In recent years, physical attacks on software and hardware have been targeting the encryption algorithms rather than the vulnerabilities of the mathematical framework of the algorithm itself. Such attack has become a significant threat to hardware security. As a means for physical attack, faults are injected into circuits with precision to obtain the security key in encryption implementation. Presently, the precision of fault injection has been significantly improved. For example, the spot size of laser injection has reached the stage of the logic gate, and the time accuracy of the injection has reached the sub-nanosecond scale. This stage of threat makes attack-resistant capability of cryptographic algorithm an important indicator for measuring the hardware security of the hardware designer. Furthermore, anti-fault attack methods can be divided into two main types: fault detection and infection methods. In a conventional detection method, the redundant calculation results and the original calculation results are compared by repetitive computation or circuit copying to realize fault detection. If there are differences in the process of comparison, then the fault result will not be generated as output. However, it should be noted that the comparison operation itself may become a weak link. This is because the comparison operation always produces a one-bit judgment condition. Therefore, the comparison operation is easy to bypass by attacking, or by tampering with the value of the judgment conditions. In infection measures, the fault propagation pattern generated in fault injection will be destroyed by infection way. Accordingly, the attacker cannot restore the information contained in the cipher text even if he/she gets the infected fault cipher, so the attack process is invalid.
A large number of scholars have studied infection countermeasures study by focusing on block ciphers. In earlier studies, the deterministic calculations, including some simple linear operations such as exchange or XOR, etc., are used to perform infection functions. This operation is very easy to be implement, and produces a relatively small overhead. However, due to the certainty of infection functions, if the infection function is known to the attacker, the fault diffusion model can still be achieved by modifying the method of attack. Accordingly, the security of these countermeasures depend on the secrecy of the method itself. To solve this problem, randomness is introduced to the infection measures so that there are some uncertainties in the infection method. For example, one can randomly perform redundancy round function calculations or multiplication masking operations. Various countermeasures with targets to resist such attacks have been invented. This indicates that there are still vulnerabilities of these methods that enhance the randomness. In a high-performance cryptographic processor, Benes networks are widely used as an acceleration module to accelerate the replacement operation in the cryptographic algorithm. The Replacement operation is one of the common basic operations of the block cipher, which improves the security of cryptographic algorithms by disorganizing the bit position of input data. For specific encryption algorithm that uses ASIC hardware, the required displacement is fixed and can be implemented via a crossover cable. However, the cryptographic processor dynamically implements a variety of cryptographic algorithms as security protocols. Accordingly, the cryptographic processor should be able to achieve any desired replacement as a cipher algorithm. There are two solutions for the replacement operation in the cryptographic processor. First, because of the area limitation of the encryption processor, the processor either uses the original instructions (such as mask generation, AND, SHIFT and OR), or the more powerful bit manipulation instructions (such as EXTRACT and DEPOSIT) to implement the replacement operation in bits. Here, the clock period of realizing N-bit operations presents a linear relationship with N. Second, in a high-performance encryption processor, it typically adds additional multistage interconnection networks to realize the replacement operation. In the network, the data replacement can be realized by configuring the functions of each switch, and the processor calls this network module to achieve the function of the displacement. A Benes network (connecting two back to back butterfly networks) is a common multi-stage network that can achieve N various (N is the width of the BENES) of displacement without blocking. This non-blocking feature makes the Benes network structure, as replacement accelerated modules are widely used in high-performance cryptographic processors. However, to date, the Benes network module is only considered as an acceleration module, and no study has been presented that uses the network characteristics (such as random) of Benes network to resist fault attack.