Rapid single flux quantum(RSFQ)circuits are a kind of superconducting digital circuits,having properties of a natural gate-level pipelining synchronous sequential circuit,which demonstrates high energy efficiency and ...Rapid single flux quantum(RSFQ)circuits are a kind of superconducting digital circuits,having properties of a natural gate-level pipelining synchronous sequential circuit,which demonstrates high energy efficiency and high throughput advantage.We find that the high-throughput and high-speed performance of RSFQ circuits can take the advantage of a hardware implementation of the encryption algorithm,whereas these are rarely applied to this field.Among the available encryption algorithms,the advanced encryption standard(AES)algorithm is an advanced encryption standard algorithm.It is currently the most widely used symmetric cryptography algorithm.In this work,we aim to demonstrate the SubByte operation of an AES-128 algorithm using RSFQ circuits based on the SIMIT Nb0_(3) process.We design an AES S-box circuit in the RSFQ logic,and compare its operational frequency,power dissipation,and throughput with those of the CMOS-based circuit post-simulated in the same structure.The complete RSFQ S-box circuit costs a total of 42237 Josephson junctions with nearly 130 Gbps throughput under the maximum simulated frequency of 16.28 GHz.Our analysis shows that the frequency and throughput of the RSFQ-based S-box are about four times higher than those of the CMOS-based S-box.Further,we design and fabricate a few typical modules of the S-box.Subsequent measurements demonstrate the correct functioning of the modules in both low and high frequencies up to 28.8 GHz.展开更多
A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach a...A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.展开更多
The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization...The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization implementation of the S-box is proposed based on the composite field inverse operation in this paper. This proposed S-box implementation is modeled using Verilog language and synthesized using Design Complier software under the premise of ensuring the correctness of the simulation result. The synthesis results show that, compared to several current S-box implementation schemes, the proposed implementation of the S-box significantly reduces the area overhead and critical path delay, then gets higher hardware efficiency. This provides strong support for realizing efficient and compact S-box ASIC designs.展开更多
The growing market of WPAN has led to an increasingdemand of security measures and devices forprotecting the user data transmitted over the openchannels.Advanced Encryption Standards(AES)isthe basic security approach ...The growing market of WPAN has led to an increasingdemand of security measures and devices forprotecting the user data transmitted over the openchannels.Advanced Encryption Standards(AES)isthe basic security approach for WPAN.To meet thelow cost,low power feature and high security demandof WPAN,a low cost,high efficient AES coreis proposed in this paper.To achieve low cost,methods of integration and resource sharing are usedin designing a very low-complexity architecture,especially in(inverse)byte substitution(inv)SubBytes)modules and(inverse)mix column(inv)MixColumn)modules,etc.Further more,AESEncryptor and Decryptor is integrated into a fullfunctional crypto-engine.This very low-cost andhigh efficiency AES core of IEEE 802.15.4-2006 isdesigned and emulated on Xilinx FPGA.Simulationresults show that this kind of design can be used inresource critical applications,such as smart card,PDA and mobile phones.展开更多
It is crucial to design energy-efficient advanced encryption standard (AES) cryptography for low power embedded systems powered by limited battery. Since the S-Boxes consume much of the total AES circuit power, an e...It is crucial to design energy-efficient advanced encryption standard (AES) cryptography for low power embedded systems powered by limited battery. Since the S-Boxes consume much of the total AES circuit power, an efficient approach to reducing the AES power consumption consists in reducing the S-Boxes power consumption. Among various implementations of S-Boxes, the most energy-efficient one is the decoder-switchencoder (DSE) architecture. In this paper, we refine the DSE architecture and propose one faster, more compact S-Boxes architecture of lower power: an improved and full-balanced DSE architecture. This architecture achieves low power consumption of 68 μW at 10 MHz using 0.25 ktm 1.SV UMC CMOS technology. Compared with the original DSE S-Boxes, it further reduces the delay, gate count and power consumption by 8%, 14% and 10% respect/vely. At the sane time, simulation results show that the improved DSE S-Boxes has the best performance among various S-Boxes architectures in terms of power-area product and power-delay product, and it is optimal for implementing low power AES cryptography.展开更多
Despite Kerckhoff’s principle,there are secret ciphers with unknown components for diplomatic or military usages.The side-channel analysis of reverse engineering(SCARE)is developed for analyzing secret ciphers.Consid...Despite Kerckhoff’s principle,there are secret ciphers with unknown components for diplomatic or military usages.The side-channel analysis of reverse engineering(SCARE)is developed for analyzing secret ciphers.Considering the side-channel leakage,SCARE attacks enable the recovery of some secret parts of a cryptosystem,e.g.,the substitution box table.However,based on idealized leakage assumption,most of these attacks have a few limitations on prior knowledge or implementations.In this paper,we focus on AES-like block ciphers with a secret S-box and demonstrate an attack which recovers both the secret key and the secret S-box.On the one hand,the key is recovered under profiled circumstance by leakage analysis and collision attack.On the other hand,the SCARE attack is based on mathematical analysis.It relies on Hamming weight of MixColumns intermediate results in the first round,which can restore the secret S-box.Experiments are performed on real power traces from a software implementation of AES-like block cipher.Moreover,we evaluate the soundness and efficiency of our method by simulations and compare with previous approaches.Our method has more advantages in intermediate results location and the required number of traces.For simulated traces with gaussian noise,our method requires 100000 traces to fully restore the secret S-box,while the previous method requires nearly 300000 traces to restore S-box.展开更多
基金This work was supported by the National Natural Science Foundation of China(Grant No.92164101)the National Natural Science Foundation of China(Grant No.62171437)+2 种基金the Strategic Priority Research Program of the Chinese Academy of Sciences(Grant No.XDA18000000)Shanghai Science and Technology Committee(Grant No.21DZ1101000)the National Key R&D Program of China(Grant No.2021YFB0300400).
文摘Rapid single flux quantum(RSFQ)circuits are a kind of superconducting digital circuits,having properties of a natural gate-level pipelining synchronous sequential circuit,which demonstrates high energy efficiency and high throughput advantage.We find that the high-throughput and high-speed performance of RSFQ circuits can take the advantage of a hardware implementation of the encryption algorithm,whereas these are rarely applied to this field.Among the available encryption algorithms,the advanced encryption standard(AES)algorithm is an advanced encryption standard algorithm.It is currently the most widely used symmetric cryptography algorithm.In this work,we aim to demonstrate the SubByte operation of an AES-128 algorithm using RSFQ circuits based on the SIMIT Nb0_(3) process.We design an AES S-box circuit in the RSFQ logic,and compare its operational frequency,power dissipation,and throughput with those of the CMOS-based circuit post-simulated in the same structure.The complete RSFQ S-box circuit costs a total of 42237 Josephson junctions with nearly 130 Gbps throughput under the maximum simulated frequency of 16.28 GHz.Our analysis shows that the frequency and throughput of the RSFQ-based S-box are about four times higher than those of the CMOS-based S-box.Further,we design and fabricate a few typical modules of the S-box.Subsequent measurements demonstrate the correct functioning of the modules in both low and high frequencies up to 28.8 GHz.
基金This work was supported by the National Science and Technology Major Project of China(2017ZX01030301).
文摘A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.
文摘The SubBytes (S-box) transformation is the most crucial operation in the AES algorithm, significantly impacting the implementation performance of AES chips. To design a high-performance S-box, a segmented optimization implementation of the S-box is proposed based on the composite field inverse operation in this paper. This proposed S-box implementation is modeled using Verilog language and synthesized using Design Complier software under the premise of ensuring the correctness of the simulation result. The synthesis results show that, compared to several current S-box implementation schemes, the proposed implementation of the S-box significantly reduces the area overhead and critical path delay, then gets higher hardware efficiency. This provides strong support for realizing efficient and compact S-box ASIC designs.
文摘The growing market of WPAN has led to an increasingdemand of security measures and devices forprotecting the user data transmitted over the openchannels.Advanced Encryption Standards(AES)isthe basic security approach for WPAN.To meet thelow cost,low power feature and high security demandof WPAN,a low cost,high efficient AES coreis proposed in this paper.To achieve low cost,methods of integration and resource sharing are usedin designing a very low-complexity architecture,especially in(inverse)byte substitution(inv)SubBytes)modules and(inverse)mix column(inv)MixColumn)modules,etc.Further more,AESEncryptor and Decryptor is integrated into a fullfunctional crypto-engine.This very low-cost andhigh efficiency AES core of IEEE 802.15.4-2006 isdesigned and emulated on Xilinx FPGA.Simulationresults show that this kind of design can be used inresource critical applications,such as smart card,PDA and mobile phones.
基金the Hi-Tech Research and Development Program of China(2006AA01Z226); HUST-SRF(2006Z011B); Program for New Century Excellent Talents in University and the Natural Science Foundation of Hubei(2006ABA080).
文摘It is crucial to design energy-efficient advanced encryption standard (AES) cryptography for low power embedded systems powered by limited battery. Since the S-Boxes consume much of the total AES circuit power, an efficient approach to reducing the AES power consumption consists in reducing the S-Boxes power consumption. Among various implementations of S-Boxes, the most energy-efficient one is the decoder-switchencoder (DSE) architecture. In this paper, we refine the DSE architecture and propose one faster, more compact S-Boxes architecture of lower power: an improved and full-balanced DSE architecture. This architecture achieves low power consumption of 68 μW at 10 MHz using 0.25 ktm 1.SV UMC CMOS technology. Compared with the original DSE S-Boxes, it further reduces the delay, gate count and power consumption by 8%, 14% and 10% respect/vely. At the sane time, simulation results show that the improved DSE S-Boxes has the best performance among various S-Boxes architectures in terms of power-area product and power-delay product, and it is optimal for implementing low power AES cryptography.
基金supported by the National Natural Science Foundation of China(Grant Nos.61872040,U1836101,61871037,62002021)National Cryptography Development Fund(MMJ20170201)Beijing Natural Science Foundation(4202070).
文摘Despite Kerckhoff’s principle,there are secret ciphers with unknown components for diplomatic or military usages.The side-channel analysis of reverse engineering(SCARE)is developed for analyzing secret ciphers.Considering the side-channel leakage,SCARE attacks enable the recovery of some secret parts of a cryptosystem,e.g.,the substitution box table.However,based on idealized leakage assumption,most of these attacks have a few limitations on prior knowledge or implementations.In this paper,we focus on AES-like block ciphers with a secret S-box and demonstrate an attack which recovers both the secret key and the secret S-box.On the one hand,the key is recovered under profiled circumstance by leakage analysis and collision attack.On the other hand,the SCARE attack is based on mathematical analysis.It relies on Hamming weight of MixColumns intermediate results in the first round,which can restore the secret S-box.Experiments are performed on real power traces from a software implementation of AES-like block cipher.Moreover,we evaluate the soundness and efficiency of our method by simulations and compare with previous approaches.Our method has more advantages in intermediate results location and the required number of traces.For simulated traces with gaussian noise,our method requires 100000 traces to fully restore the secret S-box,while the previous method requires nearly 300000 traces to restore S-box.