A novel bit scalable leakage model based on genetic algorithm

Transcription

1 SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2015; 8: Published online 24 August 2015 in Wiley Online Library (wileyonlinelibrary.com) RESEARCH ARTICLE A novel bit scalable leakage model based on genetic algorithm Zhenbin Zhang 1, Liji Wu 1 *, An Wang 1, Zhaoli Mu 2 and Xiangmin Zhang 1 1 Institute of Microelectronics, Tsinghua University, Beijing, China 2 Datang Microelectronics technology Co., Ltd., Beijing, China ABSTRACT With the growing popularity of smart integrated circuit (IC) cards, the chip security is attracting more and more attention. Researches on the attack and protection of smart IC cards have become increasingly hot. Side-channel attack is the practical and effective method, which has brought enormous threat. The efficiency of attack depends on the extent of the leakage model, which characterizes the practical applications. In the power analysis attack, the classical leakage model usually exploits the power consumption of single S-box, which is called divide and conquer. Taking data encryption standard (DES) algorithm, for example, the attack on each S-box needs to search the key space of 2 6 in a brute-force way. In this paper, we propose a novel leakage model, which is more flexible than the classical leakage model. The novel leakage model is based on the power consumption of multiple S-boxes, and the implementation of this method is combined with genetic algorithm. We can establish leakage model based on the Hamming distance of round output generated by eight S-boxes in DES algorithm. The experiment verifies the fact that the leakage model of eight S-boxes can decrease the traces number up to 52% than the classical one based on single S-box for DES algorithm. It also decreases the traces number up to 32% for SM4 algorithm. All the measurements of power data are acquired from a practical smart IC card. We also conclude that increasing noise, using variable clock, and limiting the lifetime of root key can be the choices of defensive strategy. Copyright 2015 John Wiley & Sons, Ltd. KEYWORDS bit scalable leakage model; genetic algorithm; correlation power analysis; DES and SM4 algorithms *Correspondence Liji Wu, Institute of Microelectronics, Tsinghua University, Beijing, China. lijiwu@mail.tsinghua.edu.cn 1. INTRODUCTION Leakage model plays an important role in power analysis attack. Attackers use it to establish the hypothetical power consumption of each different guess key to simulate the actual work state of cryptographic devices. With the development of power attack, the cognition of leakage model is becoming more and more accurate. Differential power analysis, which was used by Kocher [1,2] and formalized by Messerges et al. [3], just exploited 1-bit power information to classify the power traces. In [4 6], leakage model usually exploited the Hamming weight or Hamming distance of some bits in single S-box to depict the actual power consumption. In [7], correlation power analysis (CPA) was put forward. It pointed out that the correlation peak of full word (32 bits) was higher than that of partial (4 bits) predictions in a 32-bit architecture. If 32 bits are chosen as the target to calculate the correlation, it will be a big problem to guess all the keys in a brute way. The usual solution is to choose partial bits. These methods exhibit some limitations because of unrealistic assumptions and model imperfections. But it is obvious that the trend of leakage model is advancing toward the way, which can be closer to real power consumption. The key length in data encryption standard (DES) algorithm is 64 bits, which means if you want to guess the key in brute-force way, you have to try all 2 64 possible keys. Classical differential power analysis and CPA aim at attacking the 6 bits of key, which are used in single S- box. It is a classical divide-and-conquer strategy, which suggests that the key can be recovered by cracking the eight S-boxes separately. Appearance of the strategy is due to the reason that classical leakage model needs to search all 2 6 key spaces in a brute-force way. The poor 3896 Copyright 2015 John Wiley & Sons, Ltd.

2 searching ability extremely limits the key space, which results in the attacking target of choosing single S-box. While in fact, the leakage model based on single S-box is not so accurate. That is because in each round of DES, the output updating of the 32-bit round completes at the same time. The classical leakage model chooses the round output of single S-box as the attacking target, while regarding the other seven S-boxes as noise. That means the classical leakage model has discarded most of the power that can be available. Hamming weight or Hamming distance of the round output that corresponds to single S-box just ranges from 0 to 4. The problem is that single S-box may lead to low signal-to-noise ratio (SNR), while multiple S-boxes may bring the unacceptable searching key space. Our contribution. The novel contributions of this paper are as follows: (1) In this paper, we put forward a novel accurate leakage model, which is based on the power consumption of multiple S-boxes, and the accurate leakage can decrease the number of acquiring traces needed in power analysis attack. We use genetic algorithm (GA) to achieve the construction of multiple S- boxes leakage model in which searching space can be as large as Besides, it is worth mentioning that the searching ability of GA is also efficient. (2) We find the connection between GA and power analysis attack. It has a profound effect on raising efficiency of power analysis. Different kinds of intelligent algorithms and their parameters will affect the speed of convergence. And a better set of parameters can lead to the helpful searching path. But the optimal solution to the problem depends on the leakage model, which can be close to the actual power consumption. (3) Our work is of high scalability. The novel leakage model can also be applied for other cryptographic algorithms. And the leakage model is not limited to analyze S-box, and it is bit scalable. It can also be used for the predictable operation that happened concurrently, which leads to the superposition of power consumption. Organization. The paper is organized as follows. Section 2 introduces implementation of cryptographic algorithm and mathematical foundation of GA. Section 3 puts forward a novel leakage model based on multiple S- boxes. The method makes full use of the powerful searching ability of GA. Section 4 confirms the efficiency of novel leakage model with some experimental analyses on DES and SM4 (one of China s national standard algorithms). Section 5 analyzes the countermeasures against the novel leakage model. We conclude in Section PRELIMINARY 2.1. Cryptographic algorithms and Hamming distance model The implementation of cryptographic algorithms in hardware may have some predictable operations working concurrently. Usually, the implementation of DES allows the updating of round output completed at the same time in a 32-bit architecture. It can shorten the running time of DES and increase the safety to a certain extent. Hamming distance model reflects the power consumption of switching state. If the attack target is the output of round, the Hamming distance of round is defined as 1. P 1 is the inverse function of permutation in DES. Parameter i is the number of round, and j is the index of S-box. In 1, 4 bits of round can be generated from the corresponding S-box. So, all 32 bits of round output can be obtained from the eight S-boxes. HD Round i;j ¼ HW S-boxout;j P 1 ðl i 1 Þ j P 1 ðr i 1 Þ j (1) 2.2. Genetic algorithm In [8], Holland put forward the GA to solve optimization problem. GA is a search heuristic that mimics the process of natural selection. This heuristic is routinely used to generate useful solutions to optimization and searching problems. GA uses the searching techniques inspired by natural evolution, such as selection, crossover, and mutation. In GA, a population of candidate solutions, called individuals, to an optimization problem is evolved toward better solutions. Each candidate solution has a set of properties, which can be altered and mutated. Traditionally, solutions are represented in binary as strings of 0 and 1. A typical GA requires two key components. One is genetic representation of the solution domain. The other is fitness function to evaluate the solutions. The evolution usually starts from a population of randomly generated individuals. The population in each iteration is called a generation. In each generation, the fitness of every individual in the population is evaluated. And the fitness is usually the value of the objective function in the optimization problem to be solved. The individuals of better fitness value are stochastically selected from the current population, and each individual s genome is modified to form a new generation. The steps of GA are in the succeeding text. Parameter i is the number of generation, and n is the number of individuals in a generation. Crossover rate is denoted as p c, and mutation rate is denoted as p m. The parameter describes the rate of individuals, which selected from the father generation is denoted as p GGAP. 3897

3 Algorithm 1. Genetic Algorithm Input: Random solutions of the problem. Output: The optimization solution. 1. Encoding. Encoding (Key). 2. Set i = 0, n, pc,pm, pggap. Initialization (P(i)). 3. Fitness (P(i)). 4. Selection (P(i), pggap). 5. If random (0,1) < p c, then do crossover (P(i)). 6. If random (0,1) < pm, then do mutation (P(i)). 7. Best=Pick (Fitness (P(I))). i=i Key=Decoding (Best). 9. If DES (Plain, Key) = Cipher or i > max generation, then go to step 10. Otherwise go to step Output key MATH IN GENETIC ALGORITHM In [9 12], the mathematical foundation of GA is studied. First, we should know three definitions in GA in order to analyze the mathematical foundation: Definition 1. Let us consider a schema H taken from the three-letter alphabet, which is the assemblage of {0, 1, *}. And the star * is a don t-care or wild card symbol, which matches either a 0 or a 1 at a particular position. Definition 2. The order of a schema H, denoted by O(H), is simply the number of fixed position (the number of 0 s and 1 s in a binary alphabet) presented in the template. Definition 3. The defining length of a schema H, denoted by δ(h), is the distance between the first and last specific string positions. Theorem 1. (Schema theorem)lower order, aboveaverage schemata receives exponentially increasing trials in subsequent generation. mh; ð t þ 1Þ mh; ð tþ fðhþ δðhþ 1 p c f l 1 p moh ð Þ (2) mh; ð tþ fðhþ f ¼ mh; ð tþ*1þc ð Þ 1 ¼ ¼ mh; ð 0Þ*1þ ð c Þ tþ1 (3) mentioned in the equation earlier. In 2, if f(h) is bigger than f, m(h, t + 1) will be bigger than m(h, t). That means if the fitness of schema H is above the average value, the number of schema H increases exponentially. In a word, a particular schema grows with the ratio of the average fitness of the schema to the average fitness of the population. Put it in another way, schemata with fitness values above the population average will receive an increasing number of samples in the next generation, while schemata with fitness values below the population average will receive a decreasing number of samples. 3. A NOVEL ATTACK MODEL BASED ON GENETIC ALGORITHM 3.1. Main idea of attack model Instead of attacking the Hamming distance of round generated by single S-box, we try to analyze the Hamming distance of round generated by multiple S-boxes. As for cryptographic device, which updates 32 bits of round output concurrently, the better leakage model is to sum up the hypothetical power consumption generated by eight S-boxes. Figure 1 shows relationship between correlation coefficient and leakage model based on single S-box or multiple S-boxes. In Figure 1, Round i,1 j means the leakage model constructed by summing up the Hamming distances generated from S-box 1 to S-box j, where 1 j 8. Obviously, correlation of eight S-boxes leakage model is observably higher than that of single S-box. It means that leakage model generated by multiple S-boxes does not lose power information. Instead, it can be the better description of the actual power consumption. That is to say, it increases the SNR markedly. So the leakage model of eight S-boxes is more efficient and accurate than that of partial S-box. Hamming distance of leakage model generated by eight S-boxes can range from 0 to 32. So the challenge of novel efficient leakage where m(h, t) represents that there are m examples of a particular schema H contained within the population at a given time step t, f(h) is the average fitness of the strings representing schema H at time t, f is the average fitness of the strings representing all individuals at time t, l is the length of individual, and c is a constant that satisfies the equation of fðhþ ¼ ð1 þ cþf. Mathematical foundation of GA is the schema theorem. The theorem describes a fact that a particular schema H receives an expected number of copies in the next generation by the operation of reproduction, crossover, and mutation Figure 1. Relationship between correlation coefficient and leakage model of single S-box or multiple S-boxes. 3898

4 model is that the searching space can be as large as The huge searching space of 2 48 is definitely beyond the acceptable range in a brute-force way Procedure for novel leakage model Before starting the search of 2 48 key space, we must find the way to change the 48-bit DES round key into the solution of GA. The round key is in binary as strings of 0 s and 1 s, so we just make 48-bit of DES first round divided into eight segments. Each segment is 6-bit long. It completes the process of mapping from each segment to the corresponding S-box. Table I shows a mapping example. After the encoding process, we need to complete initialization. An initial population of n individual solutions is randomly generated. Table II shows an example. In one generation, we have to select the random solutions, which are close to the correct solution. We use fitness function to evaluate the fitness of each individual. In 4, fitness function on this question is defined as the correlation coefficient between the actual power consumption data and leakage model of eight S-boxes. " # Fitness ¼ corr Trace; 8 HD Round i;j where HD(Round i,j ) {0, 1, 2, 3, 4}. The higher the correlation is, the better the solution will be. By summing up the Hamming distance of round output, which is corresponding to eight S-boxes, the novel leakage power model is generated. Fitness function measures the quality of the represented solution. n individuals of each generation can obtain its own fitness. So we can sort them according to the ranking of fitness. Then the superior solutions are picked up to do the crossover and mutation operations. Table III shows the example of crossover operation, and Table IV shows the example of mutation operation. The positions changed by crossover and mutation operations are shown in italic. It is worth tuning parameters such as the crossover and mutation probabilities to find reasonable settings. In [13], a crossover rate that is too high may lead to premature convergence of the GA. A mutation rate that is too high may lead to loss of good solutions. A very small mutation rate may lead to the convergence of a wrong solution. After the selection, crossover, and mutation operations, some new individuals are generated. Then the fitness value of new individuals is calculated, and some superiors are chosen to replace the inferior in last generation. Now one round of iteration is finished. The whole iteration is over j¼1 (4) when the best solution is found or it reaches the maximum of generation. During the evolution process, GA will guarantee that the guessing key of each S-box can evolve to the correct key of S-box. Once a correct S-box key is searched, the current solution is more superior to the ones that cannot reach the correct S-box key. So the individuals that contain the correct segment, which maps the corresponding correct S-box key, will be kept generation by generation in that population. The survival of the fittest can be kept along. Because of the evolution, code of chromosome that represents the key can be optimized toward the global optimum solution. The global optimum solution picked up from the 2 48 key space is the correct 48-bit DES round key. As discussed earlier, we make a comparison between the classical and novel methods in the power analysis attack. In Figure 2, the classical method obtains keys of S- boxes separately, while the novel method that uses GA as the feedback to adjust the searching direction obtain the round key directly. The addition of hypothetical power consumption before the correlation calculation is a better simulation for the acquiring measurements of power consumption. 4. VERIFICATION AND COMPARISON 4.1. Verification on data encryption standard Set-up for attack on data encryption standard Nowadays, 3DES still plays an important role as a contemporary cipher. As the focus of attack in this paper is the S-box, so the process of attack 3DES is similar to DES, for DES is part of 3DES. We can obtain the first DES key, then second and third keys successively in 3DES. So we choose DES as an attack target. In order to verify that the novel leakage model is better than the classical one, we acquire actual power consumption traces of DES algorithm from a smart integrated circuit (IC) card. It is a hardware DES, and all 32 bits of round output will update at the same time. Figure 3 gives a brief framework of the smart card. Block cipher algorithms are the attack targets. The acquisition equipment is Power Tracer from Riscure Company. Figure 4 shows the power analysis platform and the smart IC card. The sampling rate of acquisition is 500 M/s. The external clock frequency is 4 MHz, with an inner clock frequency of 30 MHz. Table I. Mapping example between a random data encryption standard 48-bit key and the solution in genetic algorithm. X1 X2 X3 X4 X5 X6 X7 X8 Key Genome

5 Table II. Result example of initialization. X1 X2 X3 X4 X5 X6 X7 X n Table III. Example of crossover operation Crossover operation Table IV. Example of mutation operation Mutation operation Figure 2. Comparison between the classical method and novel method Experimental results of data encryption standard As we supposed, leakage model of multiple S-boxes is closer to actual power consumption. Firstly, we need to adjust the related parameters such as p GGAP, p c, p m, and n. We simply choose p GGAP = 1 in selection function, which means the size of child generation is the same as the father generation. Figure 5(a) shows that both p c and p m can make influence on generation. p c = 0.8 and p m = can be a proper set of parameters, which obtain the convergence rapidly. Figure 5(b) reveals that the number of generation decreases as the number of individuals in the population increases. For each number of population, we experiment 20 times to obtain the average number of generation. Finally, we choose n = 150 as the size of population. Figure 3. Framework of smart integrated circuit card and attack targets. DES, data encryption standard; SAC, security access control; RSA, crypto algorithm by rivest, shamir and adleman. In [14], Holland and Goldberg pointed out that GA operates n individuals in one generation, while it deals with O(n 3 ) schemata indirectly. Holland named it implicit parallelism. If n = 150, the generation of convergence is 110. GA deals with (150 * 110) schemata. As the related parameters are selected, GA begins with a population of individual solutions. And the algorithm searches the optimum matching path in parallel smartly. From Figure 6(a) and (b), we can see that the correlation coefficient of the correct key is separated from the others with the increasing number of traces. As we cannot calculate all 2 48 cases, we select partial of it. The bigger the number of correct S-boxes is, the more interference that comes from wrong round keys will be. We plot the cases of eight, seven, 3900

6 Figure 4. Power tracer equipment and the smart integrated circuit card. six S-boxes correct key and part of m S-boxes correct key, respectively, where m ranges from 0 to 5. In Figure 6(a), it just needs about 7000 traces to obtain all 48-bit DES keys of the first round, if we choose the leakage model generated by eight S-boxes to do the CPA in time domain. The reason correlation coefficient can range widely is that the searching solution maybe ranges from none S-box correct key to all the eight S-boxes correct key. It is of comparability when we also obtain all eight S-boxes correct key based on single S-box. In Figure 6(b), we just display the worst case of S-box. It shows that the number of trace is about , if we choose the leakage model of single S-box. The novel leakage model can decrease about 52% number of traces. Figure 7(a) shows the correlation based on eight S- boxes. With the increasing of correlation, solutions are closer to the correct key. In order to calculate the success rate of leakage model based on eight S-boxes and the classical leakage model based on single S-box, we restart to acquire 100 groups of power data, each group containing traces of power data. Figure 7(b) displays the success rates. If we choose the success rate of 90%, the number of leakage model based on eight S-boxes is 6700, while the number of leakage model based on single S-box is The leakage model of eight S-boxes can decrease up to 52%. It is meaningful in the situation where the number of acquiring traces is limited. For each generation consisted of 150 individuals, the correlation in GA should be calculated for about 150 * 110 = times, which costs 14 s. As a comparison, the correlation of classical CPA when attacking single S-box should be calculated for 512 times, in a term of 0.4 s. Although the calculation of correlation in GA is about 32 times of that in CPA attacking single S-box each time, the searching key space of GA is 2 48, which is much larger than searching key space of 2 6 in a brute-force way. It is valuable to extend the ability of searching, while the increasing calculation is also acceptable Verification on SM Set-up for attack on SM4 In order to verify that the novel leakage model can also be applied to other cryptographic algorithms, we choose SM4 algorithm as another attack target. SM4, formerly known as SMS4 algorithm, is the first official commercial cryptographic algorithm of China [15]. Figure 8 presents the framework of round function in SM4. The plain, cipher, and key of SM4 are all 128 bits. There are 32 rounds for SM4, and the key of each round is 32 bits long. The S-box of SM4 has eight inputs and eight outputs. Actually, SM4 algorithm is similar to AES-128. We acquired actual power consumption traces of SM4 algorithm from a smart IC card. It is a hardware SM4 and the inquiring of four S-boxes is serial. There is a 32-bit register to store each output of S-box. The acquisition equipment is Power Tracer from Riscure. The sampling rate is 500 M/s. The external clock frequency is 4 MHz, and the inner clock frequency is 30 MHz. In [16,17], it was pointed that CPA also works in frequency domain. The leakage model based on multiple S-boxes is also suitable for power attack in frequency (a) (b) Figure 5. Relationship between parameter of genetic algorithm and generation: (a) P c and P m and (b) population. 3901

7 (a) (b) Figure 6. Relationship between correlation and number of trace: (a) eight S-boxes and (b) single S-box. (a) (b) Figure 7. Results of leakage model of eight S-boxes by genetic algorithm: (a) iteration of searching maximum correlation and (b) success rate and number of trace. domain. Power attack used in frequency domain is supported by the Parseval Theorem. The Parseval Theorem reveals that the total energy contained in a waveform summed across all of time is equal to the total energy of the waveform s Fourier transform summed across all of its frequency components. Figure 8. Framework of round function in SM4 cryptographic algorithm Experimental results of SM4 The Hamming distance of S-box output is chosen as the attack target. Considering the inquiring of four S-boxes is serial, we switch the power data from time domain to frequency domain. It makes the updating of multiple S-boxes output possible to be gathered at the same frequency. The related parameters of GA, such as pggap, pc, pm, and n, also need to be reselected. For the same steps like GA used in DES, we finally choose pggap = 1, pc = 0.6, pm = 0.02, and n = 100. The relationship between correlation and the number of trace has been displayed in Figure 9(a) and (b). The

8 (a) (b) Figure 9. Relationship between correlation and number of trace: (a) four S-boxes and (b) single S-box. phenomenon is that correct key can be separated from the others with the increasing number of traces. In Figure 9 (a), the leakage model of four S-boxes is applied to do the CPA in frequency domain. It reveals that traces are needed to obtain the 32-bit SM4 key of the first round. In order to make the result shown in Figure 9(a) be of comparability, it is necessary to obtain all four S-boxes correct key based on single S-box. In Figure 9(b), the worst case of S-box is selected. The number of trace is , if we choose the leakage model of single S-box. It is obvious that it can decrease about 32% number of traces when the novel leakage model is applied. The process of convergence based on four S-boxes is displayed in Figure 10(a). The best solution is closer to the correct key with the increasing of generation. In order to obtain the average generation number of convergence, 20 experiments have been conducted. It shows that number of obtaining the convergence is about 40. To calculate the success rate of leakage model based on four S-boxes and the classical leakage model based on single S-box, we acquire 50 groups of power data, traces per group. The related results are shown in Figure 10(b). When the success rate of 90% is focused on, the number of leakage model based on four S-boxes is , and the number of leakage model based on single S-box is Thirty-two percent traces are decreased when the leakage model of four S-boxes is used. Also, the calculation of correlation in GA takes time. For each generation with 100 individuals, it calculates 100 * 40 = 4000 times, which costs 34.7 s. While the calculation is 1024 times in classical CPA attacking using single S-box. And the process of calculation costs 4.4 s. It is deserved to describe the hypothesis energy more accurate when the calculation is afford Comparison between novel model and classical model After the experimental verification on DES and SM4, we use GA to achieve the construction of novel leakage model generated by multiple S-boxes. From the result, we can confirm that the novel leakage model based on multiple S-boxes is more efficient, and the needed number of traces is much smaller than that of leakage model based on single S-box. So it is proved that the efficiency of leakage model based on multiple S-boxes is enhanced and GA does not bring unacceptable calculation when searching huge key space. Finally, we make a comparison between novel leakage model and classical leakage model as Table V shows. In a word, no matter what the case is in time domain or frequency domain, leakage model of multiple S-boxes is much more powerful than the classical leakage model of single S-box. 5. COUNTERMEASURES ANALYSIS As the attack experiments on DES and SM4 is finished, we have drawn the conclusion that leakage model of multiple S-boxes is much more efficient in the power analysis attack. The purpose of research on attack method is to obtain the better defensive strategy. Some better countermeasures should be adopted to enhance the security of the smart IC card. Ideas of solution can be considered in circuit level and algorithm level. As the core idea of novel leakage model is to increase the SNR, reducing the SNR from other means can be a protective solution. In circuit level, specific measures can be increasing the number of noise source or using the variable clock, which can randomize the signal in both time domain and frequency domain. In algorithm level, the application of session key can reduce the leakage information of root key. Each acquiring power trace contains different keys, this makes CPA out of work in statistics. Another strategy is to limit the lifetime of root key, which makes the attackers cannot obtain the enough traces to analyze. In conclusion, the defensive strategy should exploit a combination of several countermeasures mentioned earlier. 3903

9 (a) (b) Figure 10. Results of leakage model of four S-boxes by genetic algorithm: (a) iteration of searching maximum correlation and (b) success rate and number of trace. Table V. Compare the number of power trace needed, running time, and calculation amount of correlation between the novel leakage model and the classical leakage model. Leakage model Multiple S-boxes Single S-box Number of traces DES SM Running time DES 14 s 0.4 s SM s 4.4 s Calculation amount DES SM DES, data encryption standard. 6. CONCLUSIONS In this paper, we put forward a novel accurate leakage model, which is based on the power consumption of multiple S-boxes. The novel leakage model has high SNR than the classical leakage model. We use GA to achieve the construction of multiple S-boxes leakage model in which searching space can be as large as The improved leakage model accurately reflects the actual power consumption of cryptographic devices than that of classical leakage model based on single S-box. We also experimentally validate the fact that leakage model of multiple S- boxes is more efficient than the classical leakage model. The accurate leakage can decrease the number of acquiring traces needed in power analysis attack, while the quantity of increasing calculation generated by GA is acceptable. This paper combines the GA with power analysis attack. It has a profound effect on raising efficiency of power analysis. And we turn the construction of leakage model into the problem, which searches the optimization solution in a huge space. We exploit the intelligent searching ability of GA to improve the leakage model used for power attack. Our work is of high scalability. Novel leakage model based on GA has the quality of universality. The attack target of novel leakage model is not only used for multiple S-boxes in parallel but also used for some predicting power accumulation because of working state in parallel. Establishment of novel leakage model can be adjusted to actual power consumption of cryptographic devices manually. So it is bit scalable. And also, the ability of intelligent searching space increases with the development of intelligent algorithm. As an avenue for further research, this work connects the artificial intelligence algorithm with power analysis. GA is just one kind of artificial intelligence algorithms, which can generate useful solutions to optimization and searching problems. There is still room for improving the speed of convergence and definition of optimization solution. ACKNOWLEDGEMENTS This work is supported by National Science and Technology Major Project on Core Electronic Devices, Highend General Chips and Fundamental Software Product (no. 2014ZX ). REFERENCES 1. Kocher P, Jaffe J, Jun B. Differential power analysis. In Advances in Cryptology CRYPTO 99. Springer: Heidelberg, 1999; Kocher P, Jaffe J, Jun B, Rohatgi P. Introduction to differential power analysis. Journal of Cryptographic Engineering 2011; 1(1): Messerges TS, Dabbish EA, Sloan RH. Investigations of Power Analysis Attacks on Smartcards. : USENIX workshop on Smartcard Technology, Coron J-S, Kocher P, Naccache D. Statistics and secret leakage. In Financial Cryptography, Vol Springer: Heidelberg,

10 5. Mayer-Sommer R. Smartly analyzing the simplicity and the power of simple power analysis on smartcards. In Cryptographic Hardware and Embedded Systems CHES, Vol Springer: Heidelberg, 2000; Oswald, E. On side-channel attacks and the application of algorithmic countermeasures. A PhD Thesis in Graz University of Technology, IAIK, Brier, E., Clavier, C., Olivier, F. Correlation power analysis with a leakage model. Cryptographic Hardware and Embedded Systems-CHES 2004, Springer: Heidelberg, 2004; Holland JH. Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence. U Michigan Press, Forrest S, Mitchell M. What makes a problem hard for a genetic algorithm? Some anomalous results and their explanation. Machine Learning 1993; 13(2 3): Goldberg DE. Genetic Algorithms and Walsh Functions: A Gentle Introduction. Department of Mechanical Engineering, University of Alabama: Clearinghouse for Genetic Algorithms, Goldberg DE. Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley Reading Menlo Park, Whitley, L.D. The GENITOR algorithm and selection pressure: why rank-based allocation of reproductive trials is best. In. ICGA Vol. 89, 1989; Schlierkamp-Voosen, D. Optimal interaction of mutation and crossover in the breeder genetic algorithm. In: Proc. of Fifth Int. Conf. on Genetic Algorithms (ICGA-93), Morgan Kaufmann, Goldberg, David Edward. Optimal initial population size for binary-coded genetic algorithms. Clearinghouse for Genetic Algorithms, Department of Engineering Mechanics, University of Alabama, Office of State Commercial Cipher Administration. SMS4 cipher for WLAN products [EB/OL], pdf. 16. Sugawara T, Hayashi Y-i, Homma N, Mizuki T, Aoki T, Sone H, Satoh A. Spectrum analysis on cryptographic modules to counteract side-channel attacks. In EMC, Vol ; Tiu CC. A new Frequency-based Side Channel Attack for Embedded Systems. University of Waterloo,