论文部分内容阅读
为提高密码算法芯片抵抗侧信道攻击,尤其是功耗攻击技术的能力,针对一款用于高速网络安全协处理器中的AES(高级加密标准)算法引擎,采用了软件级数据掩模方法进行了抗功耗攻击的电路设计。该设计中的AES算法引擎的原始模块是一种加解密共用S-box的结构,采用2种完全不同的方法实现了抗功耗攻击电路:一种采用SRAM(static random access memory)方式来实现数据掩盖,另一种基于硬件复制方式。通过产生随机功耗或虚假功耗以掩盖实际功耗与加解密数据运算之间的关系。使用功耗仿真软件PrimePower进行仿真的结果表明,未加保护的电路在1 000条功耗曲线内就可以被攻破,采用了本设计的电路可以抵抗10 000条以上的功耗曲线,可见AES算法引擎的安全性有显著的提高。经FPGA(field programmable gate array)验证,证明本文提出的2种设计均是可行的。
In order to improve the ability of the cryptographic algorithm chip to resist side channel attacks, especially power attack techniques, a software-level data masking method is used for an AES (Advanced Encryption Standard) algorithm engine used in a high-speed network security coprocessor. Circuit design of anti-power attack. The original module of the AES algorithm engine in this design is a structure that encrypts and decrypts the common S-box. Two completely different methods are used to implement the anti-power attack circuit. One is the SRAM (static random access memory) Data masking, another based on hardware replication. By generating random power or false power consumption to cover the relationship between the actual power consumption and encryption and decryption data operations. The simulation results using PrimePower software show that the unprotected circuit can be broken within 1000 power curves. The designed circuit can withstand more than 10,000 power curves. The AES algorithm The safety of the engine is significantly improved. Verification by FPGA (field programmable gate array) proves that the two designs proposed in this paper are feasible.