CN-122027249-A - Data encryption algorithm and system for chip to resist side channel attack

Abstract

The invention provides a data encryption system and a method for chip to resist side channel attack, which belong to the technical field of chip security and comprise the steps of generating disturbance signals, generating state vectors according to the disturbance signals, carrying out signal acquisition on the state vectors to obtain chaotic signals, obtaining a configuration instruction set according to the chaotic signals, carrying out encryption calculation on input plaintext data at least once according to the configuration instruction set to obtain intermediate state data, generating data abstracts based on the intermediate state data, converting the abstracted data into new disturbance signals, and repeating the operations until the encrypted data is output after the encryption times are obtained. The method makes the encryption process dynamic and unpredictable, and an attacker cannot capture a fixed instruction set and map physical information, thereby increasing the capability of resisting side channel attacks.

Inventors

• HU YIYI
• YIN CHENG
• Zheng Junjia
• LIU SIYAN
• PAN HUI
• HU JIAN

Assignees

• 河海大学
• 宿迁市建筑工程服务中心
• 宿迁市楚润数据集团有限公司

Dates

Publication Date

20260512

Application Date

20260126

Claims (10)

1. 1. A data encryption system for a chip to combat side channel attacks, comprising the following modules: the chip generates a unique digital initial disturbance signal when the chip is electrified, and transmits the initial disturbance signal to the chaotic physical entropy source module; The chaotic physical entropy source module receives an initial disturbance signal and combines a state vector of the chaotic physical entropy source module at the current moment to generate a state vector at the next moment; the dynamic configuration control module is used for acquiring a state vector to obtain a chaotic signal and obtaining a configuration instruction set according to a preset mapping rule; The multi-state encryption calculation module performs encryption calculation on the input plaintext data at least once according to a configuration instruction set to obtain intermediate state data; The data summarization and disturbance feedback module receives intermediate state data, generates a data summary based on the data, converts the data summary into a disturbance signal, replaces an initial disturbance signal and re-inputs the disturbance signal into the chaotic physical entropy source module to form a closed loop feedback path, encrypts plaintext data for multiple times, and outputs encrypted data after the preset encryption times are reached.
2. 2. A data encryption algorithm for chip against side channel attacks, based on the data encryption system for chip against side channel attacks according to claim 1, characterized by comprising the steps of: s1, after the chip is electrified, the physical unclonable function module generates an initial disturbance signal which is unique and in a digital form by utilizing the physical characteristics of the chip and is recorded as ; S2, encrypting the input plaintext data for the 1 st time, and specifically comprising the following steps: S2.1, the chaotic physical entropy source module receives an initial disturbance signal In combination with the state vector of the initial moment Generating a state vector at time 1 ; S2.2, state vector of chaotic physical entropy source module to initial moment Sampling to generate chaotic signal at initial time The dynamic configuration control module receives the chaotic signal at the initial moment Generating a configuration instruction set at the initial moment according to a mapping function preset in the dynamic configuration control module ; S2.3, configuring instruction set of polymorphic encryption calculation module for initial time Resolving and encrypting plaintext data of an input chip; S2.4, the data abstract and disturbance feedback module receives the encrypted data at the initial moment Based on the data abstract at the initial time, converting the data abstract into an analog signal, wherein the analog signal is a disturbance signal at the 1 st time; s2.5 disturbing signals at time 1 Converting the data into digital signals through an analog-to-digital converter, judging whether the encryption times reach the preset times X, and outputting the encrypted data at the initial moment if the encryption times reach the preset times X If the data does not reach the standard, encrypting the inputted plaintext data for the t time; s3, encrypting the input plaintext data for the t time, wherein t is more than or equal to 2 and is an integer, and the method specifically comprises the following steps: S3.1, the chaotic physical entropy source module receives a digital disturbance signal at the t-1 time In combination with the state vector at the t-1 time of the self Generating a state vector at the t-th time ; S3.2, the chaotic physical entropy source module is used for carrying out state vector on t-1 time Sampling to generate chaotic signal at t-1 time The dynamic configuration control module receives the chaotic signal at the t-1 time Generating a configuration instruction set at the t-1 time according to a preset mapping function ; S3.3, configuring instruction set of polymorphic encryption calculation module for t-1 time Parsing and implementing the second encrypted data Encryption, generating encrypted data ; S3.4, the data abstract and disturbance feedback module receives the encrypted data at the t-1 time Based on the data abstract at the t-1 time, converting the data abstract into an analog signal, wherein the analog signal is a disturbance signal at the t time; s3.5, disturbing signals at the t time Converting into digital signal by analog-digital converter, circulating step S3 until the encryption time t is equal to preset encryption time X, and outputting final encrypted data 。
3. 3. The data encryption algorithm for chip challenge side channel attack according to claim 2, wherein the state vector at time 1 is generated in step S2.1 The formula of (2) is: ; In the formula, Representing the initial perturbation signal generated by the physical unclonable function module, And F represents a dynamic function inside the chaotic physical entropy source module.
4. 4. A data encryption algorithm for chip challenge side channel attack according to claim 3, wherein in step S2.2, according to the chaotic signal at the initial time Generating a configuration instruction set at an initial time The formula is: ; In the formula, G represents a mapping function preset in the dynamic configuration control module; a set of configuration instructions representing an initial time.
5. 5. The data encryption algorithm for chip challenge side channel attack of claim 4 wherein in step S2.3, the instruction set is configured for the initial time After analysis, the formula after encrypting the plaintext data of the input chip is as follows: ; In the formula, Plaintext data representing an external input; representing a set of configuration instructions according to an initial time And (5) determining the encryption function of the operation unit.
6. 6. A data encryption algorithm for chip challenge side channel attack according to claim 5, wherein step S2.4 comprises the steps of: S2.4.1 encryption of data at initial time Executing a cyclic redundancy check to generate a data abstract at an initial moment, wherein the formula is as follows: ; In the formula, H represents a cyclic redundancy check function in a data abstract and disturbance feedback module; a data summary representing the initial time; s2.4.2 summarizing the data at the initial time Converting the signal into a disturbance signal at the 1 st moment; The formula is: ; In the formula, A disturbance signal representing time 1, which is an analog signal; scaling factors for preset perturbations; Representing a digital-to-analog converter function in the data summarization and disturbance feedback module, and converting the digital signal into an analog signal; to represent the summary of the data at the initial time.
7. 7. The data encryption algorithm for chip challenge side channel attack of claim 6, wherein the formula in step S3.1 is: ; In the formula, A disturbance signal in digital form at time t-1; A state vector representing the t-1 time of the chaotic physical entropy source module; F represents a dynamic function in the chaotic physical entropy source module; And the state vector of the t moment of the chaotic physical entropy source module is represented.
8. 8. The data encryption algorithm for chip challenge side channel attack of claim 7, wherein the formula in step S3.2 is: ; In the formula, A configuration instruction set representing the t-1 time; And G represents a mapping function preset in the dynamic configuration control module.
9. 9. The data encryption algorithm for chip challenge side channel attack of claim 7, wherein in step S3.3, the formula is: ; In the formula, Encrypted data representing time t-2; encrypted data representing time t-1; Representing a set of configuration instructions according to time t-1 And (5) determining the encryption function of the operation unit.
10. 10. The data encryption algorithm for chip challenge side channel attack according to claim 7, wherein the step S3.4 comprises the step S3.4.1 of encrypting the data at time t-1 Executing a cyclic redundancy check to generate a data abstract at the t-1 time, wherein the formula is as follows: ; In the formula, Encrypted data representing time t-1; h represents the cyclic redundancy check function in the data abstract and disturbance feedback module; S3.4.2 converting the data abstract at the t-1 time into a disturbance signal at the t time; The formula is: ; In the formula, A disturbance signal representing the t-th time, which is an analog signal; scaling factors for preset perturbations; Representing a digital-to-analog converter function in the data summarization and disturbance feedback module, and converting the digital signal into an analog signal; representing the summary of the data at time t-1.

Description

Data encryption algorithm and system for chip to resist side channel attack Technical Field The invention belongs to the technical field of chip security, and particularly relates to a data encryption algorithm and a system for a chip to resist side channel attack. Background Integrated circuit chips are used as cores of modern electronic devices and information systems, and the operation and storage security of the integrated circuit chips is important. In many security applications, the chip needs to execute a symmetric or asymmetric encryption algorithm to protect sensitive information such as a key stored or processed therein. During the operation of the chip, physical parameters such as power consumption, electromagnetic radiation, execution time and the like can change along with data processed inside the chip and executed operations. Side-channel attacks (Side-CHANNEL ATTACK, SCA) are techniques that exploit this physical leakage information to infer the secret key inside the chip. To cope with side channel attacks, one mainstream approach is masking technology, whose core idea is to split one sensitive data variable into multiple randomized data components, on which the subsequent computation is based, so that there is no direct correlation between the power consumption leakage of any single component and the original sensitive data. However, the security of masking techniques is highly dependent on their perfection in physical implementation, whereas glitches (glitch) or signal coupling effects in the circuit may cause an unexpected recombination of component signals instantaneously, revealing unmasked intermediate values in the physical channel, destroying the whole guard mechanism. Therefore, the invention provides a data encryption algorithm and a system for a chip to resist side channel attack, which aim to enable the physical implementation process of an encryption method to become dynamic and unpredictable, so that an attacker cannot establish a stable mapping relation between sensitive information and physical leakage of the chip, thereby improving the capability of resisting side channel attack. Disclosure of Invention In order to overcome the situation that the prior masking technology leaks an unmasked intermediate value, so that the capability of resisting side channel attacks is reduced, the invention provides a data encryption algorithm and a system for resisting side channel attacks of a chip, and aims to enable the physical implementation process of an encryption method to become dynamic and unpredictable and improve the capability of resisting side channel attacks. In order to achieve the above object, the present invention provides the following technical matters: A data encryption system for a chip to combat side channel attacks, comprising the following modules: the chip generates a unique digital initial disturbance signal when the chip is electrified, and transmits the initial disturbance signal to the chaotic physical entropy source module; The chaotic physical entropy source module receives an initial disturbance signal and combines a state vector of the chaotic physical entropy source module at the current moment to generate a state vector at the next moment; the dynamic configuration control module is used for acquiring a state vector to obtain a chaotic signal and obtaining a configuration instruction set according to a preset mapping rule; The multi-state encryption calculation module performs encryption calculation on the input plaintext data at least once according to a configuration instruction set to obtain intermediate state data; The data summarization and disturbance feedback module receives intermediate state data, generates a data summary based on the data, converts the data summary into a disturbance signal, replaces an initial disturbance signal and re-inputs the disturbance signal into the chaotic physical entropy source module to form a closed loop feedback path, encrypts plaintext data for multiple times, and outputs encrypted data after the preset encryption times are reached. A data encryption algorithm for a chip against side channel attacks, comprising the steps of: s1, after the chip is electrified, the physical unclonable function module generates an initial disturbance signal which is unique and in a digital form by utilizing the physical characteristics of the chip and is recorded as ; S2, encrypting the input plaintext data for the 1 st time, and specifically comprising the following steps: S2.1, the chaotic physical entropy source module receives an initial disturbance signal Generating a state vector at the 1 st moment by combining the state vector at the initial moment; S2.2, state vector of chaotic physical entropy source module to initial momentSampling to generate chaotic signal at initial timeThe dynamic configuration control module receives the chaotic signal at the initial momentGenerating a configuration instruction set at the initial mome