+

CN118233115A - Improved comprehensive protection method based on threshold technology - Google Patents

Improved comprehensive protection method based on threshold technology Download PDF

Info

Publication number
CN118233115A
CN118233115A CN202211642859.3A CN202211642859A CN118233115A CN 118233115 A CN118233115 A CN 118233115A CN 202211642859 A CN202211642859 A CN 202211642859A CN 118233115 A CN118233115 A CN 118233115A
Authority
CN
China
Prior art keywords
threshold
implementation
threshold implementation
redundant
original
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211642859.3A
Other languages
Chinese (zh)
Other versions
CN118233115B (en
Inventor
陈华
焦志鹏
周锋
姚富
范丽敏
曹伟琼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
Original Assignee
Institute of Software of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS filed Critical Institute of Software of CAS
Priority to CN202211642859.3A priority Critical patent/CN118233115B/en
Publication of CN118233115A publication Critical patent/CN118233115A/en
Application granted granted Critical
Publication of CN118233115B publication Critical patent/CN118233115B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种改进的基于门限技术的综合防护方法,其步骤包括:1)为抵抗d阶侧信道攻击,对待防护密码算法构造d阶门限实现方案,称为原始门限实现;2)对待防护密码算法构造与步骤1)中完全相同的d阶门限实现,称为冗余门限实现;3)以相同的明文为加密输入,同步执行所述原始门限实现、冗余门限实现;每次非线性运算后,交换原始门限实现和冗余门限实现的部分份额;4)利用补偿函数对所述原始门限实现的最终输出与所述冗余门限实现的最终输出结果进行部分份额交换,作为所述原始门限实现的密文输出、所述冗余门限实现的密文输出结果;5)在步骤4)完成后,选取原始门限实现或者冗余门限实现的输出密文作为综合防护的输出密文。

The present invention discloses an improved comprehensive protection method based on threshold technology, and the steps include: 1) to resist d-order side channel attack, construct a d-order threshold implementation scheme for the protected cryptographic algorithm, which is called the original threshold implementation; 2) construct a d-order threshold implementation that is completely the same as that in step 1) for the protected cryptographic algorithm, which is called the redundant threshold implementation; 3) using the same plaintext as encryption input, synchronously executing the original threshold implementation and the redundant threshold implementation; after each nonlinear operation, exchanging partial shares of the original threshold implementation and the redundant threshold implementation; 4) using a compensation function to exchange partial shares of the final output of the original threshold implementation and the final output result of the redundant threshold implementation, as the ciphertext output of the original threshold implementation and the ciphertext output result of the redundant threshold implementation; 5) after step 4) is completed, selecting the output ciphertext of the original threshold implementation or the redundant threshold implementation as the output ciphertext of the comprehensive protection.

Description

一种改进的基于门限技术的综合防护方法An improved comprehensive protection method based on threshold technology

技术领域Technical Field

本发明涉及分组密码算法防护领域,特别涉及一种基于门限实现技术的抗侧信道攻击和故障攻击的综合防护方法。The present invention relates to the field of block cipher algorithm protection, and in particular to a comprehensive protection method against side channel attacks and fault attacks based on threshold implementation technology.

背景技术Background technique

在传统的黑盒攻击模型中,攻击者主要通过密码算法的输入、输出等信息对密码算法进行安全性分析,现有分组密码算法在黑盒模型下的安全性已经得到了较为充分的理论论证。但是在灰盒模型下,分组密码算法的安全性面临着巨大的挑战。在灰盒模型下,敌手的攻击能力得到增强,除了密码算法的输入输出之外,敌手还可以利用密码算法执行过程中泄露的物理信息或者通过干扰密码算法的执行过程进行攻击。其中,利用密码算法执行过程中泄露的物理信息进行的攻击被称为侧信道攻击,按照利用物理信息的不同可以分为能量侧信道攻击、电磁侧信道攻击、光侧信道攻击以及声音侧信道攻击等,侧信道攻击由于其实现的简便性、相对于黑盒攻击更高的攻击效率对密码算法的实现安全性造成了巨大的威胁。通过干扰密码算法执行过程进行的攻击被称为故障攻击,故障攻击相对于侧信道攻击需要更严格的攻击条件,但是攻击效率相对也更高,同样是密码算法实现安全性的巨大威胁。In the traditional black-box attack model, the attacker mainly analyzes the security of the cryptographic algorithm through the input and output information of the cryptographic algorithm. The security of the existing block cipher algorithm under the black-box model has been fully theoretically demonstrated. However, under the gray-box model, the security of the block cipher algorithm faces huge challenges. Under the gray-box model, the adversary's attack capability is enhanced. In addition to the input and output of the cryptographic algorithm, the adversary can also use the physical information leaked during the execution of the cryptographic algorithm or interfere with the execution of the cryptographic algorithm to attack. Among them, the attack using the physical information leaked during the execution of the cryptographic algorithm is called a side channel attack. According to the different physical information used, it can be divided into energy side channel attack, electromagnetic side channel attack, optical side channel attack and sound side channel attack. Side channel attacks pose a huge threat to the security of the implementation of cryptographic algorithms due to their simplicity of implementation and higher attack efficiency than black-box attacks. Attacks that interfere with the execution of cryptographic algorithms are called fault attacks. Fault attacks require more stringent attack conditions than side channel attacks, but the attack efficiency is relatively higher, which is also a huge threat to the security of cryptographic algorithms.

针对侧信道攻击的威胁,相应的防护策略被提出。侧信道攻击的本质是利用侧信道信息与密码运算中间值的相关性来进行攻击,因此防护策略通过破坏这种相关性来实现防护。按照具体防护思想的不同,侧信道防护可以分为隐藏技术和掩码技术。隐藏技术主要通过改变侧信道信息的原始分布来破坏侧信道信息与中间状态的相关性,具体可以通过降低信噪比、均衡化单一时钟的侧信道信息来实现。研究表明基于隐藏技术设计的防护方案可以一定程度上增加攻击者的攻击难度,但是可以通过增加采集的侧信道曲线数量、信号预处理等方式攻破,因此无法提供理论上完备的安全性。掩码技术是一种基于秘密分享侧信道防护思想,其通过随机拆分原始中间值来破坏中间值与侧信道信息的相关性。由于掩码技术具有更加完备的理论支撑,自提出以来就得到了广泛的研究与关注。在早期的掩码防护方案中,假定运算操作严格按照预定顺序执行,忽略了CMOS电路中毛刺现象对于防护方案安全性的影响。后续研究表明忽略毛刺现象影响而设计的防护方案多是不安全的。In response to the threat of side channel attacks, corresponding protection strategies have been proposed. The essence of side channel attacks is to use the correlation between side channel information and the intermediate values of cryptographic operations to attack, so the protection strategy achieves protection by destroying this correlation. According to different specific protection ideas, side channel protection can be divided into hiding technology and masking technology. Hiding technology mainly destroys the correlation between side channel information and intermediate states by changing the original distribution of side channel information. Specifically, it can be achieved by reducing the signal-to-noise ratio and balancing the side channel information of a single clock. Studies have shown that protection schemes designed based on hiding technology can increase the difficulty of attackers to a certain extent, but they can be broken by increasing the number of collected side channel curves, signal preprocessing, etc., so they cannot provide theoretically complete security. Masking technology is a side channel protection idea based on secret sharing. It destroys the correlation between intermediate values and side channel information by randomly splitting the original intermediate values. Since masking technology has a more complete theoretical support, it has received extensive research and attention since it was proposed. In early mask protection schemes, it was assumed that the operation was strictly performed in a predetermined order, ignoring the impact of burrs in CMOS circuits on the security of protection schemes. Subsequent studies have shown that protection schemes designed by ignoring the impact of burrs are mostly unsafe.

为应对毛刺现象对于掩码防护安全性的影响,门限实现防护思想被提出。为应对d阶侧信道攻击的威胁,需要实现d阶门限实现。一个d阶门限实现包含输入变量拆分和运算拆分两部分。以y=f(x)为例,在输入变量拆分的阶段,使用Sx-1份随机数将输入变量x拆分为/>满足/>其中Sx是输入变量拆分的份额数,d阶门限实现需要满足Sx≥d+1。在运算拆分阶段,将拆分后的输入变量带入到原始运算中,可得/>然后将上述运算进行拆分为输出分量/>其中Sy代表函数分解的份额数。上述划分需要满足三大属性:(1)正确性,/>(2)非完备性,任意d个输出分量的复合都和输入变量的至少一个分量相互独立,保证毛刺环境下的d阶侧信道安全性;(3)输出均匀性,每一种可能输出划分都等概率出现,满足密码算法迭代运算时下一阶段的安全性需求。In order to deal with the impact of burr phenomenon on the security of mask protection, the threshold implementation protection idea is proposed. In order to deal with the threat of d-order side channel attack, it is necessary to implement d-order threshold implementation. A d-order threshold implementation includes two parts: input variable splitting and operation splitting. Taking y=f(x) as an example, in the input variable splitting stage, S x -1 random numbers are used Split the input variable x into /> Satisfaction/> Where S x is the number of shares of the input variable split, and the d-order threshold implementation needs to satisfy S x ≥ d+1. In the operation splitting stage, the split input variable is brought into the original operation, and we can get/> Then split the above operation into output components/> Where Sy represents the number of shares of the function decomposition. The above division needs to satisfy three major properties: (1) correctness, /> (2) Incompleteness: any combination of d output components is independent of at least one component of the input variable, ensuring d-order side channel security in a glitch environment; (3) Output uniformity: each possible output partition has an equal probability of appearing, meeting the security requirements of the next stage during the iterative operation of the cryptographic algorithm.

针对故障攻击的防护策略大致可以分为“校验-阻止”和故障随机化两类。在“校验-阻止”类的故障防护中,首先通过时间冗余、空间冗余等手段进行故障注入的检测,当检测到故障注入后,将阻止故障密文的输出,从而实现依赖于故障密文的故障攻击的防护。此类防护策略需要有一个判断语句来进行故障注入与否的判断,这个判断语句往往是故障攻击的易损点,当判断语句被故障攻击跳过时,防护策略将失效。区别于“校验-阻止”类故障防护,故障随机化防护策略允许故障注入时密文的输出,无需判断语句,因此没有“校验-阻止”类故障防护的安全缺陷。感染防护是故障随机化中的一类主流防护方案,Joye等人在2007年提出了一种基于交换机制的感染防护方案。在该方案中,通过交换中间状态的部分字节,使得在故障注入时最终输出的密文不可被敌手利用。但是在此防护方案中,交换操作是一个确定性的步骤,没有随机性的增加,当实现方案已知的情况下,敌手可以通过逻辑推导的方式实现攻击,该方案仅仅一定程度上增加了故障攻击难度,无法实现理论上的故障攻击安全性。The protection strategies against fault attacks can be roughly divided into two categories: "check-block" and fault randomization. In the "check-block" type of fault protection, the fault injection is first detected by means of time redundancy, space redundancy, etc. When the fault injection is detected, the output of the fault ciphertext will be blocked, thereby achieving protection against fault attacks that rely on the fault ciphertext. This type of protection strategy requires a judgment statement to determine whether the fault is injected or not. This judgment statement is often a vulnerable point for fault attacks. When the judgment statement is skipped by the fault attack, the protection strategy will fail. Different from the "check-block" type of fault protection, the fault randomization protection strategy allows the output of the ciphertext during fault injection without the need for a judgment statement, so it does not have the security defects of the "check-block" type of fault protection. Infection protection is a mainstream protection scheme in fault randomization. Joye et al. proposed an infection protection scheme based on the exchange mechanism in 2007. In this scheme, by exchanging some bytes of the intermediate state, the ciphertext finally output during fault injection cannot be used by the adversary. However, in this protection scheme, the swap operation is a deterministic step without any increase in randomness. When the implementation scheme is known, the adversary can implement the attack through logical deduction. This scheme only increases the difficulty of fault attacks to a certain extent and cannot achieve the theoretical fault attack security.

目前针对侧信道攻击和故障攻击的防护研究往往独立进行,针对一种攻击的防护方案往往无法抵抗另一类攻击,反之亦然。目前的综合防护方案往往是两种防护策略的简单叠加,带来了资源消耗的大量增加。针对这一情况,冯婧怡等人结合门限实现思想和交换机制提出了一种低代价的综合防护方法(专利号:ZL201911359164.2)。在该综合方案中,首先为抵抗d阶侧信道攻击,对于待防护的密码算法实现一路d阶原始门限实现;其次对待防护密码算法实现一路完全相同的冗余门限实现;再次通过交换原始门限实现和冗余门限实现中间运算的部分分量来实现故障的传播,利用门限实现方案中分量的随机性实现最终输出密文的均匀随机性。但是在上述方案中,其交换操作对于故障的传播是一个概率性事件。对于分组密码算法来说,其运算往往包含多轮的迭代运算,当故障注入在密码运算的前几轮时,注入的故障经过多轮的交换可以以接近1的概率扩散到两路运算中去,最终输出呈现均匀随机性,从而实现对于故障攻击的防护。但是当故障注入在密码算法的后几轮,尤其是注入在最后一轮时,这时经过交换的次数较少,可能出现注入的故障没有扩散到两路运算的情况,从而使得一路运算保留了注入故障的所有信息,最终造成故障密文的泄露。At present, the research on protection against side channel attacks and fault attacks is often carried out independently. The protection scheme for one type of attack is often unable to resist the other type of attack, and vice versa. The current comprehensive protection scheme is often a simple superposition of two protection strategies, which has brought a large increase in resource consumption. In response to this situation, Feng Jingyi et al. proposed a low-cost comprehensive protection method (patent number: ZL201911359164.2) by combining the threshold realization idea and the exchange mechanism. In this comprehensive scheme, first, in order to resist the d-order side channel attack, a d-order original threshold realization is implemented for the cryptographic algorithm to be protected; secondly, a completely identical redundant threshold realization is implemented for the cryptographic algorithm to be protected; thirdly, the propagation of faults is realized by exchanging some components of the intermediate operation of the original threshold realization and the redundant threshold realization, and the randomness of the components in the threshold realization scheme is used to achieve the uniform randomness of the final output ciphertext. However, in the above scheme, its exchange operation is a probabilistic event for the propagation of faults. For block cipher algorithms, their operations often include multiple rounds of iterative operations. When faults are injected in the first few rounds of cryptographic operations, the injected faults can be diffused to the two-way operations with a probability close to 1 after multiple rounds of exchanges, and the final output presents uniform randomness, thereby achieving protection against fault attacks. However, when faults are injected in the later rounds of the cryptographic algorithm, especially in the last round, the number of exchanges is small, and the injected faults may not be diffused to the two-way operations, so that one operation retains all the information of the injected fault, and finally causes the leakage of the faulty ciphertext.

发明内容Summary of the invention

针对上述情况,本发明考虑在密码算法执行结束后,在密文输出前增加补偿函数,通过增加交换次数的方式增加故障扩散的概率,从而构造出了安全性更高的综合防护方案。In view of the above situation, the present invention considers adding a compensation function after the execution of the cryptographic algorithm and before the ciphertext output, thereby increasing the probability of fault diffusion by increasing the number of exchanges, thereby constructing a more secure comprehensive protection scheme.

本发明为一种改进的基于门限技术的综合防护方法,所述方法包括以下步骤:The present invention is an improved comprehensive protection method based on threshold technology, which comprises the following steps:

1)为抵抗d阶侧信道攻击,对待防护密码算法构造d阶门限实现方案,称为原始门限实现;1) To resist d-order side channel attacks, a d-order threshold implementation scheme is constructed for the protected cryptographic algorithm, which is called the original threshold implementation;

2)对待防护密码算法构造与步骤1)中完全相同的d阶门限实现,称为冗余门限实现;2) Treating the d-order threshold implementation whose protection cryptographic algorithm construction is exactly the same as that in step 1) as redundant threshold implementation;

3)以相同的明文为加密输入,同步执行步骤1)和步骤2)的算法流程,在每次非线性运算后,交换原始门限实现和冗余门限实现的部分份额;3) Using the same plaintext as encryption input, synchronously execute the algorithm flow of step 1) and step 2), and exchange the partial shares of the original threshold realization and the redundant threshold realization after each nonlinear operation;

4)为增加故障扩散的概率,在原始门限实现以及冗余门限实现部分同时添加补偿函数,在补偿函数执行过程中进行和步骤3)相同的交换操作;4) To increase the probability of fault diffusion, a compensation function is added to both the original threshold implementation and the redundant threshold implementation, and the same exchange operation as step 3) is performed during the execution of the compensation function;

5)在步骤4)完成后,选取原始门限实现或者冗余门限实现的输出密文作为综合防护的输出密文。5) After step 4) is completed, the output ciphertext of the original threshold implementation or the redundant threshold implementation is selected as the output ciphertext of the comprehensive protection.

优选的,步骤1)和步骤2)所述的d阶门限实现将加密输入、加密中间值和加密结果均划分为至少s个份额,s≥d+1。Preferably, the d-order thresholds described in step 1) and step 2) divide the encrypted input, the encrypted intermediate value and the encrypted result into at least s shares, s≥d+1.

优选的,步骤3)所述的交换份额数为(0,d]∪(0,s-d],且进行交换的份额在原始门限实现和冗余门限实现中处于相同的位置。即可以交换1到d份,或者交换去除d份后的其他份。Preferably, the number of exchange shares described in step 3) is (0, d] ∪ (0, s-d], and the exchanged shares are in the same position in the original threshold implementation and the redundant threshold implementation. That is, 1 to d shares can be exchanged, or other shares after removing d shares can be exchanged.

优选的,步骤4)所述的补偿函数包含基于求逆结构和基于Feistel结构两种设计方法。Preferably, the compensation function described in step 4) includes two design methods: one based on an inversion structure and the other based on a Feistel structure.

在分组密码算法中,S盒构造的一种主流方法是采用有限域上的求逆运算进行构造,如AES算法以及SM4算法的S盒都可以看作是由有限域上的求逆运算构造而成。在这类算法的门限实现中,需要将S盒转化为有限域上求逆运算然后进行防护方案的构造。因此可以通过偶数次求逆运算串联的形式来构造补偿函数,其基本单元构造如图1所示,x-1为S盒中添加门限实现后的求逆运算。经过两次求逆运算后,运算恢复原始值,额外的非线性运算增加了故障扩散到两路运算的概率。而且由于求逆运算可以复用S盒的求逆运算,因此不会增加额外的实现代价。补偿函数可以包含多个基本单元构造,数量的增加将会增加故障扩散的概率,提高安全性,但也会增加算法的计算延迟,应根据实际情况进行选择。In block cipher algorithms, a mainstream method for constructing S-boxes is to use inversion operations on finite fields. For example, the S-boxes of AES and SM4 algorithms can be regarded as constructed by inversion operations on finite fields. In the threshold implementation of such algorithms, it is necessary to convert the S-box into an inversion operation on a finite field and then construct a protection scheme. Therefore, the compensation function can be constructed by connecting an even number of inversion operations in series. Its basic unit structure is shown in Figure 1, where x -1 is the inversion operation after adding a threshold implementation in the S-box. After two inversion operations, the operation restores the original value, and the additional nonlinear operation increases the probability of fault diffusion to two-way operations. Moreover, since the inversion operation can reuse the inversion operation of the S-box, it does not increase the additional implementation cost. The compensation function can contain multiple basic unit structures. The increase in the number will increase the probability of fault diffusion and improve security, but it will also increase the calculation delay of the algorithm. It should be selected according to the actual situation.

当分组密码算法的S盒不是由求逆运算构造而成时,基于求逆结构的补偿函数不再适用。考虑基于Feistel结构的补偿函数,以分组密码算法的S盒作为补偿函数的非线性构件,其基本单元构造如图2所示。其输入L0和R0为密码运算相邻的两个S盒掩码输入位宽的数据,具体为2sL,其中L表示S盒的输入位宽,s表示门限实现份额数,S盒复用分组密码算法门限实现防护后的S盒运算。基础单元构造由第1次交换的迭代运算、第2次非交换的迭代运算、第3次交换的迭代运算以及第4次非交换的迭代运算构成。经过4轮迭代运算后,左路运算中间值变化为L1=R0 经过4迭代运算,右路运算中间值变化为 When the S-box of the block cipher algorithm is not constructed by the inversion operation, the compensation function based on the inversion structure is no longer applicable. Considering the compensation function based on the Feistel structure, the S-box of the block cipher algorithm is used as the nonlinear component of the compensation function. Its basic unit structure is shown in Figure 2. Its inputs L0 and R0 are the data of the mask input bit width of two adjacent S-boxes for the cryptographic operation, specifically 2sL, where L represents the input bit width of the S-box, s represents the number of threshold realization shares, and the S-box multiplexing block cipher algorithm threshold realization protected S-box operation. The basic unit structure consists of the first exchange iterative operation, the second non-exchange iterative operation, the third exchange iterative operation and the fourth non-exchange iterative operation. After 4 rounds of iterative operations, the intermediate value of the left-path operation changes to L1 = R0 , After 4 iterations, the intermediate value of the right-hand operation changes to

R4=R3=R0,/>S代表的是异或。如以上公式所述,经过四次迭代运算后,左右两路均恢复原始值,额外的非线性运算增加了故障扩散到两路运算的概率。基础单元构造复用分组密码算法的S盒为非线性构件,因此不会增加额外的实现代价。补偿函数可以包含多个基本单元构造,数量的增加将会增加故障扩散的概率,但也会增加算法的计算延迟,应根据实际情况进行选择。 R 4 =R 3 =R 0 ,/> S stands for XOR. As described in the above formula, after four iterations, both the left and right paths are restored to their original values. The additional nonlinear operation increases the probability of fault diffusion to the two-way operation. The S-box of the basic unit construction multiplexing block cipher algorithm is a nonlinear component, so it does not increase the additional implementation cost. The compensation function can contain multiple basic unit constructions. The increase in the number will increase the probability of fault diffusion, but it will also increase the calculation delay of the algorithm. It should be selected according to the actual situation.

和现有技术相比,本发明具有如下优势:Compared with the prior art, the present invention has the following advantages:

1.本发明有效解决了故障注入在末轮时扩散不均匀的情况,提高了综合防护方案的故障防护安全性;1. The present invention effectively solves the problem of uneven diffusion of fault injection in the last round, and improves the fault protection security of the comprehensive protection scheme;

2.本发明的补偿函数是通过复用密码算法中原有组件构造而成,因此增加的实现代价可以忽略,保持了综合防护方案的低代价优点。2. The compensation function of the present invention is constructed by reusing the original components in the cryptographic algorithm, so the added implementation cost can be ignored, maintaining the low-cost advantage of the comprehensive protection solution.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为求逆补偿函数示意图;FIG1 is a schematic diagram of an inverse compensation function;

图2为Feistel结构补偿函数示意图;Fig. 2 is a schematic diagram of the Feistel structure compensation function;

图3为AES算法综合防护S盒示意图;Figure 3 is a schematic diagram of the AES algorithm comprehensive protection S-box;

图4为本发明的流程图。FIG. 4 is a flow chart of the present invention.

具体实施方式Detailed ways

下面以实例介绍本发明的具体实施技术,但不以任何方式限制本发明的范围。The specific implementation techniques of the present invention are described below by way of examples, but are not intended to limit the scope of the present invention in any way.

本实例以AES算法作为待防护的分组密码算法,进行可抵抗故障攻击和1阶侧信道攻击的综合防护方案的设计。This example uses the AES algorithm as the block cipher algorithm to be protected, and designs a comprehensive protection scheme that can resist fault attacks and first-order side channel attacks.

AES分组密码算法的分组长度为可支持128比特、192比特以及256比特,本发明以128比特的AES算法加密运算为例进行说明。AES轮迭代操作由S盒、行移位、列混淆以及密钥异或运算构成。S盒是其中唯一的非线性运算,综合防护方案的交换操作仅在S盒部分进行。AES综合防护方案具体实现包含如下步骤:The block length of the AES block cipher algorithm can support 128 bits, 192 bits and 256 bits. The present invention takes the 128-bit AES algorithm encryption operation as an example to illustrate. The AES round iteration operation consists of S-box, row shift, column confusion and key XOR operation. The S-box is the only nonlinear operation, and the exchange operation of the comprehensive protection scheme is only performed in the S-box part. The specific implementation of the AES comprehensive protection scheme includes the following steps:

1)为抵抗1阶侧信道攻击,原始门限实现将明文输入以及密钥输入拆分为3个份额,AES算法门限实现的关键在于非线性构件也就是S盒。为实现对于S盒的门限实现,首先将S盒看作为GF(28)有限域上求逆运算以及仿射运算的组合,然后进一步进行复合域分解,将GF(28)上的求逆运算化为GF(24)以及GF(22)上的运算。原始门限实现部分S盒的具体结构如图3上半部分所示,包含6个阶段,阶段1是仿射运算M1;阶段2包含GF(24)上的乘法运算以及线性运算L1;阶段3包含GF(22)上的乘法运算以及线性运算L2;阶段4包含GF(22)上求逆运算L3以及乘法运算;阶段5包含2个GF(24)上的乘法运算;阶段6为仿射运算M2。在上述分解的基础上对于S盒不同阶段的运算进行3个份额的门限防护。1) To resist the first-order side channel attack, the original threshold implementation splits the plaintext input and the key input into three parts. The key to the threshold implementation of the AES algorithm lies in the nonlinear component, namely the S-box. To achieve the threshold implementation of the S-box, the S-box is first regarded as a combination of the inversion operation and the affine operation on the GF(2 8 ) finite field, and then further performs composite field decomposition to transform the inversion operation on GF(2 8 ) into operations on GF(2 4 ) and GF(2 2 ). The specific structure of the S-box of the original threshold implementation part is shown in the upper half of Figure 3, which includes 6 stages. Stage 1 is the affine operation M 1 ; Stage 2 includes multiplication operations on GF(2 4 ) and linear operations L 1 ; Stage 3 includes multiplication operations on GF(2 2 ) and linear operations L 2 ; Stage 4 includes inversion operations L 3 and multiplication operations on GF(2 2 ); Stage 5 includes 2 multiplication operations on GF(2 4 ); Stage 6 is the affine operation M 2 . Based on the above decomposition, three shares of threshold protection are performed on the operations of different stages of the S-box.

2)对AES算法实现与原始门限实现完全相同的冗余门限实现。2) Implement a redundant threshold implementation for the AES algorithm that is exactly the same as the original threshold implementation.

3)交换操作发生在非线性操作之后,也就是S盒部分,如图3所示,其中乘法运算是唯一的非线性运算,共有4个阶段有乘法运算,因此进行了4次交换操作,交换过程中交换3个份额中的一个。3) The exchange operation occurs after the nonlinear operation, that is, the S-box part, as shown in Figure 3, where the multiplication operation is the only nonlinear operation. There are a total of 4 stages with multiplication operations, so 4 exchange operations are performed, and one of the 3 shares is exchanged during the exchange process.

4)在加密运算结束后,在密文输出之前,添加补偿函数,增加故障注入在末轮时交换操作的次数,增加故障扩散概率。对于AES算法,其S盒是由求逆运算构造的,因此可以基于求逆补偿函数进行构造,以GF(28)上求逆运算的2次级联作为补偿函数。当S盒不是由求逆运算构造时,可考虑基于Feistel结构的补偿函数。4) After the encryption operation is completed and before the ciphertext is output, a compensation function is added to increase the number of exchange operations in the last round of fault injection and increase the probability of fault diffusion. For the AES algorithm, its S-box is constructed by inversion operation, so it can be constructed based on the inversion compensation function, with the second cascade of inversion operation on GF(2 8 ) as the compensation function. When the S-box is not constructed by inversion operation, the compensation function based on Feistel structure can be considered.

5)在步骤4)结束后,不失一般性,以原始门限实现的加密结果作为综合防护方案的密文输出。5) After step 4), without loss of generality, the encryption result achieved by the original threshold is used as the ciphertext output of the comprehensive protection scheme.

在侧信道防护安全性方面。综合防护的结构中,原始加密和冗余加密都是采用门限防护原理进行侧信道防护设计。依据门限实现技术的侧信道安全属性,两路用1阶门限实现进行防护的电路都可以抵抗1阶侧信道攻击。此外交换函数在门限实现的基础上进行,并且是一种线性运算,不涉及不同份额之间交互运算,因此不破坏门限实现的非完备性。1个中间掩码分量总是和原始的中间值保持着相互独立的关系,可以抵抗1阶侧信道攻击,因此可以满足侧信道安全性。综上所述,综合防护方案整体上可以抵抗1阶侧信道攻击。In terms of side channel protection security. In the structure of comprehensive protection, both the original encryption and redundant encryption are designed for side channel protection using the threshold protection principle. According to the side channel security properties of the threshold implementation technology, the two circuits protected by the first-order threshold implementation can resist the first-order side channel attack. In addition, the exchange function is performed on the basis of the threshold implementation, and it is a linear operation that does not involve interactive operations between different shares, so it does not destroy the incompleteness of the threshold implementation. One intermediate mask component always maintains an independent relationship with the original intermediate value, which can resist the first-order side channel attack, so it can meet the side channel security. In summary, the comprehensive protection scheme can resist the first-order side channel attack as a whole.

在故障防护安全性方面。注入的故障经过非线性运算后将进行交换操作,若故障注入分量被分别扩散到原始门限实现和冗余门限实现,则由于门限实现份额的随机性,将使得最终输出的密文呈现随机性,从而使得依赖于故障密文的故障攻击失效。当故障注入到AES算法末轮时,仅经过一轮的非线性运算,交换操作可能无法将故障扩散到两路运算中;而补偿函数的添加进一步增加了交换操作的次数,增加故障攻击的防护能力;而且由于补偿函数通过复用S盒的求逆运算构造而成,不会过多增加额外的实现代价。In terms of fault protection security. The injected fault will undergo an exchange operation after nonlinear operation. If the fault injection component is diffused to the original threshold implementation and the redundant threshold implementation respectively, the final output ciphertext will be random due to the randomness of the threshold implementation share, thereby making the fault attack that relies on the faulty ciphertext invalid. When the fault is injected into the last round of the AES algorithm, after only one round of nonlinear operation, the exchange operation may not be able to diffuse the fault to the two-way operation; the addition of the compensation function further increases the number of exchange operations, increasing the protection capability against fault attacks; and because the compensation function is constructed by reusing the inverse operation of the S-box, it will not increase the additional implementation cost too much.

尽管为说明目的公开了本发明的具体实施例,其目的在于帮助理解本发明的内容并据以实施,本领域的技术人员可以理解:在不脱离本发明及所附的权利要求的精神和范围内,各种替换、变化和修改都是可能的。因此,本发明不应局限于最佳实施例所公开的内容,本发明要求保护的范围以权利要求书界定的范围为准。Although the specific embodiments of the present invention are disclosed for the purpose of illustration, the purpose is to help understand the content of the present invention and implement it accordingly, those skilled in the art will understand that various substitutions, changes and modifications are possible without departing from the spirit and scope of the present invention and the appended claims. Therefore, the present invention should not be limited to the content disclosed in the best embodiment, and the scope of the present invention is subject to the scope defined in the claims.

Claims (7)

1. An improved comprehensive protection method based on a threshold technology comprises the following steps:
1) Constructing a d-order threshold implementation scheme, called original threshold implementation, for the cryptographic algorithm to be protected in order to resist d-order side channel attack;
2) Constructing the d-order threshold implementation which is completely the same as that in the step 1) to the password algorithm to be protected, and calling the d-order threshold implementation as a redundant threshold implementation;
3) Taking the same plaintext as encryption input, and synchronously executing the original threshold implementation and the redundant threshold implementation; after the nonlinear operation of the same stage of the original threshold implementation and the redundant threshold implementation, exchanging part of shares of the original threshold implementation and the redundant threshold implementation;
4) The final output realized by the original threshold and the final output result realized by the redundancy threshold are subjected to partial share exchange by using a compensation function, and are used as ciphertext output realized by the original threshold and ciphertext output result realized by the redundancy threshold;
5) After the step 4) is completed, selecting the output ciphertext realized by the original threshold or the redundant threshold as the output ciphertext of the comprehensive protection.
2. The method of claim 1, wherein the original threshold implementation and the redundant threshold implementation divide each of the encrypted input, the encrypted intermediate value, and the encrypted result into at least s shares, s being greater than or equal to d+1.
3. The method of claim 2, wherein the partial share of the exchange of step 3) is (0, d ]. U.s-d ], and the shares being exchanged are in the same position in the original threshold implementation and the redundant threshold implementation.
4. A method according to claim 1 or 2 or 3, characterized in that the compensation function is an inverse structure based compensation function or a Feistel structure based compensation function.
5. The method according to claim 4, wherein the compensation function is based on an inversion structure, i.e. the compensation function is constructed by series connection of even-number inversion operations.
6. The method according to claim 4, wherein the compensation function is a Feistel structure-based compensation function comprising at least one base unit; the left input of the basic unit is recorded as L 0, the right input is recorded as R 0,L0、R0, two adjacent S box mask input bit-width data are subjected to password operation, the data size of L 0 and R 0 is 2sL, L represents the input bit-width of the S box, and S represents the threshold realization share; the basic unit is composed of iteration operation of the 1 st exchange, iteration operation of the 2 nd non-exchange, iteration operation of the 3 rd exchange and iteration operation of the 4 th non-exchange; after 4 iterative operations, the intermediate value of left-way operation is changed to L 1=R0, Through 4 iterative operations, the intermediate value change of the right-way operation is/> R 4=R3=R0, wherein/>S is an exclusive OR operation.
7. The method of claim 6, wherein the compensation function is a series arrangement of a plurality of the base units.
CN202211642859.3A 2022-12-20 2022-12-20 Improved comprehensive protection method based on threshold technology Active CN118233115B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211642859.3A CN118233115B (en) 2022-12-20 2022-12-20 Improved comprehensive protection method based on threshold technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211642859.3A CN118233115B (en) 2022-12-20 2022-12-20 Improved comprehensive protection method based on threshold technology

Publications (2)

Publication Number Publication Date
CN118233115A true CN118233115A (en) 2024-06-21
CN118233115B CN118233115B (en) 2025-05-16

Family

ID=91496825

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211642859.3A Active CN118233115B (en) 2022-12-20 2022-12-20 Improved comprehensive protection method based on threshold technology

Country Status (1)

Country Link
CN (1) CN118233115B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119449273A (en) * 2024-11-06 2025-02-14 西北工业大学 A Formal Security Verification Method for Pre-Silicon Cryptographic Energy Side Channel

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1668995A (en) * 2002-06-06 2005-09-14 克瑞迪科公司 Method for improving unpredictability of output of pseudo-random number generators
US20100098244A1 (en) * 2008-10-21 2010-04-22 Apple Inc. System and method for stream/block cipher with internal random states
CN102571331A (en) * 2012-02-07 2012-07-11 中国科学院软件研究所 Cryptographic algorithm realization protecting method used for defending energy analysis attacks
CN104202145A (en) * 2014-09-04 2014-12-10 成都信息工程学院 Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm
CN111224770A (en) * 2019-12-25 2020-06-02 中国科学院软件研究所 A comprehensive protection method against side-channel and fault attacks based on threshold technology
US20200313850A1 (en) * 2019-03-29 2020-10-01 Irdeto Canada Corporation Method and apparatus for implementing a white-box cipher
CN112187444A (en) * 2020-09-02 2021-01-05 中国科学院软件研究所 Comprehensive protection method for resisting side channel and fault attack
CN113050785A (en) * 2019-12-26 2021-06-29 浙江维思无线网络技术有限公司 Method and device for reducing data encryption power consumption
CN114553397A (en) * 2022-02-14 2022-05-27 山东大学 Encryption optimization method and device for SM4 block cipher algorithm

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1668995A (en) * 2002-06-06 2005-09-14 克瑞迪科公司 Method for improving unpredictability of output of pseudo-random number generators
US20100098244A1 (en) * 2008-10-21 2010-04-22 Apple Inc. System and method for stream/block cipher with internal random states
CN102571331A (en) * 2012-02-07 2012-07-11 中国科学院软件研究所 Cryptographic algorithm realization protecting method used for defending energy analysis attacks
CN104202145A (en) * 2014-09-04 2014-12-10 成都信息工程学院 Plaintext or ciphertext selection based side channel power analysis attack method on round function output of SM4 cipher algorithm
US20200313850A1 (en) * 2019-03-29 2020-10-01 Irdeto Canada Corporation Method and apparatus for implementing a white-box cipher
CN111224770A (en) * 2019-12-25 2020-06-02 中国科学院软件研究所 A comprehensive protection method against side-channel and fault attacks based on threshold technology
CN113050785A (en) * 2019-12-26 2021-06-29 浙江维思无线网络技术有限公司 Method and device for reducing data encryption power consumption
CN112187444A (en) * 2020-09-02 2021-01-05 中国科学院软件研究所 Comprehensive protection method for resisting side channel and fault attack
CN114553397A (en) * 2022-02-14 2022-05-27 山东大学 Encryption optimization method and device for SM4 block cipher algorithm

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
JIAO Z等: ""A combined countermeasure against side-channel and fault attack with threshold implementation technique"", 《CHINESE JOURNAL OF ELECTRONICS》, 7 February 2023 (2023-02-07), pages 2 *
吴文玲;张蕾;郑雅菲;李灵琛;: "分组密码uBlock", 密码学报, no. 06, 15 December 2019 (2019-12-15) *
姚富;匡晓云;杨祎巍;黄开天: "密码芯片抗侧信道攻击防护方法", 集成电路应用, no. 005, 31 December 2021 (2021-12-31) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119449273A (en) * 2024-11-06 2025-02-14 西北工业大学 A Formal Security Verification Method for Pre-Silicon Cryptographic Energy Side Channel

Also Published As

Publication number Publication date
CN118233115B (en) 2025-05-16

Similar Documents

Publication Publication Date Title
Gierlichs et al. Infective computation and dummy rounds: Fault protection for block ciphers without check-before-output
CN104734842B (en) Method is resisted in circuits bypass attack based on pseudo-operation
Malkin et al. A comparative cost/security analysis of fault attack countermeasures
CN104734845B (en) Bypass attack means of defence based on full Encryption Algorithm pseudo-operation
US20030044003A1 (en) Space-efficient, side-channel attack resistant table lookups
Frey et al. A hardened network-on-chip design using runtime hardware Trojan mitigation methods
CN112187444A (en) Comprehensive protection method for resisting side channel and fault attack
Dassance et al. Combined fault and side-channel attacks on the AES key schedule
Luo et al. Differential fault analysis of SHA3-224 and SHA3-256
Clavier et al. Complete SCARE of AES-like block ciphers by chosen plaintext collision power analysis
Li et al. New conditional cube attack on Keccak keyed modes
Wang et al. Exploration of benes network in cryptographic processors: A random infection countermeasure for block ciphers against fault attacks
CN114428979A (en) Data processing method, device, equipment and system
Zhao et al. Truncated differential cryptanalysis of PRINCE
CN118233115A (en) Improved comprehensive protection method based on threshold technology
CN106452729B (en) An Encryption Method of White-box Cipher Based on Random Permutation
CN111614457A (en) Improved lightweight packet encryption and decryption method, device and storage medium based on P permutation
CN118413314B (en) Symmetric encryption/decryption combined circuit capable of defending fault attack based on confusion mechanism
CN106936822B (en) Mask implementation method and system for resisting high-order bypass analysis aiming at SMS4
Luo et al. Differential fault analysis of SHA-3 under relaxed fault models
Gao et al. Differential Fault Attack of Lightweight Cipher GIFT Based on Byte Model
Li et al. Statistical differential fault analysis of the saturnin lightweight cryptosystem in the mobile wireless sensor networks
McEvoy et al. All-or-nothing transforms as a countermeasure to differential side-channel analysis
Banik et al. Some security results of the RC4+ stream cipher
CN114244495A (en) An AES encryption circuit based on random mask infection mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载