Research On Look-up Table Based Higher-order Masking Scheme And VLSI Hardware Implementation

The Advanced Encryption Standard(AES)is widely used in the field of information security because of its good security,efficiency and flexibility.The Side-Channel Attacks(SCA)technology poses a great threat to its hardware security,especially high-order differential power attack,which poses the greatest threat to the security of encryption chip.In order to resist SCA technology,the masking(first-order and high-order masking)is a general and effective method.However,the existing methods of resist power attack are at the cost of sacrificing the performance and area of the chip,In existing schemes based on look-up masking,Rotating S-Box Masking(RSM)scheme has better security and performance compared with other schemes,and it is a compromise between security and performance.But for some devices with limited area or high security requirements,the RSM scheme is difficult to apply to practice.Therefore,how to improve the security and reduce the cost of performance and area has become a problem to be solved in the field of side channel attack.In this paper,we take the mask scheme based on look-up table as the research object,and further analyze the characteristics of the block cipher S box.In order to effectively reduce the complexity of the mask,we study the low-entropy higher-order mask scheme based on look-up table.The specific work is as follows:(1)In this paper,a general low-entropy mask scheme with low area complexity is proposed by analyzing the masking principle and limitations of RSM proposed by Nassar,et al.The main idea is reducing the area complexity of the RSM by reusing the S-boxes.(2)The proposed S-box reusing masking scheme is applied to the AES(Advanced Encryption Standard)algorithm,and the number of S-boxes can be reduced from 16 to 4(without considering the key expansion operation).In order to improve the throughput of the proposed scheme,the overall architecture ispipelining developed,improve the execution efficiency of the algorithm.For 128 bits encrypted data,the design needs 91 clock cycles to achieve 4×128 bits data encryption process,compared with non-pipelined implementation,the speedup is3.47.(3)In order to improve the security of the system,we use the shuffle technology to solve the problem that the RSM scheme can not resist the offset CPA attack effectively.This paper improving the hardware security by shuffling operation.The AES with the proposed masking scheme is modeled by the Verilog HDL and synthesized by the Intel Altera integrated tools.The results show that the combinational logic used by the S-box reusing scheme is 31% of the RSM,the dedicated logic is 40% of the RSM,and the memory bit is 20% of the RSM.(4)In order to evaluate the hardware complexity of the design,we use the SMIC 180 nm standard process library to integrate Synopsys DC synthesis tool,and use the backend tool SOC_encounter to arrange and arrange the wiring.The area of non-pipelining is 8.29mm~2,and the area of pipelining is 12.64mm~2.