Research Of SCA And Defense Method Based On AES-GCM Circuit

With the rapid development of network access technology,information security in high-speed access networks has become a hot issue.AES-GCM algorithm can solve potential eavesdropping and counterfeiting threats in high-speed access networks and has been widely used in the current high-speed access network to protect private data.Side channel attack is a new type of cryptanalysis technique that resolves keys by analyzing the leaked side channel information.As a representative of side channel attack,power attack has posed a huge threat to cryptography circuits.There are vulnerabilities that can be attacked by power attacks in the encryption part of AES-GCM.To improve the security of AES-GCM,it is necessary to study the power attack and its defense.The main work of this paper is to study the High-Order Differential Power Attack HO-DPA and Collision Attack CA and their defense of AES-GCM cryptography.According to the feature of AES-GCM algorithm,this paper designs a high-speed AES-GCM circuit,proposes an AES pipeline division method based on delay analysis,designs a bit parallel multiplication based on the combination of Karatsuba algorithm and fast redundancy algorithm.In order to simplify the HO-DPA attack process,this paper designs a HO-DPA emulation platform based on HO-DPA principle,Synopsys IC design tool and SIMC 0.18μm library,and successfully attacks the first-order masked AES circuit.The platform is the basis for validating the defense strategy.To resist HO-DPA,a second-order mask strategy is applied.In order to broaden the application range of CA,this paper studies the CA of mask-reusing AES,constructs a collision detector based on distance detection,gives the setting method of collision threshold,and renovates the traditional collision chain to make it have a certain degree of fault tolerance.In order to defend CA,a parallel S-box based on random delay is proposed which reduces the success rate of CA by breaking the consistency of power curve.The high-speed AES-GCM encryption circuit is synthesized by ISE14.4.The maximum throughput of the circuit is 42.4Gbps,the resource overhead is 6482 Slices and the efficiency is 6.55Mbps/slice.Compared with the serial circuit,the throughput is improved by 105.8%,compared with the parallel circuit the efficiency is increased by 148.1%.The second-order mask AES of the AES-GCM is attacked based on the HO-DPA platform.Experiment results show that the designed second-order mask AES circuit has the capability of resisting HO-DPA.Then the AES containing S-box based on random delay is attacked by CA,and the collision can not be detected correctly,which shows that the S-box based on random delay can prevent the collision attack.