加密芯片的旁道攻击防御对策研究
|
摘要
功耗攻击方法是得到广泛重视和应用的一种旁道攻击方法,它观测加密芯片运行时的功耗变化特征,研究处理数据与功耗之间的相关性,根据相关性推算出芯片内部存储的密钥。功耗攻击方法实施简单,攻击能力强,具有通用性,与具体加密算法无关,能够攻击各种加密算法的芯片。差分功耗分析(Differential Power Analysis,DPA)和高阶差分功耗分析(High OrderDifferential Power Analysis,H-O DPA)攻击能力更强,而且随着研究的深入,实施攻击方法越来越成熟,攻击成本下降,对加密芯片构成极大威胁。有些针对特定加密算法进行改进的攻击方法,其攻击效果更好。
本论文主要针对功耗分析技术的特点及关键技术,特别是DPA和高阶DPA技术进行研究,提出具体的改进防御方法,增强加密芯片防御DPA的能力,并进行加密芯片的设计和仿真。对新出现的专门针对具体加密算法的攻击方法,也进行了研究并提出相应的防御方法。完成的主要研究工作如下:
1)提出修改AES算法的防御方法。引入随机化方法和变形屏蔽方法(Transformed Masking Method,TMM)修改AES算法,同时将AES算法中GF(2~8)求逆运算的部分用简单动态差分逻辑构建,使AES芯片能够防御零值攻击。安全性分析表明,攻击新的方法所需的样本数是标准二阶DPA攻击的(16+4~*n)~2倍,这使攻击变得不可行,仿真表明可以防御零值攻击。
2)对采用屏蔽方法的DES芯片提出改进的屏蔽方法。在数据进入S盒之前不恢复密钥,而是修改S盒,即能够保护密钥,又使得数据在经过S盒变换后能够消除屏蔽。DES算法中同时存在异或屏蔽和加法屏蔽,引入两者之间相互安全转换的方法,使得算法中的敏感数据不以明文出现,能够完全屏蔽。分析表明可以防御关联攻击、重叠攻击等新的攻击方法。
3)针对DES加密系统提出采用算法层和逻辑层组合的方法改进独特屏蔽方法(Unique Masking Method,UMM);研究灵敏放大器型逻辑(SenseAmplifier Based Logic,SABL)特性,设计功耗平衡SABL单元库,半定制设计流程,并指出用SABL实现S盒的原因。对其安全性分析和仿真实验表明可以防御高阶DPA攻击。
4)设计能够防御高阶DPA攻击的DES芯片。修改原始S盒,增加1个随机数和2组S盒。采用SABL实现DES芯片关键部分模块;采用CMOS实现非关键部分模块,最后构成整体DES芯片。设计实现芯片时考虑智能卡的限制,在一些性能指标上进行折中,采用部分流水结构。对其进行性能仿真并与现有芯片进行分析比较,芯片能够实现加解密,提高防御高阶DPA攻击的能力,比以前的方法节省资源。
Power analysis method is a side channel attack method which got widelyattention and application, it observes the power variation characteristic whenencryption chip running, research the correlation of processing data and powerconsuming, to reason the Key stored in the chip according to correlation. For ourapproach is easy and the attack ability is strong, this approach is widely adopted.It can attack the chip with all kinds of encryption algorithm, not constrained by aspecific algorithm. Differential power analysis (DPA) and high order DPA (H-ODPA) attack ability is stronger, with the development of research, theimplementation approach is mature, the cost reduced dramatically, they seriouslythreaten encryption chip. There are many improved power attack approach aim atthe specifically encryption algorithm and the attack effect is better.
Our thesis aimed at the characteristic of power attack technology and criticaltechnology, especially DPA and high order DPA, to proposes improved specifydefend approach, to enhance encryption chip defeat DPA, to design the encryptionchip and simulation. To research the defend approach according to new attackapproach, our main works are as follows:
1) Propose defend method which modified AES algorithm. Introduce therandom method and Transformed Masking Method (TMM) to modify AESalgorithm, to implement with the inverse operation of GF(2~8) in the AESalgorithm with the Simple Dynamic Differential Logic (SDDL) logic. Theanalysis indicates that success attack need (16+4~*n)~2 times trace than thestandard DPA, this is infeasible. The simulation experiment indicates that ourapproach can defend the zero value attack.
2) Propose an improved method with masking approach DES encryption chip,to modify the S box instead of restoring the key before proceeding data inputs-box, it can protect key and to eliminate data masking after the transformation ofS box. There exist XOR masking and Addition masking operation in the DESalgorithm, we implement the approach to transform in the XOR masking and Addition masking operation, the sensitive data will not appear in the cipher textand is completely masked. The simulation result indicates it can defend thecorrelation attack, superposition attack and so on
3) Propose improved Unique Masking Method (UMM) algorithm whichcombines algorithm level and logic level method aiming at DES encryptionsystem; Research the characteristic of Sense Amplifier Based Logic (SABL),design power consuming balance SABL cell library, semi-custom design flow andpoint out the reason to implement S box with SABL. The security analysis andsimulation experiment shows our approach can defend the high-order DPA attack.
4) Design the DES chip which can defend high order DPA attack. To modifythe S box, add one random number and two groups of S boxes. To achieve theDES chip critical module with SABL, non-critical module is implemented withCMOS, then construct the whole DES chip finally. To tradeoff some performanceindex in the implementation process consider the restriction of smartcard, a partsegment pipeline was used in its structure. To implement simulation analysis withthe performance and comparison with the chip in existence, it shows that the chipcan achieve encryption and decryption. The new approach improved the ability ofdefending high order DPA attack, reduced the resource consuming in the meantime.
本论文主要针对功耗分析技术的特点及关键技术,特别是DPA和高阶DPA技术进行研究,提出具体的改进防御方法,增强加密芯片防御DPA的能力,并进行加密芯片的设计和仿真。对新出现的专门针对具体加密算法的攻击方法,也进行了研究并提出相应的防御方法。完成的主要研究工作如下:
1)提出修改AES算法的防御方法。引入随机化方法和变形屏蔽方法(Transformed Masking Method,TMM)修改AES算法,同时将AES算法中GF(2~8)求逆运算的部分用简单动态差分逻辑构建,使AES芯片能够防御零值攻击。安全性分析表明,攻击新的方法所需的样本数是标准二阶DPA攻击的(16+4~*n)~2倍,这使攻击变得不可行,仿真表明可以防御零值攻击。
2)对采用屏蔽方法的DES芯片提出改进的屏蔽方法。在数据进入S盒之前不恢复密钥,而是修改S盒,即能够保护密钥,又使得数据在经过S盒变换后能够消除屏蔽。DES算法中同时存在异或屏蔽和加法屏蔽,引入两者之间相互安全转换的方法,使得算法中的敏感数据不以明文出现,能够完全屏蔽。分析表明可以防御关联攻击、重叠攻击等新的攻击方法。
3)针对DES加密系统提出采用算法层和逻辑层组合的方法改进独特屏蔽方法(Unique Masking Method,UMM);研究灵敏放大器型逻辑(SenseAmplifier Based Logic,SABL)特性,设计功耗平衡SABL单元库,半定制设计流程,并指出用SABL实现S盒的原因。对其安全性分析和仿真实验表明可以防御高阶DPA攻击。
4)设计能够防御高阶DPA攻击的DES芯片。修改原始S盒,增加1个随机数和2组S盒。采用SABL实现DES芯片关键部分模块;采用CMOS实现非关键部分模块,最后构成整体DES芯片。设计实现芯片时考虑智能卡的限制,在一些性能指标上进行折中,采用部分流水结构。对其进行性能仿真并与现有芯片进行分析比较,芯片能够实现加解密,提高防御高阶DPA攻击的能力,比以前的方法节省资源。
Power analysis method is a side channel attack method which got widelyattention and application, it observes the power variation characteristic whenencryption chip running, research the correlation of processing data and powerconsuming, to reason the Key stored in the chip according to correlation. For ourapproach is easy and the attack ability is strong, this approach is widely adopted.It can attack the chip with all kinds of encryption algorithm, not constrained by aspecific algorithm. Differential power analysis (DPA) and high order DPA (H-ODPA) attack ability is stronger, with the development of research, theimplementation approach is mature, the cost reduced dramatically, they seriouslythreaten encryption chip. There are many improved power attack approach aim atthe specifically encryption algorithm and the attack effect is better.
Our thesis aimed at the characteristic of power attack technology and criticaltechnology, especially DPA and high order DPA, to proposes improved specifydefend approach, to enhance encryption chip defeat DPA, to design the encryptionchip and simulation. To research the defend approach according to new attackapproach, our main works are as follows:
1) Propose defend method which modified AES algorithm. Introduce therandom method and Transformed Masking Method (TMM) to modify AESalgorithm, to implement with the inverse operation of GF(2~8) in the AESalgorithm with the Simple Dynamic Differential Logic (SDDL) logic. Theanalysis indicates that success attack need (16+4~*n)~2 times trace than thestandard DPA, this is infeasible. The simulation experiment indicates that ourapproach can defend the zero value attack.
2) Propose an improved method with masking approach DES encryption chip,to modify the S box instead of restoring the key before proceeding data inputs-box, it can protect key and to eliminate data masking after the transformation ofS box. There exist XOR masking and Addition masking operation in the DESalgorithm, we implement the approach to transform in the XOR masking and Addition masking operation, the sensitive data will not appear in the cipher textand is completely masked. The simulation result indicates it can defend thecorrelation attack, superposition attack and so on
3) Propose improved Unique Masking Method (UMM) algorithm whichcombines algorithm level and logic level method aiming at DES encryptionsystem; Research the characteristic of Sense Amplifier Based Logic (SABL),design power consuming balance SABL cell library, semi-custom design flow andpoint out the reason to implement S box with SABL. The security analysis andsimulation experiment shows our approach can defend the high-order DPA attack.
4) Design the DES chip which can defend high order DPA attack. To modifythe S box, add one random number and two groups of S boxes. To achieve theDES chip critical module with SABL, non-critical module is implemented withCMOS, then construct the whole DES chip finally. To tradeoff some performanceindex in the implementation process consider the restriction of smartcard, a partsegment pipeline was used in its structure. To implement simulation analysis withthe performance and comparison with the chip in existence, it shows that the chipcan achieve encryption and decryption. The new approach improved the ability ofdefending high order DPA attack, reduced the resource consuming in the meantime.
引文
[1] 杨波.现代密码学.清华大学出版社.2003年
[2] Bruce Schneie著,吴世忠等译.应用密码学--协议、算法与C源程序.机械工业出版社.2000年
[3] 刘连浩.高级加密标准及短分组加密技术应用研究.中南大学博士学位论文.2006年
[4] 丁群,彭喜元,杨自恒.基于神经网络算法的组合序列密码芯片.电子学报.2006,34(3):409-412页
[5] Chen Z M and Zhou Y J. Dual-rail random switching logic: a countermeasure to reduce side channel leakage. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Yokohama, Japan, 2006: 242-254P
[6] Biham E and Shamir A. Differential cryptanalysis of the data encryption sandard. New York: Springer-Verlag, 1993
[7] Biryukov A and Wagner D. Slide attacks. Proceedings of International Workshop on Fast Software Encryption, Rome, Italy, 1999: 245-259P
[8] 张闻宇.高级加密标准的研究.山东大学博士学位论文.2007年
[9] Biham E. New types of cryptanalytic attacks using related keys. Proceedings of Workshop on the Theory and Applicationof Cryptographic Techniques on Advances in Cryptology, Lofthus, Norway, 1994: 398-409P
[10] Biham E, Biryukov A and Shamir A. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. Journal of Cryptology, 2005, 18(4): 291-311P
[11] Biham E, Dunkelman O and Keller N. The rectangle attack-rectangling the serpent. Proceedings of International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, Innsbruck (Tyrol), Austria, Springer-Verlag, 2001: 340-357P
[12] Paul N. Fahn, Peter K. Pearson. IPA: A new class of power attacks. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Worcester,Massachusetts,USA,1999:173-186P
[13]Las R.Knudsen.Truncated and higher order differentials.Proceedings of International Workshop on Fast Software Encryption,Leuven,Belgium,1994:196-211P
[14]David Wagner.The boomerang attack.Proceedings of International Workshop on Fast Software Encryption,Rome,Italy,1999:156-170P
[15]Kocher P,Jaffe J and Jun B.Differential power analysis.Proceedings of International Cryptoiogy Conference,Santa Barbara.California,USA,1999:388-397P
[16]Oswald E.On side-channel attacks and.the application of algorithmic countermeasures.[Thesis for PhD].Graz,Ausrtia:Graz University of Technolog,2003
[17]John Kelsey,Bruce Schneier,David Wagner,Chris Hall.Side channel cryptanalysis of product ciphers.Proceedings of European Symposium on Resarch in Computer Security,Toulouse,France,1998:97-110P
[18]Muir J A.Techniques of side channel cryptanalysis.[Thesis for Master].Waterloo,Ontario,Canada:University of Waterloo,2001
[19]Hess E,Janssen N and Meyer B.Information leakage attacks against smart card implementations of cryptographic algorithms and countermeasures a survey.Proceedings of Eurosmart Security Conference.Sophia Antipolis,French,2000:55-64P
[20]Peeters E,Standaert F X and Quisquater J J.Power and electromagnetic analysis:improved model,consequences and comparisons.Integration the VLSI Journal.2007,40(1):52-60P
[21]Tiri K,Schaumont P and Verbauwhede I.Side-channel leakage tolerant architectures.Proceedings of International Conference on Information Technology,New Generations,Las Vegas,Nevada,2006:204-209P
[22]Giorgetti J,Scotti G,Simonetti A and Trifiletti A.Analysis of data dependence of leakage current in CMOS cryptographic hardware.Proceedings of Great Lakes Symposium on VLSI,Stresa-Lago Maggiore, Italy, 2007: 78-83P
[23] Ors S B, Gurkaynak F, Oswald E and Preneel B. Power-analysis attack on an ASIC AES implementation. Proceedings of the International Conference on Information Technology: Coding and Computing, Las Vegas, USA, 2004: 546-553P
[24] 童元满,王志英,戴葵,陆洪毅.识别密码算法具体实现中潜在功耗攻击的理论分析方法.计算机辅助设计与图形学学报.2008,20(3):395-402页
[25] Okeya K and Iwata T. Side channel attack on message authentication codes. Proceedings of European Workshop on Security and Privacy in Ad hoc and Sensor Networks 2005: 205-217P
[26] JaeCheol Ha, ChangKyun Kim, SangJae Moon, IlHwan Park, HyungSo Yoo. Differential power analysis on block cipher ARIA. Proceedings of High Performance Computing and Communcations, 2005: 541-548P
[27] Kwon D, Kim J, Park S, Sung S H, Sohn Y, Song J H, Yeom Y, Yoon E, Lee S, Lee J, Chee S, Han D and Hong J. New block cipher: ARIA Proceedings of Information Security and Cryptology, 2004: 432-445P
[28] Dakshi A, Josyula R, Pankaj R and Kai S. Templates as master keys. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh UK, 2005: 15-29P
[29] Tiri K and Verbauwhede I. Simulation models for side-channel information leaks. Proceedings of Design Automation Conference, Anaheim, California, USA, 2005: 228-233P
[30] Suzuki D, Saeki M and Ichikawa T. DPA Leakage models for CMOS logic circuits. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh UK, 2005: 366-382P
[31] Li H, Markettos A T and Moore S. Security evaluation against electromagnetic analysis at design time. Proceedings of High-Level Design Validation and Test Workshop, Napa Valley, California, USA, 2005: 211-218P
[32] Karine G, Christophe M and Francis O. Electromagnetic analysis: concrete results. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Paris, France, 2001: 251-261P
[33] Josyula R R. Pankaj R. Empowering side channel attacks. Cryptology ePrint Archive. http://eprint.iacr.org/.IACR.037/2001
[34] Agrawal D, Archambeault B, Rao J R and Rohatgi P. The EM side-channel(s). Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Redwood Shores, California, USA, 2002: 29-45P
[35] Dhem J F, Koeune F, Leroux P A, Mestre P, Quisquater J J and Willems J L. A practical implementation of the timing attack. Proceedings of International Conference on Smart Card Research and Applications, Louvain-la-Neuve, Belgium, 1998: 167-182P
[36] Biham E and Shamir A. Differential fault analysis of secret key cryptosystems. Proceedings of International Cryptology Conference on Advances in Cryptology. Santa Barbara. California, USA, 1997: 513-525P
[37] Skorobogatov S P and Anderson R J. Optical fault induction attacks. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Redwood Shores, California, USA, 2002: 2-12P
[38] Piret G and Quisquater J J. A differential fault attack technique against SPN structures with application to the AES and KHAZAD, Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, 2003: 77-88P
[39] 李翔宇.密码集成电路的非算法抗功耗分析设计方法研究.清华大学博士学位论文.2005年
[40] Wang L Y. On the hardware design for DES cipher in tamper resistant devices against differential fault analysis. Proceedings of International Symposium on Circuits and Systems, Geneva, Switzerland, 2000: 697-700P
[41] Agrawal D, Rao J R and Rohatgi P. Multi-channel attacks. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems. Cologne, Germany, 2003: 2-16P
[42] Fournier J J A, Moore S, Li H, Mullins R and Taylor G. Security evaluation of asynchronous circuits. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, 2003: 137-151P
[43] Potlapally N R, Raghunathan A, Rav S, Jha N K and Lee R B. Satisfiability-based framework for enabling side-channel attacks on cryptographic software. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Munich, Germany, 2006: 18-23P
[44] Chandrakasan A P, Shen S and Brodersen R W. Low-power CMOS digital design, IEEE Journal of Solid-State Circuits, 1992, 27(4): 473-484P
[45] 韩军,曾晓洋,汤庭鳌.DES密码电路的抗差分功耗分析设计.半导体学报.2005,26(8):1646-1652页
[46] Tiri K, Akmal M and Verbauwhede I. A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards. Proceedings of European Solid-State Circuits Conference, Florence, Italy, 2002: 403-406P
[47] 李翔宇,孙义和.用于密码芯片抗功耗攻击的功耗平衡加法器.半导体学报.2005,26(8):1629-1634页
[48] Lu X and Heys H M. A simple power analysis attack against the key schedule of the Camellia block cipher. Information Processing Letters. 2005, 95(3): 409-412P
[49] Aoki K, Ichikawa T, Kanda M, Matsui M, Moriai S, Nakajima J and Tokita T. Camellia: a 128-bit block cipher suitable for multiple platforms-design and analysis. Proceedings of Symposium on Applied Computing. Villa Olmo, Como, Italy, 2000: 39-56P
[50]. Messerges T S, Dabbish E A and Slona R H. Investigations of power analysis attacks on smartcards. Proceedings of the USENIX Workshop on Smartcard Technology, Illinois, Chicgao, USA, 1999: 151-161P
[51] Schindler W, Lemke K and Paar C. A stochastic model for differential side channel cryptanalysis. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK, 2005: 30-46P
[52] Tiri K, Hwang D, Hodjat A, Lai B, Yang S, Schaumont P and Verbauwhede I. A side-channel leakage free coprocessor IC in 0.18μm CMOS for embedded AES-based cryptographic and biometric processing. Proceedings of Design Automation Conference, Anaheim, California, USA, 2005: 388-394P
[53] Messerges T S. Using second-order power analysis to attack DPA resistant software. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Worcester, Massachusetts, USA, 2000: 238-251P
[54] Oswald E, Mangard S and Herbst C. Practical second-order DPA attacks for masked smart card implementations of block ciphers. Proceedings of The Cryptographers' Track at the RSA Conference, San Jose, California, USA, 2006: 192-207P
[55] 蒋惠萍,毛志刚.一种抗差分功耗攻击的改进DES算法及其硬件实现.计算机学报.2004,27(3):334-338页
[56] Joye M, Paillier P and Schoenmakers B. On second-order differential power analysis. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK, 2005: 293-308P
[57] Waddle. J and Wagner D. Towards efficient second-order power analysis, Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, Massachusetts, USA, 2004: 1-15P
[58] Peeters E, Standaert F X, Donckers N and Quisquater J J. Improved higher-order side-channel attacks with FPGA experiments. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh UK, 2005: 309-323P
[59] Brier E, Clavier C and Olivier F. Correlation power analysis with a leakage model. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, Massachusetts, USA, 2004: 16-29P
[60] Akkar M L and Goubin L. A generic protection against high-order differential power analysis. Proceedings of International Workshop on Fast Software Encryption, Lund, Sweden, 2003: 192-205P
[61] 韩军,曾晓洋,汤庭鳌.RSA密码算法的功耗轨迹分析及其防御措施.计算机学报.2006,29(4):590-596页
[62]Messerges T S,Dabbish E A and Sloan R H.Power analysis attacks of modular exponentiation in smartcards.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Worcester,Massachusetts,USA,1999:144-157P
[63]Yen S M,Wei C L,Sang J M and Jaecheol H A.Power analysis by exploiting chosen message and internal collisions:vulnerability of checking mechanism for RSA-decryption.Proceedings of Progress in cryptology-Mycrypt2005,Kuala Lumpur,Malaysia,2005:183-195P
[64]Regazzoni F,Badel S,Eisenbarth T,GroBschadl J,Poschmann A,Toprak Z,Macchetti M,Pozzi L,Paar C,Leblebic Y i and Ienne P.A simulation-based methodology for evaluating the DPA-resistance of cryptographic functional units with application to CMOS and MCML technologies.Proceedings of International Symposium on Systems,Architectures,Modeling and Simulation,Samos,Greece,2007.-209-214P
[65]Rakers P,Connell L,Collins T and Russell D.Secure contactless smart card ASIC with DPA protection.IEEE Journal of Solid-State Circuits.2001,36(3):559-565P
[66]Shamir A.Protecting smart cards from passive power analysis with detached power supplies.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Worcester,Massachusetts,USA,2000:71-77P
[67]Kocher P.Design and validation strategies for obtaining assurance in countermeasures to power analysis and related attacks.Proceedings of the NIST Physical Security Workshop,2005:1-11P
[68]Muresan R,Vahedi H,Zhanrong Y and Gregori S.Power-smart system-on-chip architecture for embedded cryptosystems.Proceedings of International Conference on Hardware/Software Codesign and System Synthesis,Jersey City,New Jersey,2005:184-189P
[69]Bucci M,Luzzi R,Guglielmo M and Trifiletti A.A countermeasure against differential power analysis based on random delay insertion.International Symposium on Circuits and Systems,2005:3547-3550P
[70]Yang S,Wolf W,Vijaykrishnan N,Scrpanos D N and Xie Y.Power attack resistant cryptosystem design:a dynamic voltage and frequency wwitching approach.Proceedings of the Design,Automation and Test in Europe Conference and Exhibition,Munich,Germany,2005:64-69P
[71]Daemen J,Peeters M and Assche G V.Bitslice ciphers and power analysis attacks.Proceedings of International Workshop on Fast Software Encryption,New York,USA,2000:134-149P
[72]Golic J D and Tyrhen C.Multiplicative masking and power analysis of AES.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Redwood Shores,California,USA,2003:31-47P
[73]Goubin L and Patarin J.DES and differential power analysis-the duplication method.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Worcester,Massachusetts,USA,1999:158-172P
[74]Chari S,Jutla C,Rao J R and Rohatgi P.A cautionary note regarding evaluation of aes candidates on smart-cards.Proceedings of the Second Advanced Encryption Standard Candidate,Yorktown Heights,NY,USA,1999:1-15P
[75]Trichina E,Seta D D and Germani L.Simplified adaptive multiplicative masking for AES.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,RedwoodShores,California,USA,2002:187-197P
[76]Chari S,Jutla C S,Rao J and Rohatgi P.Towards sound approaches to counteract power-analysis attacks.International Cryptology Conference on Advances in Cryptology,Santa Barbara,California,USA,1999:398-412P
[77]Courtois N T and Goubin L.An algebraic masking method to protect AES against power attacks.Proceedings of Information Security and Cryptology,Beijing,China,2005:199-209P
[78]Trichina E and Korkishko T.Secure AES hardware module for resource constrained devices.Proceeding of Security in Ad-hoc and Sensor Networks,Heidelberg,Germany,2004:215-229P
[79]Trichina E and Korkishko L.Secure and efficient AES software implementation for smart cards.Proceeding of Information Security Applications,Jeju Island,Korea,2004:425-439P
[80]Akkar M L and Giraud C.An implementation of DES and AES,secure against some attacks.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Paris,France,2001:309-318P
[81]Blomer J,Guajardo J and Krummel V.Provably secure masking of AES.Proceeding of Selected Areas in Cryptography,Waterloo,Ontario,Canada,2004:69-83P
[82]Oswald E,Mangard S,Pramstaller N and Rijmen V.A side-channel analysis resistant description of the AES S-Box.Proceedings of International Workshop on Fast Software Encryption,Paris,France,2005:413-423P
[83]Zhang N,Chen Z and Xiao G Efficient elliptic curve scalar multiplication algorithms resistant to power analysis.Information Sciences,2007,177(10):2119-2129P
[84]Catherine H and Gebotys S.A table masking countermeasure for low-energy secure embedded systems.IEEE Transactions on VLSI Systems,2006,14(7):740-753P
[85]Fouque P A,Muller F,Poupard G and Valette F.Defeating countermeasures based on randomized BSD representations.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Cambridge,Massachusetts USA,2004:312-327P
[86]Hasan M A.Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems.IEEE Transactions on computers,2001,50(10):1071-1083P
[87]Dupuy W and Sebastien K J.Resistance of randomized projective coordinates against power analysis,Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Edinburgh,UK,2005:1-14P
[88]Lv J and Han Y.Enhanced DES implementation secure against high-order differential power analysis in smartcards.Proceedings of Australasian Conference on Information Security and Privacy, Townsville, Queensland, Australia, 2005: 195-206P
[89] Park J H, Lee H J, Ha J C, Choi Y, Kim H W and Moon S J. A differential power analysis attack of block cipher based on the hamming weight of internal operation unit. InternationalConference on Computational Intelliquence and Security, Guangzhou, China, 2006: 1375-1380P
[90] Handschuh H and Prenee B. Blind differential cryptanalysis for enhanced power attack. Proceedings of Selected Areas in Cryptography, Montreal, Quebec, Canada, 2006: 163-173P
[91] 陈志敏.安全芯片旁路功耗分析及抗攻击措施.上海交通大学硕士学位论文.2007年
[92] Moore S, Anderson R, Cunningham P, Mullins R and Taylor G. Improving smart card security using self-timed circuits. International Symposium on Asynchronous Circuits andSystems, Manchester, UK, 2002: 211-218P
[93] Tiri K and Verbauwhede I. Charge recycling sense amplifier based logic: securing low power security IC's against DPA. European Solid-State Circuits Conference, Leuven, Belgium, 2004: 179-182P
[94] Tiri K and Verbauwhede I. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Paris, France, 2004: 246-251P
[95] Tiri K and Verbauwhede I. A VLSI design flow for secure side-channel attack resistant ICs. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Munich, Germany, 2005: 58-63P
[96] 童元满,王志英,戴葵,陆洪毅,石伟.基于WDDL和行波流水技术的抗功耗攻击高性能分组密码协处理器设计与实现.计算机学报.2008,31(5):827-834页
[97] Sokolov D, Murphy J, Bystrov A and Yakovlev A. Improving the security of dual-rail circuits. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems. Boston Marriott Cambridge Cambridge, Massachusetts, USA, 2004: 282-297P
[98] Popp T and Mangard S. Implementation aspects of the DPA-resistant logic style MDPL. International Symposium on Circuits and Systems, Island of Kos, Greece, 2006: 2913-2916P
[99] llham H, Francois M, Denis F and Legat J D. Low-swing current mode logic: A new logic style for secure and robust smart cards against power analysis attacks. Microelectronice Journal, 37(9), 2006: 997-1006P
[100] 童元满,王志英,戴葵,石伟,陆洪毅.基于动态双轨逻辑的抗功耗攻击安全芯片半定制设计流程.小型微型计算机系统.2007,28(5):935-939页
[101] Golic J D. Techniques for random masking in hardware. IEEE Transactions on Circuits and Systems, 2007, 54(2): 291-300P
[102] Mace F, Standaert F X, Quisquater J J and Legat J D. A design methodology for secured ICs using dynamic current mode logic. Power and Timing Modeling, Optimization and Simulation, Leuven, Belgium, 2005: 550-560P
[103]. Gurkaynak F K, Oetiker S, Kaeslin H, Felber N and Fichtner W. Design challenges for a differential-power-analysis aware GALS-based AES crypto ASIC. Electronic Notes in Theoretical Computer Science, 2005, 146: 133-149P
[104] Gurkaynak F, Oetiker S, Kaeslin H, Felber N and Fichtner W. Improving DPA security by using Globally-Asynchronous Locally-Synchronous systems. Proceedings of the European Solid-State Circuits, Grenoble, France, 2005: 407-410P
[105] Mangard S, Popp T and Gammel B M. Side-channel leakage of masked CMOS gates. Proceedings of the RSA Conference Cryptographers' Track., San Francisco, USA, 2005: 351-365P
[106] Mangard S, Pramstaller N and Oswald E. Successfully attacking masked AES hardware implementations. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK, 2005: 157-171P
[107] Akkar M L, Bevan R and Goubin L. Two power analysis attacks against one-mask methods. International Workshop on Fast Software Encryption, Delhi, India, 2004: 332-347P
[108] 赵佳,曾晓洋,韩军,陈俊.简化的抗零值功耗分析的AES算法及其VLSI实现.计算机工程.2007,331(16):220-222页
[109] 赵佳,曾晓洋,韩军,王晶,陈俊.抗差分功耗分析攻击的AES算法的VLSI实现.计算机研究与发展.2007,44(3):378-383页
[110] 陈毅成,邹雪城,刘政林,韩煜.针对高级数据加密标准的最大差分功耗分析.华中科技大学学报(自然科学版).2007,35(11):96-98页
[111] Oswald E and. Schramm K. An efficient masking scheme for AES software implementations. Workshop on Information. Security Applications, Jeju Island, Korea, 2005: 292-305P
[112] Herbst C, Oswald E, and Mangard S. An AES smart card implementation resistant to power analysis attacks. Applied. Cryptography and Network Security, Singapore, 2006: 239-252P
[113] Guilley S, Hoogvorst P and Pacalet R. Differential power analysis model and some results. Proceedings of Smart Card Research and Advanced Application Conference, Toulouse, France, 2004: 127-142P
[114] 孙骏,韩泽耀.一种抗DPA攻击的DES设计.中国集成电路.2006,5:28-31页
[115] Messerges T S. Securing the AES finalists against power analysis attacks. International Workshop on Fast Software Encryption, New York, NY, USA, 2000: 150-164P
[116] 蒋惠萍,毛志刚.防止差分功耗分析的安全DES模块的MASK技术研究.电子器件.2003,26(2):169-172页
[117] Coron J S and Goubin L. On boolean and arithmetic masking against differential power analysis. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Worcester, Massachusetts, USA, 2000: 231-237P
[118] Goubin L. A sound method for switching between boolean and arithmetic masking. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Paris, France, 2001: 3-15P
[119] Lv J. On two DES Implementations secure against differential power analysis in smart-cards. Information and Computation, 2006, 204(7): 1179-1193P
[120] Tiri K and Verbauwhede I. Design method for constant power consumption of differential logic circuits. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Munich, Germany, 2005: 628-633P
[121] 石伟,戴葵,童元满,龚锐,王志英.防DPA攻击的两种不同逻辑比较研究.计算机工程与科学.2007,29(5):19-22页
[122] 石伟,戴葵,童元满,龚锐.防DPA攻击的标准单元库的设计与实现.微电子学与计算机.2007,24(2):51-54页
[123] Tiri K and Verbauwhede I. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Paris, France, 2004: 246-251P
[124] Wong K, Wark M and Dawson E. A single-chip FPGA implementation of the Data Encryption Standard(DES) algorithm. IEEE Global Telecommunications Conference, Sydney, Australia, 1998: 827-832P
[125] 蒋惠萍.抗功耗分析的加密算法硬件设计技术研究.哈尔滨工业大学博士学位论文.2005年
[126] Messerges T S, Dabbish E A and Sloan R H. Examining smart-card security under the threat of Power analysis attacks. IEEE Transactions on Computers, 2002, 51(5): 541-552P
[2] Bruce Schneie著,吴世忠等译.应用密码学--协议、算法与C源程序.机械工业出版社.2000年
[3] 刘连浩.高级加密标准及短分组加密技术应用研究.中南大学博士学位论文.2006年
[4] 丁群,彭喜元,杨自恒.基于神经网络算法的组合序列密码芯片.电子学报.2006,34(3):409-412页
[5] Chen Z M and Zhou Y J. Dual-rail random switching logic: a countermeasure to reduce side channel leakage. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Yokohama, Japan, 2006: 242-254P
[6] Biham E and Shamir A. Differential cryptanalysis of the data encryption sandard. New York: Springer-Verlag, 1993
[7] Biryukov A and Wagner D. Slide attacks. Proceedings of International Workshop on Fast Software Encryption, Rome, Italy, 1999: 245-259P
[8] 张闻宇.高级加密标准的研究.山东大学博士学位论文.2007年
[9] Biham E. New types of cryptanalytic attacks using related keys. Proceedings of Workshop on the Theory and Applicationof Cryptographic Techniques on Advances in Cryptology, Lofthus, Norway, 1994: 398-409P
[10] Biham E, Biryukov A and Shamir A. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. Journal of Cryptology, 2005, 18(4): 291-311P
[11] Biham E, Dunkelman O and Keller N. The rectangle attack-rectangling the serpent. Proceedings of International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, Innsbruck (Tyrol), Austria, Springer-Verlag, 2001: 340-357P
[12] Paul N. Fahn, Peter K. Pearson. IPA: A new class of power attacks. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Worcester,Massachusetts,USA,1999:173-186P
[13]Las R.Knudsen.Truncated and higher order differentials.Proceedings of International Workshop on Fast Software Encryption,Leuven,Belgium,1994:196-211P
[14]David Wagner.The boomerang attack.Proceedings of International Workshop on Fast Software Encryption,Rome,Italy,1999:156-170P
[15]Kocher P,Jaffe J and Jun B.Differential power analysis.Proceedings of International Cryptoiogy Conference,Santa Barbara.California,USA,1999:388-397P
[16]Oswald E.On side-channel attacks and.the application of algorithmic countermeasures.[Thesis for PhD].Graz,Ausrtia:Graz University of Technolog,2003
[17]John Kelsey,Bruce Schneier,David Wagner,Chris Hall.Side channel cryptanalysis of product ciphers.Proceedings of European Symposium on Resarch in Computer Security,Toulouse,France,1998:97-110P
[18]Muir J A.Techniques of side channel cryptanalysis.[Thesis for Master].Waterloo,Ontario,Canada:University of Waterloo,2001
[19]Hess E,Janssen N and Meyer B.Information leakage attacks against smart card implementations of cryptographic algorithms and countermeasures a survey.Proceedings of Eurosmart Security Conference.Sophia Antipolis,French,2000:55-64P
[20]Peeters E,Standaert F X and Quisquater J J.Power and electromagnetic analysis:improved model,consequences and comparisons.Integration the VLSI Journal.2007,40(1):52-60P
[21]Tiri K,Schaumont P and Verbauwhede I.Side-channel leakage tolerant architectures.Proceedings of International Conference on Information Technology,New Generations,Las Vegas,Nevada,2006:204-209P
[22]Giorgetti J,Scotti G,Simonetti A and Trifiletti A.Analysis of data dependence of leakage current in CMOS cryptographic hardware.Proceedings of Great Lakes Symposium on VLSI,Stresa-Lago Maggiore, Italy, 2007: 78-83P
[23] Ors S B, Gurkaynak F, Oswald E and Preneel B. Power-analysis attack on an ASIC AES implementation. Proceedings of the International Conference on Information Technology: Coding and Computing, Las Vegas, USA, 2004: 546-553P
[24] 童元满,王志英,戴葵,陆洪毅.识别密码算法具体实现中潜在功耗攻击的理论分析方法.计算机辅助设计与图形学学报.2008,20(3):395-402页
[25] Okeya K and Iwata T. Side channel attack on message authentication codes. Proceedings of European Workshop on Security and Privacy in Ad hoc and Sensor Networks 2005: 205-217P
[26] JaeCheol Ha, ChangKyun Kim, SangJae Moon, IlHwan Park, HyungSo Yoo. Differential power analysis on block cipher ARIA. Proceedings of High Performance Computing and Communcations, 2005: 541-548P
[27] Kwon D, Kim J, Park S, Sung S H, Sohn Y, Song J H, Yeom Y, Yoon E, Lee S, Lee J, Chee S, Han D and Hong J. New block cipher: ARIA Proceedings of Information Security and Cryptology, 2004: 432-445P
[28] Dakshi A, Josyula R, Pankaj R and Kai S. Templates as master keys. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh UK, 2005: 15-29P
[29] Tiri K and Verbauwhede I. Simulation models for side-channel information leaks. Proceedings of Design Automation Conference, Anaheim, California, USA, 2005: 228-233P
[30] Suzuki D, Saeki M and Ichikawa T. DPA Leakage models for CMOS logic circuits. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh UK, 2005: 366-382P
[31] Li H, Markettos A T and Moore S. Security evaluation against electromagnetic analysis at design time. Proceedings of High-Level Design Validation and Test Workshop, Napa Valley, California, USA, 2005: 211-218P
[32] Karine G, Christophe M and Francis O. Electromagnetic analysis: concrete results. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Paris, France, 2001: 251-261P
[33] Josyula R R. Pankaj R. Empowering side channel attacks. Cryptology ePrint Archive. http://eprint.iacr.org/.IACR.037/2001
[34] Agrawal D, Archambeault B, Rao J R and Rohatgi P. The EM side-channel(s). Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Redwood Shores, California, USA, 2002: 29-45P
[35] Dhem J F, Koeune F, Leroux P A, Mestre P, Quisquater J J and Willems J L. A practical implementation of the timing attack. Proceedings of International Conference on Smart Card Research and Applications, Louvain-la-Neuve, Belgium, 1998: 167-182P
[36] Biham E and Shamir A. Differential fault analysis of secret key cryptosystems. Proceedings of International Cryptology Conference on Advances in Cryptology. Santa Barbara. California, USA, 1997: 513-525P
[37] Skorobogatov S P and Anderson R J. Optical fault induction attacks. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Redwood Shores, California, USA, 2002: 2-12P
[38] Piret G and Quisquater J J. A differential fault attack technique against SPN structures with application to the AES and KHAZAD, Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, 2003: 77-88P
[39] 李翔宇.密码集成电路的非算法抗功耗分析设计方法研究.清华大学博士学位论文.2005年
[40] Wang L Y. On the hardware design for DES cipher in tamper resistant devices against differential fault analysis. Proceedings of International Symposium on Circuits and Systems, Geneva, Switzerland, 2000: 697-700P
[41] Agrawal D, Rao J R and Rohatgi P. Multi-channel attacks. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems. Cologne, Germany, 2003: 2-16P
[42] Fournier J J A, Moore S, Li H, Mullins R and Taylor G. Security evaluation of asynchronous circuits. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Cologne, Germany, 2003: 137-151P
[43] Potlapally N R, Raghunathan A, Rav S, Jha N K and Lee R B. Satisfiability-based framework for enabling side-channel attacks on cryptographic software. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Munich, Germany, 2006: 18-23P
[44] Chandrakasan A P, Shen S and Brodersen R W. Low-power CMOS digital design, IEEE Journal of Solid-State Circuits, 1992, 27(4): 473-484P
[45] 韩军,曾晓洋,汤庭鳌.DES密码电路的抗差分功耗分析设计.半导体学报.2005,26(8):1646-1652页
[46] Tiri K, Akmal M and Verbauwhede I. A dynamic and differential CMOS logic with signal independent power consumption to withstand differential power analysis on smart cards. Proceedings of European Solid-State Circuits Conference, Florence, Italy, 2002: 403-406P
[47] 李翔宇,孙义和.用于密码芯片抗功耗攻击的功耗平衡加法器.半导体学报.2005,26(8):1629-1634页
[48] Lu X and Heys H M. A simple power analysis attack against the key schedule of the Camellia block cipher. Information Processing Letters. 2005, 95(3): 409-412P
[49] Aoki K, Ichikawa T, Kanda M, Matsui M, Moriai S, Nakajima J and Tokita T. Camellia: a 128-bit block cipher suitable for multiple platforms-design and analysis. Proceedings of Symposium on Applied Computing. Villa Olmo, Como, Italy, 2000: 39-56P
[50]. Messerges T S, Dabbish E A and Slona R H. Investigations of power analysis attacks on smartcards. Proceedings of the USENIX Workshop on Smartcard Technology, Illinois, Chicgao, USA, 1999: 151-161P
[51] Schindler W, Lemke K and Paar C. A stochastic model for differential side channel cryptanalysis. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK, 2005: 30-46P
[52] Tiri K, Hwang D, Hodjat A, Lai B, Yang S, Schaumont P and Verbauwhede I. A side-channel leakage free coprocessor IC in 0.18μm CMOS for embedded AES-based cryptographic and biometric processing. Proceedings of Design Automation Conference, Anaheim, California, USA, 2005: 388-394P
[53] Messerges T S. Using second-order power analysis to attack DPA resistant software. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Worcester, Massachusetts, USA, 2000: 238-251P
[54] Oswald E, Mangard S and Herbst C. Practical second-order DPA attacks for masked smart card implementations of block ciphers. Proceedings of The Cryptographers' Track at the RSA Conference, San Jose, California, USA, 2006: 192-207P
[55] 蒋惠萍,毛志刚.一种抗差分功耗攻击的改进DES算法及其硬件实现.计算机学报.2004,27(3):334-338页
[56] Joye M, Paillier P and Schoenmakers B. On second-order differential power analysis. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK, 2005: 293-308P
[57] Waddle. J and Wagner D. Towards efficient second-order power analysis, Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, Massachusetts, USA, 2004: 1-15P
[58] Peeters E, Standaert F X, Donckers N and Quisquater J J. Improved higher-order side-channel attacks with FPGA experiments. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh UK, 2005: 309-323P
[59] Brier E, Clavier C and Olivier F. Correlation power analysis with a leakage model. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Cambridge, Massachusetts, USA, 2004: 16-29P
[60] Akkar M L and Goubin L. A generic protection against high-order differential power analysis. Proceedings of International Workshop on Fast Software Encryption, Lund, Sweden, 2003: 192-205P
[61] 韩军,曾晓洋,汤庭鳌.RSA密码算法的功耗轨迹分析及其防御措施.计算机学报.2006,29(4):590-596页
[62]Messerges T S,Dabbish E A and Sloan R H.Power analysis attacks of modular exponentiation in smartcards.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Worcester,Massachusetts,USA,1999:144-157P
[63]Yen S M,Wei C L,Sang J M and Jaecheol H A.Power analysis by exploiting chosen message and internal collisions:vulnerability of checking mechanism for RSA-decryption.Proceedings of Progress in cryptology-Mycrypt2005,Kuala Lumpur,Malaysia,2005:183-195P
[64]Regazzoni F,Badel S,Eisenbarth T,GroBschadl J,Poschmann A,Toprak Z,Macchetti M,Pozzi L,Paar C,Leblebic Y i and Ienne P.A simulation-based methodology for evaluating the DPA-resistance of cryptographic functional units with application to CMOS and MCML technologies.Proceedings of International Symposium on Systems,Architectures,Modeling and Simulation,Samos,Greece,2007.-209-214P
[65]Rakers P,Connell L,Collins T and Russell D.Secure contactless smart card ASIC with DPA protection.IEEE Journal of Solid-State Circuits.2001,36(3):559-565P
[66]Shamir A.Protecting smart cards from passive power analysis with detached power supplies.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Worcester,Massachusetts,USA,2000:71-77P
[67]Kocher P.Design and validation strategies for obtaining assurance in countermeasures to power analysis and related attacks.Proceedings of the NIST Physical Security Workshop,2005:1-11P
[68]Muresan R,Vahedi H,Zhanrong Y and Gregori S.Power-smart system-on-chip architecture for embedded cryptosystems.Proceedings of International Conference on Hardware/Software Codesign and System Synthesis,Jersey City,New Jersey,2005:184-189P
[69]Bucci M,Luzzi R,Guglielmo M and Trifiletti A.A countermeasure against differential power analysis based on random delay insertion.International Symposium on Circuits and Systems,2005:3547-3550P
[70]Yang S,Wolf W,Vijaykrishnan N,Scrpanos D N and Xie Y.Power attack resistant cryptosystem design:a dynamic voltage and frequency wwitching approach.Proceedings of the Design,Automation and Test in Europe Conference and Exhibition,Munich,Germany,2005:64-69P
[71]Daemen J,Peeters M and Assche G V.Bitslice ciphers and power analysis attacks.Proceedings of International Workshop on Fast Software Encryption,New York,USA,2000:134-149P
[72]Golic J D and Tyrhen C.Multiplicative masking and power analysis of AES.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Redwood Shores,California,USA,2003:31-47P
[73]Goubin L and Patarin J.DES and differential power analysis-the duplication method.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Worcester,Massachusetts,USA,1999:158-172P
[74]Chari S,Jutla C,Rao J R and Rohatgi P.A cautionary note regarding evaluation of aes candidates on smart-cards.Proceedings of the Second Advanced Encryption Standard Candidate,Yorktown Heights,NY,USA,1999:1-15P
[75]Trichina E,Seta D D and Germani L.Simplified adaptive multiplicative masking for AES.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,RedwoodShores,California,USA,2002:187-197P
[76]Chari S,Jutla C S,Rao J and Rohatgi P.Towards sound approaches to counteract power-analysis attacks.International Cryptology Conference on Advances in Cryptology,Santa Barbara,California,USA,1999:398-412P
[77]Courtois N T and Goubin L.An algebraic masking method to protect AES against power attacks.Proceedings of Information Security and Cryptology,Beijing,China,2005:199-209P
[78]Trichina E and Korkishko T.Secure AES hardware module for resource constrained devices.Proceeding of Security in Ad-hoc and Sensor Networks,Heidelberg,Germany,2004:215-229P
[79]Trichina E and Korkishko L.Secure and efficient AES software implementation for smart cards.Proceeding of Information Security Applications,Jeju Island,Korea,2004:425-439P
[80]Akkar M L and Giraud C.An implementation of DES and AES,secure against some attacks.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Paris,France,2001:309-318P
[81]Blomer J,Guajardo J and Krummel V.Provably secure masking of AES.Proceeding of Selected Areas in Cryptography,Waterloo,Ontario,Canada,2004:69-83P
[82]Oswald E,Mangard S,Pramstaller N and Rijmen V.A side-channel analysis resistant description of the AES S-Box.Proceedings of International Workshop on Fast Software Encryption,Paris,France,2005:413-423P
[83]Zhang N,Chen Z and Xiao G Efficient elliptic curve scalar multiplication algorithms resistant to power analysis.Information Sciences,2007,177(10):2119-2129P
[84]Catherine H and Gebotys S.A table masking countermeasure for low-energy secure embedded systems.IEEE Transactions on VLSI Systems,2006,14(7):740-753P
[85]Fouque P A,Muller F,Poupard G and Valette F.Defeating countermeasures based on randomized BSD representations.Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Cambridge,Massachusetts USA,2004:312-327P
[86]Hasan M A.Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems.IEEE Transactions on computers,2001,50(10):1071-1083P
[87]Dupuy W and Sebastien K J.Resistance of randomized projective coordinates against power analysis,Proceedings of Workshop on Cryptographic Hardware and Embedded Systems,Edinburgh,UK,2005:1-14P
[88]Lv J and Han Y.Enhanced DES implementation secure against high-order differential power analysis in smartcards.Proceedings of Australasian Conference on Information Security and Privacy, Townsville, Queensland, Australia, 2005: 195-206P
[89] Park J H, Lee H J, Ha J C, Choi Y, Kim H W and Moon S J. A differential power analysis attack of block cipher based on the hamming weight of internal operation unit. InternationalConference on Computational Intelliquence and Security, Guangzhou, China, 2006: 1375-1380P
[90] Handschuh H and Prenee B. Blind differential cryptanalysis for enhanced power attack. Proceedings of Selected Areas in Cryptography, Montreal, Quebec, Canada, 2006: 163-173P
[91] 陈志敏.安全芯片旁路功耗分析及抗攻击措施.上海交通大学硕士学位论文.2007年
[92] Moore S, Anderson R, Cunningham P, Mullins R and Taylor G. Improving smart card security using self-timed circuits. International Symposium on Asynchronous Circuits andSystems, Manchester, UK, 2002: 211-218P
[93] Tiri K and Verbauwhede I. Charge recycling sense amplifier based logic: securing low power security IC's against DPA. European Solid-State Circuits Conference, Leuven, Belgium, 2004: 179-182P
[94] Tiri K and Verbauwhede I. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Paris, France, 2004: 246-251P
[95] Tiri K and Verbauwhede I. A VLSI design flow for secure side-channel attack resistant ICs. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Munich, Germany, 2005: 58-63P
[96] 童元满,王志英,戴葵,陆洪毅,石伟.基于WDDL和行波流水技术的抗功耗攻击高性能分组密码协处理器设计与实现.计算机学报.2008,31(5):827-834页
[97] Sokolov D, Murphy J, Bystrov A and Yakovlev A. Improving the security of dual-rail circuits. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems. Boston Marriott Cambridge Cambridge, Massachusetts, USA, 2004: 282-297P
[98] Popp T and Mangard S. Implementation aspects of the DPA-resistant logic style MDPL. International Symposium on Circuits and Systems, Island of Kos, Greece, 2006: 2913-2916P
[99] llham H, Francois M, Denis F and Legat J D. Low-swing current mode logic: A new logic style for secure and robust smart cards against power analysis attacks. Microelectronice Journal, 37(9), 2006: 997-1006P
[100] 童元满,王志英,戴葵,石伟,陆洪毅.基于动态双轨逻辑的抗功耗攻击安全芯片半定制设计流程.小型微型计算机系统.2007,28(5):935-939页
[101] Golic J D. Techniques for random masking in hardware. IEEE Transactions on Circuits and Systems, 2007, 54(2): 291-300P
[102] Mace F, Standaert F X, Quisquater J J and Legat J D. A design methodology for secured ICs using dynamic current mode logic. Power and Timing Modeling, Optimization and Simulation, Leuven, Belgium, 2005: 550-560P
[103]. Gurkaynak F K, Oetiker S, Kaeslin H, Felber N and Fichtner W. Design challenges for a differential-power-analysis aware GALS-based AES crypto ASIC. Electronic Notes in Theoretical Computer Science, 2005, 146: 133-149P
[104] Gurkaynak F, Oetiker S, Kaeslin H, Felber N and Fichtner W. Improving DPA security by using Globally-Asynchronous Locally-Synchronous systems. Proceedings of the European Solid-State Circuits, Grenoble, France, 2005: 407-410P
[105] Mangard S, Popp T and Gammel B M. Side-channel leakage of masked CMOS gates. Proceedings of the RSA Conference Cryptographers' Track., San Francisco, USA, 2005: 351-365P
[106] Mangard S, Pramstaller N and Oswald E. Successfully attacking masked AES hardware implementations. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Edinburgh, UK, 2005: 157-171P
[107] Akkar M L, Bevan R and Goubin L. Two power analysis attacks against one-mask methods. International Workshop on Fast Software Encryption, Delhi, India, 2004: 332-347P
[108] 赵佳,曾晓洋,韩军,陈俊.简化的抗零值功耗分析的AES算法及其VLSI实现.计算机工程.2007,331(16):220-222页
[109] 赵佳,曾晓洋,韩军,王晶,陈俊.抗差分功耗分析攻击的AES算法的VLSI实现.计算机研究与发展.2007,44(3):378-383页
[110] 陈毅成,邹雪城,刘政林,韩煜.针对高级数据加密标准的最大差分功耗分析.华中科技大学学报(自然科学版).2007,35(11):96-98页
[111] Oswald E and. Schramm K. An efficient masking scheme for AES software implementations. Workshop on Information. Security Applications, Jeju Island, Korea, 2005: 292-305P
[112] Herbst C, Oswald E, and Mangard S. An AES smart card implementation resistant to power analysis attacks. Applied. Cryptography and Network Security, Singapore, 2006: 239-252P
[113] Guilley S, Hoogvorst P and Pacalet R. Differential power analysis model and some results. Proceedings of Smart Card Research and Advanced Application Conference, Toulouse, France, 2004: 127-142P
[114] 孙骏,韩泽耀.一种抗DPA攻击的DES设计.中国集成电路.2006,5:28-31页
[115] Messerges T S. Securing the AES finalists against power analysis attacks. International Workshop on Fast Software Encryption, New York, NY, USA, 2000: 150-164P
[116] 蒋惠萍,毛志刚.防止差分功耗分析的安全DES模块的MASK技术研究.电子器件.2003,26(2):169-172页
[117] Coron J S and Goubin L. On boolean and arithmetic masking against differential power analysis. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Worcester, Massachusetts, USA, 2000: 231-237P
[118] Goubin L. A sound method for switching between boolean and arithmetic masking. Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Paris, France, 2001: 3-15P
[119] Lv J. On two DES Implementations secure against differential power analysis in smart-cards. Information and Computation, 2006, 204(7): 1179-1193P
[120] Tiri K and Verbauwhede I. Design method for constant power consumption of differential logic circuits. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Munich, Germany, 2005: 628-633P
[121] 石伟,戴葵,童元满,龚锐,王志英.防DPA攻击的两种不同逻辑比较研究.计算机工程与科学.2007,29(5):19-22页
[122] 石伟,戴葵,童元满,龚锐.防DPA攻击的标准单元库的设计与实现.微电子学与计算机.2007,24(2):51-54页
[123] Tiri K and Verbauwhede I. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. Proceedings of the Design, Automation and Test in Europe Conference and Exhibition, Paris, France, 2004: 246-251P
[124] Wong K, Wark M and Dawson E. A single-chip FPGA implementation of the Data Encryption Standard(DES) algorithm. IEEE Global Telecommunications Conference, Sydney, Australia, 1998: 827-832P
[125] 蒋惠萍.抗功耗分析的加密算法硬件设计技术研究.哈尔滨工业大学博士学位论文.2005年
[126] Messerges T S, Dabbish E A and Sloan R H. Examining smart-card security under the threat of Power analysis attacks. IEEE Transactions on Computers, 2002, 51(5): 541-552P