Summary of the invention
A kind of method and apparatus of attacking key is provided in the embodiment of the present invention, can have solved in existing method the fully problem of the fail safe of test key.
In order to solve the problems of the technologies described above, the embodiment of the invention discloses following technical scheme:
On the one hand, provide a kind of method of attacking key, described method comprises:
The length that rsa cryptosystem computing is set is t, adopts the key of being attacked to carry out rsa cryptosystem computing to data, and the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm;
Whether be all hardware realize, if be all that hardware is realized, attack unsuccessfully if by simple energy, being attacked/being analyzed the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA;
Otherwise, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack;
Wherein, described rsa cryptosystem computing realizes for adopting Montgomery Algorithm standard RSA decrypt operation or signature computing.
In conjunction with first aspect, in the first of first aspect may implementation, describedly according to the mould in described the first power consumption curve, take advantage of number of times to obtain test key, specifically comprise:
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is not 2t time, described in dividing, analyses loop control, the judgement statement in the first power consumption curve and judge that statement adds the order of the waveform appearance of loop control, obtains described test key;
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in described the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key.
The first possibility implementation in conjunction with first aspect, the second possibility implementation of first aspect is also provided, if the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, obtain after described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, described test key is pressed to bit negate, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack.
The first possibility implementation in conjunction with first aspect, the third possibility implementation of first aspect is also provided, by analyzing loop control, the judgement statement in the first power consumption curve and judging that statement adds the order of the waveform appearance of loop control, obtain described test key, specifically comprise:
From described the first power consumption curve, analyze the second power consumption curve corresponding to loop control, judge that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control;
From t-1 bit to 0 bit, confirm successively the bit value of the i bit of described test key, to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
The third possibility implementation in conjunction with first aspect, the 4th kind of possibility implementation of first aspect is also provided, from described the first power consumption curve, analyze the second power consumption curve corresponding to loop control, judge that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control, specifically comprise:
The longest waveform of time of implementation is described the 4th power consumption curve;
If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, this waveform is the 3rd power consumption curve;
The waveform that is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
In conjunction with the 4th kind of possibility implementation of first aspect, the 5th kind of possibility implementation of first aspect is also provided, the bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is described the 3rd power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is described the 4th power consumption curve, the value of described i bit is 0.
In the first possibility implementation in conjunction with first aspect, the 6th kind of possibility implementation of first aspect is also provided, if the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key, specifically comprise:
The method of utilizing SPA and TA to combine analyzes the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one from described the first power consumption curve, and loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two;
From t-1 bit to 0 bit, confirm successively the bit value of the i bit of described test key, to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
In the 6th kind of possibility implementation in conjunction with first aspect, the 7th kind of possibility implementation of first aspect is also provided, from described the first power consumption curve, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two, specifically comprises:
Short waveform of time of implementation is described the 5th power consumption curve;
Time of implementation, long waveform was described the 6th power consumption curve.
In the 7th kind of possibility implementation in conjunction with first aspect, also provide the 8th kind of possibility implementation of first aspect, the bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is the 5th power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is the 6th power consumption curve, the value of described i bit is 0.
Second aspect, also provides a kind of attack key device, and described device comprises:
The first power consumption curve acquisition unit, is t for the length of rsa cryptosystem computing is set, and adopts the key of being attacked to carry out rsa cryptosystem computing to data, and the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm;
The first judging unit, judges for attacked/analyzed the method for SPA by simple energy whether the rsa cryptosystem computing of described the first power consumption curve is all that hardware is realized, if judgment result is that of described the first judging unit is to attack unsuccessfully;
The second judging unit, if for described the first judging unit, the determination result is NO, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with key described test key and that attacked, identical random data is carried out to crypto-operation, and whether judged result is consistent, if consistent, success attack;
Wherein, described rsa cryptosystem computing realizes for adopting Montgomery Algorithm standard RSA decrypt operation or signature computing.
In conjunction with second aspect, in the first possibility implementation of second aspect, described the second judging unit comprises:
The first key acquiring unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is not 2t time, by analyzing loop control, the judgement statement in the first power consumption curve and judging that statement adds the order of the waveform appearance of loop control, obtains described test key;
The second key acquiring unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one and loop control add condition judgment two occurs, obtain described test key.
The first possibility implementation in conjunction with second aspect, the second possibility implementation of second aspect is also provided, described device also comprises negate judging unit, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, after obtaining described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, described test key is pressed to bit negate, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack.
In conjunction with the first possibility implementation of second aspect, the third possibility implementation of second aspect is also provided, described the first key acquiring unit comprises:
First analyzes subelement, for analyzing the second power consumption curve corresponding to loop control from described the first power consumption curve, judging that the 3rd power consumption curve, judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control;
The first key obtains subelement, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
May implementation in conjunction with the third of second aspect, also provide the 4th kind of second aspect may implementation, described analysis subelement specifically for:
Judgement the longest waveform of time of implementation is described the 4th power consumption curve;
If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, judge that this waveform is the 3rd power consumption curve;
The waveform that judgement is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
In conjunction with the 4th kind of possibility implementation of second aspect, the 5th kind of possibility implementation of second aspect is also provided, described the first key obtains subelement and comprises:
The first curve judgment sub-unit, for judging that described mould takes advantage of the type of power consumption curve below;
The first bit value is confirmed subelement, if the waveform between taking advantage of for twice mould is the 3rd power consumption curve, the value of confirming described i bit is 1;
If described the first bit value confirms that subelement is also the 4th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
In the first possibility implementation in conjunction with second aspect, also provide the 6th kind of possibility implementation of second aspect, described the second key acquiring unit comprises:
Second analyzes subelement, for the method for utilizing SPA and TA to combine, from described the first power consumption curve, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two;
The second key obtains subelement, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
In conjunction with the 6th kind of second aspect may implementation in, also provide the 7th kind of second aspect may implementation, described second analyze subelement specifically for:
Judgement short waveform of time of implementation is described the 5th power consumption curve;
The judgement time of implementation, long waveform was described the 6th power consumption curve.
In the 7th kind of possibility implementation in conjunction with second aspect, also provide the 8th kind of possibility implementation of second aspect, the second key obtains subelement and comprises:
The second curve judgment sub-unit, for judging that described mould takes advantage of the type of power consumption curve below;
The second bit value is confirmed subelement, if the waveform between taking advantage of for twice mould is the 5th power consumption curve, the value of confirming described i bit is 1;
If the second bit value confirms that subelement is also the 6th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
A kind of method of attacking key is disclosed in embodiments of the invention, in described method, utilize the difference of nonidentity operation power consumption curve, and power consumption curve and mould are taken advantage of the relation of carrying out number of times, obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
Embodiment
The following embodiment of the present invention provides a kind of method and apparatus of attacking key, fully the security performance of test key.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out to clear, complete description, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, the embodiment of the present invention provides a kind of method of attacking key, and described method comprises:
Step 110, the length that rsa cryptosystem computing is set is t, adopts the key of being attacked to carry out rsa cryptosystem computing to data, the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm.
In the embodiment of the present invention, data are carried out to crypto-operation and comprise standard RSA signature computing or the decrypt operation that adopts Montgomery Algorithm to realize to data, to the computing of signing of input message, or the ciphertext of input is carried out to standard RSA signature decrypt operation.
Whether step 120, be all that hardware is realized by the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA, if be all that hardware is realized, goes to step 130, otherwise, go to step 140.
Step 130, attacks unsuccessfully.
Step 140, obtains test key according to the execution number of times that in described the first power consumption curve, mould is taken advantage of.
Step 150, carries out crypto-operation with described test key and the key attacked to identical random data, and whether judged result is consistent, if consistent, success attack.
The test key getting is identical with the key of being attacked, and can think to cipher key attacks success.But because the key of being attacked is normally sightless, or cannot directly read out in smart card, therefore cannot judge intuitively that whether test key is identical with the key of being attacked, therefore in embodiments of the present invention, the key that adopts test key and attacked carries out crypto-operation to identical random data, if result is consistent, just think that test key is identical with the key of being attacked, think to cipher key attacks success.
In the method for the embodiment of the present invention, utilize the difference of the power consumption curve of hardware realization and software realization, and power consumption curve and mould take advantage of the relation of carrying out number of times to obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
In step 140, according to the mould in described the first power consumption curve, take advantage of number of times to obtain test key, specifically comprise:
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is not 2t time, by minute described in analyse loop control in the first power consumption curve, judgement statement, judgement statement and add the order that the waveform of loop control occurs, obtain described test key; Now, to take advantage of the desired value of carrying out number of times be 3t/2 time to mould.
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in described the first power consumption curve, add the order that waveform that condition judgment one, loop control add condition judgment two occurs, obtain described test key.
Software computing comprises two class implementations, first kind implementation be loop control, judgement statement, judgement statement add loop control, another kind of implementation is that loop control adds condition judgment one, loop control adds condition judgment two.The execution number of times that in two class implementations, mould is taken advantage of is different, therefore by different moulds, is taken advantage of and is carried out number of times and dissimilar implementation, can obtain test key.
As shown in Figure 2, by analyzing loop control in the first power consumption curve, judgement statement, judgement statement, add the order that the waveform of loop control occurs, specifically comprise:
Step 210 analyzes the second power consumption curve corresponding to loop control, judges that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control from described the first power consumption curve.
Concrete grammar is: the longest waveform of time of implementation is described the 4th power consumption curve; If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, this waveform is the 3rd power consumption curve; The waveform that is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
Step 220, from t-1 bit to 0 bit, confirms the bit value of the i bit of described test key successively, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
The bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is described the 3rd power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is described the 4th power consumption curve, the value of described i bit is 0.
While utilizing running software, the time that different branches carry out is discrepant, therefore can by different power consumption curves, obtain the bit value of each bit of test key, to obtain test key.
As shown in Figure 3, if the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one, loop control add condition judgment two occurs, obtain described test key, specifically comprise:
Step 310, utilize SPA and TA(Timing Attack, timing attack) method combining analyzes the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one from described the first power consumption curve, and loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two.
Wherein, short waveform of time of implementation is the 5th power consumption curve, and the time of implementation, long waveform was the 6th power consumption curve.
Step 320, from t-1 bit to 0 bit, confirms the bit value of the i bit of described test key successively, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
The bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is the 5th power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is the 6th power consumption curve, the value of described i bit is 0.
Described attack method also comprises:
If the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, obtain after described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, presses bit negate to described test key, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack.
In the embodiment of the present invention, the 5th power consumption curve there is no obvious associated with the 6th power consumption curve and the value of bit, therefore, when confirming the bit value of each bit of test key, conventionally first suppose, for example, suppose that the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one represents that the bit value of current bit is 1.Under this assumed condition, obtain a test key, judge this test key whether identical with the key attacked.For ease of distinguishing, this test key is called test key A.
If test key A is different from the key of being attacked, attack unsuccessfully, think that null hypothesis is wrong, now further suppose that the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one represents that the bit value of current bit is 0, is equivalent to the bit value negate to each bit of test key A.Finally judge that whether the test key B after test key A negate is identical with the key of being attacked, judge that whether attack is successful.
The attack encryption key method of the embodiment of the present invention, utilize the difference of the power consumption curve of hardware realization and software realization, power consumption curve and mould are taken advantage of the relation of carrying out number of times, and the different power consumption curve in dissimilar implementation and the corresponding relation of key obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
The attack encryption key method of the embodiment of the present invention, can also be for attacking stationary window method and slip window sampling scheduling algorithm.
As shown in Figure 4, the invention also discloses the attack encryption key method of another kind of embodiment, described method comprises:
Step 401, the length that rsa cryptosystem computing is set is t, adopts the key of being attacked to carry out rsa cryptosystem computing to data, the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm.
Whether step 402, be all that hardware is realized by the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA, if be all that hardware is realized, goes to step 403, if not, goes to step 404.
Step 403, attacks unsuccessfully.
Step 404, judges whether the execution number of times that in described the first power consumption curve, mould is taken advantage of is 2t time, if carry out number of times, is not 2t time, goes to step 405, if carry out number of times, is 2t time, goes to step 408.
Step 405 analyzes the second power consumption curve corresponding to loop control, judges that the 3rd power consumption curve and judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control from described the first power consumption curve.
Step 406, from t-1 bit to 0 bit, confirms the bit value of the i bit of described test key successively, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
Step 407, carries out crypto-operation with described test key and the key attacked to identical random data, and whether judged result is consistent, if consistent, success attack.
The bit value of described confirmation test key i bit, specifically comprises:
Judge that described mould takes advantage of the type of power consumption curve below;
If the waveform of twice mould between taking advantage of is described the 3rd power consumption curve, the value of described i bit is 1;
If the waveform after front mould is taken advantage of is described the 4th power consumption curve, the value of described i bit is 0.
Step 408, the method for utilizing SPA and TA to combine analyzes the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one from described the first power consumption curve, and loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two.
Short waveform of time of implementation is the 5th power consumption curve, and the time of implementation, long waveform was the 6th power consumption curve.
Step 409, from t-1 bit to 0 bit, confirms the bit value of the i bit of described test key successively, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
Step 410, carries out crypto-operation with described test key and the key attacked to identical random data, and whether judged result is consistent, if consistent, go to step 411, otherwise goes to step 412.
Step 411: success attack.
Step 412, presses bit negate to described test key, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, judges that whether described result is consistent, if consistent, success attack.
The attack encryption key method of the embodiment of the present invention, utilize the difference of the power consumption curve of hardware realization and software realization, and power consumption curve and mould are taken advantage of the relation of carrying out number of times, and the different power consumption curve in dissimilar implementation and the corresponding relation of key obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
As shown in Figure 5, the invention also discloses the attack key device of a kind of embodiment, comprising:
The first power consumption curve acquisition unit 500, is t for the length of rsa cryptosystem computing is set, and adopts the key of being attacked to carry out rsa cryptosystem computing to data, and the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm;
The first judging unit 600, judges for the method by SPA whether the rsa cryptosystem computing of described the first power consumption curve is all that hardware is realized, if judgment result is that of described the first judging unit is to attack unsuccessfully;
The second judging unit 700, if for described the first judging unit, the determination result is NO, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with key described test key and that attacked, identical random data is carried out to crypto-operation, and whether judged result is consistent, if consistent, success attack;
Wherein, described rsa cryptosystem computing realizes for adopting Montgomery Algorithm standard RSA decrypt operation or signature computing.
As shown in Figure 6, described the second judging unit 700 comprises:
The first key acquiring unit 710, if the execution number of times of taking advantage of for described the first power consumption curve mould is not 2t time, by analyzing loop control, the judgement statement in the first power consumption curve and judging that statement adds the order of the waveform appearance of loop control, obtains described test key;
The second key acquiring unit 720, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, by analyzing loop control in the first power consumption curve, add the order that waveform that condition judgment one, loop control add condition judgment two occurs, obtain described test key.
Described device also comprises negate judging unit 800, if the execution number of times of taking advantage of for described the first power consumption curve mould is 2t time, after obtaining described test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, judge that whether described result is consistent, if consistent, success attack, if inconsistent, described test key is pressed to bit negate, with the key test key after described negate and that attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack.
Described the first key acquiring unit 710 comprises:
First analyzes subelement 711, for analyzing the second power consumption curve corresponding to loop control from described the first power consumption curve, judging that the 3rd power consumption curve, judgement statement that statement is corresponding add the 4th power consumption curve corresponding to loop control;
The first key obtains subelement 712, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
First analyze subelement 711 specifically for:
Judgement the longest waveform of time of implementation is described the 4th power consumption curve;
If the next waveform after described the 4th power consumption curve is different from the 4th power consumption curve, judge that this waveform is the 3rd power consumption curve;
The waveform that judgement is different from described the 3rd power consumption curve and the 4th power consumption curve is the second power consumption curve.
Described the first key obtains subelement 712 and comprises:
The first curve judgment sub-unit 7121, for judging that described mould takes advantage of the type of power consumption curve below;
The first bit value is confirmed subelement 7122, if the waveform between taking advantage of for twice mould is the 3rd power consumption curve, the value of confirming described i bit is 1;
If described the first bit value confirms that subelement 7122 is also the 4th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
Described the second key acquiring unit 720 comprises:
Second analyzes subelement 721, for the method for utilizing SPA and TA to combine, from described the first power consumption curve, analyze the 5th power consumption curve corresponding to waveform that loop control adds condition judgment one, loop control adds the 6th power consumption curve corresponding to waveform of condition judgment two;
The second key obtains subelement 722, for from t-1 bit to 0 bit, confirms successively the bit value of the i bit of described test key, and to obtain described test key, wherein, i is integer, and 0≤i≤t-1.
Second analyze subelement 721 specifically for: judgement short waveform of time of implementation is described the 5th power consumption curve;
The judgement time of implementation, long waveform was described the 6th power consumption curve.
The second key obtains subelement 722 and comprises:
The second curve judgment sub-unit 7221, for judging that described mould takes advantage of the type of power consumption curve below;
The second bit value is confirmed subelement 7222, if the waveform between taking advantage of for twice mould is the 5th power consumption curve, the value of confirming described i bit is 1;
If the second bit value confirms that subelement 7222 is also the 6th power consumption curve for the waveform after front mould is taken advantage of, the value of confirming described i bit is 0.
The attack key device of the embodiment of the present invention, utilize the difference of nonidentity operation power consumption curve, and power consumption curve and mould are taken advantage of the relation of carrying out number of times, and the different power consumption curve in dissimilar implementation and the corresponding relation of key obtain test key, reach the object of attacking key, fully the security performance of test key.
The embodiment of the invention discloses a kind of attack encryption key method and attack key device, described method comprises: adopt the key of being attacked to carry out rsa cryptosystem computing to data, the key that obtains being attacked carries out the first power consumption curve of Montgomery Algorithm; By the rsa cryptosystem computing in the first power consumption curve described in the methods analyst of SPA, whether be all that hardware is realized, if be all that hardware is realized, attack unsuccessfully; If not, according to the execution number of times that in described the first power consumption curve, mould is taken advantage of, obtain test key, with described test key and the key attacked, identical random data is carried out to crypto-operation, whether judged result is consistent, if consistent, success attack.Attack method of the present invention and device, can obtain test key, even in the situation that mould is taken advantage of with mould square without any difference, also can reach the object of attacking key, fully the security performance of test key.
Those skilled in the art can be well understood to the mode that technology in the embodiment of the present invention can add essential common hardware by software and realize, common hardware comprises universal integrated circuit, universal cpu, general-purpose storage, universal elements etc., can certainly comprise that application-specific integrated circuit (ASIC), dedicated cpu, private memory, special-purpose components and parts etc. realize by specialized hardware, but in a lot of situation, the former is better execution mode.Understanding based on such, the part that technical scheme in the embodiment of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product can be stored in storage medium, as read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be personal computer, server, or the network equipment etc.) method described in some part of execution each embodiment of the present invention or embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, between each embodiment identical similar part mutually referring to, each embodiment stresses is the difference with other embodiment.Especially, for system embodiment, because it is substantially similar in appearance to embodiment of the method, so description is fairly simple, relevant part is referring to the part explanation of embodiment of the method.
Above-described embodiment of the present invention, does not form limiting the scope of the present invention.Any modification of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.