密码学报2024,Vol.11Issue(3):662-680,19.DOI:10.13868/j.cnki.jcr.000701
一种非常紧凑的掩码AES的硬件设计与实现
A Compact Implementation of Masked AES Encryption
摘要
Abstract
Differential power analysis as a powerful side-channel attack has seriously threatened the security of cryptographic algorithms in hardware implementation.Currently,the most effective way to protect against such attacks is to use masking techniques to the cryptographic algorithm.In the AES algorithm,only the S-box is nonlinear,so how to implement the S-box securely and efficiently has always been a research hotspot in the field of cryptography.Based on the research work of Lauren De Meyer and others,this paper proposes a serialized implementation scheme for a masking S-box with known minimum area.Firstly,the Kronecker Delta function used for zero-value processing is serialized,then an 8-bit multiplier module is shared for inversion and conversion between Boolean and multiplicative masking,and finally an affine transformation is added to implement the S-box with minimal area cost.This paper applies the S-box to the AES algorithm and provides a serialized implementation scheme for masking AES,and the area lower bound of this scheme is given.Based on this,the S-box and some structures of the AES algorithm are adjusted to provide a series of trade-offs between area and delay for future work.The experiments show that under comparable random number costs,the first-order and second-order masking implementations of our S-box respectively can reduce the area by 48%and 70%at a certain delay cost.The first-order and second-order masking implementations of the AES algorithm respectively reduced the area by 10%and 21%,and as the security order increases,the optimization of our implementation scheme for the area will further improve.Finally,the security of the proposed implementation is validated in experiments by performing fixed and random Welch T-tests on the trajectories obtained from the SAKURA-G board.For the first-order and second-order masking implementations of the AES algorithm,up to 500 000 curves are collected while no leakage points are found.关键词
S盒/掩码/AES/侧信道攻击/电路面积Key words
S-box/masking/AES/side-channel attack/circuit area分类
信息技术与安全科学引用本文复制引用
隋谦,周佳运,祝一豪,苏杨,许森,王伟嘉..一种非常紧凑的掩码AES的硬件设计与实现[J].密码学报,2024,11(3):662-680,19.基金项目
国家重点研发计划(2021YFA1000600) (2021YFA1000600)
国家自然科学基金面上项目(62372273) (62372273)
泉城省实验室重点项目(QCLZD202306)National Key Research and Development Program of China(2021YFA1000600) (QCLZD202306)
General Program of National Natural Science Foundation of China(62372273) (62372273)
Key Project of Quan Cheng Laboratory(QCLZD202306) (QCLZD202306)
