谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

Kai Luo,Leibo Liu

DOI: https://doi.org/10.2991/icmemtc-16.2016.238

2016-01-01

Abstract:In the paper, an improved plan is proposed based on AES encryption algorithm. Complex mix-column operation in the AES implementation process is simplified by the improved plan, and an anti-power attack technology is further proposed on the basis of implementing the improved plan. The technology is based on hamming weight model theory of power consumption. Power consumption is balanced through complementary operations on the algorithm level. The operation power consumption is always not related with intermediate data produced by encryption algorithm at any time during hardware implementation, thereby hiding power consumption and data information and achieving the purpose of anti-power attack.

ZHANG Hui-xia,ZHAO Jian-ping,LI Xiao-li,LU Na

DOI: https://doi.org/10.3969/j.issn.1002-0802.2013.09.024

2013-01-01

Abstract:AES(Advanced encryption standard) is analyzed,and the specific design process and method is given.The AES Algorithm is designed in sequential architecture.As both the encryption module and decryption module use relevant and different initial key and key expansion module,the security of the communication could be strengthened.The 16-bit parallel bus communication interface is used,and the input and 128 output of FIFO data buffer is also employed to cache input data and finish the data encryption.The correctness of algorithm design is verified by ISE 13.1 simulation software.

Jiangsha Ma,Xiangyu Li,Moyang Wang

DOI: https://doi.org/10.1049/el.2014.1559

2014-01-01

Electronics Letters

Abstract:A power analysis attack countermeasure, called power-awareness-based hiding, is proposed. It is effective in implementing nonlinear operations, S-boxes, in cryptographic algorithms. An advanced encryption standard (AES) S-box circuit has been implemented in this approach using the Domino logic array style. The post-layout simulation results show that the power-aware hiding AES S-box achieves a delay of 1.56 ns and a mean power consumption of 3.57 mW. The proposed method improves the power delay product by 65%, the normalised energy deviation by 43% and the normalised standard deviation by 30% compared to other secure methods.

Ye Yuan,Yijun Yang,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/edssc.2018.8487056

2018-01-01

Abstract:Advanced Encryption Standards (AES) defined by National Institute of Standards and Technology (NIST) is widely used for symmetric cryptography. In this paper, a high performance encryption system based on AES is proposed, in which AES can work at all three modes including AES-128, AES-192, and AES-256. In addition, the proposed AES implementation is piped into 4 stages for each round operation with decryption module reusing some circuits of encryption module, which leads to a performance improvement in term of area and throughput. Furthermore, a design of 1 st order mask has been proposed which can resist 1 st order differential (or correlation) power attack. Our design can be easily expanded to other SPN-based primitives.

Hongying Liu,Ying Zhou,Yibo Fan,Yukiyasu Tsunoo,Satoshi Goto

DOI: https://doi.org/10.1016/j.proeng.2011.08.395

2011-01-01

Abstract:Advanced Encryption Standard (AES) is widely used symmetric cryptographic algorithm due to its ease in implementation on hardware and software. A number of works have been carried out on the reduction of power consumption of AES cores. Furthermore, the security of its implementation against side channel attacks also draws extensive attention. Various countermeasures that protect it from attack have been proposed. However not all of them is sufficient for high throughput applications. In this paper, we design and implement a differential power analysis (DPA) resistant AES core on Side-channel Attack Standard Evaluation Board. It is not only compact but also secure. The throughput is 2.56Gbps at 200MHz. By adding a set of registers and a random generator, the data-dependent encryption is hidden from observation. The experiments of DPA attack substantiate its effectiveness.

Ying Zhou,Guoyu Qian,Yueying Xing,Hongying Liu,Satoshi Goto,Yukiyasu Tsunoo

DOI: https://doi.org/10.1109/ISECS.2010.56

2010-01-01

Abstract:Advanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on revealing the key, more and more people become interested in how to defend DPA attack. In this paper, we propose a method by adding a set of register and a random generator to defend DPA attack. The proposed method has been implemented on SASEBO board. It can process data with 2.56 Gbps at 200 MHz frequency. And we use the DPA attack to prove it can effectively defend the normal DPA attack.

韩军,曾晓洋,赵佳

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.01.004

2010-01-01

Abstract:A VLSI implementation of AES algorithm against both differential power attack and differential fault attack was proposed. The main countermeasures employed in this hardware design are masking technique and two-dimensional parity-based concurrent error detection method. And exploits such methods as separating 128bit calculation into four 32bit calculations, module reuse and optimization of calculation order was exploited to reduce hardware cost. Moreover, a 3 level pipelined structure of AES encryption and decryption is used to improve hardware speed and throughput. The AES IP core based on these techniques can resist two kinds of side channel attacks with reasonable performance and cost.

Xiangyu Li,Pengyuan Jiao,Chaoqun Yang

DOI: https://doi.org/10.1088/1674-4926/42/3/032402

2021-01-01

Abstract:A side-channel attack (SCA)-resistant AES S-box implementation is proposed, which is an improvement from the power-aware hiding (PAH) S-box but with higher security and a smaller area. We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts. In addition, a delay-matched enable control technique is used to suppress glitches in the masked parts. The evaluation results show that its area is contracted to 63.3% of the full PAH S-box, and its power-delay product is much lower than that of the masking implementation. The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665 000 noiseless traces.

Nan Liao,Xiaoxin Cui,Tian Wang,Kai Liao,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/icist.2016.7483412

2016-01-01

Abstract:A high-efficient fault attack on AES S-box is proposed in this paper. Faults are introduced in the encryption process by changing the mapping relationship of S-box. Based on the round in which the faults are introduced, two fault models are presented. Attack results show that the first model only needs 16 faulty ciphertexts to recover the 128-bit secret key. The second fault model is more efficient. In this model, two rounds of attacks are enough to find out the 4-byte round-key based on DFA on the 9th round S-box. For covering all the possible fault situations, influence of multi-byte faults are considered, which effectively improves the attack accuracy and reduces the attack rounds. Compared with previous fault models, our work in this paper shows significant advantage of efficiency.

Yu Bo,Li Xiangyu,Chen Cong,Sun Yihe,Wu Liji,Zhang Xiangmin

DOI: https://doi.org/10.1088/1674-4926/33/6/065009

2012-01-01

Abstract:This paper presents an AES (advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution. Both decryption and encryption procedures of an AES are implemented on the chip. A fine-grained dataflow architecture is proposed, which dynamically exploits intrinsic byte-level independence in the algorithm. A novel circuit called an HMF (Hold-Match-Fetch) unit is proposed for random control, which randomly sets execution orders for concurrent operations. The AES chip was manufactured in SMIC 0.18 μm technology. The average energy for encrypting one group of plain texts (128 bits secrete keys) is 19 nJ. The core area is 0.43 mm2. A sophisticated experimental setup was built to test the DPA resistance. Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack. Compared with the corresponding fixed order execution, the hardware based random order execution is improved by at least 21 times the DPA resistance.

Chaoqun Yang,Xiangyu Li,Shujuan Yin

DOI: https://doi.org/10.1109/TrustCom/BigDataSE.2018.00217

2018-01-01

Abstract:Power-Aware Hiding (PAH) has been proposed as a kind of energy-efficient Side Channel Attacks (SCA) countermeasure for S-boxes. However, it has large area overhead. In this paper, an improved SCA-resistant AES S-box implementation, which is based on PAH technique but has smaller area, is proposed. It implements the S-Box in the masked composited field approach but applies the PAH method to the inversion in GF(2^4). Evaluation result shows that its area is shrunken to 47.7% of the full PAH S-box, and that its power-delay product is about 81% lower than that of the traditional masking implementation. Simulation shows that the PAH inverteru0027s power difference is smaller than the other candidates, including the PAH S-box. It is secure under moment-correlating power analysis with 70,000 noiseless power traces at least.

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

Yingjie Ji,Liji Wu,Xiangmin Zhang,

DOI: https://doi.org/10.1109/ASICON.2009.5351540

2009-01-01

Abstract:In a high performance network security co-processor, the low power masking technique is used to promote the power attack resistant level of the AES crypto engine. Based on the original AES module which shares one S-box when ciphering and decoding, in order to achieve higher security, the novel circuit design of masking is achieved by two ways respectively, one utilized SRAM, the other replicated some modules. Over 1000 different power curves are recorded and compared between the two masked engines and the original one respectively, and over 10000 curves are recorded to show the strength of the masking architecture. The design is verified to be feasible by FPGA.

Xiao-cao QIN,Shu-guo LI

2014-01-01

Abstract:S-Box substitution and inverse S-Box substitution are the major bottleneck for AES algorithm ,which directly affect the speed of AES chip .On the basis of optimizing Q-M simplifying method ,this paper proposes an expression method to implement the S-Box substitution and inverse S-Box substitution in AES algorithm .Compared with the widespread use of the look-up-table method ,the expression method can reduce the delay ,area and power of circuit by 8 .5% ,27 .4% and 17% respectively .

Liguo Dong,Xinliang Ye,Libin Zhuang,Ruidian Zhan,M. Shamim Hossain

DOI: https://doi.org/10.1111/exsy.13664

IF: 3.3

2024-06-27

Expert Systems

Abstract:The threat of side‐channel attacks poses a significant risk to the security of cryptographic algorithms. To counter this threat, we have designed an AES system capable of defending against such attacks, supporting AES‐128, AES‐192, and AES‐256 encryption standards. In our system, the CPU oversees the AES hardware via the AHB bus and employs true random number generation to provide secure random inputs for computations. The hardware implementation of the AES S‐box utilizes complex domain inversion techniques, while intermediate data is shielded using full‐time masking. Furthermore, the system incorporates double‐path error detection mechanisms to thwart fault propagation. Our results demonstrate that the system effectively conceals key power information, providing robust resistance against CPA attacks, and is capable of detecting injected faults, thereby mitigating fault‐based attacks.

computer science, artificial intelligence, theory & methods

Yong-bo HU,Ye-yang ZHENG,Jun YU

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.08.035

2013-01-01

Abstract:(Abstract ) ) ) )This paper proposes a new template attack method in order to improve the efficiency of Advanced Encryption Standard(AES) template attack. This method includes a new attack algorithm and an optimized schedule. This new attack algorithm can access to the whole 128 bit key of AES by establishing Hamming weight template on each nonlinear table and 128 times of template classifications and this optimized schedule includes the preprocessing and principal component analysis of the signal. Experimental results show that this method can improve the efficiency of template attack and also decrease the memory usage and computing. (Key words )Advanced Encryption Standard(AES); side channel signal attack; template attack; Principal Component Analysis(PCA);

Wei Wei,Cui Xiaoxin,Wu Di,Li Rui,Ma Kaisheng,Yu Dunshan,Cui Xiaole

DOI: https://doi.org/10.1109/icsict.2012.6466685

2012-01-01

Abstract:A masking scheme of AES algorithm is analyzed, and the optimal masked S-box is implemented in this paper. By using the "tower field" representation, all nonlinear process of unmasked S-box is mapped to multiplication in GF(2), which is a single AND gate in circuits, and power consumption is hidden by using additive masked. In order to further reduce the hardware cost, a simplified masked AND gate is adopted and masks are reused safely. Both gate-level simulation and FPGA testing result have proved that our implementation provides good resistance against DPA attack.

Nan Liao,Xiaoxin Cui,Tian Wang,Kai Liao,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/cstic.2016.7464078

2016-01-01

Abstract:Random fault attacks against Advanced Encryption Standard (AES) hardware implementation are widely researched. In the previous fault analysis, 6 rounds of attacks are required to recover the correct round-key, which is not efficient enough for extensive analysis. In this paper, a more efficient fault model is proposed. Based on the analysis of theoretical key candidate number, the proposed attack method can complete the analysis as few as 3 rounds. Experiment results shows that nearly 90% of the attacks recover the correct round-key with 3 rounds and in average only 3.125 rounds are required with our proposed attack method.