Research On Addition Chain Based Higher-order Masking Scheme And Its VLSI Hardware Implementation

Advanced Encryption Standard(AES)has the advantages of higher security and flexibility than other crypto algorithms,thus it is widely used in encryption devices.The appearance of side channel attacks(SCAs)makes the hardware security of the cipher chip facing a great threat.It has been become an urgent problem in the field of information security to resist SCAs effectively.Masking is the most effective method to resist SCAs,thus it is concerned by more and more researchers.Compared with other masking schemes,the addition-chain based masking scheme is provable security and easy to expand to the higher-order masking scheme,it has gradually become the hot spot of current research.In this paper,an addition-chain based higher-order masking scheme is developed by using multiple optimal addition chains to implement the AES algorithm.Compared to a fixed addition chain,this scheme increases the randomness of the operation of the cryptographic algorithm to improve the security.The main work of this paper list as follow: Firstly,the shortcomings of existing addition-chain based masking schemes are analyzed.According to the principle of the shortest addition-chain and the depth first traversal of the graph,we design a scheme to find the optimal addition-chain,and use this scheme to design the optimal addition chain set of AES.1191 optimal addition chains are found through the traversal algorithm,according to the different power characteristics,these addition chains are divided into 117 groups(The power consumption characteristics of each addition chain are similar).In order to improve the ability of the encryption device to resist the power attack,chips can randomly select addition chains from different groups when working(that is,select the addition chain with different power characteristics);On this basis,two different schemess are designed: generating a random number throughrandom number generator before starting each round,16 plaintext bytes cyclically calling 16 addition chains according to the random number;The random order Technology(shuffle)is applied to the proposed masking scheme,Random number generators are used to generate 16 different 1-16 numbers randomly,and the corresponding addition chains are called according to these 16 numbers.Finally,the proposed scheme is applied to AES algorithm,it is proved that the security of the two schemes,through the functional simulation to verify the correctness of the design,the SMIC 45 nm technology,using DC(Design Compiler)for logic synthesis,using SOC encounter layout,the layout area is 5542 KGE.The proposed masking scheme,at the expense of a small amount of area,effectively improves the hardware security of the cryptographic chip,and has an important practical application value.In addition,this scheme provides a new idea for the hardware security design of AES algorithm,and also has important guiding significance for improving the ability of other block ciphers to resist power attacks.