請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/69132
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 鄭振牟 | |
dc.contributor.author | Hung-Hsien Lee | en |
dc.contributor.author | 李紘賢 | zh_TW |
dc.date.accessioned | 2021-06-17T03:09:31Z | - |
dc.date.available | 2018-08-01 | |
dc.date.copyright | 2018-08-01 | |
dc.date.issued | 2018 | |
dc.date.submitted | 2018-07-22 | |
dc.identifier.citation | [1] P. C. Kocher, “Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems,” in Annual International Cryptology Conference. Springer, 1996, pp. 104–113.
[2] S. Mangard, E. Oswald, and T. Popp, Power analysis attacks: Revealing the secrets of smart cards. Springer Science & Business Media, 2008, vol. 31. [3] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Annual International Cryptology Conference. Springer, 1999, pp. 388–397. [4] E. Brier, C. Clavier, and F. Olivier, “Correlation power analysis with a leakage model,” in International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2004, pp. 16–29. [5] E. Oswald and S. Mangard, “Template attacks on masking—resistance is futile,” in Cryptographers’Track at the RSA Conference. Springer, 2007, pp. 243–256. [6] L. Goubin and J. Patarin, “Des and differential power analysis the “duplication” method,” in International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 1999, pp. 158–172. [7] S. Mangard, N. Pramstaller, and E. Oswald, “Successfully attacking masked aes hardware implementations,” in International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2005, pp. 157–171. [8] S. Nikova, V. Rijmen, and M. Schläffer, “Secure hardware implementation of nonlinear functions in the presence of glitches,” Journal of Cryptology, vol. 24, no. 2, pp. 292–321, 2011. [9] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “Higher-order threshold implementations,” in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2014, pp. 326–343. [10] B. Bilgin, S. Nikova, V. Nikov, V. Rijmen, and G. Stütz, “Threshold implementations of all 3 3 and 4 4 s-boxes,” in International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2012, pp. 76–91. [11] T. Beyne and B. Bilgin, “Uniform first-order threshold implementations,” in International Conference on Selected Areas in Cryptography. Springer, 2016, pp. 79–98. [12] A. Moradi, A. Poschmann, S. Ling, C. Paar, and H. Wang, “Pushing the limits: a very compact and a threshold implementation of aes,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2011, pp. 69–88. [13] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “Trade-offs for threshold implementations illustrated on aes,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 7, pp. 1188–1200, 2015. [14] D. Canright, “A very compact s-box for aes,” in International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2005, pp. 441–455. [15] B. Bilgin, B. Gierlichs, S. Nikova, V. Nikov, and V. Rijmen, “A more efficient aes threshold implementation,” in International Conference on Cryptology in Africa. Springer, 2014, pp. 267–284. [16] J. Jean, A. Moradi, T. Peyrin, and P. Sasdrich, “Bit-sliding: a generic technique for bit-serial implementations of spn-based primitives-applications to aes, present and skinny,” CHES 2017, pp. 687–707, 2017. [17] J. Boyar, P. Matthews, and R. Peralta, “Logic minimization techniques with applications to cryptology,” Journal of Cryptology, vol. 26, no. 2, pp. 280–312, 2013. [18] F. Wegener and A. Moradi, “A first-order sca resistant aes without fresh randomness,” in International Workshop on Constructive Side-Channel Analysis and Secure Design. Springer, 2018, pp. 245–262. [19] T. De Cnudde, O. Reparaz, B. Bilgin, S. Nikova, V. Nikov, and V. Rijmen, “Masking aes with d+ 1 shares in hardware,” in International Conference on Cryptographic Hardware and Embedded Systems. Springer, 2016, pp. 194–212. [20] H. Gross, S. Mangard, and T. Korak, “An efficient side-channel protected aes implementation with arbitrary protection order,” in Cryptographers’Track at the RSA Conference. Springer, 2017, pp. 95–112. [21] R. Ueno, N. Homma, and T. Aoki, “Toward more efficient dpa-resistant aes hardware architecture based on threshold implementation,” in International Workshop on Constructive Side-Channel Analysis and Secure Design. Springer, 2017, pp.50–64. [22] “Side-channel attack user reference architecture specifications,” http://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-G.html. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/69132 | - |
dc.description.abstract | 在有限資源的嵌入式裝置中,面積可能是實作的第一個考量。位元滑動的技術有效降低實作所使用的面積量。然而這些裝置易受功耗分析攻擊,在硬體上的傳統遮罩防護均勻地遮蔽了中間值,但在運算中間值的過程洩漏了資訊,電路上的毛刺成為了傳統遮罩防護的弊病。門檻實作在硬體上擁有更嚴格的條件。即使存在電路上的毛刺,門檻實作提供對抗一階攻擊的可證明安全性。我們在現場可程式邏輯閘陣列中實作位元滑動AES,並攻擊之。我們完成了抵擋一階攻擊的位元滑動AES之門檻實作,並與前人的AES門檻實作比較電路合成結果。 | zh_TW |
dc.description.abstract | For those resource-limited embedded cryptographic devices, the area may be the first issue to the implementation. Bit-sliding or bit-serialized technique extremely makes the implementation area decrease. But these devices suffer from power analysis dramatically. In hardware, the traditional masking approach does mask the intermediate value uniformly but not in process of them. Glitches become a critical issue on those masking approach. As having stricter assumption in hardware, threshold implementations provide provable security against first-order attack even in the present of glitches.
We attack the bit-sliding AES in the FPGA and complete its countermeasure against first-order attack. We also provide ASIC synthesis results of the threshold implementation of bit-sliding AES and compare it to related threshold implementations of AES. | en |
dc.description.provenance | Made available in DSpace on 2021-06-17T03:09:31Z (GMT). No. of bitstreams: 1 ntu-107-R05943099-1.pdf: 3658959 bytes, checksum: 200f3e6094f353f01790b81a1fdb7c75 (MD5) Previous issue date: 2018 | en |
dc.description.tableofcontents | 1 Introduction 1
2 Preliminaries 2 2.1 Side-channel Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2 Signal-to-Noise Ratio . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.3 Correlation Power Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.4 Masking as Countermeasure . . . . . . . . . . . . . . . . . . . . . . . . 4 3 Threshold Implementations 6 3.1 Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1.1 Correctness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1.2 Non-completeness . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1.3 Uniformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.2 Threshold Implementation in Hardware . . . . . . . . . . . . . . . . . . 11 3.3 Sharing on Rijndael S-box . . . . . . . . . . . . . . . . . . . . . . . . . 13 4 Bit-Sliding AES 16 4.1 Unprotected Bit-Sliding AES . . . . . . . . . . . . . . . . . . . . . . . . 16 4.2 Threshold Implementations of Bit-Sliding AES . . . . . . . . . . . . . . 17 5 Implementation Cost 22 6 Power Analysis 24 6.1 Attack on Bit-Sliding AES . . . . . . . . . . . . . . . . . . . . . . . . . 25 6.2 Analysis on Threshold Implementations of Bit-Sliding AES . . . . . . . . 26 7 Conclusion 28 References 29 Appendix A Unshared function of Rijndael S-box 32 A.1 Square and scalar in GF(24) . . . . . . . . . . . . . . . . . . . . . . . 32 A.2 Multiplier in GF(24) . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 A.3 Inverter in GF(24) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Appendix B Shared function of Rijndael S-box 34 B.1 Sharing Multiplier in GF(24) with 3 Input 3 Output Shares . . . . . . . 34 B.2 Sharing Inverter in GF(24) with 4 Input 4 Output Shares . . . . . . . . 35 | |
dc.language.iso | en | |
dc.title | 位元滑動之AES門檻實作 | zh_TW |
dc.title | Threshold Implementations of Bit-Sliding AES | en |
dc.type | Thesis | |
dc.date.schoolyear | 106-2 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 謝致仁,陳君明,陳君朋,楊柏因,洪維志 | |
dc.subject.keyword | AES,位元滑動,門檻實作,一階差分能量分析, | zh_TW |
dc.subject.keyword | AES, bit-sliding, threshold implementation, first-order differential power analysis, | en |
dc.relation.page | 35 | |
dc.identifier.doi | 10.6342/NTU201801794 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2018-07-23 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電子工程學研究所 | zh_TW |
顯示於系所單位: | 電子工程學研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-107-1.pdf 目前未授權公開取用 | 3.57 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。