Jia Zhao,Jun Han,Xiaoyang Zeng,Liang Li,Yunsong Deng

DOI: https://doi.org/10.1109/icasic.2007.4415761

2007-01-01

Abstract:This paper proposes a low cost VLSI implementation of a masked AES algorithm resistant to DPA (Differential Power Analysis) attack. In order to minimize the influence of the modification to the hardware cost while enabling it resistant to DPA, such methods as altering calculation order, module reuse and composite field computation are employed to reduce chip area and maintain its speed. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 48 K equivalent gates and its system frequency is up to 70 MHz. The throughput of the 128-bit data encryption and decryption are as high as 380 Mbit/s.

ZHANG Hui-xia,ZHAO Jian-ping,LI Xiao-li,LU Na

DOI: https://doi.org/10.3969/j.issn.1002-0802.2013.09.024

2013-01-01

Abstract:AES(Advanced encryption standard) is analyzed,and the specific design process and method is given.The AES Algorithm is designed in sequential architecture.As both the encryption module and decryption module use relevant and different initial key and key expansion module,the security of the communication could be strengthened.The 16-bit parallel bus communication interface is used,and the input and 128 output of FIFO data buffer is also employed to cache input data and finish the data encryption.The correctness of algorithm design is verified by ISE 13.1 simulation software.

Jia Zhao,Jun Han,Xiaoyang Zeng,Yunsong Deng

DOI: https://doi.org/10.1109/sips.2007.4387536

2009-01-01

Journal of Computer Research and Development

Abstract:This paper proposes a two-dimensional parity-based concurrent error detection method for AES algorithm against differential fault attack. Compared with previous parity-based CED methods, this scheme is able to detect errors in both horizontal and vertical direction in data matrix, therefore it has much higher fault coverage of multiple errors while remains 100% coverage of odd-bit errors. Since all of the parity calculation modules can be used for both horizontal and vertical parity computation, hardware cost of this two-dimensional parity-based CED method is 18%(maximal) higher than those of the traditional methods, whereas the critical path and throughput of this approach remain the same as the ones of traditional ways. It is a novel CED method for AES algorithm against differential fault attack, due to its high efficiency and low cost.

ZHAO Jia,ZENG Xiao-yang,HAN Jun,CHEN Jun

DOI: https://doi.org/10.1109/icsict.2006.306534

2007-01-01

Abstract:This paper proposes a simplified AES algorithm resistant to zero-value DPA (differential power analysis) attack and its VLSI implementation. This paper makes some improvements to the additive masking AES algorithm to decrease its complexity. Moreover, such methods as module reuse and calculation order alteration are used to reduce chip area while maintaining its speed. Using the HHNEC 0.25mum CMOS process, the scale of the design is about 43K equivalent gates and its system frequency is up to 40MHz. The throughputs of the 128-bit data encryption and decryption are as high as 470Mbit/s

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Ye Yuan,Yijun Yang,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/edssc.2018.8487056

2018-01-01

Abstract:Advanced Encryption Standards (AES) defined by National Institute of Standards and Technology (NIST) is widely used for symmetric cryptography. In this paper, a high performance encryption system based on AES is proposed, in which AES can work at all three modes including AES-128, AES-192, and AES-256. In addition, the proposed AES implementation is piped into 4 stages for each round operation with decryption module reusing some circuits of encryption module, which leads to a performance improvement in term of area and throughput. Furthermore, a design of 1 st order mask has been proposed which can resist 1 st order differential (or correlation) power attack. Our design can be easily expanded to other SPN-based primitives.

ZHAO Jia,ZENG Xiao-yang,HAN Jun,CHEN Jun

DOI: https://doi.org/10.1109/asscc.2006.357891

2006-01-01

Abstract:This paper proposes a very low-cost VLSI implementation of AES algorithm. This design splits the 128 bit computation in every round into four 32 bit calculations and exploits 2-level pipeline to finish the process. Moreover, such improvements as module reuse and calculation order optimization, especially low-cost key expansion structure, are used to achieve high performance with very low hardware cost. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 12 K equivalent gates and its system frequency is up to 100 MHz. The throughputs of the 128 bit data encryption and decryption are as high as 256 Mbit/s.

Liguo Dong,Xinliang Ye,Libin Zhuang,Ruidian Zhan,M. Shamim Hossain

DOI: https://doi.org/10.1111/exsy.13664

IF: 3.3

2024-06-27

Expert Systems

Abstract:The threat of side‐channel attacks poses a significant risk to the security of cryptographic algorithms. To counter this threat, we have designed an AES system capable of defending against such attacks, supporting AES‐128, AES‐192, and AES‐256 encryption standards. In our system, the CPU oversees the AES hardware via the AHB bus and employs true random number generation to provide secure random inputs for computations. The hardware implementation of the AES S‐box utilizes complex domain inversion techniques, while intermediate data is shielded using full‐time masking. Furthermore, the system incorporates double‐path error detection mechanisms to thwart fault propagation. Our results demonstrate that the system effectively conceals key power information, providing robust resistance against CPA attacks, and is capable of detecting injected faults, thereby mitigating fault‐based attacks.

computer science, artificial intelligence, theory & methods

Ying Zhou,Guoyu Qian,Yueying Xing,Hongying Liu,Satoshi Goto,Yukiyasu Tsunoo

DOI: https://doi.org/10.1109/ISECS.2010.56

2010-01-01

Abstract:Advanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on revealing the key, more and more people become interested in how to defend DPA attack. In this paper, we propose a method by adding a set of register and a random generator to defend DPA attack. The proposed method has been implemented on SASEBO board. It can process data with 2.56 Gbps at 200 MHz frequency. And we use the DPA attack to prove it can effectively defend the normal DPA attack.

CHEN Jun,WANG Jing,ZENG Xiaoyang,HAN Jun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.04.049

2007-01-01

Abstract:This paper proposes a compact and low cost architecture for AES encrypt and decrypt.As the mathematical manipulation lies on finite filed computation,the orders of the round operation are modified so that the design can reuse some modules to save the area.Meanwhile the element inversion in the SubByte module is performed by composite field technique and the area and power consumption is reduced significantly.Based on the HHNEC 0.25μm CMOS technology,area of the design is about 30k equivalent gates and its system frequency will be up to 100MHz.The operation speed of the 128bits data encryption and decryption is as high as 800Mbps.

Xuefei Bai,Yanhua Xu,Li Guo

DOI: https://doi.org/10.1109/ICCS.2008.4737165

2008-01-01

Abstract:Differential power analysis is of great concern because it can be used to break implementations of almost any symmetric or asymmetric algorithm, and several countermeasures have been proposed to protect implementations of cryptographic algorithms except SMS4 cipher. In the present paper, we focus on the differential power analysis attack on SMS4 cipher, and suggest a secure masking scheme for SMS4 cipher, which is particularly suited for implementation in dedicated hardware. The masking scheme for the inversion presented in this article is based on composite field arithmetic, in which the inversion is shifted from GF(28) down to GF(22). In addition, several methods such as module reuse and changing computing order are employed to reduce circuit area and maintain its speed. Using SMIC 0.18 ¿m CMOS technology, the area of this improved SMS4 cipher is only about 25 k-gates and the frequency could be up to 50 MHz.

Yu Bo,Li Xiangyu,Chen Cong,Sun Yihe,Wu Liji,Zhang Xiangmin

DOI: https://doi.org/10.1088/1674-4926/33/6/065009

2012-01-01

Abstract:This paper presents an AES (advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution. Both decryption and encryption procedures of an AES are implemented on the chip. A fine-grained dataflow architecture is proposed, which dynamically exploits intrinsic byte-level independence in the algorithm. A novel circuit called an HMF (Hold-Match-Fetch) unit is proposed for random control, which randomly sets execution orders for concurrent operations. The AES chip was manufactured in SMIC 0.18 μm technology. The average energy for encrypting one group of plain texts (128 bits secrete keys) is 19 nJ. The core area is 0.43 mm2. A sophisticated experimental setup was built to test the DPA resistance. Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack. Compared with the corresponding fixed order execution, the hardware based random order execution is improved by at least 21 times the DPA resistance.

Wang Jing,Zeng Xiaoyang,Chen Jun

DOI: https://doi.org/10.1109/ICSICT.2006.306501

2007-01-01

Abstract:This paper presents a new architecture to combine AES and ECC. The common calculation module between them is found after discussing algorithms of AES and ECC, and a novel improved multiplier is proposed. The performance of the crucial module is enhanced in two ways. One is adopting 8 parallel arithmetic cores in this work to reduce the complexity of the control part of the module and remove the extra RAM. The other is cutting down the data flow in circulation to make the data computed as compactly as it can afford. As a result, this implementation of ECC and AES is proved more efficient than others. ©2006 IEEE.

Xiaoxin Cui,Rui Li,Wei Wei,Juan Gu,Xiaole Cui

DOI: https://doi.org/10.1109/ASICON.2013.6812024

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two countermeasures against DPA attack. But masking or RDI alone does not prevent DPA attack, they only enhance the difficulty of the attack. This paper proposes a novel countermeasure which associating masking with RDI. Furthermore, multi-masking instead of transformed masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented and verified on Data Encryption Standard (DES) algorithm. The results show that the combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA with only 28% performance penalty.

Xinjie Zhao,Tao Wang,Shize Guo,Fan Zhang,Zhijie Shi,Huiying Liu,Kehui Wu

2011-01-01

Abstract:Introduced in 2009, Algebraic Side-Channel Attack (ASCA) has become a very effective cryptanalysis technique that is different from conventional side-channel attacks such as DPA and CPA. In this paper, we propose an innovative and generic attack framework named as SATETASCA (SAT based Error Tolerant Algebraic Side-Channel Attack). The proposed framework is effective even if the leakage information is not accurate and has large variants or errors. We show its generality by successfully launching SAT-ETASCA to AES on two different platforms, using different types of leakages. The first attack is to an AES implementation on an 8-bit microcontroller, using the Hamming weight leakage model. We demonstrate that SAT-ETASCA can recover the full key even when the obtained leakage information has about 60% errors. The second attack is based on an innovative idea of applying the external cache …

Fan Zhang,Xinjie Zhao,Wei He,Shivam Bhasin,Shize Guo

DOI: https://doi.org/10.1007/s11432-016-0233-0

2017-01-01

Science China Information Sciences

Abstract:>Fault analysis is a very powerful technique to break cryptographic implementations.In particular,bitlevel fault analysis(BLFA),where faults are injected by flipping one or a few isolated bits,are among the most efficient of the lot.BLFA requires both precise fault injection capabilities and sophisticated key extraction skills.Algebraic fault analysis(AFA)[1]is a good analysis technique for BLFA.Compared with differential fault analysis(DFA),AFA relies on the automation from machine solvers.Since it fully utilizes the leakages

Xiuyuan Bi,Liji Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/asicon.2009.5351582

2009-01-01

Abstract:The Power Analysis Attacks have become a major threat to the cryptographic chips, especially in financial fields. Many countermeasures against these attacks have been proposed, and most of these countermeasures are focused on the microcontroller-based implementations. In this paper, a novel VLSI design of 3DES circuit is achieved for IC bankcard, and “Random Insertion of Dummy Cycles” is used against Power Analysis Attacks. Compared with the pure 3DES circuit, the extra cost for performance and extra area are significantly lowered by design optimization. The design has been verified to be feasible by FPGA, and it can keep the secret key secure under the Differential Power Analysis Attacks when the amount of power traces is less than 22,0001.

Yingjie Ji,Liji Wu,Xiangmin Zhang,

DOI: https://doi.org/10.1109/ASICON.2009.5351540

2009-01-01

Abstract:In a high performance network security co-processor, the low power masking technique is used to promote the power attack resistant level of the AES crypto engine. Based on the original AES module which shares one S-box when ciphering and decoding, in order to achieve higher security, the novel circuit design of masking is achieved by two ways respectively, one utilized SRAM, the other replicated some modules. Over 1000 different power curves are recorded and compared between the two masked engines and the original one respectively, and over 10000 curves are recorded to show the strength of the masking architecture. The design is verified to be feasible by FPGA.

Liu Lifei,Cui Xiaole,Ran Yalin,Cui Xiaoxin

DOI: https://doi.org/10.1109/ASICON.2015.7517206

2015-01-01

Abstract:Elliptic Curve Cryptosystem (ECC) is one of the most advantageous cryptosystems because of the shortened number of key bits when compared with RSA at the same security level. However, just as the other cryptosystems, ECC hardware is vulnerable to the side-channel analysis attacks which have been proposed. Power Analysis Attack (PA), as one of the most popular side-channel analysis attacks, is implemented easily, so more and more works concentrate on it. This work proposes a countermeasure to resist against Power Analysis. Then we design a unified hardware architecture which is multi-purpose and implementation to verify the effectiveness of the proposed method. The experiment results of FPGA verification platform show that the protected hardware can defend DPA with up to 105 measured power traces.

Wei Wang,Jie Chen,Fei Xu

DOI: https://doi.org/10.1109/FSKD.2012.6233811

2012-01-01

Abstract:An implementation of high speed AES algorithm based on FPGA is presented in this paper in order to improve the safety of data in transmission. The mathematic principle, encryption process and logic structure of AES algorithm are introduced. So as to reach the porpose of improving the system computing speed, the pipelining and papallel processing methods were used. The simulation results show that the high-speed AES encryption algorithm implemented correctly. Using the method of AES encryption the data could be protected effectively. © 2012 IEEE.