記 錄 編 號 7585 狀 態 NC095FJU00428022 助 教 查 核 索 書 號 學
advertisement
記 錄 編 號 7585 狀 態 NC095FJU00428022 助 教 查 核 索 書 號 學 校 名 稱 輔仁大學 系 所 名 稱 電子工程學系 舊 系 所 名 稱 學 號 494506244 研 究 方善謙 生 (中) 研 究 shan-Chien Fang 生 (英) 論 文 能抵擋電力分析攻擊之密碼硬體合成 名 稱 (中) 論 文 Synthesis of DPA-Resistant Cryptographic Hardware 名 稱 (英) 其 他 題 名 指 導 林寬仁 教 授 (中) 指 導 Kuan-Jen Lin 教 授 (英) 校 內 全 文 開 放 日 期 校 外 全 文 開 放 日 期 全 文 不 開 放 理 由 不公開 不公開 電 子 全 文 同意 送 交 國 圖. 國 圖 全 文 2008.01.01 開 放 日 期. 檔 案 說 明 電子全文 電 子 全 文 01 學 位 類 別 碩士 畢 業 學 年 度 95 出 版 年 語 文 別 英文 關 鍵 字 電力分析攻擊 密碼硬體合成 (中) 關 鍵 DPA-Resistant Synthesis Cryptographic Hardware 字 (英) 對於需密碼功能服務之嵌入式系統如智慧卡等,差異電力分析 (DPA) 攻擊 能藉著側漏的電力資訊快速地破解其密碼。預充電遮蓋 Reed-Muller 邏輯 摘 (Pre-charge Masked Reed-Muller Logic (PMRML))係一種能用來設計具有抵擋 要 DPA 攻擊能力電路之邏輯型式。本論文目的在研討以 PMRML 實現密碼電 (中) 路之自動合成。此合成目的在於減少 secured 2-input AND 閘之使用與降低 所需亂數遮蓋位元數。我們提出了有效的演算法,其能自動產生最佳化之 電路。我們以 C 語言實現此合成系統,並且已獲得可接受之實驗成果。 Cryptographic embedded systems are vulnerable to Differential Power Analysis (DPA) attacks. The Pre-charge Masked Reed-Muller Logic (PMRML) was proposed 摘 to implement DPA-resistant cryptographic hardware. In this thesis, automatic synthesis of DPA-resistant circuits using PMRML is studied. The proposed synthesis 要 attempts to minimize the number of secured 2-input AND gates and the amount of (英) random mask bits. Efficient algorithms were proposed to automatically generate the optimized circuits. The synthesis flow was implemented in C language. Favorable experimental results were obtained. 論 文 目 次 參 考 Abstract (in Chinese) ?????????????????????? i Abstract ???????????????????????????? ii Acknowledgement (in Chinese) ?????????????????? iii Contents ??????????????????????????? iv List of Tables ????????????????????????? v List of Figures ????????????????????????? vi 1 Introduction ???????????????????????? 1 1.1 DPA and Countermeasure ???????????????? 1 1.2 Pre-charge Masked Reed-Muller Logic ??????????? 6 1.3 Purpose of Thesis ???????????????????? 8 1.4 Organization ?????????????????????? 10 2 Reed-Muller Expansion ??????????????????? 11 2.1 Fixed Polarity Reed-Muller Expansion ??????????? 11 2.2 Minimization of FPRM Expansion ????????????? 14 2.3 OFDD-Based FPRM Expansion ?????????????? 17 2.4 Mixed Polarity ReedMuller Expansion ??????????? 20 3 Minimization Algorithm for PMRML Synthesis ????????? 22 3.1 Disjoint Sum-of-Products ???????????????? 22 3.2 Minimization Algorithm ????????????????? 26 4 Mask Assignment for PMRML ???????????????? 34 4.1 Mask assignment Rule ?????????????????? 34 4.2 Procedure of mask assignment ??????????????? 36 5 Experimental Results ??????????????????? 36 5.1 AES SBOX ?????????????????????? 39 5.2 MCNC benchmarks ??????????????????? 41 6 Conclusions ???????????????????????? 43 References ??????????????????????????? 44 Appendix ??????????????????????????? 47 [1] P. Kocher, J. Jaffe and B. Jun, “Introduction to Differential Power Analysis and Related Attacks,” http://www.cryptography.com/dpa/technical, 1998. [2] P. 文 Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Advances in 獻 Cryptology – CRYPTO ’99, LNCS, vol. 1666, pp. 388-397, 1999. [3] K. Schramm, “Advanced Methods in Side Channel Cryptanalysis,” Ph.D Thesis, University of Bochum in Germany, 2006. [4] S. Mangard, E. Oswald and T. Popp, Power Analysis Attacks – Revealing the Secrets of Smart Cards, Springer, 2007. [5] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining Smart-Card Security under the Thread of Power Analysis Attacks,” IEEE TC, vol. 51, no. 5, pp. 541-552, 2002. [6] K. Tiri, D. Hwang, A. Hodjat, B. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, “A Side-Channel Leakage Free Coprocessor IC in 0.18μm CMOS for Embedded AES-based Cryptographic and Biometric Processing,” DAC, June 2005. [7] K. J. Kulikowski, M. Su, A. B. Smirnov, A. Taubin, M. G. Karpovsky and D. MacDonald, “ Delay Insensitive Encoding and Power Analysis: A Balancing Act,” ASYNC 2005, pp. 116-125, 2005. [8] H. Saputra, N. Vijaykrishnan, M. Kandemir, M. J. Irwin, R. Brooks, S. Kim and W. Zhang, “Masking the Energy Behavior of DES Encryption,” DATE, pp. 84-89, 2003. [9] K. Tiri and I. Verbauwhede, “A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation,” DATE, pp. 246-251, 2004. [10] NIST, ”Advanced Encryption Standard (AES),” FIPS PUBS 197, Nov. 2001. [11] J. D. Golic and C. Tymen, “Multiplicative Masking and Power Analysis of AES,” CHES002, LNCS, vol. 2523, pp. 198-212, 2003. [12] E. Trichina, D. D. Seta, and L. Germani, “Simplified Adaptive Multiplicative Masking for AES,” CHES 2002, LNCS, vol. 2523 , pp. 187-197, 2003. [13] J. D. Goli? and R. Menicocci, “Universal Masking on Logic Gate Level,” Electronics Letters, vol. 40, no. 9, pp. 526–527, 2004. [14] T. Popp and S. Mangard, “Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints,” CHES 2005, pp. 172-186, 2005. [15] D. Suzuki, M. Saeki, and T. Ichikawa, “Random Switching Logic: A Countermeasure against DPA based on Transition Probability,” Cryptology ePrint Archive, http://eprint.iacr.org/, 2004. [16] K. J. Lin, S. C. Fang, S. H. Yang and C. C. Lo, “Overcoming Glitches and Dissipation Timing Skews in Design of DPA-Resistant Cryptographic Hardware,” DATE, 2007. [17] D. Suzuki and M. Saeki, “Security Evaluation of DPA Countermeasures Using Dual-Rail Pre-charge Logics,” CHES 2006, LNCS, vol. 4249, pp. 255-269, 2006. [18] Z. Cheng and Y. Zhou,“Dual-Rail Random Switching Logic: A Countermeasure Free of Output Transition Leakage,” CHES 2006, LNCS, vol. 4249, pp. 242-254, 2006. [19] B. Harking, “Efficient Algorithm for Canonical Reed-Muller Expansions of Boolean Functions,” IEE. Proc., Comput. and Digit. Tech., 1990. [20] C. C. Tsai, and M. S. M., “Boolean Function Classifications via Fixed Polarity Reed-Muller Forms,” IEEE Trans. Comput., pp. 173-186, 1982. [21] P. W. Besslich, “Efficient Computer Method for EXOR Logic Design,” IEE. Proc., Comput. and Digit. Tech., pp. 203-206, 1983. [22] J. F. Miller, and P. Thomson, “Highly Efficient Exhaustive Search Algorithm for Optimizing Canonical Reed-Muller Expansions of Boolean Functions,” Int. J. Electron., pp. 37-56, 1994. [23] E.C. Tan, H. Yang, ”Fast Tabular Technique for Fixed-Polarity Reed-Muller Logic with Inherent Parallel Process,” Int. J. Electron., pp. 511-520, 1998. [24] D. H. Green, “Reed-Muller Expansions of Incompletely Specified Functions,” IEE. Proc., Comput. and Digit. Tech., pp. 228-236, 1977. [25] P. K. Lui and J. C. Muzio, “Boolean Matrix Transforms for the Parity Spectrum and Minimisation of Modulo-2 Canonical Expansions”, IEE. Proc., Comput. and Digit. Tech., pp. 411-417, 1991. [26] S. Purwar, “An Efficient Method of Computing Generalized Reed-Muller Expansion Form the Binary Decision Diagram,” IEEE Trans. Comput., pp. 1298-1301, 1991. [27] S. Aborhey, “Reed-Muller Tree-based Minimization of Fixed Polarity Reed-Muller Expansions,” IEE. Proc., Comput. and Digit. Tech., 2001. [28] B. Becker, and R. Dreschler, “OFDD based Minimization of Fixed Polarity Reed-Muller Expressions Using Hybrid Genetic Algorithms,” IEE International Conference on Computer design, pp. 106-110, 1994. [29] R. Drechsler, M. Theobald, and B. Becker, “Fast OFDD-based Minimization of Fixed Polarity Reed-Muller Expansions,” IEEE Trans. Comput., pp. 1294-1299, 1996. [30] L. Wang, A.E.A. Almaini, and A. Bystrov, “Efficient Polarity Conversion for Large Boolean Functions,” IEE. Proc., Comput. and Digit. Tech., pp. 197-204, 1999. [31] L. Wang, A.E.A. Almaini, “Exact minimisation of large multiple output FPRM functions,” IEE. Proc., Comput. and Digit. Tech., pp. 203-212, 2002. [32] R. Drechsler, B. Becker, N. Drechsler, “Genetic Algorithm for Minimisation of Fixed Polarity Reed-Muller Expressions,” IEE. Proc., Comput. and Digit. Tech., pp. 349-353, 2000. [33] L. Parrilla, J. Ortega, A. Lloris, “Nondeterministic AND-EXOR Minimisation by Using Rewrite Rules and Simulated Annealing,” IEE. Proc., Comput. and Digit. Tech., pp. 1-8, 1999. [34] B. J. Falkowski, C. H. Chang, “Generalised K-VariableMixed-Polarity Reed-Muller Expansions for System of Boolean Functions and Their Minimization,” IEE. Proc. Circuits, Devices, and Systems, pp. 201-210, 2000. [35] H. Wu, M. A. Perkowski, X. Zeng, N. Zhuang, “Generalized Partially-MixedPolarity Reed-Muller Expansion and Its Fast Computation,” IEEE Trans. Comput., pp. 1084-1088, 1996. [36] Espresso, http://embedded.eecs.berkeley.edu/pubs/downloads/espresso/index.htm, 2007. [37] S. Mangard, M. Aigner and S. Dominikus, “A Highly Regular and Scalable AES Hardware Architecture,” IEEE Trans. Comput., vol. 52, pp. 483-491, April 2003. [38] S. Morioka and A. Satoh, ”An Optimized S-Box Circuit Architecture for Low Power AES Design,” CHES 2002, LNCS, vol. 2523, pp. 172-186, 2003. [39] A. Rudra, P. K. Dubey, C. S. Jutla, V. Kumar, J. R. Rao, and P. Rohatgi, “Efficient Rijndael Encryption Implementation with Composite Field Arithmetic,” CHES 2001, LNCS, vol. 2162 , pp. 171-184, 2001. [40] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A Compact Rijndael Hardware Architecture with S-Box Optimization,” ASIACRYPT 2001, LNCS, vol. 2248, pp. 239-254, 2001. [41] C. P. Su, T. F. Lin, C. T. Huang and C. W. Wu, “A High-Throughput Low-Cost AES Processor,” IEEE Communications Magazine, vol. 41, Issue 12, pp. 86-91, Dec. 2003. [42] J. Wolkerstorfer, E. Oswald, and M. Lamberger, “An ASIC Implementation of the AES SBoxes,” CT-RSA 2002, LNCS, vol. 2271, pp. 67-78, 2002. 論 56 文 頁 數 附 註 全 文 點 閱 次 數 資 料 建 置 時 間 轉 檔 日 期 全 文 檔 存 取 記 錄 異 動 記 錄 M admin Y2008.M7.D3 23:18 61.59.161.35
