ZHANG Hui-xia,ZHAO Jian-ping,LI Xiao-li,LU Na

DOI: https://doi.org/10.3969/j.issn.1002-0802.2013.09.024

2013-01-01

Abstract:AES(Advanced encryption standard) is analyzed,and the specific design process and method is given.The AES Algorithm is designed in sequential architecture.As both the encryption module and decryption module use relevant and different initial key and key expansion module,the security of the communication could be strengthened.The 16-bit parallel bus communication interface is used,and the input and 128 output of FIFO data buffer is also employed to cache input data and finish the data encryption.The correctness of algorithm design is verified by ISE 13.1 simulation software.

Jia Zhao,Jun Han,Xiaoyang Zeng,Liang Li,Yunsong Deng

DOI: https://doi.org/10.1109/icasic.2007.4415761

2007-01-01

Abstract:This paper proposes a low cost VLSI implementation of a masked AES algorithm resistant to DPA (Differential Power Analysis) attack. In order to minimize the influence of the modification to the hardware cost while enabling it resistant to DPA, such methods as altering calculation order, module reuse and composite field computation are employed to reduce chip area and maintain its speed. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 48 K equivalent gates and its system frequency is up to 70 MHz. The throughput of the 128-bit data encryption and decryption are as high as 380 Mbit/s.

Zijing Jiang,Wenhao Yan,Wei Ding,Linlin Yue,Qun Ding

DOI: https://doi.org/10.1142/s0218127422501103

IF: 2.45

2022-06-30

International Journal of Bifurcation and Chaos

Abstract:SCA is one of the biggest threats to the security of encryption chip. It can crack the unprotected encryption chip at lower cost and faster speed, which weakens the security of the SM4 encryption algorithm circuit without any protection. In this paper, the SM4 encryption algorithm is implemented on FPGA. The pseudo-random sequence generated by discrete chaotic system is used to randomly mask the intermediate value in the SM4 encryption process. This will disrupt the power consumption in the encryption process, thus preventing power analysis. Experimental results show that the proposed chaotic mask scheme can effectively prevent intermediate value leakage and protect the SM4 encryption system from power analysis attack.

mathematics, interdisciplinary applications,multidisciplinary sciences

Wei Wei,Cui Xiaoxin,Wu Di,Li Rui,Ma Kaisheng,Yu Dunshan,Cui Xiaole

DOI: https://doi.org/10.1109/icsict.2012.6466685

2012-01-01

Abstract:A masking scheme of AES algorithm is analyzed, and the optimal masked S-box is implemented in this paper. By using the "tower field" representation, all nonlinear process of unmasked S-box is mapped to multiplication in GF(2), which is a single AND gate in circuits, and power consumption is hidden by using additive masked. In order to further reduce the hardware cost, a simplified masked AND gate is adopted and masks are reused safely. Both gate-level simulation and FPGA testing result have proved that our implementation provides good resistance against DPA attack.

Hang Yu,Zhenhao He,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2019.8925299

2019-01-01

Abstract:The SM3-MAC algorithm is a Message Authentication Code (MAC) algorithm based on the SM3 hash algorithm proposed by Office of Security Commercial Code Administration in 2010. In this paper, a masking scheme for SM3-MAC algorithm using key mask is proposed. Then, 5,000 power traces are collected by software simulation with Hamming distance model. We can prove that the unmasked SM3-MAC hardware is vulnerable to first-order power analysis, while the masked SM3-MAC hardware does not have register leakage under the Hamming distance model. After that, the SAKURA-G FPGA board is used to collect two sets of power traces of the masked SM3-MAC hardware, each of which contains 3,000 traces. The Test Vector Leakage Assessment (TVLA) methodology proves that there is a 99.999% chance that no first-order power leakage is detected in the masked SM3-MAC hardware. Finally, the feasibility of second-order power analysis is discussed, and the effects of different pre-processing functions on correlation are investigated. A second-order test has been carried out to analyze the second-order security of the masked SM3-MAC hardware, which proves that there exists second-order leakage.

Qianmei Wu,Wei Cheng,Sylvain Guilley,Fan Zhang,Wei Fu

DOI: https://doi.org/10.46586/tches.v2022.i3.192-222

2022-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Code-based masking is a highly generalized type of masking schemes, which can be instantiated into specific cases by assigning different encoders. It captivates by its side-channel resistance against higher-order attacks and the potential to withstand fault injection attacks. However, similar to other algebraically-involved masking schemes, code-based masking is also burdened with expensive computational overhead. To mitigate such cost and make it efficient, we contribute to several improvements to the original scheme proposed by Wang et al. in TCHES 2020. Specifically, we devise a computationally friendly encoder and accordingly accelerate masked gadgets to leverage efficient implementations. In addition, we highlight that the amortization technique introduced by Wang et al. does not always lead to efficient implementations as expected, but actually decreases the efficiency in some cases. From the perspective of practical security, we carry out an extensive evaluation of the concrete security of code-based masking in the real world. On one hand, we select three representative variations of code-based masking as targets for an extensive evaluation. On the other hand, we aim at security assessment of both encoding and computations to investigate whether the state-of-the-art computational framework for code-based masking reaches the security of the corresponding encoding. By leveraging both leakage assessment tool and side-channel attacks, we verify the existence of “security order amplification” in practice and validate the reliability of the leakage quantification method proposed by Cheng et al. in TCHES 2021. In addition, we also study the security decrease caused by the “cost amortization” technique and redundancy of code-based masking. We identify a security bottleneck in the gadgets computations which limits the whole masked implementation. To the best of our knowledge, this is the first time that allows us to narrow down the gap between the theoretical security order under the probing model (sometimes with simulation experiments) and the concrete side-channel security level of protected implementations by code-based masking in practice.

ZHAO Jia,ZENG Xiao-yang,HAN Jun,CHEN Jun

DOI: https://doi.org/10.1109/icsict.2006.306534

2007-01-01

Abstract:This paper proposes a simplified AES algorithm resistant to zero-value DPA (differential power analysis) attack and its VLSI implementation. This paper makes some improvements to the additive masking AES algorithm to decrease its complexity. Moreover, such methods as module reuse and calculation order alteration are used to reduce chip area while maintaining its speed. Using the HHNEC 0.25mum CMOS process, the scale of the design is about 43K equivalent gates and its system frequency is up to 40MHz. The throughputs of the 128-bit data encryption and decryption are as high as 470Mbit/s

Anh-Tuan Hoang,Takeshi Fujino

DOI: https://doi.org/10.1145/2617595

IF: 2.837

2014-06-01

ACM Transactions on Reconfigurable Technology and Systems

Abstract:In current countermeasure design trends against differential power analysis (DPA), security at gate level is required in addition to the security algorithm. Several dual-rail pre-charge logics (DPL) have been proposed to achieve this goal. Designs using ASIC can attain this goal owing to its backend design restrictions on placement and routing. However, implementing these designs on field programmable gate arrays (FPGA) without information leakage is still a problem because of the difficulty involved in the restrictions on placement and routing on FPGA. This article describes our novel masked dual-rail pre-charged memory approach, called “intra-masking dual-rail memory (IMDRM) on LUT”, and its implementation on FPGA for Side-Channel Attack-resistant (SCA-resistant) AES. In the proposed design, all unsafe nodes, such as unmasking and masking, and parts of dual-rail memory with unsafe buses (buses that are not masked) are packed into a single LUT. This makes them balanced and independent of the placement and routing tools. Inputs and outputs of all LUTs are masked, and so can be considered safe signals. Several LUTs can be combined to create a safe SBox. The design is independent of the cryptographic algorithm, and hence, it can be applied to available cryptographic standards such as DES or AES as well as future standards. It requires no special placement or route constraints in its implementation. A correlation power analysis (CPA) attack on 1,000,000 traces of AES implementation on FPGA showed that the secret information is well protected against first-order side-channel attacks. Even though the number of LUTs used for memory in this implementation is seven times greater than that of the conventional unprotected single-rail memory table-lookup AES and three times greater than the implementation based on a composite field, it requires a smaller number of LUTs than all other advanced SCA-resistant implementations such as the wave dynamic differential logic, masked dual-rail pre-charge logic, and threshold.

computer science, hardware & architecture

Nithyashankari Gummidipoondi Jayasankaran,Hao Guo,Satwik Patnaik,Jeyavijayan,Rajendran,Jiang Hu

2023-07-06

Abstract:The various benefits of multi-tenanting, such as higher device utilization and increased profit margin, intrigue the cloud field-programmable gate array (FPGA) servers to include multi-tenanting in their infrastructure. However, this property makes these servers vulnerable to power side-channel (PSC) attacks. Logic designs such as ring oscillator (RO) and time-to-digital converter (TDC) are used to measure the power consumed by security critical circuits, such as advanced encryption standard (AES). Firstly, the existing works require higher minimum traces for disclosure (MTD). Hence, in this work, we improve the sensitivity of the TDC-based sensors by manually placing the FPGA primitives inferring these sensors. This enhancement helps to determine the 128-bit AES key using 3.8K traces. Secondly, the existing defenses use ROs to defend against PSC attacks. However, cloud servers such as Amazon Web Services (AWS) block design with combinatorial loops. Hence, we propose a placement-based defense. We study the impact of (i) primitive-level placement on the AES design and (ii) additional logic that resides along with the AES on the correlation power analysis (CPA) attack results. Our results showcase that the AES along with filters and/or processors are sufficient to provide the same level or better security than the existing defenses.

Cryptography and Security

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

韩军,曾晓洋,赵佳

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.01.004

2010-01-01

Abstract:A VLSI implementation of AES algorithm against both differential power attack and differential fault attack was proposed. The main countermeasures employed in this hardware design are masking technique and two-dimensional parity-based concurrent error detection method. And exploits such methods as separating 128bit calculation into four 32bit calculations, module reuse and optimization of calculation order was exploited to reduce hardware cost. Moreover, a 3 level pipelined structure of AES encryption and decryption is used to improve hardware speed and throughput. The AES IP core based on these techniques can resist two kinds of side channel attacks with reasonable performance and cost.

Ye Yuan,Yijun Yang,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/edssc.2018.8487056

2018-01-01

Abstract:Advanced Encryption Standards (AES) defined by National Institute of Standards and Technology (NIST) is widely used for symmetric cryptography. In this paper, a high performance encryption system based on AES is proposed, in which AES can work at all three modes including AES-128, AES-192, and AES-256. In addition, the proposed AES implementation is piped into 4 stages for each round operation with decryption module reusing some circuits of encryption module, which leads to a performance improvement in term of area and throughput. Furthermore, a design of 1 st order mask has been proposed which can resist 1 st order differential (or correlation) power attack. Our design can be easily expanded to other SPN-based primitives.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Shuang Qiu,Guoqiang Bai

DOI: https://doi.org/10.1109/ICCCNT.2014.6963131

2014-01-01

Abstract:SM4 (SMS4) algorithm is a block cipher used in the Chinese National Standard for WLAN WAPI. In this paper we investigate the vulnerability of SM4 FPGA (Field Programmable Array) implementation to differential power analysis (DPA). To tackle this issue, we review the theory behind the conventional DPA on DES and AES first. By comparing the differences in algorithm structure, we show that SM4 is more difficult to attack than DES and AES. Then, we concentrate on showing how “chosen-text DPA” can be applied to attack SM4 successfully while the conventional DPA is hardly effective. Experimental results against a FPGA implementation of SM4 demonstrate the inefficient of conventional DPA and the effectiveness of “chosen-text DPA”. In addition, proper countermeasures for SM4 are also discussed according to its DPA-related properties.

Xiaofei Dong,Fan Zhang,Samiya Queshi,Yiran Zhang,Ziyuan Liang,Bolin Yang,Feng Gao

DOI: https://doi.org/10.1109/asianhost.2018.8607162

2018-01-01

Abstract:Random delay insertion is a simple yet rather effective technique to increase the difficulty for traditional power analysis. However as compared to the random masking technique, it is uncommonly used as a countermeasure considering the frequency analysis. In this paper, it is investigated that the frequency analysis may not work as efficiently as expected when facing to advanced random delay countermeasures. Hence, a novel attack is proposed which is in the wavelet domain. After preprocessing the wavelet coefficients of power traces with wavelet decomposition, the effects of multiple random delays can be removed. Two attack strategies are proposed to recover the secret key: either indirectly from the reconstructed power traces without random delays or directly from the processed wavelet coefficients. Our experimental results show that the wavelet-based power analysis attack can perform much better than those frequency-based ones, which is evaluated through several standard metrics to show the efficiency and robustness.

DOI: https://doi.org/10.1007/s13389-023-00312-6

2023-03-28

Journal of Cryptographic Engineering

Abstract:Deep-learning side-channel attacks, applying deep neural networks to side-channel attacks, are known that can easily attack some existing side-channel attack countermeasures such as masking and random jitter. While there have been many studies on profiled deep-learning side-channel attacks, a new approach that involves applying deep learning to non-profiled attacks was proposed in 2018. In our study, we investigate the structure of multi-layer perceptrons and points of interest for non-profiled deep-learning side-channel attacks using the ANSSI database with a masking countermeasure. The results of investigations indicate that it is better to use a simple network model, apply regularization to prevent over-fitting, and select a wide range of power traces that contain side-channel information as the points of interest. We also implemented AES-128 software implementation protected with the Rotating Sboxes Masking countermeasure, which has never been attacked by non-profiled deep-learning side-channel attacks, on the Xmega128 microcontroller and carried out non-profiled deep-learning side-channel attacks against it. Non-profiled deep-learning side-channel attacks successfully recovered all partial keys while the conventional power analysis could not. The attack results also showed that the least significant bit is the adequate selection for successful non-profiled deep-learning side-channel attacks, but the best labeling method may vary depending on the implementation of the countermeasure algorithm. We conducted two experimental analyses to clarify that deep-learning side-channel attacks learn mask values used in the masking countermeasure. One is the gradient visualization used in previous studies, and the other is a new analysis method using partial removal of power traces.

computer science, theory & methods

Zhenhao He,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2018.8693229

2018-01-01

Abstract:In order to speed up the HMAC SHA-256 algorithm, this paper proposes a three-stage pipeline hardware implementation of this algorithm. The 3:2 compressor is used to optimize the critical path delay of the hardware. The synthesis verification is performed on Altera’s Cyclone II FPGA platform. The throughput rate reaches 875.22Mbps. After that, the simulation of the correlation power analysis (CPA) is carried out to recover the key of the designed HMAC SHA-256 hardware by using 4000 simulated energy traces, which proves the design’s shortcomings in resisting the power analysis attack. Therefore, a masking scheme is proposed for this CPA attack, and its FPGA synthesis is also fulfilled. The throughput rate of the masked HMAC SHA-256 algorithm reaches 655.66Mbps, which is 25% lower than the one without masking.

Yan Ting Ren,Li Ji Wu

DOI: https://doi.org/10.4028/www.scientific.net/amr.718-720.2376

2013-01-01

Advanced Materials Research

Abstract:In order to test the security of cryptographic devices against Side Channel Attacks (SCA), an automatic general-purpose power analysis system (TH-PAS-01) is designed and implemented. TH-PAS-01 is scalable and can be applied to many cryptographic devices when specific modules are installed. Using the system TH-PAS-01, correlation power analysis (CPA) are carried out on an AES chip under two working models: normal and shuffling mode. The security level of the countermeasure provided by the target chip is verified by TH-PAS-01. The experimental results show that the correct key of the AES chip is obtained with around 50,000 power traces when the chip was working under normal mode, while the whole key bits are not obtained with 960,000 power traces when the chip works under shuffling mode. The automatic general-purpose system TH-PAS-01 is feasible for security analysis on power analysis for cryptographic devices.

Shaohui Zhang,Liji Wu,Xiangmin Zhang,Xingjun Wu,Xiangyu Li,Huajun Fang

DOI: https://doi.org/10.1109/cis.2015.98

2015-01-01

Abstract:This paper introduces RC4 stream cipher which is widely used in the TLS/SSL protocol and several weaknesses in its algorithm. In order to enhance the security of RC4, this paper proposes a new masking scheme using random number for both input key and the internal states of RC4. This improved RC4 has destroyed the foundation of many attacks on RC4, especially the template attack. The new algorithm is realized based on the SAKURA-G FPGA board, and 1000 power traces and 5000 power traces are acquired from the unmasked and masked RC4 hardware respectively with 256 different input keys. The experiment results show that the proposed masking scheme for RC4 can be effectively resistant to template attack.

Xiuyuan Bi,Liji Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/asicon.2009.5351582

2009-01-01

Abstract:The Power Analysis Attacks have become a major threat to the cryptographic chips, especially in financial fields. Many countermeasures against these attacks have been proposed, and most of these countermeasures are focused on the microcontroller-based implementations. In this paper, a novel VLSI design of 3DES circuit is achieved for IC bankcard, and “Random Insertion of Dummy Cycles” is used against Power Analysis Attacks. Compared with the pure 3DES circuit, the extra cost for performance and extra area are significantly lowered by design optimization. The design has been verified to be feasible by FPGA, and it can keep the secret key secure under the Differential Power Analysis Attacks when the amount of power traces is less than 22,0001.