This U.S. non-provisional patent application claims priority from Korean Patent Application No. 10-2014-0025608, filed on Mar. 4, 2014, the entire contents of which are hereby incorporated by reference.
Apparatuses and methods consistent with exemplary embodiments relate to an encoder resistant to a power analysis attack and a method for encoding thereof.
Security processors apply countermeasures with respect to a side channel analysis (SCA). In particular, a countermeasure with respect to a power analysis attack using a difference of power consumption is used.
According to an aspect of an exemplary embodiment, there is provided a method for encoding of an encoder, the method including generating first one-hot bits for most significant bits (MSBs) and second one-hot bits for least significant bits (LSBs) using input one-hot bits; and encoding the first one-hot bits to the MSBs and complementary MSBs through a first logical operation using a cross-connection; encoding the second one-hot bits to the LSBs and complementary LSBs through a second logical operation using a cross-connection.
According to an aspect of another exemplary embodiment, there is provided an encoder including a first bit generator configured to generate 2n/2 one-hot bits or 2n/2 one-cold bits for most significant bits (MSBs) using input 2n bits; a second bit generator configured to generate 2n/2 one-hot bits or 2n/2 one-cold bits for least significant bits (LSBs) using the input 2n/2 bits; a first encoder configured to encode outputs of the first bit generator into the MSBs and complementary MSBs through a first logical operation using a cross-connection; and a second encoder configured to encode outputs of the second bit generator into the LSBs and complementary LSBs through a second logical operation using a cross-connection.
According to an aspect of another exemplary embodiment, there is provided an bit encoder comprising a first logic group configured to generate most significant bits (MSBs) and complementary MSBs of a 2n/2 bit output from input 2n bits using a plurality of first logic gates, a portion of which are electrically connected using cross-connections; and a second logic group configured to generate least significant bits (LSBs) and complementary LSBs of a 2n/2 bit output from the input 2n bits using a plurality of second logic gates, a portion of which are electrically connected using cross-connections.
The above and other aspects will be described below in more detail with reference to exemplary embodiments, the accompanying drawings, in which:
Exemplary embodiments will be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments are shown. The inventive concept may, however, be embodied in many different forms and should not be construed as limited to the exemplary embodiments set forth herein. Rather, these exemplary embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the inventive concept to those skilled in the art. In the drawings, the size and relative sizes of layers and regions may be exaggerated for clarity. Like numbers refer to like elements throughout.
To prevent a power analysis attack, dependence of power consumption on an input value has to be removed. One of the methods used to reduce dependence of power consumption is a dual-rail.
As illustrated in
If input values (A, B, ˜A, ˜B) of
The dual-rail method can be embodied by various forms of logics according to crypto algorithm. For example, the dual-rail method can be embodied by a one-hot encoder. A general one-hot encoder is input with a signal of 2n bits and outputs a signal of n bits as an encoding result. Table 1 below illustrates an example of a 16-to-4 one-hot encoding.
In the case that n is 1, since an output value of the one hot encoder is the same as an input value, the number of gates being consumed in the one hot encoder is zero. In the case that n is 2 or more, as illustrated in
f(1)=0
f(n)=2n+1+2n−2n−4, n≧2 [Equation 2]
When n=4, f(4)=25+24−8−4=36
As inferred in
An encoder in accordance with some exemplary embodiments separates the most significant bits (MSB) and the least significant bits (LSB), and encodes the separated MSB bits and the separated LSB bits respectively. In a final step, each 2 bits are determined to be “10” or “01” according to the encoded 1 bit. That is, an encoding method is performed in a “divide and conquer” method.
The encoder includes a first bit generator generating 2n/2 one-hot or one-cold bits for MSB using input 2n bits, a second bit generator generating 2n/2 one-hot or one-cold bits for LSB using input 2n bits, a first encoder encoding outputs of the first bit generator into the MSB and complementary MSB complementary to the MSB through a first logic operation using a cross-connection, and a second encoder encoding outputs of the second bit generator into the LSB and complementary LSB complementary to the LSB through a second logic operation using a cross-connection.
The first bit generator 110 and the second bit generator 120 can be input with 16 bits to output 4 one-hot bits respectively. Each of the first bit generator 110 and the second bit generator 120 can perform a 2-input OR operation on 16-bits and can perform a 2-bit OR operation on a result value of the 2-input OR operation.
The first encoder 130 can encode output values (4-one hot bits) of the first bit generator 110 into the most significant bits (MSBs) and the complementary most significant bits (˜MSBs) through a 2-input OR operation using a cross-connection.
The second encoder 140 can encode output values (4 one-hot bits) of the second bit generator 120 into the least significant bits (LSBs) and the complementary least significant bits (˜LSBs) through a 2-input OR operation using a cross-connection.
Referring to
Herein, it is assumed that n is the form of 2k (k is an integer of 0 or more) and is a exponentiation of 2.
For example, when n is 4 as illustrated in
Referring to Table. 2, as the number of encoding bits becomes greater, a greater gate reduction effect can be obtained.
The OR gates illustrated in
The encoder 200 can greatly reduce a propagation delay by using a 4-input OR gate.
The 4-input OR gate can be embodied by a high fan-in gate. In the case of using a high fan-in gate, power consumption is low and there exists a strong characteristic in a gate counter and a SCA.
Table 3 below illustrates a comparison of the number of OR gates being used in a related art encoding method using a 4-input OR gate and the encoding method according to an exemplary embodiment.
Referring to Table 3, a gate counter reduction occurs in each case. Herein, one 4-input OR gate is calculated as 1.8 2-input OR gates. A greater effect exists in the encoding method according to an exemplary embodiment.
The encoder in accordance with some exemplary embodiments can be applied to a SBOX being used in a crypto algorithm such as a data encryption standard (DES) or an advanced encryption standard (AES).
Referring to
In
For example, the inventive concept can be applied to a one-cold encoder. In this case, an OR gate used in the encoding is replaced with an AND gate and the “divide-and-conquer” method can be applied.
In
In
A structure of the one-hot encoder 400 is a structure in which the encoder 100 illustrated in
Referring to
The encoder in accordance with some exemplary embodiments can be embodied to include other functions. For example, the encoder may include a precharge function.
The encoder suggested by the inventive concept can be applied to not only to the AES and the DES but also to various sizes of encoders with respect to various algorithms.
Using an input one-hot bit, first one-hot bits for MSBs and second one-hot bits for LSBs are generated (S110). The first one-hot bits are encoded into MSBs and complementary MSBs using a cross-connection and the second one-hot bits are encoded into LSBs and complementary LSBs using a cross-connection (S120).
The encoding method in accordance with some exemplary embodiments generates two one-hot bits and encodes the generated one-hot bits using a cross-connection.
The CPU 1100 controls an overall operation of the security system 1000. The crypto processor 1200 decodes a command capable of code, certification and electronic signature, and processes data. The crypto processor 1200 can perform a coding and decoding operation using the encoding method described in
The security system 1000 in accordance with some exemplary embodiments protects against a power analysis attack and reduces a chip size as compared with that of the related art security system.
As described above, the encoder and the encoding method protect against a power analysis attack and reduce a chip size by generating one-hot/one-cold bits and encoding the generated one-hot/one-cold bits into MSB/LSB and complementary MSB/LSB through a logical operation using a cross-connection.
Although a few exemplary embodiments have been shown and described, it will be appreciated by those skilled in the art that changes may be made in these exemplary embodiments without departing from the principles and spirit of the present inventive concept, the scope of which is defined in the appended claims and their equivalents. Therefore, the above-disclosed subject matter is to be considered illustrative, and not restrictive.
Number | Date | Country | Kind |
---|---|---|---|
10-2014-0025608 | Mar 2014 | KR | national |