Protection method for side channel attack and fault attack

A technology of side channel attack and fault attack, applied in secure communication device, encryption device with shift register/memory, digital transmission system, etc. To achieve the effect of easy implementation, reduction of additional resources, and strong security

Active Publication Date: 2014-03-12
STATE GRID CORP OF CHINA +4
4 Cites 18 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0005] As a method of side channel attack, power analysis can only resist power consumption attack, but cannot resist fault attack.
To be able to resist both side-channel analysis and fault attacks, the existing technology needs to add other defense methods, which will take up more resources during implementation
Moreover, in the prior art, each circle opera...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Method used

[0031] Because at the same time, different levels of pipelines are different data participating in the operation, the side information generated when the random number participates in the operation is used as noise to cover up the side information generated by the real data participating in the operation, thereby r...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Abstract

The invention provides a protection method for side channel attack and fault attack. The protection method comprises the following steps of I. dividing operation of block cipher algorithm into a plurality of stages of pipelines; II. inputting real plaintext into two stages of pipelines selected at random, and inputting random number into other stages of pipelines; III. carrying out operation, and then comparing whether the operation results of the two real data are consistent after the operation is finished. The protection method can resist both side channel attack and fault attack, and has strong safety and high execution efficiency.

Application Domain

Technology Topic

Side channel attackPlaintext +3

Image

  • Protection method for side channel attack and fault attack
  • Protection method for side channel attack and fault attack

Examples

  • Experimental program(1)

Example Embodiment

[0029] The present invention will be further described below in conjunction with the accompanying drawings.
[0030] The present invention provides a protection method against side channel attacks and fault attacks, which adopts pipeline technology. The method of the invention is as follows: the operation of the block cipher algorithm is divided into several stages of pipelines, and two stages of pipelines are randomly selected.
[0031] Since the pipelines of different stages at the same time are involved in the operation of different data, the side information generated when the random number participates in the operation is used as noise to mask the side information generated by the real data participating in the operation, so that it can resist side channel attacks.
[0032] By comparing whether the operation results of the two real data are consistent at the end of the operation, if they are consistent, it is considered that there is no fault attack, so that the fault attack can be resisted. The operation refers to an encryption or decryption operation of a block cipher.
[0033] Generally, the number of round operations of a block cipher algorithm is even. It is assumed that the number of round operations of the block cipher algorithm is 2N, and N is a positive integer. It is assumed that each stage of the pipeline contains k round operations. Divide the entire operation into n=2N/k-level pipelines, and k needs to be able to decompose 2N, that is, 2N/k is an integer, and an appropriate number of pipeline stages can be selected according to the limitations of hardware resources, which is convenient and flexible to implement. The input of the two-stage pipeline is randomly selected as the real plaintext, and the input of the remaining (n-2) pipelines is a random number.
[0034] like figure 1 shown, figure 1 In this embodiment, it is assumed that the number of round operations of the block cipher algorithm is 2N, N is a positive integer, and 2N/k is an integer; it is assumed that the input of the first stage and the second stage pipeline is the real plaintext P, the input of the third stage to the nth stage pipeline is a random number. The steps in the operation process are as follows:
[0035] 1. At Time1, the first plaintext P enters the first stage of the pipeline to perform operations from the 1st to the kth round. At this time, the input of the second to nth stage pipelines is a random number, and the second and nth stage pipelines The side information generated by the operation of P will be used as noise to mask the real side information generated by the operation of the plaintext P.
[0036] 2. At Time2, the first plaintext P enters the second-stage pipeline for the k+1 to 2k rounds of operations, and the second plaintext P enters the first-stage pipeline for the 1st to kth rounds of operations. The input of the third stage to the nth stage pipeline is a random number, and the side information generated by its operation will be used as noise to mask the real side information generated by the plaintext P operation.
[0037] 3. At Time3, the first plaintext P enters the third-stage pipeline for operations from 2k+1 to 3k rounds, and the second plaintext P enters the second-level pipeline for operations from k+1 to 2k rounds. The random number enters the first-stage pipeline to perform the operations from the 1st to the k-th round. At this time, the input of the fourth-stage to the n-th pipeline is a random number, and the side information generated by the operation will be used as noise to mask the real side generated by the plaintext P operation. information.
[0038] 4. By analogy, at Time n, the first plaintext P enters the nth stage pipeline to perform operations from (n-1)k+1 to nkth rounds. At this point, the encryption of the first plaintext P is completed, and the first ciphertext C.
[0039] 5. At Time n+1, the second plaintext P will also be encrypted, and the second ciphertext C will be obtained; compare whether the first ciphertext C and the second ciphertext C are equal, if the two ciphertexts are equal It means that no fault is injected during the operation, and the encrypted result is available; otherwise, a corresponding alarm message will be generated.
[0040] Using the DES algorithm as an example to illustrate, the DES algorithm has 16 rounds of operations, which are divided into four-stage pipelines. Each stage of the pipeline contains 4 rounds of operations. The slashed part in the figure indicates that random numbers participate in the pipeline operation of this stage. Specific steps are as follows:
[0041] 1. At Time1, the first plaintext P enters the first-stage pipeline for the first to fourth rounds of operations. At this time, the input of the second-stage to the fourth-stage pipeline is a random number, and the second-stage to the fourth-stage pipeline The side information generated by the operation will act as noise to mask the real side information generated by the plaintext P operation.
[0042] 2. At Time2, the first plaintext P enters the second-stage pipeline for the fifth to eighth rounds of operations, and the second plaintext P enters the first-stage pipeline for the first to fourth rounds of operations. At this time, the third stage to The input of the fourth-stage pipeline is a random number, and the side information generated by its operation will be used as noise to mask the real side information generated by the plaintext P operation.
[0043]3. At Time3, the first plaintext P enters the third-stage pipeline for the 9th to 12th rounds of operations, the second plaintext P enters the second-stage pipeline for the 5th to 8th rounds of operations, and the random number enters the first stage. The pipeline performs the first to fourth rounds of operations. At this time, the input of the fourth-stage pipeline is a random number, and the side information generated by the operation will be used as noise to mask the real side information generated by the plaintext P operation.
[0044] 4. At Time4, the first plaintext P enters the fourth-stage pipeline for the 13th to 16th rounds of operations. At this point, the encryption of the first plaintext P is completed, and the first ciphertext C is obtained;
[0045] The second plaintext P enters the third-stage pipeline for the 9th to 12th rounds of operations, and the random numbers enter the second-stage and first-stage pipelines respectively for the 5th to 8th rounds and the 1st to 4th rounds of operations.
[0046] 5. At Time5, the second plaintext P will also be encrypted, and the second ciphertext C will be obtained.
[0047] Compare whether the first ciphertext C and the second ciphertext C are equal. If the two ciphertexts are equal, it means that no fault was injected during the operation, and the encryption result is available; otherwise, a corresponding alarm message will be generated.
[0048] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention rather than to limit them. Although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: the present invention can still be The specific embodiments of the present invention are modified or equivalently replaced, and any modifications or equivalent replacements that do not depart from the spirit and scope of the present invention shall be included in the scope of the claims of the present invention.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Similar technology patents

A buried cable with a reserved branch port and a manufacturing method thereof

ActiveCN109102928AEasy injection moldingStrong securityInsulated cablesReduction of cables/conductors sizeElectrical and Electronics engineeringInjection moulding
Owner:安徽扬子线缆有限公司

Risk avoiding table and chair

Owner:南京天稻智慧教育科技研究院有限公司

Classification and recommendation of technical efficacy words

  • Strong security
  • Improve execution efficiency

An embedded information security platform

InactiveCN1622517ALow costStrong securityData switching networksSecuring communicationSerial digital interfaceApplication Context
Owner:上海极毅信息科技有限公司

Computing group structure for superlong instruction word and instruction flow multidata stream fusion

InactiveCN101021778AAvoid wasting storage bandwidthImprove execution efficiencyConcurrent instruction executionArchitecture with multiple processing unitsData bufferInstruction sequence
Owner:NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products