基于增强型延时感知CSE算法的AES S盒电路优化设计

针对高级加密标准（AES）S-盒优化,提出了一种增强型延时感知公共项消除（CSE）算法.该算法能够在不同延时约束条件下优化多常数乘法运算电路,并给出从最小延时到最小面积全范围的面积-延时设计折中.采用该算法优化了基于冗余有限域算术的S盒实现电路,确定了延时最优、面积最优的两种S盒构造.实例优化结果表明所提出算法的优化效率高、优化结果整体延时小.所设计的S盒电路基于65nm CMOS工艺库综合,结果表明,对比于已有文献中S盒复合域实现电路,所提出面积最优S盒电路的面积-延时积最小,比目前最小面积与最短延时的S盒组合逻辑分别减少了17.58%和19.74%.     

低功耗AES S盒的ASIC设计与实现

S盒是高级加密标准（AES）硬件实现的关键，消耗了AES电路的大部分功耗。提出了一种基于合成域的异步流水线结构，以降低整个S盒的功耗。在电路实现中，电平敏感锁存器被插入数据通道中，以屏蔽动态竞争的传播。一种新的异步握手单元H-element组成的锁存控制器用来控制锁存器的开启和关闭。该S盒电路是一款采用0．25μm CMOS工艺的ASIC，较之合成域S盒电路，版图仿真结果表明，该电路以适宜的面积代价实现了低功耗。该电路可应用在诸如智能卡、无线传感器网络（WSN）节点芯片的嵌入式AES加密引擎中。     

IEEE802.15.4中AES-CCM协议的扩展指令集实现

该文在高级加密标准(AES)快速算法的基础上,设计了一组基于可配置处理器NiosⅡ上的扩展指令,用于IEEE802.15.4标准媒体访问控制层中基于AES算法的计数器模式和密码分组链接消息验证码(AES-CCM)协议的硬件加速.该文首先推导出快速算法中用于轮变换的查找表与S盒的逻辑关系,然后通过复合域变换方法用硬件电路实现S盒的计算,从而消除了支撑扩展指令集的硬件逻辑对片上存储空间的消耗.同时给出该协议基于查表法的扩展指令集和协处理器的设计方案,并在EP2C35芯片上进行实现和对比.该方案仅消耗223个逻辑单元(LE),吞吐量为668.7 kbps,时钟周期数比软件算法加速174.6倍,芯片面积仅为协处理器方案的9.5％,显著降低了无线传感网节点设备的成本和功耗.     

基于状态映射的AES算法硬件混淆设计

代码混淆利用系统自身逻辑来保护内部重要信息和关键算法,常用于软件代码的安全防护,确保开发者和用户的利益。如何在硬件电路上实现混淆、保护硬件IP核的知识产权,也是亟待解决的问题。该文通过对硬件混淆和AES算法的研究,提出一种基于状态映射的AES算法硬件混淆方案。该方案首先利用冗余和黑洞两种状态相结合的状态映射方式,实现有限状态机的混淆;然后,采用比特翻转的方法,实现组合逻辑电路的混淆;最后,在SMIC 65 nm CMOS工艺下设计基于状态映射的AES算法硬件混淆电路,并采用Toggle、数据相关性和代码覆盖率等评价硬件混淆的效率和有效性。实验结果表明,基于状态映射的AES算法硬件混淆电路面积和功耗分别增加9%和16%,代码覆盖率达到93%以上。     

布尔函数法实现S盒在FPGA中的应用

S盒是一种非线性部件,在密码算法中占有重要的地位.在密码算法的FPGA实现过程中,S盒的实现一定程度上决定了算法的运行性能.传统的方法是利用FPGA内部集成的存储块生成查找表的方式实现.采用布尔函数方法实现S盒目前应用较少,该方法在某些情况下能提高FPGA中算法的运行性能,在实现输入位宽越小的S盒时越具有优势.文中以AES算法的S盒为例,给出了基于布尔函数实现S盒的步骤及仿真结果和电路延时分析.     

一种AES算法中S盒和逆S盒替换的表达式方法

S盒替换与逆S盒替换是AES算法性能的主要瓶颈,它直接影响AES芯片的运算速度.在优化Q-M化简法基础上,提出了一种实现AES算法中S盒替换和逆S盒替换的表达式方法,这种表达式方法相比于普遍使用的查表法,其延时减小了8.5%,面积减小了27.4%,功耗减小了17%.     

一种小面积低功耗串行AES硬件加解密电路

通过分析AES算法的基本原理,对AES算法中的子模块SubBytes和Mixcolumns的硬件电路实现方法进行优化,提出一种新的key硬件电路实现方式,并在key的实现电路中采用低功耗设计.与目前的大多数实现电路相比,该电路可以有效减小芯片面积,降低电路功耗.采用串行AES加密/解密电路结构,经综合仿真后,芯片面积为8 054门,最高工作频率为77.4 MHz,对128位数据加密的速率为225 Mbps,解密速率达到183 Mbps,可满足目前大部分无线传感网络数据交换速率的需求.     

一种低功耗抗差分功耗分析攻击的SM4算法实现

128位的SM4算法是我国公布的第一个商用密码算法,主要应用于无线局域网.为了提高算法的抗差分功耗分析攻击能力,SM4算法采用了加法掩码的方法来抵抗一阶差分功耗分析攻击.通过功耗分析攻击实心眼可以发现,加法掩码后的SM4算法能够有效地抵抗差分功耗分析攻击.为了实现一款面积小、功耗低SM4算法硬件电路,SM4S盒硬件电路采用了PPRM结构.在SMIC 0.18μm的工艺库下功耗仿真值为0.74mW@10MHz,PPRM结构的S盒与复合域方法实现的S盒相比功耗减少了70%.     

10G EPON 中面积优化的 RS（255，223）解码器设计

提出了一种面积优化的RS（reed－solomon）解码器的设计方法。其运用一种改进的ME（Modified Euclide-an）算法求解关键方程模块,其它模块采用迭代结构。该方法减少了解码器中伽罗法域乘法器的使用,缩减了硬件规模。基于TSMC 90nm标准单元库的实现结果显示该文设计的解码器规模约为24000门,与同类设计相比规模最大可缩减36％。     

可兼容AES-128、AES-192、AES-256串行AES加密解密电路设计

通过分析AES算法的基本原理,对算法中的AES-128、AES-192、AES-256三种不同的加密解密模式进行了综合设计,有效地利用了公共模块,与单个分别实施各个加密解密模式相比,大大减少了硬件电路面积.针对目前AES实现方法中的key产生模块进行了理论分析,提出了一种新的实现电路结构.设计出的串行AES硬件加密解密电路经综合后得到的芯片面积为31 286门,最高工作频率为66MHz,可以满足目前的大部分无线传感网络的数据交换速率的需求.     

基于多项式基的Camellia算法S盒硬件优化

该文提出一种基于不可约多项式的Camellia算法S盒的代数表达式，并给出了该表达式8种不同的同构形式。然后，结合Camellia算法S盒的特点，基于理论证明给出一种基于多项式基的S盒优化方案，此方法省去了表达式中的部分线性操作。相对于同一种限定门的方案，在中芯国际(SMIC)130 nm工艺库中，该文方案减少了9.12%的电路面积；在SMIC 65 nm工艺库中，该文方案减少了8.31%的电路面积。最后，根据Camellia算法S盒设计中的计算冗余，给出了2类完全等价的有限域的表述形式，此等价形式将对Camellia算法S盒的优化产生积极影响。     

Low-power clock-less hardware implementation of the rijndael S-box for wireless sensor networks

The recent development of microelectronics techniques and advances in wireless communications have made it feasible to design low-cost, low-power, multifunctional and intelligent sensor nodes for wireless sensor networks (WSN). The design challenges for an efficient WSN mainly lie in two issues power and security. The Rijindael algorithm is a candidate algorithm for encrypting data in WSN. The SubByte (S-box) transformation is the main building block of the Rijindael algorithm. It dominates the hardware complexity and power consumption of the Rijindael cryptographic engine. This article proposes a clock-less hardware implementation of the S-box. In this S-box, 1) The composite field arithmetic in GF((24))2 was used to implement the compact datapath circuit; 2) A high-efficiency latch controller was attained by utilizing the four-phase micropipeline. The presented hardware circuit is an application specific integrated circuit (ASIC) on 0.25 μm complementary mental oxide semiconductor (CMOS) process using three metal layers. The layout simulation results show that the proposed S-box offers low-power consumption and high speed with moderate area penalty. This study also proves that the clock-less design methodology can implement high- performance cryptographic intellectual property (IP) core for the wireless sensor node chips.     

Research on area-efficient low-entropy masking scheme for AES

Based on the rotating S-box masking (RSM) proposed by Nassar et al,a low-entropy masking scheme for the advanced encryption standard (AES) was proposed.Reducing the area complexity by reusing the S-boxes,improving the hardware security by shuffling operation and improving the throughput by pipelining operation were the main idea of the proposed scheme.For the AES,the number of S-boxes could be reduced from 16 to 4 (key expansion module wasn’t included).Compared with the RSM,the combinational logic,the dedicated logic and the memory size are reduced to 69%,60% and 80% respectively.In addition,the theoretical analysis shows that the proposed scheme can resist offset based CPA attack,thus has higher security than the RSM.     

Formal Methods Based Synthesis of Single Event Transient Tolerant Combinational Circuits

Recent radiation ground testing campaigns of digital designs have demonstrated that the probability for Single Event Transient (SET) propagation is increasing in advanced technologies. This paper presents a hierarchical reliability-aware synthesis framework to design combinational circuits at gate level with minimal area overhead. This framework starts by estimating the vulnerability of the circuit to SETs. This is done by modeling the SET propagation as a Satisfiability problem by utilizing Satisfiability Modulo Theories (SMTs). An all-solution SMT solver is adapted to estimate the soft error rate due to SETs. Different strategies to mitigate SETs are integrated in the proposed framework to selectively harden vulnerable nodes in the design. Both logical and temporal masking factors of the target circuit are improved to harden sensitive paths or sub-circuits, whose SET propagation probability is relatively high. This process is repeated until the desired soft error rate is achieved or a given area overhead constraint is met. The proposed framework was implemented on different combinational designs. The reliability of a circuit can be improved by 64% with less than 20% area overhead.     

Logic Minimization Techniques with Applications to Cryptology

A new technique for combinational logic optimization is described. The technique is a two-step process. In the first step, the nonlinearity of a circuit—as measured by the number of nonlinear gates it contains—is reduced. The second step reduces the number of gates in the linear components of the already reduced circuit. The technique can be applied to arbitrary combinational logic problems, and often yields improvements even after optimization by standard methods has been performed. In this paper we show the results of our technique when applied to the S-box of the Advanced Encryption Standard (FIPS in Advanced Encryption Standard (AES), National Institute of Standards and Technology, 2001). We also show that, in the second step, one is faced with an NP-hard problem, the Shortest Linear Program (SLP) problem, which is to minimize the number of linear operations necessary to compute a set of linear forms. In addition to showing that SLP is NP-hard, we show that a special case of the corresponding decision problem is Max SNP-complete, implying limits to its approximability. Previous algorithms for minimizing the number of gates in linear components produced cancellation-free straight-line programs, i.e., programs in which there is no cancellation of variables in GF(2). We show that such algorithms have approximation ratios of at least 3/2 and therefore cannot be expected to yield optimal solutions to nontrivial inputs. The straight-line programs produced by our techniques are not always cancellation-free. We have experimentally verified that, for randomly chosen linear transformations, they are significantly smaller than the circuits produced by previous algorithms.     

基于复合域通用低熵高阶掩码的设计与实现

通过对基于复合域S-box构造算法的深入研究,该文提出一种低面积复杂度的通用低熵高阶掩码算法。在有限域GF(24)上引入低熵掩码思想,并采用部分模块复用设计,有效降低了基于复合域S-box求逆运算的乘法数量。该算法能够适用于由求逆运算构成的任意分组加密算法,进一步将本方案应用于分组加密算法高级加密标准(AES),给出了详细的综合仿真结果并进行了版图面积优化,较传统的掩码方案相比有效减少了逻辑资源的使用,此外,对其安全性进行了理论验证。     

异步电动机旋转磁场显示方法的改进

在“组合开关电路”的基础上,设计了低频低压三相交流电路,该电路由RC振荡电路,移相电路和功率放大电路组成,能产生1Hz到10Hz的三相正弦交流电,它所产生的旋转磁场的转速比用“组合开关电路”产生的更稳定,使用更方便,实验证明具有较高的稳定性和实用性。     

Reliability enhancement of digital combinational circuits based on evolutionary approach

Reliability has become an integral part of the system design process, especially for those systems with life-critical applications such as aircrafts and spacecraft flight control. The recent rapid growth in demand for highly reliable digital circuits has focused attention on tools and techniques we might use to enhance the reliability of the circuit. In this paper, we present an algorithm to improve the reliability of digital combinational circuits based on evolutionary approach. This method generates a global VHDL file for the selected initial set of components based on inserting multiplexers at the gate inputs of the circuit which helps to perform the simulations in only one session. This simulation framework is combined with single-pass reliability analysis approach to implement the evolutionary algorithm. The search space of the genetic algorithm is limited by the idea of slicing the initial set of components and also circuit partitioning could be used to further overcome the scalability limitations. The framework is applied to a subset of combinational benchmark circuits and our experiments demonstrate that higher reliabilities can be achieved while other factors such as power, speed and area overhead will remain admissible.     

A New Design Method for Self-Checking Unidirectional Combinational Circuits

In this paper, a new method for the design of unidirectional combinational circuits is proposed. Carefully selected non-unidirectional gates of the original circuit are duplicated such that every single gate fault can only be propagated to the circuit outputs on paths with either an even or an odd number of inverters. Unlike previous methods, it is not necessary to localize all the inverters of the circuit at the primary inputs. The average area over head for the described method of circuit transformation is 16% of the original circuit, which is less than half of the area overhead of other known methods. The transformed circuits are monitored by Berger codes, or by the least significant two bits of a Berger code. All single stuck-at faults are detected by the method proposed.