[2] is discussed, and all the three implementation methods by using Verilog HDL are described. Experiments indicate that chip area taken by S-BOX is significantly reduced, but not at the expense of greatly increasing the time delay. Finally, the experimental results and their comparisons are listed.

Yu Han,Xuecheng Zou,Zhenglin Liu,Yicheng Chen

DOI: https://doi.org/10.3321/j.issn:1671-4512.2008.05.014

2008-01-01

Abstract:The areas, power consumptions and securities of S-boxes in various very large scale integrate (VLSI) architectures for advanced encryption standard (AES) were analyzed to give a design basis for a VLSI implementation with constrained resource and more secure applications. Different S-box architectures, including look-up table (LUT), galois field (GF(2-4)), decoder-switch-encoder (DSE), were implemented through simulation tools and technology library with 0.25 μm and 1.8 V. The product of power ratio-correlation factor was introduced as a security evaluation to resist power analysis attacks. The experimental results show that the GF solution is characterized by the small-size, high security, and the DSE solution reduces power consumption by a large degree.

Jia Zhao,Jun Han,Xiaoyang Zeng,Liang Li,Yunsong Deng

DOI: https://doi.org/10.1109/icasic.2007.4415761

2007-01-01

Abstract:This paper proposes a low cost VLSI implementation of a masked AES algorithm resistant to DPA (Differential Power Analysis) attack. In order to minimize the influence of the modification to the hardware cost while enabling it resistant to DPA, such methods as altering calculation order, module reuse and composite field computation are employed to reduce chip area and maintain its speed. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 48 K equivalent gates and its system frequency is up to 70 MHz. The throughput of the 128-bit data encryption and decryption are as high as 380 Mbit/s.

Anh-Tuan Hoang,Takeshi Fujino

DOI: https://doi.org/10.1145/2617595

IF: 2.837

2014-06-01

ACM Transactions on Reconfigurable Technology and Systems

Abstract:In current countermeasure design trends against differential power analysis (DPA), security at gate level is required in addition to the security algorithm. Several dual-rail pre-charge logics (DPL) have been proposed to achieve this goal. Designs using ASIC can attain this goal owing to its backend design restrictions on placement and routing. However, implementing these designs on field programmable gate arrays (FPGA) without information leakage is still a problem because of the difficulty involved in the restrictions on placement and routing on FPGA. This article describes our novel masked dual-rail pre-charged memory approach, called “intra-masking dual-rail memory (IMDRM) on LUT”, and its implementation on FPGA for Side-Channel Attack-resistant (SCA-resistant) AES. In the proposed design, all unsafe nodes, such as unmasking and masking, and parts of dual-rail memory with unsafe buses (buses that are not masked) are packed into a single LUT. This makes them balanced and independent of the placement and routing tools. Inputs and outputs of all LUTs are masked, and so can be considered safe signals. Several LUTs can be combined to create a safe SBox. The design is independent of the cryptographic algorithm, and hence, it can be applied to available cryptographic standards such as DES or AES as well as future standards. It requires no special placement or route constraints in its implementation. A correlation power analysis (CPA) attack on 1,000,000 traces of AES implementation on FPGA showed that the secret information is well protected against first-order side-channel attacks. Even though the number of LUTs used for memory in this implementation is seven times greater than that of the conventional unprotected single-rail memory table-lookup AES and three times greater than the implementation based on a composite field, it requires a smaller number of LUTs than all other advanced SCA-resistant implementations such as the wave dynamic differential logic, masked dual-rail pre-charge logic, and threshold.

computer science, hardware & architecture