Universal masking on logic gate level

A concept of random masking of arbitrary logic circuits on the logic gate level is developed and several techniques are proposed. The results are important for protecting hardware implementations of cryptographic algorithms against side-channel attacks.     

Research on area-efficient low-entropy masking scheme for AES

Based on the rotating S-box masking (RSM) proposed by Nassar et al,a low-entropy masking scheme for the advanced encryption standard (AES) was proposed.Reducing the area complexity by reusing the S-boxes,improving the hardware security by shuffling operation and improving the throughput by pipelining operation were the main idea of the proposed scheme.For the AES,the number of S-boxes could be reduced from 16 to 4 (key expansion module wasn’t included).Compared with the RSM,the combinational logic,the dedicated logic and the memory size are reduced to 69%,60% and 80% respectively.In addition,the theoretical analysis shows that the proposed scheme can resist offset based CPA attack,thus has higher security than the RSM.     

Reconfigurable filter bank structures for low complexity digital channelizer using fractional interpolation and MFIR filters with cosine modulation

A low complexity digital reconfigurable filter bank structure which is suitable for digital channelizers in software defined radio is proposed in this paper. In order to get a sharp transition width with low hardware complexity, multiplicative finite impulse response (MFIR) filter is used as the prototype filter in the proposed structure. A masking stage and a channel generation stage constitute the two stages of the proposed structure. In the masking stage, 5 sub-bands are generated by performing cosine modulation technique on the prototype filter. In the channel generation stage, different channels are generated by doing spectral addition/subtraction operations on the interpolated versions of the MFIR filter. Hence, the basic techniques used in the proposed structure are, cosine modulation and fractional interpolation technique. By adjusting a 3-bit control signal, different regions and channels, generated by the two stages, can be obtained. The proposed structure has a hardware complexity, which is much lesser than that of the state-of-the art techniques used for SDR channelizers. The number of channels generated using the proposed structure is also more. The main advantage of the proposed structure is that the hardware complexity of the proposed structure remains the same even if the number of channels is increased.     

Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches

Hardware implementations of cryptographic algorithms are vulnerable to side-channel attacks. Side-channel attacks that are based on multiple measurements of the same operation can be countered by employing masking techniques. Many protection measures depart from an idealized hardware model that is very expensive to meet with real hardware. In particular, the presence of glitches causes many masking techniques to leak information during the computation of nonlinear functions. We discuss a recently introduced masking method which is based on secret sharing and multi-party computation methods. The approach results in implementations that are provably resistant against a wide range of attacks, while making only minimal assumptions on the hardware. We show how to use this method to derive secure implementations of some nonlinear building blocks for cryptographic algorithms. Finally, we provide a provable secure implementation of the block cipher Noekeon and verify the results by means of low-level simulations.     

Implementation of cascaded and recursive stack filters

Systematic methods are developed for simplified implementations of cascaded stack and WOS filters. For recursive stack and WOS filters, corresponding nonrecursive implementations are given, with linear complexity with respect to the number of iterations. Dynamic domino logic is proposed for VLSI hardware implementation of positive Boolean functions, and a pipelined stack filter architecture is described.     

FPGA密码芯片改进掩码防护方法研究

功耗攻击已对密码芯片物理安全性构成严峻威胁,对其攻击和防御的研究是密码旁路分析的热点问题。文中给出了一种DES伪随机掩码算法的设计和实现方法,分析了算法抗功耗攻击的安全性。结果表明:一般的DES伪随机掩码算法只能抵抗一阶差分功耗攻击,不能有效防御二阶差分功耗攻击。为抵御二阶DPA攻击,采用掩码方法对DES掩码算法结构进行了改进,在理论上具有抗DPA攻击的能力。     

Dynamic inhomogeneous S-Boxes design for efficient AES masking mechanisms

It is an important challenge to implement a lowcost power analysis immune advanced encryption standard （AES） circuit. The previous study proves that substitution boxes （S-Boxes） in AES are prone to being attacked, and hard to mask for its non-linear characteristic. Besides, large amounts of circuit resources in chips and power consumption are spent in protecting S-Boxes against power analysis. Thus, a novel power analysis immune scheme is proposed, which divides the data-path of AES into two parts： inhomogeneous S-Boxes instead of fixed S-Boxes are selected randomly to disturb power and logic delay in the non-linear module; at the same time, the general masking strategy is applied in the linear part of AES. This improved AES circuit was synthesized with united microelectronics corporation （UMC） 0.25 μm 1.8 V complementary metal-oxide-semiconductor （CMOS） standard cell library, and correlation power analysis experiments were executed. The results demonstrate that this secure AES implementation has very low hardware cost and can enhance the AES security effectually against power analysis.     

抗差分功耗分析和差分故障分析的AES算法VLSI设计与实现

提出了一种抗差分功耗分析和差分故障分析的AES算法硬件设计与实现方案,该设计主要采用了数据屏蔽和二维奇偶校验方法相结合的防御措施.在保证硬件安全性的前提下,采用将128bit运算分成4次32bit运算、模块复用、优化运算次序等方法降低了硬件实现成本,同时使用3级流水线结构提高了硬件实现的速度和吞吐率.基于以上技术设计的AES IP核不仅具有抗双重旁道攻击的能力,而且拥有合理的硬件成本和运算性能.     

Novel Reversible Design of Advanced Encryption Standard Cryptographic Algorithm for Wireless Sensor Networks

The quantum of power consumption in wireless sensor nodes plays a vital role in power management since more number of functional elements are integrated in a smaller space and operated at very high frequencies. In addition, the variations in the power consumption pave the way for power analysis attacks in which the attacker gains control of the secret parameters involved in the cryptographic implementation embedded in the wireless sensor nodes. Hence, a strong countermeasure is required to provide adequate security in these systems. Traditional digital logic gates are used to build the circuits in wireless sensor nodes and the primary reason for its power consumption is the absence of reversibility property in those gates. These irreversible logic gates consume power as heat due to the loss of per bit information. In order to minimize the power consumption and in turn to circumvent the issues related to power analysis attacks, reversible logic gates can be used in wireless sensor nodes. This shifts the focus from power-hungry irreversible gates to potentially powerful circuits based on controllable quantum systems. Reversible logic gates theoretically consume zero power and have accurate quantum circuit model for practical realization such as quantum computers and implementations based on quantum dot cellular automata. One of the key components in wireless sensor nodes is the cryptographic algorithm implementation which is used to secure the information collected by the sensor nodes. In this work, a novel reversible gate design of 128-bit Advanced Encryption Standard (AES) cryptographic algorithm is presented. The complete structure of AES algorithm is designed by using combinational logic circuits and further they are mapped to reversible logic circuits. The proposed architectures make use of Toffoli family of reversible gates. The performance metrics such as gate count and quantum cost of the proposed designs are rigorously analyzed with respect to the existing designs and are properly tabulated. Our proposed reversible design of AES algorithm shows considerable improvements in the performance metrics when compared to existing designs.     

FPGA上抗侧信道攻击的密码算法实现

密码算法在运行时可能会受到侧信道攻击,抗侧信道攻击的FPGA密码算法实现是目前研究的一个热点。通过随机数保护关键数据的S盒移位掩码法被认为是一种有效的防御手段。采用该方式实现的密码算法在提高运行安全性的同时,可能会带来硬件资源开销的增加及加解密速度的降低。通过对SM4算法的实现表明,采用合适的实现方式时S盒移位掩码法抗侧信道攻击实现对算法硬件资源开销及加解密速度影响不是太大,具有一定的实用价值。     

Modifications of Patterson-Wiedemann functions for cryptographicapplications

Three basic properties of Boolean functions to be useful for cryptographic purposes are balancedness, high algebraic degree, and high nonlinearity. In addition, strict avalanche criteria and propagation characteristics are required for design of S-boxes. We introduce methods to modify the Patterson-Wiedemann (19983, 1990) and bent functions to achieve the above cryptographic properties. In the process, we are able to answer some open questions about Boolean functions     

New concept for determining the orders of SAC and PC

The autocorrelation of a Boolean function possesses the capability to reflect such characteristics as linear structure, Strict Avalanche Criterion(SAC) and Propagation Criterion(PC) of degree k. But it can do nothing in determining the order of SAC or PC. A calculating table for the autocorrelation is constructed in this paper so as to show what is beyond the autocorrelation and how the three cryptographic characteristics are exhibited. A deeper study on the calculating table in a similar way has helped us to develop a new concept, named as the general autocorrelation, to address efficiently the problem how to determine the orders of SAC and PC. The application on the Advanced Encryption Standard(AES) shows the SAC and PC characteristicsof Boolean functions of AES S-box.     

构造具有良好密码学性质的旋转对称布尔函数

该文提出构造具有良好密码学性质的2m元旋转对称布尔函数的新方法。该类函数是平衡的,具有最大代数免疫度、最优代数次数和高非线性度,是一类能够同时满足多种密码学指标的优良函数。     

Automatic test-generation for predicates [software testing]

The authors propose a new technique for the automatic generation of test cases for predicates. Earlier, they proposed an efficient effective test generation strategy for Boolean expressions. They now extend this strategy to predicates. Their new strategy addresses several issues, including: analysis of dependencies between relational expressions in a predicate 𝒫; generation of test constraints for 𝒫 based on the detection of Boolean and relational operator faults in 𝒫; and generation of actual tests according to the generated test constraints for 𝒫. They propose: the use of constraint logic programming (CLP) to automate test-data generation for a predicate; and an incremental approach to apply CLP techniques to solve a constraint system. Since their technique is specification-based, it can facilitate generation of anticipated outputs for actual tests     

Implementation and characterization of flash-based hardware security primitives for cryptographic key generation

Hardware security primitives, also known as physical unclonable functions (PUFs), perform innovative roles to extract the randomness unique to specific hardware. This paper proposes a novel hardware security primitive using a commercial off-the-shelf flash memory chip that is an intrinsic part of most commercial Internet of Things (IoT) devices. First, we define a hardware security source model to describe a hardware-based fixed random bit generator for use in security applications, such as cryptographic key generation. Then, we propose a hardware security primitive with flash memory by exploiting the variability of tunneling electrons in the floating gate. In accordance with the requirements for robustness against the environment, timing variations, and random errors, we developed an adaptive extraction algorithm for the flash PUF. Experimental results show that the proposed flash PUF successfully generates a fixed random response, where the uniqueness is 49.1%, steadiness is 3.8%, uniformity is 50.2%, and min-entropy per bit is 0.87. Thus, our approach can be applied to security applications with reliability and satisfy high-entropy requirements, such as cryptographic key generation for IoT devices.     

一种可重构的快速有限域乘法结构

在一种改进的串行乘法器的基础上,提出了一种可重构的快速有限域GF (2m )(1＜mM)乘法器结构。利用一组配置信号和逻辑电路来改变有限域的度m,使得乘法器可以重构和编程。同时采用门控时钟减小电路功耗。该乘法器结构具有可重构性、高灵活性和低电路复杂性等特点。与传统的移位乘法器相比,它将乘法器速度提高一倍。这种乘法器适合于变有限域,低硬件复杂度的高性能加密算法的VLSI设计。     

偶数变元代数免疫最优布尔函数的构造方法

提出了构造偶数变元代数免疫最优的布尔函数的方法,这是一个二阶的递归构造方法.分析表明,利用该方法构造而得到的布尔函数具有优良的密码学特性,比如具有较好的平衡性,较高的代数次数和非线性度等.最后,还对该构造方法进行了推广,进一步导出了递归构造偶数变元代数免疫最优布尔函数的一类方法.     

级联函数的密码学性质

 构造具有好的密码学性质的布尔函数一直是布尔函数的研究热点.在构造具有好的密码学性质的布尔函数的方法中,级联构造方法是一种重要的研究方法,利用级联构造方法可以构造密码学性质好的布尔函数.本文利用级联构造了布尔函数f₁‖f₃‖f₃‖f₂,并且在文中详细讨论了这类级联布尔函数的密码学性质:相关免疫性、扩散性、线性结构、代数免疫阶等.通过我们的讨论发现,在布尔函数f₁,f₂,f₃的密码学性质较好的前提下,级联布尔函数f₁‖f₃‖f₃‖f₂的密码学性质也较好.     

布尔函数非线性度的谱分析

任何一个密码系统都可以用一个非线性函数来描述。本文利用频谱技术研究了布尔函数的非线性度,以及布尔函数的某些运算对非线性度的影响,并指出这些结果在密码学中的应用。     

高非线性度布尔函数的构造

布尔函数的非线性度是衡量及其密码学意义的重要标志,而非线性度和其它密码学强度指标,如代数次数,扩散性,相关免疫性等存在着制约关系,本文研究了高非线性度布尔函数的构造,讨论非线性度和其它密码学准则之间的折关系,给出高非线性度,高代数次数,高非线性平衡相关免疫以及具有较好扩散性的高非线性度布尔函数的几种构造方法。