基于动态补偿的椭圆曲线密码低成本抗功耗攻击策略及硬件结构研究

椭圆曲线密码(ECC)芯片的抗功耗攻击能力往往以电路性能、面积或功耗为代价.该文分析了在椭圆曲线密码点乘运算中密钥猜测正确与错误时的中间数据汉明距离概率分布差异性,提出一种基于动态汉明距离调控的功耗补偿方法,利用模拟退火算法离线寻找最优的映射矩阵,最终形成椭圆曲线密码硬件电路的等概率映射补偿模型,大大降低了中间数据与功耗的相关性.同时,以该模型为指导设计了低成本的同步功耗补偿电路,在CMOS 40 nm工艺下,防护后的ECC128电路面积增加22.8％.基于Sakura-G开发板开展了测试验证,防护电路的功耗仅增加18.8％,最小泄露轨迹数大于104,抗相关功耗分析能力提升了312倍.该策略在与随机化方法防护能力相当的情况下,不损失电路性能且硬件成本小,适用于高速或资源受限的ECC电路.     

GF(2m)椭圆曲线密码体制在智能卡中的应用

介绍了特征2域上的椭圆曲线密码体制（ECC）的理论基础。分析了智能卡的安全机制，将椭圆曲线密码体制应用到智能卡中，给出了椭圆曲线密码算法在智能卡数据加密中的实现，并给出了在智能卡pin验证中的应用流程。最后，对ECC智能卡的性能进行了分析。     

AES硬件实现的能量分析攻击仿真

首先针对高级加密标准（AES）算法的硬件实现，给出了攻击时刻的汉明能耗模型；然后在行为级进行了基于寄存器数据变化的PA攻击；进一步通过对门级电路的功耗仿真，实现了能耗曲线数据的PA攻击。     

一种针对特征2域椭圆曲线密码芯片的差分功耗分析

文章对一款基于特征2域实现的椭圆曲线密码ASIC芯片进行了差分功耗分析。其中分析的目标为实现椭圆曲线层多倍点运算的Montgomery Ladder算法。通过详细的差分功耗分析发现，Montgomery Ladder算法并不能抗MESD差分功耗分析，从而从实践的角度证明Montgomery Ladder算法并不安全，椭圆曲线密码芯片的实际应用还需要其它抗功耗分析手段来保证其安全。     

椭圆曲线密码体制的研究

椭圆曲线密码体制（ECC）是利用椭圆曲线点群上的离散对数问题的难解性而提出的一种公开密钥算法,文章以ECC为研究对象,从数据加密角度研究了椭圆曲线密码体制,对椭圆曲线密码体制进行了详细的讨论,并总结了椭圆曲线体制在几个方向的应用。     

功耗分析攻击中的功耗与数据相关性模型

在对密码设备进行功耗分析攻击时,攻击者需要建立密钥或者与密钥关联的数据值与被攻击设备的功耗相关性模型,藉此通过对功耗的分析破解出敏感信息。从攻击者的角度对器件功耗物理特性分析的基础上,重构了汉明距离模型和汉明重量模型,并从理论上证明了汉明重量模型的正确性,并建立起MCU功耗采集平台,验证了汉明重量模型的有效性和实用性。     

基于ECC芯片的数字签名系统设计

本文完成一种基于椭圆曲线密码ECC(Elliptic Curve Cryptosystems)芯片的数字签名系统的设计,完全采用硬件电路实现电子签章的逻辑控制运算、数据传输和控制,实现了签名产生、签名验证、密钥产生和密钥交换四项功能,签名速度可达每秒2000次以上.     

基于汉明重的LED代数旁路攻击研究

对CHES 2011会议提出的LED轻型分组密码抗代数旁路攻击能力进行了评估。给出了密码算法代数旁路攻击模型及LED密码代数方程表示方法;利用示波器采集微控制器ATMEGA324P上的LED实现功耗泄露,选取功耗特征较为明显的部分泄露点,基于 Pearson 相关系数方法推断加密中间状态汉明重;分别基于可满足性问题、伪布尔优化问题、线性编程问题给出了LED密码和汉明重泄露的3种代数方程表示方法;使用CryptoMinisat和SCIP 2种解析器对建立的代数方程求解恢复密钥,在已知明文、未知明密文、容错等场景下进行了大量的攻击实验。结果表明,LED易遭受代数旁路攻击,一条功耗曲线的1轮汉明重泄露分析即可恢复64 bit完整密钥。     

素数域参数可选高速椭圆曲线密码芯片ASIC实现

设计了一款素数域高速椭圆曲线密码芯片,电路采用ASIC实现,支持六种椭圆曲线密码协议:密钥产生,密钥协商,数字签名,数字认证,加密及解密,并且支持椭圆曲线参数的用户配置.在典型情况下,芯片每秒可实现10 526次点乘运算,8 333次数字签名以及4 761次认证,性能优于素数域其他ECC设计.     

一种基于椭圆曲线的流水线实现方法

提出了一种基于椭圆曲线的流水线实现方法,来解决串行计算的效率低下问题.通过分析椭圆曲线密码运算的数据相关性,在不增加模乘器面积的前提下,采用三级流水线,提高了椭圆曲线密码的运算速度,并给出适用于椭圆曲线密码VLSI设计的流水线的实现流程.     

Efficient error detection in Double Error Correction BCH codes for memory applications

To prevent soft errors from causing data corruption, memories are commonly protected with Error Correction Codes (ECCs). To minimize the impact of the ECC on memory complexity simple codes are commonly used. For example, Single Error Correction (SEC) codes, like Hamming codes are widely used. Power consumption can be reduced by first checking if the word has errors and then perform the rest of the decoding only when there are errors. This greatly reduces the average power consumption as most words will have no errors. In this paper an efficient error detection scheme for Double Error Correction (DEC) Bose–Chaudhuri–Hocquenghem (BCH) codes is presented. The scheme reduces the dynamic power consumption so that it is the same that for error detection in a SEC Hamming code.     

Power analysis attack resilient block cipher implementation based on 1-of-4 data encoding

Side-channel attacks pose an inevitable challenge to the implementation of cryptographic algorithms, and it is important to mitigate them. This work identifies a novel data encoding technique based on 1-of-4 codes to resist differential power analysis attacks, which is the most investigated category of side-channel attacks. The four code words of the 1-of-4 codes, namely (0001, 0010, 1000, and 0100), are split into two sets: set-0 and set-1. Using a select signal, the data processed in hardware is switched between the two encoding sets alternately such that the Hamming weight and Hamming distance are equalized. As a case study, the proposed technique is validated for the NIST standard AES-128 cipher. The proposed technique resists differential power analysis performed using statistical methods, namely correlation, mutual information, difference of means, and Welch's t-test based on the Hamming weight and distance models. The experimental results show that the proposed countermeasure has an area overhead of 2.3× with no performance degradation comparatively.     

Entropic bounds on FSM switching

Several state assignment algorithms have attempted to minimize the average Hamming distance per transition in the hopes of generating low power assignments. There has not been a reasonable theoretical lower bound on the average Hamming distance per transition that is applicable to every state assignment for a given finite state machine (FSM). Such a lower bound serves many roles-a target for algorithm designers, provides clues about what types of FSM structures are likely to have low average switching per transition, could be incorporated into a high-level power model. We provide two such lower bounds which were also found to be achievable empirically within 17% for MCNC benchmarks. An interesting byproduct of one of these 'theoretical' lower bounds was a greedy state assignment algorithm which is amenable to a very distributed (parallel) implementation. This algorithm also outperforms JEDI by 2.5% for area and by 21% for power over MCNC benchmarks     

An Extensible Code for Correcting Multiple Cell Upset in Memory Arrays

As the microelectronics technology continuously advances to deep submicron scales, the occurrence of Multiple Cell Upset (MCU) induced by radiation in memory devices becomes more likely to happen. The implementation of a robust Error Correction Code (ECC) is a suitable solution. However, the more complex an ECC, the more delay, area usage and energy consumption. An ECC with an appropriate balance between error coverage and computational cost is essential for applications where fault tolerance is heavily needed, and the energy resources are scarce. This paper describes the conception, implementation, and evaluation of Column-Line-Code (CLC), a novel algorithm for the detection and correction of MCU in memory devices, which combines extended Hamming code and parity bits. Besides, this paper evaluates the variation of the 2D CLC schemes and proposes an additional operation to correct more MCU patterns called extended mode. We compared the implementation cost, reliability level, detection/correction rate and the mean time to failure among the CLC versions and other correction codes, proving the CLCs have high MCU correction efficacy with reduced area, power and delay costs.     

基于Anti-Gray映射的4D-QPSK星座设计

多维映射通过增加星座的维度数而使得符号间的平均欧式距离大大增加,这可以大程度地提高数字通信系统的可靠性。然而已有的基于Gray映射的4D-QPSK星座在设计上,并没有充分利用四维星座的空间优势,对于相邻星座点的汉明距离并未达到最大。提出一种基于Anti-Gray映射的4D-QPSK星座设计方案,该方案中的比特映射方式按照相邻星座点汉明距离最大,汉明距离为1的星座点欧式距离最大的设计原则,使星座点间具有最大的分集度。仿真结果表明,该方案可以提高抵抗衰落信道的能力。     

A Novel and Efficient Mapping of 32-QAM Constellation for BICM-ID Systems

Bit-interleaved coded modulation with iterative decoding (BICM-ID) is a bandwidth-efficient technique for both additive white Gaussian noise and fading channels. The asymptotic performance of BICM-ID is strongly determined by how the coded bits are mapped to the symbols of the signal constellation. In this paper an explicit mapping method is presented for 32-QAM using two criteria: (i) maximization of the minimum Euclidean distance between the symbols with Hamming distance one, and (ii) minimizing the number of symbols which have jointly the minimum Hamming distance and the minimum Euclidean distance from each other. Our method is much simpler than the previously-known methods. Compared to previously-known best mapping, the mapping obtained by our method performs significantly better in a BICM-ID system implemented with hard-decision feedback, while its asymptotic performance is almost the same in a BICM-ID system using soft-decision feedback.     

PCoSA: A product error correction code for use in memory devices targeting space applications

The radiation sensitivity of integrated memory cells increases dramatically as the supply voltage decreases. Although there are some Error Correcting Code (ECC) studies to prevent faults on memories used in space applications, there is no consensus on choosing the best ECC product-type with two-dimensional Hamming to mitigate data faults in memory. This work introduces the Product Code for Space Applications (PCoSA), an ECC product based on Hamming and parity in both rows and columns for use in memory with space-application reliability requirements. The potentialities of PCoSA were evaluated by injecting (i) thirty-six error patterns already available in the literature and (ii) all possible combinations of up to seven bitflips. PCoSA has corrected all cases of the thirty-six error patterns, and it has a correction rate of 100% for any three bitflips, 82.67% for four bitflips, and 69.7% for five bitflips.     

一种适合于衰落信道的BCM码的集分割映射方法

在瑞利衰落信道中,对于一个分组调制(Block Coded Modulation)码的构造通常是通过将具有尽可能大最小乘积距离和汉明距离的成分码与Ungerboeck的集分割映射相结合来实现的,但这种集分割映射方法使得构造的BCM码的路径复杂度大大增加,造成了系统性能的下降。文章给出了一种新的集分割映射方法。仿真结果表明,采用这种方法构造出的BCM码在瑞利衰落信道中的性能较前者有很大的改善。     

一种ECC校验算法的设计与实现

电可擦除可编程存储器(EEPROM)由于工艺结构的局限性而导致数据在存储过程中存在小概率的位反转问题。为解决该现象,设计了基于汉明码的纠错码(ECC)校验系统。结合EEPROM的结构特点和数据存储模式,该系统包含ECC校验码计算模块和数据检错纠错模块,每32 bit数据生成6 bit ECC校验码,具有1 bit/32 bit的纠错力。采用硬件描述语言Verilog HDL设计并实现了该ECC验证系统,并将其应用于基于串行外设接口(SPI)的EEPROM。仿真结果表明ECC验证系统可以保证数据的正确率,提高存储系统的可靠性。