DPA Resistant Hardware Implementation Of AES Based On Random Masking

As replacing DES and becoming the new data encryption standard, AES plays an important role in many applications. Various attacking against AES becomes more serious. A kind of side channel attack called Power Analysis Attack has threatened the security of AES seriously. Therefore, develop AES countermeasures against Power Analysis Attack becomes practical and valuable.Base on the study of current achievements in Power Analysis Attack and countermeasures about AES, this thesis proposes a new countermeasure resistant again Power Analysis Attack. The primary works of this thesis can be summarized as follows.(1) Principle of Power Analysis Attack and countermeasures against Power Analysis Attack have been studied. By studying the principle of Power Analysis Attack, we can find out the AES's security weakness against Power Analysis Attack. Also it is the base of develop countermeasures resistant against Power Analysis Attack.(2) An efficient implementation of AES is presented. In the proposed approach, the inversion over finite field GF(2~8), which is the key implementation step of AES, is transformed to the computations over GF(2~4) and GF(2~2). Therefore, the hardware requirement of implementing the AES is reduced greatly. The efficient implementation of AES is the base of develop AES countermeasures against Power Analysis Attack.(3) The technique of AES resistant against DPA attack based on random masking is presented. The key of masked implementation of AES is masking the only non-linear transformation, SubBytes. The inversion over GF(2~8) is transformed to the computations over GF(2~4) and GF(2~2). So, all the transformations in AES are masked efficiently. In the proposed approach, all the intermediate results were masked by random values. Theoretic analysis showed that this approach was secure against DPA attack.(4) DPA resistant hardware implementation of AES based on random masking is presented. AES coprocessor based on the proposed masking scheme-Masked AES was implemented. Compared with the non-masked version of AES coprocessor-Unmasked AES , Masked AES has lower performance, extra area cost and reduced throught, but more secure.