The Optimization And Research For AES Cipher Chips With Power Attack Resistance

With the rapid development of computer network technology, the security problem of information technology has attracted more and more attention, especially the study of attack methods and resistance countermeasures on cipher chips. In all attack methods, power attack(PA), one of the main means of side channel attack, has threaten seriously to cipher chips. As AES algorithm is the first choice of encryption standard, in order to suitable for resource-constrained applications, the design of a low cost and PA-resistance AES circuit for cipher chips has great significance.According to the principle of AES algorithm, this paper focuses on the optimization study of whole masked AES(WM-AES) encryption and decryption circuits. Based on random masking method, PA-resistance S-box, round transformation and encryption and decryption circuit are studied to achieve small area optimization. Firstly, a differential power attack(DPA) platform is designed and successfully carries the correct key of AES encryption circuit, which provides verify foundation for WM-AES circuits. Secondly, in view of composite field masked S-box, the influences of basis,coefficients and roots are studied under a novel irreducible polynomial of GF(24). Besides, an optimization method for masked S-box is presented, considering both area and delay during optimization. Thirdly, aiming at WM-round transformation circuit, a reused structure is proposed,consisting of the reusing of masked subbytes and masked mixcolumns with each inversion. Finally,based on the reused structures of both WM-round transformation and masked key expansion circuits,a compact WM-AES encryption and decryption circuit is implemented, suitable for resource constrained applications.Based on Synopsys DC tool and SMIC 0.18?m library, the WM-AES encryption and decryption reused circuit is synthesized. Under the working frequency of 10 MHz, the circuit covers an area of406742.22?m2, saving 27.3% compared to that with no optimization. Based on DPA platform, the output of initial addroundkey operation and that of S-box in first round are selected as attack targets.However, the correct key cannot be carried. Experimental results show that, keeping DPA resistance performance, the WM-AES encryption and decryption reused structure reduces the cost of resources,which has great significance for solving the resource constraint problem of security cipher chips.