李伟^1,,,
曾涵¹,
陈韬¹,
南龙梅²
1.解放军信息工程大学 郑州 450000
2.复旦大学专用集成电路与系统国家重点实验室 上海 200433
基金项目:国家科技重大专项(2018ZX01027101-004)，基础加强计划基金(2019-JCJQ-JJ-123)

详细信息

作者简介:李伟：男，1983年生，副教授，博士生导师，研究方向为密码处理器设计，ASIC专用芯片设计
曾涵：女，1998年生，硕士生，研究方向为安全SoC与专用指令处理器设计
陈韬：男，1979年生，副教授，硕士生导师，研究方向为安全专用芯片设计
南龙梅：女，1981年生，博士生，研究方向为大规模集成电路设计、专用集成电路设计

通讯作者:李伟　liwei12@fudan.edu.cn

中图分类号:TN918.2; TP316.4

计量

文章访问数:233
HTML全文浏览量:129
PDF下载量:37
被引次数:0

出版历程

收稿日期:2021-06-16
修回日期:2021-08-16
网络出版日期:2021-08-27
刊出日期:2021-09-16

Dynamic Compensation Based Low-cost Power-analysis Countermeasure for Elliptic Curve Cryptography and Its Hardware Structure

Wei LI^1,,,
Han ZENG¹,
Tao CHEN¹,
Longmei NAN²
1. PLA Information Engineering University, Zhengzhou 450000, China
2. State Key Laboratory of ASIC and System, Fudan University, Shanghai 200433, China
Funds:The National Science and Technology Major Project (2018ZX01027101-004), The Foundation Strengthening Program (2019-JCJQ-JJ-123)


摘要
摘要:椭圆曲线密码(ECC)芯片的抗功耗攻击能力往往以电路性能、面积或功耗为代价。该文分析了在椭圆曲线密码 点乘运算中密钥猜测正确与错误时的中间数据汉明距离概率分布差异性，提出一种基于动态汉明距离调控的功耗补偿方法，利用模拟退火算法离线寻找最优的映射矩阵，最终形成椭圆曲线密码硬件电路的等概率映射补偿模型，大大降低了中间数据与功耗的相关性。同时，以该模型为指导设计了低成本的同步功耗补偿电路，在CMOS 40 nm工艺下，防护后的ECC128电路面积增加22.8%。基于Sakura-G开发板开展了测试验证，防护电路的功耗仅增加18.8%，最小泄露轨迹数大于10⁴，抗相关功耗分析能力提升了312倍。该策略在与随机化方法防护能力相当的情况下，不损失电路性能且硬件成本小，适用于高速或资源受限的ECC电路。
关键词:椭圆曲线密码/
相关功耗分析/
低成本/
模拟退火算法
Abstract:The power-analysis countermeasure for Elliptic Curve Cryptographic (ECC) chips endures large area, power consumption and performance degradation. In this paper, the difference in the probability distribution of the intermediate data Hamming distance is analyzed when the key guess is correct and incorrect in the point multiplication of ECC. A power compensation method based on dynamic Hamming distance control is proposed, which uses the simulated annealing algorithm offline to find the optimal mapping matrix. Finally, a mapping compensation model of equal probability on the elliptic curve cryptographic hardware is formed, which greatly reduces the correlation between intermediate data and power consumption. At the same time, a low-cost synchronous power compensation circuit is designed in the guidance of this model. Under the CMOS 40 nm process, the area of protected ECC128 is only increased by 22.8%. Experiments and tests are carried out on the Sakura-G board. The power overhead is 18.8%, and the number of minimum leakage traces is greater than 10⁴, which is increased by 312 times. This countermeasure is the same as randomization with low cost and no impact on the throughput rate, which is suitable for high-speed or resource-constrained ECC circuits.
Key words:Elliptic Curve Cryptography (ECC)/
Correlation Power Analysis (CPA)/
Low cost/
Simulated annealing algorithm



PDF全文下载地址:

https://jeit.ac.cn/article/exportPdf?id=84502e08-b6a9-464f-a6d1-def2203c8e90