A kind of AES mask encryption methods of antihighorder power consumption analysis
A kind of AES mask encryption methods of antihighorder power consumption analysis
 CN 107,070,633 A
 Filed: 03/20/2017
 Published: 08/18/2017
 Est. Priority Date: 03/20/2017
 Status: Active Grant
First Claim
1. a kind of AES mask encryption methods of antihighorder power consumption analysis, it is characterised in that the antihighorder differential power analysis of designMask protectiving scheme, mainly comprises the following steps：
 Step 1, S boxes invert nonlinear operation highorder mask scheme initialization：
(1) it is the sensitive data for needing to carry out inversion operation to assume a, and it is domain F to make a=g (k), b=h (k), g (*) and h (*)_{2}'"'"'sLinear relationship, b and k are domainRandom number；
(2) it is random to splitWithi∈
[0;
D], meetWitha_{i}It is a d+1 share, and each share is not equal to 0；
Wherein, for a be 0 when, S boxes are askedThe problem of inverse nonlinear operation can not resist zerovalue attack, then carry out taking precautions against the processing of zerovalue attack；
Step 2, according to defining 1, random number variatevalue k is introduced, formula is derived：
Chinese PRB Reexamination
Abstract
The invention discloses a kind of AES mask encryption methods of antihighorder power consumption analysis, belong to field of information security technology, i.e., the design of the mask protectiving scheme of antihighorder differential power analysis.The present invention designs protectiving scheme using mask technology, aes algorithm is resisted highorder differential power analysis, mainly includes the following steps that：Step one, random number expression formula is generated based on Ishai Sahai Wagner provable securities Frame Design；Step 2; improve Akkar and propose that the single order multiplicative masking scheme of protection AES cryptographic algorithms has the safety problem of zerovalue attack; the highorder mask protectiving scheme of design protection aes algorithm, the random number generated using step one, protection AES cryptographic algorithms energy expenditure is than larger S box nonlinear operations.What the present invention was designed there is high security and the AES cryptographic algorithms of high efficiency to be more applicable for the embedded environment of resourceconstrained.

3 Citations
A kind of AES hardware implementation methods of antihigher difference power consumption attack  
Patent #
CN 108,173,642 A
Filed 03/21/2018

Current Assignee

The public key means of defence and public key guard system of safety chip  
Patent #
CN 108,959,980 A
Filed 07/25/2018

Current Assignee

A kind of McEliece public key mask encryption methods of secure lightweight  
Patent #
CN 106,911,461 A
Filed 01/13/2017

Current Assignee

4 Claims

1. a kind of AES mask encryption methods of antihighorder power consumption analysis, it is characterised in that the antihighorder differential power analysis of designMask protectiving scheme, mainly comprises the following steps：

Step 1, S boxes invert nonlinear operation highorder mask scheme initialization： (1) it is the sensitive data for needing to carry out inversion operation to assume a, and it is domain F to make a=g (k), b=h (k), g (*) and h (*)_{2}'"'"'sLinear relationship, b and k are domainRandom number； (2) it is random to splitWithi∈
[0;
D], meetWitha_{i}It is a d+1 share, and each share is not equal to 0；
Wherein, for a be 0 when, S boxes are askedThe problem of inverse nonlinear operation can not resist zerovalue attack, then carry out taking precautions against the processing of zerovalue attack；Step 2, according to defining 1, random number variatevalue k is introduced, formula is derived：


2. the AES mask encryption methods of a kind of antihighorder power consumption analysis according to claim 1, it is characterised in that describedStep 1 take precautions against zerovalue attack handling principle be specially：
 It is vacation when a is 0；
A is split at random first two it is equalShare c_{1}And c_{2}, then by c_{1}(d/2)+1 share is split at random, finally again by c_{2}Split into d/2 share at random.
 It is vacation when a is 0；

3. the AES mask encryption methods of a kind of antihighorder power consumption analysis according to claim 1, it is characterised in that describedThe highorder mask solution principle of step 5 is specially：
 If being designated as i and j, v under random array v_{i,j}(i<
J) it is by generating random numberDevice is produced, v_{i,j}(i>
J) it is to be produced as the generation random number formula designed by step 4；
Utilize (d+1)^{2} d1 random number v_{i,j},Sensitive data a d+1 share is protected to carry out the result of S box inversion operations.
 If being designated as i and j, v under random array v_{i,j}(i<

4. the AES mask encryption methods of a kind of antihighorder power consumption analysis according to claim 3, it is characterised in that describedRandom number is all separate in the highorder mask scheme of step 5.
Specification(s)