一种新的抵抗差分错误分析的S盒实现

A New Implementation Method of S-box for Against DFA

差分错误分析(differential fault analysis,DFA)作为一种主动性的物理攻击,对密码产品的安全性造成了一定的威胁.为了有效地抵抗DFA攻击,Aghaie等人提出了一种错误检测电路.在密码算法的硬件实现中,该检测电路要求S盒的电路满足独立性以避免错误扩散.Aghaie等人利用查表(lookup table,LUT)的方式实现了S盒电路的独立性.我们提出一种搜索已知S盒独立特性的布尔函数实现的算法,使S盒在硬件综合之前就以没有共用门电路的形式满足独立性.传统的LUT方式由综合器采用内置优化算法得到S盒的门电路实现,但对于实现复杂的S盒,这种通用性的优化算法往往效率不高.我们将搜索给定S盒的独立性实现的算法应用一些具体S盒如GIFT、Khazad、LBlock等中.实验结果显示,对于不同的S盒,实现效率均有不同程度的提升.

As an active physical attack,differential fault analysis(DFA)poses a certain threat to the security of cryptographic products.In order to effectively resist DFA attack,Aghaie et al.proposed an error detection circuit.In the hardware implementation of cryptographic algorithm,the detection circuit requires the circuit of S-box to meet the independence property to avoid error diffusion.Aghaie et al.realized the independence property of an S-box by a lookup table(LUT).This paper proposes a new algorithm to search independent Boolean function representation of a known S-box.The proposed algorithm makes the hardware implementation of an S-box satisfy the independence property without a shared gate before the hardware synthesis.In the traditional LUT method,the synthesizer uses the internal optimization algorithm to obtain the independent circuit implementation of S-boxes.However,for S-boxes that require independent implementation,this general optimization algorithm of the synthesizer is often inefficient.This paper applies the algorithm of searching the independence of a given S-box to some specific S-boxes,such as those in GIFT,Khazad,LBlock,etc.The experimental results show that for different S-boxes,the implementation efficiency is improved.