CN105376046A - Anti-attack block cipher encryption method, anti-attack block cipher decryption method, anti-attack block cipher encryption device and anti-attack block cipher decryption device - Google Patents

Abstract

The invention discloses an anti-attack block cipher encryption method, an anti-attack block cipher decryption method, an anti-attack block cipher encryption device and an anti-attack block cipher decryption device, wherein the anti-attack block cipher encryption method comprises the steps of receiving a to-be-encrypted plain text (P), performing normal encryption calculation twice on the plain text P, and outputting a correct encryption result; in performing normal encryption calculation, injecting a fault in the normal encryption calculation process once or twice, and outputting an error encryption result; and after a correct encryption result and the error encryption result are input into a function (F), outputting an invalid result which cannot be used by an attacker. According to an embodiment of the invention, the fault is injected in performing first normal encryption operation and/or second normal encryption operation, and furthermore encryption results which are output in two times are input into the function (F), thereby reducing a step of comparing two normal encryption operation results. Finally the function (F) outputs the invalid result which cannot be used by the attacker, thereby effectively resisting two-point attacks to a block cipher algorithm and improving safety in a block cipher algorithm encryption process.

Description

A kind of encipher-decipher method of block cipher attack protection and device

Technical field

The present invention relates to field of information security technology in the communications field, particularly, relate to the method and apparatus of the encryption and decryption of block cipher attack protection.

Background technology

Along with the development of computer and the communication technology, the demand of user to the safe storage of information, safe handling and safe transmission is more and more stronger.Especially, along with the extensive use of Internet, information security issue seems more and more important.One of effective means solved the problem uses modern cryptographic technique, and various cryptographic algorithm constantly occurs.Block cipher is a kind of the most frequently used cryptographic means, block cipher have speed fast, be easy to standardization and be convenient to the features such as software and hardware realization, normally realize data encryption in information security, message differentiate and the core cryptographic algorithm of certification.At present, popular block cipher comprises DES algorithm, aes algorithm etc.

Along with information security issue receives the concern of people day by day, the various analysis of cryptographic algorithm and attack method are also constantly occurred.Fault attacks is the strong attack method of one occurred in recent years.Its general principle is that crypto chip is placed in high-intensity magnetic field, or change the supply voltage, operating frequency, temperature etc. of chip, make the register in crypto chip, memory produces random error in encryption process, some exports bit and becomes 1 or 1 from original 0 and become 0.By to the differential comparison that proper password exports and bad password exports, through theory analysis, the code data information of chip internal just can be drawn.

The method of the fail-safe attack that block cipher is common comprises: carry out repeatedly computing to same data, whether the result of more repeatedly computing is consistent; After normal operation is carried out to certain data, inverse operation is carried out to operation result, compare inverse operation result whether consistent with original input data.

As shown in Figure 1, if assailant injects fault when carrying out first time normal operation to plaintext P, the result C that so this first time normal operation exports is the result of mistake, and the result C ' exported when carrying out second time normal operation to plaintext P is correct result, now C ≠ C '; Then result C and result C ' is compared, namely judge that whether C and C ' is equal, and re-inject fault when this results contrast, due to the injection of fault, exist and " C ≠ C ' " is attacked into the possibility of " C=C ' ".If injection fault is incited somebody to action " C ≠ C ' " attack into " C=C ' ", then comparative result exports as error result C (or C ').Assailant obtains this error result C (or C '), and acquired correct result C ' before adding in addition, just can obtain useful fault message, thus obtains sensitive information.

In like manner, if assailant does not inject fault when carrying out first time normal operation to plaintext P, fault is injected when second time normal operation is carried out to plaintext P, similar with above-mentioned situation, assailant still just can obtain error result C ' (or C), acquired correct result C before adding in addition, just can obtain useful fault message, thus obtains sensitive information.

Summary of the invention

The present invention is to overcome the block cipher defect that fail safe is lower when preventing from attacking in prior art, according to an aspect of the present invention, proposing a kind of encryption method of block cipher attack protection.

According to the encryption method of the block cipher attack protection of the embodiment of the present invention, comprising:

The plaintext P that reception need be encrypted, carries out two subnormal cryptographic calculations to plaintext P, exports correct encrypted result;

When carrying out normal cryptographic calculation, normal cryptographic calculation process is injected fault once or twice, output error encrypted result;

After correct encrypted result and wrong encrypted result input F function, export the unserviceable null result of assailant.

The present invention is to overcome the block cipher defect that fail safe is lower when preventing from attacking in prior art, according to another aspect of the present invention, proposing a kind of encryption device of block cipher attack protection.

According to the encryption device of the block cipher attack protection of the embodiment of the present invention, comprising:

Cryptographic calculation module, for receiving the plaintext P that need encrypt, carrying out two subnormal cryptographic calculations to plaintext P, exporting correct encrypted result;

Fault receiver module, for when carrying out normal cryptographic calculation, receives normal cryptographic calculation process by the fault injected once or twice, output error encrypted result;

Result output module, after correct encrypted result and wrong encrypted result input F function, exports the unserviceable null result of assailant.

The embodiment of the invention discloses a kind of encryption method and device of block cipher attack protection, fault is injected into when carrying out first time and/or the normal cryptographic calculation of second time, and the encrypted result that the encrypted result exported by normal for first time cryptographic calculation and the normal cryptographic calculation of second time export is input in F function, decrease the step two subnormal cryptographic calculation results compared, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher ciphering process.

The present invention is to overcome the block cipher defect that fail safe is lower when preventing from attacking in prior art, according to an aspect of the present invention, proposing a kind of decryption method of block cipher attack protection.

According to the decryption method of the block cipher attack protection of the embodiment of the present invention, comprising:

The ciphertext P that reception need be deciphered, carries out twice normal decrypt operation to ciphertext P, exports correct decrypted result;

When carrying out normal decrypt operation, normal cryptographic calculation process is injected fault once or twice, output error decrypted result;

After correct decrypted result and wrong decrypted result input F function, export the unserviceable null result of assailant.

The present invention is to overcome the block cipher defect that fail safe is lower when preventing from attacking in prior art, according to an aspect of the present invention, proposing a kind of decryption device of block cipher attack protection.

According to the decryption device of the block cipher attack protection of the embodiment of the present invention, comprising:

Decrypt operation module, for receiving the ciphertext P that need decipher, carrying out twice normal decrypt operation to ciphertext P, exporting correct decrypted result;

Fault receiver module, for when carrying out normal decrypt operation, receives normal cryptographic calculation process by the fault injected once or twice, output error decrypted result;

Result output module, after correct decrypted result and wrong decrypted result input F function, exports the unserviceable null result of assailant.

The embodiment of the invention discloses a kind of decryption method and device of block cipher attack protection, fault is injected into when carrying out first time and/or the normal decrypt operation of second time, and the decrypted result that the decrypted result exported by normal for first time decrypt operation and the normal decrypt operation of second time export is input in F function, decrease twice normal step of deciphering operation result and comparing, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher decrypting process.

Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write specification, claims and accompanying drawing and obtain.

Below by drawings and Examples, technical scheme of the present invention is described in further detail.

Accompanying drawing explanation

Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:

Fig. 1 is the schematic flow sheet of the flow process fault attacks in prior art, block cipher being carried out to fault attacks;

Fig. 2 is the flow chart of the encryption method embodiment 1 of block cipher attack protection of the present invention;

Fig. 3 is the flow chart of the encryption method embodiment 2 of block cipher attack protection of the present invention;

Fig. 4 is the flow chart of the encryption method embodiment 3 of block cipher attack protection of the present invention;

Fig. 5 is the flow chart of the encryption method embodiment 4 of block cipher attack protection of the present invention;

Fig. 6 is the flow chart of the decryption method embodiment 1 of block cipher attack protection of the present invention;

Fig. 7 is the flow chart of the decryption method embodiment 2 of block cipher attack protection of the present invention;

Fig. 8 is the flow chart of the decryption method embodiment 3 of block cipher attack protection of the present invention;

Fig. 9 is the flow chart of the decryption method embodiment 4 of block cipher attack protection of the present invention;

Figure 10 is the structure chart of the encryption device embodiment of block cipher attack protection of the present invention;

Figure 11 is the structure chart of the decryption device embodiment of block cipher attack protection of the present invention.

Embodiment

Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail, but is to be understood that protection scope of the present invention not by the restriction of embodiment.

The present inventor is in analysis and study in above-mentioned prior art and find, to be encrypted or in decrypt operation process at operation block cipher, if direct fault location detected, the operation result of the unsuitable output error of chip, otherwise assailant just can utilize the operation result of mistake to carry out differential fault attack.Embodiments provide a kind of method of block cipher attack protection, the not output error operation result when there being direct fault location in calculating process, but export for unserviceable null result assailant.

If first time normal operation is not injected into fault, second time normal operation is injected into fault, and this null result is correct first time normal operation result C and the operation result of second time normal operation result C ' after certain F function process of mistake.

If first time normal operation is injected into fault, second time normal operation is not injected into fault, and this null result is first time normal operation result C and the operation result of correct second time normal operation result C ' after certain F function process of mistake.

If first time normal operation is injected into fault, second time normal operation is also injected into fault, and this null result is the first time normal operation result C of mistake and the operation result of second time normal operation result C ' after certain F function process of mistake.

As shown in Figure 2, the embodiment of the invention discloses a kind of encryption method of block cipher attack protection, comprising:

Step 201: expressly P is input in encrypting module, carry out first time normal cryptographic calculation, meanwhile, this step is injected into fault, therefore that output is wrong encrypted result C;

Step 203: same plaintext P is input in encrypting module again, carries out the normal cryptographic calculation of second time, output be correct encrypted result C ';

Step 205: the wrong encrypted result C in the step 201 and correct encrypted result C ' in step 203 is inputted F function, the output of this function is Y; F function is learnt by judgement, C ≠ C ', therefore output operation result is the unserviceable null result of assailant;

For different grouping algorithms, the expression formula of F function is different, and the expression formula of row below this specification carries out embodiment explanation, but the expression formula of F function should be not limited to following expression formula.

For DES algorithm, encrypted result C is made up of L and R two parts, and encrypted result C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', then and F function can be defined as:

$F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L$

In step 205, F function both can be injected into fault, also can not be injected into fault.Due to the existence of above-mentioned F function, therefore no matter whether be injected into fault, the operation result that above-mentioned F function exports is all the unserviceable null result of assailant.

Step 207: be encrypted computing to plaintext P, exports the unserviceable null result Y of assailant.

Fig. 2 embodiment discloses a kind of encryption method of block cipher attack protection, fault is injected into when carrying out first time normal cryptographic calculation, and the correct encrypted result that the wrong encrypted result exported by normal for the first time being injected into fault cryptographic calculation and the normal cryptographic calculation of second time export is input in F function, decrease the step two subnormal cryptographic calculation results compared, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher ciphering process.

As shown in Figure 3, the embodiment of the invention discloses the encryption method of another kind of block cipher attack protection, comprising:

Step 301: expressly P is input in encrypting module, carries out first time normally cryptographic calculation, output be correct encrypted result C;

Step 303: same plaintext P is input in encrypting module again, carry out the normal cryptographic calculation of second time, meanwhile, this step is injected into fault, therefore that output is wrong encrypted result C ';

Step 305: the correct encrypted result C in the step 301 and wrong encrypted result C ' in step 303 is inputted F function, the output of this function is Y; F function is learnt by judgement, C ≠ C ', therefore output operation result is the unserviceable null result of assailant;

For different grouping algorithms, the expression formula of F function is different.

For DES algorithm, encrypted result C is made up of L and R two parts, and encrypted result C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', then and F function can be defined as:

$F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L$

In step 305, F function both can be injected into fault, also can not be injected into fault.Due to the existence of above-mentioned F function, therefore no matter whether be injected into fault, the operation result that above-mentioned F function exports is all the unserviceable null result of assailant.

Step 307: be encrypted computing to plaintext P, exports the unserviceable null result Y of assailant.

Fig. 3 embodiment discloses a kind of encryption method of block cipher attack protection, fault is injected into when carrying out the normal cryptographic calculation of second time, and the correct encrypted result that the wrong encrypted result exported by normal for the second time being injected into fault cryptographic calculation and first time normal cryptographic calculation export is input in F function, decrease the step two subnormal cryptographic calculation results compared, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher ciphering process.

As shown in Figure 4, the embodiment of the invention discloses the encryption method of the third block cipher attack protection, comprising:

Step 401: expressly P is input in encrypting module, carry out first time normal cryptographic calculation, meanwhile, this step is injected into fault, therefore that output is wrong encrypted result C;

Step 403: same plaintext P is input in encrypting module again, carry out the normal cryptographic calculation of second time, meanwhile, this step is injected into fault, therefore that output is also wrong encrypted result C ';

Step 405: the wrong encrypted result C in the step 401 and wrong encrypted result C ' in step 403 is inputted F function, the output of this function is Y; F function is learnt by judgement, C ≠ C ', therefore output operation result is the unserviceable null result of assailant;

For different grouping algorithms, the expression formula of F function is different.

For DES algorithm, encrypted result C is made up of L and R two parts, and encrypted result C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', then and F function can be defined as:

$F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L$

In step 405, F function both can be injected into fault, also can not be injected into fault.Due to the existence of above-mentioned F function, therefore no matter whether be injected into fault, the operation result that above-mentioned F function exports is all the unserviceable null result of assailant.

Step 407: be encrypted computing to plaintext P, exports the unserviceable null result Y of assailant.

Fig. 4 embodiment discloses the encryption method of the third block cipher attack protection, all fault is injected into when carrying out first time and the normal cryptographic calculation of second time, and the wrong encrypted result that normal for the first time being injected into fault cryptographic calculation exports is input in F function with the wrong encrypted result that the same normal cryptographic calculation of second time being injected into fault exports, decrease the step two subnormal cryptographic calculation results compared, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improve the fail safe of block cipher ciphering process.

As shown in Figure 5, the embodiment of the invention discloses the encryption method of the 4th kind of block cipher attack protection, comprising:

Step 501: expressly P is input in encrypting module, carries out first time normally cryptographic calculation, output be correct encrypted result C;

Step 503: same plaintext P is input in encrypting module again, carries out the normal cryptographic calculation of second time, output be also correct encrypted result C ';

Step 505: the correct encrypted result C in the step 501 and correct encrypted result C ' in step 503 is inputted F function, the output of this function is Y; F function is learnt by judgement, C=C ', therefore output operation result is correct cryptographic calculation result;

In step 505, F function both can be injected into fault, also can not be injected into fault.If F function is not injected into fault, the operation result that F function exports is correct cryptographic calculation result, if F function is injected into fault, as above-described embodiment, F function will export the unserviceable null result of assailant equally.

Step 507: be encrypted computing to plaintext P, exports correct cryptographic calculation result.

Fig. 5 embodiment discloses a kind of encryption method of block cipher attack protection, all fault is not injected into when carrying out two subnormal cryptographic calculations, and the correct encrypted result of two subnormal cryptographic calculations is input in F function, correct cryptographic calculation result is exported by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher ciphering process.

As shown in Figure 6, the embodiment of the invention discloses a kind of decryption method of block cipher attack protection, comprising:

Step 601: ciphertext P is input in deciphering module, and carry out first time normal decrypt operation, meanwhile, this step is injected into fault, therefore that output is wrong decrypted result C;

Step 603: same ciphertext P is input in deciphering module again, carries out the normal decrypt operation of second time, output be correct decrypted result C ';

Step 605: the wrong decrypted result C in the step 601 and correct decrypted result C ' in step 603 is inputted F function, and the output of this function is Y; F function is learnt by judgement, C ≠ C ', therefore output operation result is the unserviceable null result of assailant;

For different grouping algorithms, the expression formula of F function is different, and the expression formula of row below this specification carries out embodiment explanation, but the expression formula of F function should be not limited to following expression formula.

For DES algorithm, decrypted result C is made up of L and R two parts, and decrypted result C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', then and F function can be defined as:

$F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L$

In step 605, F function both can be injected into fault, also can not be injected into fault.Due to the existence of above-mentioned F function, therefore no matter whether be injected into fault, the operation result that above-mentioned F function exports is all the unserviceable null result of assailant.

Step 607: be decrypted computing to ciphertext P, exports the unserviceable null result Y of assailant.

Fig. 6 embodiment discloses a kind of decryption method of block cipher attack protection, fault is injected into when carrying out first time normal decrypt operation, and the correct decrypted result that the wrong decrypted result exported by normal for the first time being injected into fault decrypt operation and the normal decrypt operation of second time export is input in F function, decrease twice normal step of deciphering operation result and comparing, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher decrypting process.

As shown in Figure 7, the embodiment of the invention discloses the decryption method of another kind of block cipher attack protection, comprising:

Step 701: ciphertext P is input in deciphering module, carries out first time normal decrypt operation, output be correct decrypted result C;

Step 703: same ciphertext P is input in deciphering module again, carry out the normal decrypt operation of second time, meanwhile, this step is injected into fault, therefore that output is wrong decrypted result C ';

Step 705: the correct decrypted result C in the step 701 and wrong decrypted result C ' in step 703 is inputted F function, and the output of this function is Y; F function is learnt by judgement, C ≠ C ', therefore output operation result is the unserviceable null result of assailant;

For different grouping algorithms, the expression formula of F function is different, and the expression formula of row below this specification carries out embodiment explanation, but the expression formula of F function should be not limited to following expression formula.

For DES algorithm, decrypted result C is made up of L and R two parts, and decrypted result C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', then and F function can be defined as:

$F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L$

In step 705, F function both can be injected into fault, also can not be injected into fault.Due to the existence of above-mentioned F function, therefore no matter whether be injected into fault, the operation result that above-mentioned F function exports is all the unserviceable null result of assailant.

Step 707: be decrypted computing to ciphertext P, exports the unserviceable null result Y of assailant.

Fig. 7 embodiment discloses a kind of decryption method of block cipher attack protection, fault is injected into when carrying out the normal decrypt operation of second time, and the correct decrypted result that the wrong decrypted result exported by normal for the second time being injected into fault decrypt operation and first time normal decrypt operation export is input in F function, decrease twice normal step of deciphering operation result and comparing, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher decrypting process.

As shown in Figure 8, the embodiment of the invention discloses the decryption method of the third block cipher attack protection, comprising:

Step 801: ciphertext P is input in deciphering module, and carry out first time normal decrypt operation, meanwhile, this step is injected into fault, therefore that output is wrong decrypted result C;

Step 803: same ciphertext P is input in deciphering module again, carry out the normal decrypt operation of second time, meanwhile, this step is injected into fault, therefore that output is wrong decrypted result C ';

Step 805: the wrong decrypted result C in the step 801 and wrong decrypted result C ' in step 803 is inputted F function, and the output of this function is Y; F function is learnt by judgement, C ≠ C ', therefore output operation result is the unserviceable null result of assailant;

For different grouping algorithms, the expression formula of F function is different, and the expression formula of row below this specification carries out embodiment explanation, but the expression formula of F function should be not limited to following expression formula.

For DES algorithm, decrypted result C is made up of L and R two parts, and decrypted result C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', then and F function can be defined as:

$F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L$

In step 805, F function both can be injected into fault, also can not be injected into fault.Due to the existence of above-mentioned F function, therefore no matter whether be injected into fault, the operation result that above-mentioned F function exports is all the unserviceable null result of assailant.

Step 807: be decrypted computing to plaintext P, exports the unserviceable null result Y of assailant.

Fig. 8 embodiment discloses the decryption method of the third block cipher attack protection, all fault is injected into when carrying out first time and the normal decrypt operation of second time, and the wrong decrypted result that normal for the first time being injected into fault decrypt operation exports is input in F function with the wrong decrypted result that the same normal decrypt operation of second time being injected into fault exports, decrease twice normal step of deciphering operation result and comparing, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improve the fail safe of block cipher decrypting process.

As shown in Figure 9, the embodiment of the invention discloses the decryption method of the 4th kind of block cipher attack protection, comprising:

Step 901: ciphertext P is input in deciphering module, carries out first time normal decrypt operation, output be correct decrypted result C;

Step 903: same ciphertext P is input in deciphering module again, carries out the normal decrypt operation of second time, output be also correct decrypted result C ';

Step 905: the correct decrypted result C in the step 901 and correct decrypted result C ' in step 903 is inputted F function, and the output of this function is Y; F function is learnt by judgement, C=C ', therefore output operation result is correct decrypt operation result;

For different grouping algorithms, the expression formula of F function is different, and the expression formula of row below this specification carries out embodiment explanation, but the expression formula of F function should be not limited to following expression formula.

For DES algorithm, decrypted result C is made up of L and R two parts, and decrypted result C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', then and F function can be defined as:

$F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L$

In step 905, F function both can be injected into fault, also can not be injected into fault.If F function is not injected into fault, the operation result that F function exports is correct cryptographic calculation result, if F function is injected into fault, as above-described embodiment, F function will export the unserviceable null result of assailant equally.

Step 907: be decrypted computing to ciphertext P, exports correct decrypt operation result.

Fig. 9 embodiment discloses a kind of decryption method of block cipher attack protection, all fault is not injected into when carrying out twice normal decrypt operation, and the correct decrypted result of twice normal decrypt operation is input in F function, correct decrypt operation result is exported by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher decrypting process.

As shown in Figure 10, disclose a kind of encryption device of block cipher attack protection, comprising:

Cryptographic calculation module 10, for receiving the plaintext P that need encrypt, carrying out two subnormal cryptographic calculations to plaintext P, exporting correct encrypted result;

Fault receiver module 20, for when carrying out normal cryptographic calculation, receives normal cryptographic calculation process by the fault injected once or twice, output error encrypted result;

Result output module 30, after correct encrypted result and wrong encrypted result input F function, exports the unserviceable null result of assailant.

Wherein: in two subnormal cryptographic calculations of cryptographic calculation module 10, the encrypted result of normal cryptographic calculation is C for the first time, the encrypted result of the normal cryptographic calculation of second time is C ', C is made up of L and R two parts, C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', the F function definition in result output module 30 is: $F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,$ $C^{\′})=C^{\′}\⊕L^{\′}\⊕L.$

Wherein: fault receiver module 20 specifically for, when carrying out first time normal cryptographic calculation to plaintext P, receive the fault that this subnormal cryptographic calculation is injected into, output error encrypted result;

When carrying out the normal cryptographic calculation of second time to plaintext P, export correct encrypted result.

Wherein: fault receiver module 20 concrete also for, plaintext P is carried out first time normally cryptographic calculation time, export correct encrypted result;

When carrying out the normal cryptographic calculation of second time to plaintext P, receive the fault that this subnormal cryptographic calculation is injected into, output error encrypted result.

Wherein: fault receiver module 20 concrete also for,

When carrying out first time normal cryptographic calculation to plaintext P, receive the fault that this subnormal cryptographic calculation is injected into, output error encrypted result;

When carrying out the normal cryptographic calculation of second time to plaintext P, receive the fault that this subnormal cryptographic calculation is injected into, output error encrypted result.

Figure 10 embodiment discloses a kind of encryption device of block cipher attack protection, fault is injected into when carrying out first time and/or the normal cryptographic calculation of second time, and the encrypted result that the encrypted result exported by normal for first time cryptographic calculation and the normal cryptographic calculation of second time export is input in F function, decrease the step two subnormal cryptographic calculation results compared, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher ciphering process.

As shown in figure 11, disclose a kind of decryption device of block cipher attack protection, comprising:

Decrypt operation module 40, for receiving the ciphertext P that need decipher, carrying out twice normal decrypt operation to ciphertext P, exporting correct decrypted result;

Fault receiver module 50, for when carrying out normal decrypt operation, receives normal cryptographic calculation process by the fault injected once or twice, output error decrypted result;

Result output module 60, after correct decrypted result and wrong decrypted result input F function, exports the unserviceable null result of assailant.

Wherein: in twice normal decrypt operation of decrypt operation module 40, the decrypted result of normal decrypt operation is C for the first time, the decrypted result of the normal decrypt operation of second time is C ', C is made up of L and R two parts, C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', the F function definition in result output module 60 is: $F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,$ $C^{\′})=C^{\′}\⊕L^{\′}\⊕L.$

Wherein: fault receiver module 50 specifically for, when carrying out first time normal decrypt operation to ciphertext P, receive the fault that this normal decrypt operation is injected into, output error decrypted result;

When carrying out the normal decrypt operation of second time to ciphertext P, export correct decrypted result.

Wherein: fault receiver module 50 concrete also for, ciphertext P is carried out first time normally decrypt operation time, export correct decrypted result;

When carrying out the normal decrypt operation of second time to ciphertext P, receive the fault that this normal decrypt operation is injected into, output error decrypted result.

Wherein: fault receiver module 50 concrete also for, ciphertext P is carried out first time normally decrypt operation time, receive the fault that this normal decrypt operation is injected into, output error decrypted result;

When carrying out the normal decrypt operation of second time to ciphertext P, receive the fault that this normal decrypt operation is injected into, output error decrypted result.

Figure 11 embodiment discloses a kind of decryption device of block cipher attack protection, fault is injected into when carrying out first time and/or the normal decrypt operation of second time, and the decrypted result that the decrypted result exported by normal for first time decrypt operation and the normal decrypt operation of second time export is input in F function, decrease twice normal step of deciphering operation result and comparing, finally export the unserviceable null result of assailant by F function, effective opposing is attacked the two point of block cipher, improves the fail safe of block cipher decrypting process.

The present invention can have multiple multi-form embodiment; above for Fig. 2-Figure 11 by reference to the accompanying drawings to technical scheme of the present invention explanation for example; this does not also mean that the instantiation that the present invention applies can only be confined in specific flow process or example structure; those of ordinary skill in the art should understand; specific embodiments provided above is some examples in multiple its preferred usage, and the execution mode of any embodiment the claims in the present invention all should within technical solution of the present invention scope required for protection.

Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (20)

1. an encryption method for block cipher attack protection, is characterized in that, comprising:

The plaintext P that reception need be encrypted, carries out two subnormal cryptographic calculations to described plaintext P, exports correct encrypted result;

When carrying out described normal cryptographic calculation, described normal cryptographic calculation process is injected fault, output error encrypted result once or twice;

After described correct encrypted result and wrong encrypted result input F function, export the unserviceable null result of assailant.

2. method according to claim 1, it is characterized in that, in described two subnormal cryptographic calculations, first time, the encrypted result of normal cryptographic calculation was C, and the encrypted result of the normal cryptographic calculation of second time is C ', and described C is made up of L and R two parts, described C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', described F function definition is: $F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L.$

3. method according to claim 1 and 2, is characterized in that, described when carrying out normal cryptographic calculation, and described normal cryptographic calculation process is injected fault once or twice, and the step of output error encrypted result specifically comprises:

When carrying out first time normal cryptographic calculation to described plaintext P, this subnormal cryptographic calculation is injected into fault, output error encrypted result;

When carrying out the normal cryptographic calculation of second time to described plaintext P, export correct encrypted result.

4. method according to claim 1 and 2, is characterized in that, described when carrying out normal cryptographic calculation, and described normal cryptographic calculation process is injected fault once or twice, and the step of output error encrypted result specifically also comprises:

When carrying out first time normal cryptographic calculation to described plaintext P, export correct encrypted result;

When carrying out the normal cryptographic calculation of second time to described plaintext P, this subnormal cryptographic calculation is injected into fault, output error encrypted result.

5. method according to claim 1 and 2, is characterized in that, described when carrying out normal cryptographic calculation, and described normal cryptographic calculation process is injected fault once or twice, and the step of output error encrypted result specifically also comprises:

When carrying out first time normal cryptographic calculation to described plaintext P, this subnormal cryptographic calculation is injected into fault, output error encrypted result;

When carrying out the normal cryptographic calculation of second time to described plaintext P, this subnormal cryptographic calculation is injected into fault, output error encrypted result.

6. a decryption method for block cipher attack protection, is characterized in that, comprising:

The ciphertext P that reception need be deciphered, carries out twice normal decrypt operation to described ciphertext P, exports correct decrypted result;

When carrying out described normal decrypt operation, described normal cryptographic calculation process is injected fault, output error decrypted result once or twice;

After described correct decrypted result and wrong decrypted result input F function, export the unserviceable null result of assailant.

7. method according to claim 6, it is characterized in that, in described twice normal decrypt operation, first time, the decrypted result of normal decrypt operation was C, and the decrypted result of the normal decrypt operation of second time is C ', and described C is made up of L and R two parts, described C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', described F function definition is: $F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L.$

8. the method according to claim 6 or 7, is characterized in that, described when carrying out normal decrypt operation, and described normal cryptographic calculation process is injected fault once or twice, and the step of output error decrypted result specifically comprises:

When carrying out first time normal decrypt operation to described ciphertext P, this normal decrypt operation is injected into fault, output error decrypted result;

When carrying out the normal decrypt operation of second time to described ciphertext P, export correct decrypted result.

9. the method according to claim 6 or 7, is characterized in that, described when carrying out normal decrypt operation, and described normal cryptographic calculation process is injected fault once or twice, and the step of output error decrypted result specifically also comprises:

When carrying out first time normal decrypt operation to described ciphertext P, export correct decrypted result;

When carrying out the normal decrypt operation of second time to described ciphertext P, this normal decrypt operation is injected into fault, output error decrypted result.

10. the method according to claim 6 or 7, is characterized in that, described when carrying out normal decrypt operation, and described normal cryptographic calculation process is injected fault once or twice, and the step of output error decrypted result specifically also comprises:

When carrying out first time normal decrypt operation to described ciphertext P, this normal decrypt operation is injected into fault, output error decrypted result;

When carrying out the normal decrypt operation of second time to described ciphertext P, this normal decrypt operation is injected into fault, output error decrypted result.

The encryption device of 11. 1 kinds of block cipher attack protections, is characterized in that, comprising:

Cryptographic calculation module, for receiving the plaintext P that need encrypt, carrying out two subnormal cryptographic calculations to described plaintext P, exporting correct encrypted result;

Fault receiver module, for when carrying out described normal cryptographic calculation, receives described normal cryptographic calculation process by the fault injected once or twice, output error encrypted result;

Result output module, after correct encrypted result and wrong encrypted result input F function, exports the unserviceable null result of assailant.

12. devices according to claim 11, it is characterized in that, in two subnormal cryptographic calculations of described cryptographic calculation module, first time, the encrypted result of normal cryptographic calculation was C, and the encrypted result of the normal cryptographic calculation of second time is C ', and described C is made up of L and R two parts, described C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', the F function definition in described result output module is: $F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L.$

13. devices according to claim 11 or 12, is characterized in that, described fault receiver module specifically for, when carrying out first time normal cryptographic calculation to described plaintext P, receive the fault that this subnormal cryptographic calculation is injected into, output error encrypted result;

When carrying out the normal cryptographic calculation of second time to described plaintext P, export correct encrypted result.

14. devices according to claim 11 or 12, is characterized in that, described fault receiver module concrete also for, described plaintext P is carried out first time normally cryptographic calculation time, export correct encrypted result;

When carrying out the normal cryptographic calculation of second time to described plaintext P, receive the fault that this subnormal cryptographic calculation is injected into, output error encrypted result.

15. devices according to claim 11 or 12, is characterized in that, described fault receiver module concrete also for,

When carrying out first time normal cryptographic calculation to described plaintext P, receive the fault that this subnormal cryptographic calculation is injected into, output error encrypted result;

When carrying out the normal cryptographic calculation of second time to described plaintext P, receive the fault that this subnormal cryptographic calculation is injected into, output error encrypted result.

The decryption device of 16. 1 kinds of block cipher attack protections, is characterized in that, comprising:

Decrypt operation module, for receiving the ciphertext P that need decipher, carrying out twice normal decrypt operation to described ciphertext P, exporting correct decrypted result;

Fault receiver module, for when carrying out described normal decrypt operation, receives described normal cryptographic calculation process by the fault injected once or twice, output error decrypted result;

Result output module, after correct decrypted result and wrong decrypted result input F function, exports the unserviceable null result of assailant.

17. devices according to claim 16, it is characterized in that, in twice normal decrypt operation of described decrypt operation module, first time, the decrypted result of normal decrypt operation was C, and the decrypted result of the normal decrypt operation of second time is C ', and described C is made up of L and R two parts, described C ' is made up of L ' and R ' two parts, i.e. C=L||R, C '=L ' || R ', the F function definition in described result output module is: $F(C,C^{\′})=C^{\′}\⊕L\⊕L^{\′}\⊕R\⊕R^{\′}$ Or $F(C,C^{\′})=C^{\′}\⊕R^{\′}\⊕R$ Or $F(C,C^{\′})=C^{\′}\⊕L^{\′}\⊕L.$

18. devices according to claim 16 or 17, is characterized in that, described fault receiver module specifically for, when carrying out first time normal decrypt operation to described ciphertext P, receive the fault that this normal decrypt operation is injected into, output error decrypted result;

When carrying out the normal decrypt operation of second time to described ciphertext P, export correct decrypted result.

19. devices according to claim 16 or 17, is characterized in that, described fault receiver module concrete also for, described ciphertext P is carried out first time normally decrypt operation time, export correct decrypted result;

When carrying out the normal decrypt operation of second time to described ciphertext P, receive the fault that this normal decrypt operation is injected into, output error decrypted result.

20. devices according to claim 16 or 17, is characterized in that, described fault receiver module concrete also for, described ciphertext P is carried out first time normally decrypt operation time, receive the fault that this normal decrypt operation is injected into, output error decrypted result;

When carrying out the normal decrypt operation of second time to described ciphertext P, receive the fault that this normal decrypt operation is injected into, output error decrypted result.