| 引用本文: |
-
张倩,周永彬,赵竟霖,邱爽,刘月君,高宜文.基于融合T表的BRAM型安全紧凑AES硬件设计[J].信息安全学报,已采用 [点击复制]
- zhang qian,zhou yong bin,zhao jing lin,qiu shuang,liu yue jun,gao yi wen.A Secure and Compact AES Hardware Design Using BRAMs Based on Merging T-Tables[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 在硬件资源受限型设备上设计同时满足低面积、高吞吐率以及抵抗侧信道攻击的密码硬件单元一直以来都是一项极具挑战性的工作。为此,本文提出了基于融合T表的BRAM型安全紧凑AES硬件设计方法。在安全设计方面,采用基于BRAM内触发器的敏感中间值处理技术并简化BRAM内锁存器输出设计,将密钥猜测空间由2^8增加到2^32,降低了BRAM泄漏与敏感信息之间的依赖性。在紧凑设计方面,采用基于融合T表的共享加解密轮函数和轮密钥生成设计,将BRAM内存储空间利用率由1/9提高到8/9,减少了BRAM数量与解密轮密钥生成周期。本文给出了无需随机数且兼顾安全性与紧凑性参考实现MB-AES,在Spartan3E、Virtex5、Kintex7器件上分别使用了845LUTs+8BRAMs、649LUTs+8BRAMs以及711LUTs+8BRAMs的资源,加密/解密吞吐率达到了1,636Mbps、2,345Mbps以及2,673Mbps。根据标准评估方法,使用100万条能量迹/电磁迹对SAKURA-X开发板上MB-AES实现实施CPA/CEMA攻击,猜测熵分别为100.4与81.6。将BRAM和随机数换算为等价LUT数量,MB-AES在Spartan3E、Virtex5以及Kintex7器件上紧凑性分别为84.86 Kbps/LUT、463.19 Kbps/LUT以及502.54Kbps/LUT,为已知最紧凑AES硬件实现ISWRTF-AES的1.53、2.73以及2.30倍。 |
| 关键词: AES硬件设计 侧信道攻击 紧凑性 BRAM 融合T表 |
| DOI: |
| 投稿时间:2023-07-11修订日期:2023-08-28 |
| 基金项目:国家重点研发计划(No.2022YFB3103800)、国家自然科学基金(No.U1936209、No.62002353、No.62202231、No.62202230、No.62002396)、中国博士后科学基金(No.2021M701726)、江苏省卓越博士后计划(No.2022ZB270)以及云南省重大科技专项计划项目工业高新技术专项(No.202103AA080015) |
|
| A Secure and Compact AES Hardware Design Using BRAMs Based on Merging T-Tables |
|
zhang qian1,2, zhou yong bin3,1,2, zhao jing lin1,2, qiu shuang4, liu yue jun3, gao yi wen3
|
| (1.Institute of Information Engineering, Chinese Academy of Sciences;2.School of Cyberspace Security, University of Chinese Academy of Sciences;3.School of Cyberspace Security, Nanjing University of Technology;4.Guangdong University of Education) |
| Abstract: |
| Designing hardware ciphers that simultaneously satisfy with small area, high throughput and resistance to side channel attacks on resource-constrained devices has always been a highly challenging task. To address this challenge, we propose a secure and compact AES hardware design method using BRAMs based on Merging T-Tables. In term of security, we employ sensitive intermediate value manipulating technique based on BRAM internal Flip-Flops and simplify the output design of BRAM internal latches, which increases the key guess space from 2^8 to 2^32, reducing the dependence of BRAM leakage and sensitive information. In term of compactness, we develop a shared round function design and a shared key schedule function design for encryption and decryption based on Merging T-Tables, which increases the BRAM memory utilization rate from 1/9 to 8/9, reducing the number of BRAMs and the number of decryption key schedule cycles. We develop a reference implementation of MB-AES that does not require random numbers. This implementation takes into account both security and compactness. It achieves throughputs of 1,636 Mbps, 2,345 Mbps, 2,673 Mbps respectively with 845 LUTs + 8 BRAMs, 649 LUTs + 8 BRAMs, 711 LUTs + 8 BRAMs resources for encryption and decryption on Spartan3E, Virtex5 and Kintex7 device. To evaluate the security of our MB-AES implementation on SAKURA-X development board, we conduct CPA/CEMA attacks using 1 million power/electromagnetic traces according to the evaluation methods of Standards. The experiment results show that the guess entropy is 100.4 and 81.6 for the MB-AES implementation. Additionally, we convert BRAMs and random numbers into equivalent LUTs numbers to compare the compactness of MB-AES with other AES hardware implementations. The results indicate that the compactness of MB-AES is 84.86 Kbps/LUT, 463.19 Kbps/LUT, and 502.54 Kbps/LUT on Spartan3E, Virtex5 and Kintex7 devices, re-spectively. These values are 1.53, 2.73 and 2.30 times of the known most compact AES hardware implementation ISWRTF-AES. |
| Key words: AES hardware design side channel attacks compactness BRAM Merging T-table |
