CN105591739A - Secret key analysis method based on optical Hamming weight - Google Patents

Secret key analysis method based on optical Hamming weight Download PDF

Info

Publication number
CN105591739A
CN105591739A CN201610130026.7A CN201610130026A CN105591739A CN 105591739 A CN105591739 A CN 105591739A CN 201610130026 A CN201610130026 A CN 201610130026A CN 105591739 A CN105591739 A CN 105591739A
Authority
CN
China
Prior art keywords
key
byte
hamming weight
light
aes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610130026.7A
Other languages
Chinese (zh)
Other versions
CN105591739B (en
Inventor
王红胜
徐子言
张阳
陈开颜
李宝晨
陈军广
李建中
吴令安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ordnance Engineering College of PLA
Original Assignee
Ordnance Engineering College of PLA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ordnance Engineering College of PLA filed Critical Ordnance Engineering College of PLA
Priority to CN201610130026.7A priority Critical patent/CN105591739B/en
Publication of CN105591739A publication Critical patent/CN105591739A/en
Application granted granted Critical
Publication of CN105591739B publication Critical patent/CN105591739B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Photometry And Measurement Of Optical Pulse Characteristics (AREA)
  • Complex Calculations (AREA)

Abstract

The invention discloses a secret key analysis method based on an optical Hamming weight. The secret key analysis method comprises the following steps of A-1, establishing a Hamming weight analysis model; A-2, selecting optical leakage points for photon number measurement, namely selecting the input and the output of byte conversion on a cipher chip as two optical leakage acquisition points; B-1, performing analysis on the first byte k0 of the secret key k; and B-2, performing analysis on other bytes of the secret key k, namely repeating the operation of the step B-1 on other bytes of the secret key k until all secret keys are obtained. The optical radiation secret key analysis method has high practical operability for AES cipher chip analysis. Furthermore the secret key analysis method has high realistic meaning in military industries and civil industries.

Description

A kind of key distribution method based on light Hamming weight
Technical field
The present invention relates to electronic information technical field, especially a kind of key distribution method based on light Hamming weight.
Background technology
Light bypass attack is that light radiation characteristic or certain light (laser, ultraviolet ray etc.) while utilizing crypto chip operation is rightThe impact in crypto chip when operation is carried out the novel bypass attack method of one of passive or active attack, light bypass attack to itCan be divided into light radiation analytical attack and light fault injection attacks. Deliver in 1996 and 1999 from Kocher and there is initiative meaningJustice article---since time-based bypass attack and the bypass attack based on power, bypass attack becomes cryptoanalysisA key areas of research. Relevant bypass attack means are (as power consumption analysis attack, electromagnetic radiation attack, fault injection attacksDeng) and various analysis (as template attack, difference analysis etc.) in succession studied. Traditional bypass attack such as power consumption, electromagnetismLeakage of information mainly for whole system is analyzed, along with Emanations Analysis attack in 2008 time is suggested first, and its permissionSelect the specific part of crypto chip hardware to carry out light radiation analysis, what make light radiation analytical attack selectively will outclass meritThe analytical attacks such as consumption, electromagnetism. Attack by choosing crypto chip particular location/region that can to obtain signal to noise ratio extraordinaryLight by-passing signal, this is that the dependent instruction of the crypto chip be mainly concerned about by us due to light leakage signal operates and operatesNumber variation causes generation. But because the huge experiment of the psec imaging circuit analytical system (PICA) in document spends and realityThe complexity of testing, makes light radiation analytical attack not be regarded as real threat at that time. Along with semiconductor technology and applicableThe fast development of the single-photon detecting survey technologies such as silica-based, the indium gallium arsenic of the wave band such as visible ray, near-infrared, superconduction, and light radiation dividesAnalyse the proposition of attacking new research (such as simple optical Emanations Analysis, difference light radiation analysis etc.), in use, low-cost equipment is openedExhibition crypto chip light radiation analytical attack become may and reality. Under such technical background, propose and set up a kind of based onThe crypto chip light radiation analytical method that Hamming weight and photon leakage are counted corresponding relation becomes needs the work of carrying out at present badly.
Related background art data can be with reference to as Publication about Document:
[1]J,KasperM,SeifertJ-P201419thAsiaandSouthPacificDesignAutomationConferenceSingapore,January20-23,2014p780;
[2]J,NedospasovD,SchlosserA,SeifertJ-P2013ConstructiveSide-ChannelAnalysisandSecureDesign(Berlin:Springer-Verlag)p1;
[3]SchlosserA,NedospasovD,J,OrlicS,SeifertJ-P2013J.Cryptogr.Eng.3;
[4]WangHS2015Ph.D.Dissertation(Shijiazhuang:OrdnanceEngineeringCollage)(inChinese)];
[5]KocherP1996CRYPTOCalifornia,August18-22,1996p104;
[6]KocherP,JaffeJ,JunB.1999CRYPTOCalifornia,August15-19,1999p388;
[7]HnathW2010Ph.D.Dissertation(Massachusetts:WorcesterPolytechnicInstitute)(inUSA);
[8]MulderED2010Ph.D.Dissertation(Leuven:KatholiekeUniversiteit)(inTheKingdomofBelgium);
[9]BihamE,ShamirA1997CRYPTOVol.1294,LectureNotesinComputerScience,Springer-VerlagUSA,August1997p513;
[10]WangT,ZhaoXJ,GuoSZ,ZhangF,LiuHY,ZhengTM2012ChineseJournalofComputers35(2)325(inChinese);
[11]KircanskiA,YoussefAM2010AFRICACRYPT2010Stellenbosch,May03-06,2010p261;
[12]FerrignoJ,HlaváM2008IETInfor.Secur.294;
[13]WangYJ,DingT,MaHQ,JiaoRZ2014Chin.Phys.B23(6)060308;
[14]LIANGY,ZENGHP2014Sci.ChinaPhys.Mech.Astron.57(7)1218;
[15]SunZB,MaHQ,LeiM,YangHD,WuLA,ZhaiGJ,FengJ2007ActaPhys.Sin.565790(inChinese);
[16]WangHS,JiDG,GaoYL,ZhangY,ChenKY,ChenJG,WuLA,WangYZ2015ActaPhys.Sin.64(5)058901-1;
[17]ZhangLB,KangL,ChenJ,ZhaoQY,JiaT,XuWW,CaoCH,JinBB,WuPH2011ActaPhys.Sin.60(3)038501LiuY,WuQL,HanZF,DaiYM,GuoGC2010Chin.Phys.B.19(8)080308;
[18]MangardS,OswaldE,PoppT(translatedbyFengDG,ZhouYB,LiuJY)2010PowerAnalysisAttacks(Beijing:SciencePress)pp1-129(inChinese);
[19]HuXD,WeiJF,HuR2011AppliedCryptography(secondedition)(Beijing:ElectronicIndustryPress)pp1-95(inChinese);
[20]BeckerW(translatedbyQuJL)2009AdvancedTime-CorrelatedSinglePhotonCountingTechniques(Beijing:SciencePress)pp1-126(inChinese)。
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of based on middle low-cost equipment, that initiate, light Hamming weightKey distribution method.
For solving the problems of the technologies described above, the technical solution used in the present invention is as follows.
A key distribution method based on light Hamming weight, is applicable to adopt the secret key k of matrix of 4 × 4 bytes to 4 × 4The plaintext matrix d of byteiCarry out the AES AES of the operations such as byte replacement, row displacement, row are obscured, InvAddRoundKey, the methodComprise the steps:
A, fundamental analysis
A-1, Hamming weight analysis: with clear packets diFirst byte di,0For example is set up following analytical model:
H W ( d i , 0 ⊕ k 0 ) = H W ( X i , 0 ) ; H W ( S ( d i , 0 ⊕ k 0 ) ) = H W ( S i , 0 ) ;
Wherein HW () represents Hamming weight, and S () represents the S box map function in aes algorithm process; di,0Represent expressly to divideGroup diFirst byte, k0Represent first byte of primary key k, HW (Xi,0) expression di,0With k0The Hamming being worth after XORWeight; HW (Si,0) expression di,0With k0The Hamming weight being worth after the conversion of S box again after XOR; To known some clear packets diBe encrypted computing, after obtaining respectively under this encryption flow expressly byte and primary key byte xor operation and the conversion of S box graspThe Hamming weight of output valve after doing;
A-2, light leakage point are chosen: corresponding with the analytical model of steps A-1, and byte conversion on selected AES crypto chipInput and output leak collection points as two light;
B, key distribution
B-1, to first byte of key k k0Analyze: the model according to steps A-1 is expressly encrypted also m groupAnalyze corresponding Hamming weight, the number of photons of two light leakage points that acquisition step A-2 selectes simultaneously obtains m bar light radiation mark,When collection, expressly gather n all over averaging to every group; Relation by contrast number of photons and Hamming weight is determined HW (Xi,0) andHW(Si,0) value; Due to plaintext diKnown, can be to first byte of primary key k k0Probable value set analyze; RightIn the k of 80, all possible value has 256 kinds, wherein k0=0,1,2 ... 255, respectively with clear packets di?A byte di,0Carry out XOR, the Hamming weight that filters out XOR result equals HW (Xi,0) key, obtain oneIndividual key probable value set k'0; Again to k0Probable value gathers k'0In each element and di,0The result of XOR is carried out the conversion of S boxOperate, further obtain Hamming weight and the HW (S of the rear value of S box conversioni,0) equal key probable value, further contractedKey probable value set k among a small circle "0; By the screening of above-mentioned two steps, k0Possible key value quantity greatly reduces; If k0Key probable value set k "0Element number be greater than 1, continue to use other different plaintext, repeat above-mentioned two steps behaviourDo, to the key probable value set k obtaining "0The key probable value set k definite with upper plaintext "0The computing that seeks common ground, producesRaw new key probable value set, until the element number of key probable value set is 1, draws key k0
B-2, other bytes of key k are analyzed: by other byte of key k being repeated to the behaviour of step B-1Do, until draw whole keys.
As a preferred technical solution of the present invention, in steps A-2, the conversion of described byte be input as AES theOne takes turns the output of the xor operation before circulation, is also the output of key add operation; Described byte conversion is output as first round SThe output of box conversion.
As a preferred technical solution of the present invention, in step B-1, the value of m is 2 or 3; N value is greater than 5 and pass throughAsk for the interference that average reduces the electronic noise that is normal distribution.
As a preferred technical solution of the present invention, in step B-2, many groups byte is analyzed simultaneously or divided successivelyAnalyse, until draw whole keys.
The beneficial effect that adopts technique scheme to produce is: light when the present invention moves according to crypto chip firstRadiation mark and data dependency thereof have proposed a kind of simple and effective code core for Advanced Encryption Standard (AES) AESSheet light radiation analytical method; Light leakage characteristics while operation according to crypto chip, utilizes time-correlated single photon counting t to takeBuild light radiation analytical attack experiment porch, carried out InvAddRoundKey for the first time at AES AES and operate rear and byte replacement behaviourAfter work, carry out respectively the collection of light leakage signal, to based on operand Hammingweight and AES crypto chip leak light subnumberThe validity of the key distribution attack method of corresponding relation is verified, by selecting several groups expressly successfully to crack AESThe key of AES; Experimental result shows, when the leakage number of photons of crypto chip and the Hamming weight of operand are proximal lineWhen sexual intercourse, this kind of light radiation key distribution attack method has very high actual operability to the parsing of AES crypto chip.The present invention is all of great practical significance for China's military and civilian industry.
Brief description of the drawings
Fig. 1 is that the average light of 9 kinds of different Hamming weights of R7 register in embodiment 3 is leaked scattergram and linear fit knot thereofReally.
Fig. 2 is the state matrix of AES cryptographic algorithm in embodiment 4 and the schematic diagram of light leakage point (median) thereof; AES isThe iterative type block cipher that a block length of U.S. UIST approval is 128-bit, it is for 4 × 4 bytesExpressly matrix operates, and is called state matrix; It uses the clear packets of 128-bit secret key encryption 128-bit, data and closeKey all uses the byte matrix of 4 × 4, except last take turns do not comprise row obscure operation, each circulation comprises four notWith step (byte is replaced, row displacement, row are obscured, InvAddRoundKey), in addition in the first round road wheel key add operation of advancing; ?In whole ciphering process, primary key is for the InvAddRoundKey operation before opening rotation, and the round key circulating is below by initially closeKey is derivative to be obtained.
Fig. 3 is the average leaked track diagram of 9 kinds of Hamming weights of R7 register in embodiment 7.
Detailed description of the invention
Embodiment 1, crypto chip light radiation mark composition
Light radiation mark is in crypto chip running, utilizes the light of single-photon detector and the sampling of photon logging modleThe distribution of subnumber in time domain, it is the function of light leakage signal intensity and time, has reflected the password in runningThe photon leak case of chip on each time point. In light radiation mark, both comprised for cracking key Useful Information, also bagContain partial noise signal. Efficiency and the accuracy of key distribution have been determined to a great extent for the processing of noise signal. LightThe signal that radiation mark is put is sometime composed as follows:
P=Pop+Pda+Pco+Pno,(1)
In formula (1), P is any photon leakage total amount of light radiation mark, PopFor the operation of this point relies on component, PdaFor the data dependence component of this point, PnoElectronic noise, PcoIt is a constant component. Wherein, PopAnd PdaDuring light radiation is analyzedMost important component, especially Pda, this is because light radiation analytical attack is mainly the light spoke of crypto chip while having utilized operationPenetrate mark and depend on the data of computing and the processing of its execution, carry out different operations and process different data, can cause producingDifferent light radiation marks. Electronic noise PnoMainly formed by quantize noise, external environment condition interference, power supply and clocking noise etc.,The light radiation mark that it causes crypto chip to gather constant in the situation that in working procedure and deal with data still there will be difference. ForImprove signal to noise ratio reduce the impact of electronic noise on analysis efficiency, on the one hand, can adopt TCSPC (time correlation monochromatic lightSon counting, lower same) technical notes photon, it has the quantize noise less than analog signal record technology; On the other hand, because ofFor PnoNormal Distribution N (0, σ2), for making desired value be tending towards 0, can carry out repeatedly light signal collection, with what averageMethod reduces electronic noise impact. PcoMainly by not having related transistor conversion to cause with working procedure and deal with data, be commonly considered as a constant.
Embodiment 2, crypto chip optical radiation signal simulation model
Carry out crypto chip light radiation analytical attack, often the operand of instruction or its variation need to be mapped as to photonThe quantity of leaking. For certain attack, what assailant was concerned about is the difference between the light radiation mark that obtains of Multi simulation running,Its absolute value there is no practical significance in analytical attack, and therefore, the simulation model that assailant adopts is fairly simple, conventional two classes fourPlant model, multivariate model: Hamming weight model (Hamming-WeightModel), Hamming distance model (Hamming-DistanceModel), binary model: bit model (Bitmodel), null value model (ZeroModel). When actual attackAdopt any simulation model, need to be according to object of attack (data) Variation Features, the realization side of crypto chip to cryptographic algorithmThe use of formula (software realization, hardware are realized), attack method etc. is selected flexibly.
Make X, Y represent two n bits, can regard respectively X and Y as a bit vector with n element(bitvector),X,Y∈{0,1}n;xiAnd yiRespectively the i bit of X and Y, xi∈{0,1},yi∈{0,1},i∈[0,n-1]。
Hamming weight model: this model hypothesis crypto chip photon leakage quantity and processed data institute binary equivalentEverybody number of " 1 " be directly proportional. Use HW (X) to represent the Hamming weight of X, have:
H W ( X ) = Σ i = 0 n - 1 x i , - - - ( 2 )
Hamming distance model: two data institutes of this model hypothesis crypto chip photon leakage quantity and the priority being converted etc.The each corresponding binary digit " 1 " of effect binary number converts the sum that " 0 " and " 0 " convert " 1 " to and is directly proportional. The Hamming of value X and YDistance can be expressed as (⊕ represents xor operation):
H D = H W ( X ⊕ Y ) = Σ i = 1 n - 1 x i ⊕ y i , - - - ( 3 )
While using Hamming distance model to carry out crypto chip light radiation emulation, the hypothesis that need to make is: for binary systemNumerical digit, all " 0 " change " 1 " conversions are identical for the contribution of photon leakage with " 1 " change " 0 " conversion.
If each binary digit of X is " 0 ", i.e. X=0, so, in this case, X is transformed to Y, the Hamming weight of YThe Hamming distance model that amount model and X are transformed to Y is of equal value, i.e. HW (Y)=HD (X, Y).
Bit model: bit model is very simple, for value X, a certain position of its binary equivalent, is called a certain ratioSpecial (bit). This model hypothesis crypto chip photon leakage quantity and processed data institute binary equivalent are appointed a certainThe value of position is directly proportional. For example, only consider the lowest order x of X0, its bit model is HW (x0)=x0
Null value model: this model hypothesis is processed the needed photon leakage of numerical value 0 and is less than all other nonzero values of processing.The null value model of X is:
Z V ( X ) = 0 , X = 0 1 , X ≠ 0 , - - - ( 4 )
In fact, above-mentioned model is that the photon that processed data object is caused when the enterprising row operation of crypto chip is let outLeak the relative valuation of one and the simulation of quantity, specifically adopt any model, except said points for attention above, also need withConcrete challenge model combines. For the challenge model for aes algorithm crypto chip, the point of attack of aes algorithm (let out by lightLeak source) be typically chosen in the InvAddRoundKey output/S box output of the aes algorithm first round or last takes turns the input of S box, if pinRight is that byte analysis is attacked, and can select Hamming weight model or Hamming distance model.
The data dependency of embodiment 3, crypto chip light radiation mark
Crypto chip is carried out to light radiation analytical attack, the data dependence component in our major concern light radiation mark. ForObtain the light leakage feature that crypto chip AT89C52 carries out same instructions and operates different pieces of information, we allow chip carry out instructionMOVR7, A, utilizes the measurement configuration based on TCSPC technology, and silica-based single-photon detector is posted by the R7 of optical fiber align chipStorage, gathers the light leakage signal of R7 register. In our research, with reference to Hamming simulation model, change R7 at every turnBefore register value, first R7 value is set to 00 (hexadecimal, lower same), and making the each conversion of R7 register value is all to transform to from 00Certain numerical value; Then R7 value is changed into respectively to 00,01,03,07,0F, 1F, 3F, 7F, FF, corresponding register R7 overturns successively0-8 position (binary system). Therefore,, in this experiment, the Hamming weight of R7 register value is identical with Hamming distance. Experiment knotFruit shows, as shown in Figure 1, register R7 conversion figure place is more, and leak light subnumber is more, data variation (binary number everybodyChange) there is correlation with crypto chip photon leakage. Meanwhile, Fig. 1 experimental result shows, the light of crypto chip leaks with R7 to be posted9 kinds of different Hamming weight Existence dependency relationships of storage value, the Hamming weight that R7 register value is different, the number of photons of its leakage is notWith, both present approximate linear relationship. This result is most important, this means if collected R7 register and revealsNumber of photons, according to the size of its value, can judge the Hamming weight of R7 register value. Because R7 register value is individual 8 twoSystem number, its value has 256 kinds of possibilities, if know its Hamming weight, just can dwindle hunting zone, sets up one and its HammingThe set of the probable value of weight-matched. This is also that the AES light radiation of counting corresponding relation based on Hamming weight and photon leakage is analyzedTheory and the experiment basis attacked.
Embodiment 4, aes algorithm and light leak point (median) are chosen
AES is the iterative type block cipher that a block length of U.S. UIST approval is 128-bit, and it is for oneThe plaintext matrix of individual 4 × 4 bytes operates, and is called state matrix. According to the length of key be 128-bit, 192-bit or256-bit, is called AES-128, AES-192 or AES-256. For AES-128 ten takes turns circulation AES, it makesBy the clear packets of 128-bit secret key encryption 128-bit, data and key all use the byte matrix of 4 × 4, exceptRear one takes turns and does not comprise that row obscure outside operation, each circulation comprise four different steps (byte is replaced, row displacement, row are obscured, wheelKey adds), in addition, in the first round road wheel key add operation of advancing. In whole ciphering process, primary key is for opening rotationFront InvAddRoundKey operation, the round key circulating below obtains by initial key is derivative.
Fig. 2 has provided light radiation analytical attack aes algorithm light leakage point (certain of aes algorithm or certain several median)Choose, it represents InvAddRoundKey (essence is XOR) operation and first round byte before the AES-128 AES first round circulatesReplace the flow process of (being called again the conversion of S box) operation. In this ciphering process, primary key k is constant, chooses respectively byte conversionInput (output of InvAddRoundKey) and output (being S box conversion output) are leaked collection point as two light.
To known some clear packets di(i=0,1,2 ...) be encrypted computing, can obtain respectively this encryption streamUnder journey expressly after first byte and first byte xor operation of primary key with the map function of S box after the Hamming weight of output valveAmount:
H W ( d i , 0 ⊕ k 0 ) = H W ( X i , 0 ) , - - - ( 5 )
H W ( S ( d i , 0 ⊕ k 0 ) ) = H W ( S i , 0 ) , - - - ( 6 )
Here use HW () to represent Hamming weight, S () represents the S box map function in above-mentioned aes algorithm process. Formula (5)Middle di,0Represent clear packets diFirst byte, k0Represent first byte of primary key k, HW (Xi,0) expression di,0With k0The Hamming weight being worth after XOR; HW (S in formula (6)i,0) expression di,0With k0The Hamming weight being worth after the conversion of S box again after XORAmount.
Embodiment 5, the AES key analysis of counting corresponding relation based on Hamming weight and photon leakage
At plaintext diUnder the prerequisite of known, key k the unknown, implement the analytical attack to key k. First to key k firstIndividual byte k0Analyze. Gather the number of photons of above-mentioned two the light leakage points of AES crypto chip, by contrast number of photons and Hamming weightRelation, determine HW (Xi,0) and HW (Si,0) value. Due to plaintext diKnown, below just can to primary key k firstByte k0Probable value set analyze (conjecture). For the k of 80, all possible value has 256 kinds of (k0=0,1,2 ... 255), respectively with clear packets diFirst byte di,0Carry out XOR, filter out XOR resultHamming weight equals HW (Xi,0) key, obtain a key probable value set k'0; Again to k0Probable value (set k'0In eachElement) and di,0The result of XOR is carried out the map function of S box, further obtains Hamming weight and the HW (S of the rear value of S box conversioni,0)Equal key probable value, the key probable value set k further being reduced the scope "0. Now, by above-mentioned two stepsScreening, k0Possible key value quantity greatly reduces. If k0Key probable value set k "0Element number be greater than 1,Continue to use other different plaintext, repeat above-mentioned two step operations, to the key probable value set k obtaining "0With upper brightThe key probable value set k that literary composition is definite "0The computing that seeks common ground, produces new key probable value set, until key probable valueThe element number of set is 1, just can draw key k0, 2 of the general needs of whole process or 3 plaintexts just can be determinedKey k0. By that analogy, by other byte of key k and other corresponding byte of plaintext are repeated to aforesaid operations, canRecover whole keys.
The hardware configuration of embodiment 6, AES crypto chip light radiation analytical attack
Taking AT89C52 crypto chip as chip to be measured, move AES AES thereon. In order better light to be leakedSignal is surveyed, and need to hack processing to AT89C52 crypto chip, mainly uses the side of mechanical grinding and chemical attackMethod is processed chip to be measured. Bibliography [4,16], has used the crypto chip light leakage measuring instrumentation configuration based on TCSPC,Whole experimental provision is mainly by TCSPC optical signal logging modle, single-chip microcomputer, main control computer, analysis processing computer, listThe compositions such as photon detector (SPAD), two phase inverters and two attenuators.
Main control computer sends dependent instruction by RS232 serial port to single-chip microcomputer, with control its carry out relative program andData processing; Analysis processing computer is mainly preserved the processing such as line correlation format conversion of going forward side by side of light radiation mark; TCSPC module is mainFor receiving the output of single-photon detector, complete crypto chip and leak the counting of photon and form light radiation mark in the time of operation,For the analyzing and processing in later stage is prepared; Use silica-based SPAD single-photon detector, its scope of catching photon wavelength be 400 to1060nm, has higher collecting efficiency to visible ray.
Embodiment 7, set up Hamming weight and leak light subnumber corresponding relation
In the time that crypto chip is carried out identical instruction and operated different data, the light of crypto chip leaks and operandThe Hamming weight of (for example value of R7 register) exists linear approximate relationship. For implementing based on Hamming weight and revealing number of photonsThe AES crypto chip light radiation analytical attack of corresponding relation, needs model operand Hamming weight and crypto chip to revealThe corresponding relation of number of photons. Specific experiment process is: taking R7 data register as tested object, and operation MOVR7, A instruction is carried outLight leakage analyzing, whole process allows the position of R7 data register on optical fiber and lens alignment crypto chip, and operating voltage is selectedThe magnitude of voltage of 6.4V, the tested code of core is as follows, and the time is 4 μ s:
NOP1μs
MOVR7,A1μs
XRLP1,#08H2μs
The single time cycle of setting TCSPC module in experiment is 5 μ s, and be 4 μ s actual effective period, each collection weekInterim optical signal is distributed in 4096 time channels according to the priority of the time of advent, because needs are set up operand R7 registerThe Hamming weight of value and the corresponding relation of revealing number of photons need to carry out clear operation to it before sending into numerical value to R7 register(the tested code of above-mentioned core does not comprise this instruction). Each sample is carried out to repeated acquisition ten minutes. For R7 register,Data file layout is the binary number of 8, and separate between everybody, therefore possible values has 28=256 kinds, its ChineseBright weight have 9 kinds may (0,1,2,3,4,5,6,7,8). In experiment, these 256 kinds of values are delivered to respectively R7 register by we,256 values are sent respectively 2 times, therefore, in experiment, altogether gathered 512 light radiation mark samples. According to R7 register data HammingThe value of weight averages processing to each light radiation mark, the time channel relevant to R7 data processing in selective light radiation mark(1119 time channel to 1122 time channel), amplifies processing to it and obtains Fig. 3. As shown in the figure, can obviously find out the timeThe photon in passage 1120 to 1121 intervals is revealed the situation that quantity changes with the different Hamming weights of operand R7, from upperDown, 9 Hamming weights corresponding to light radiation mark are 8,7,6,5,4,3,2,1,0 successively, along with operand R7 Hamming weightIncrease, the number of photons that crypto chip leaks increases. Effect comparatively significantly time channel is 1120 passages, thus taking 1120 passages asReference time point, therefrom we can obtain the Hamming weight of operand R7 and the corresponding relation of leak light subnumber, as following table instituteShow.
The corresponding relation of Hamming weight value and leak light subnumber
Embodiment 8, by selecting AES light radiation analytical attack expressly
Shown in following table (with hexadecimal representation, other decimally represents except expressly), expressly just can by 2 groupsObtain the first byte of key. In experiment, use R7 register to preserve in AES encryption flow, not share the same light shown in Fig. 22 of leak pointMedian (result of the result of XOR and the conversion of S box), collects respectively d by experiment0And d1Article two, the first byte of plaintext (is divided0x00 and the 0xAA of hexadecimal representation) after XOR, convert rear number of photons of leaking with S box, according to above-mentioned letting out of providingThe corresponding relation of light leak subnumber and Hamming weight, obtains the Hamming weight value of its corresponding median (leak point), and then sieves respectivelySelect two the key probable values set reducing the scope, italic overstriking is the lap of two key probable values set.
By selecting AES light radiation analytical attack expressly
Then, to two two key probable values set that expressly first byte obtain through above-mentioned processing fortune that seeks common groundCalculate, first byte that can determine key is decimal number 93, and its hexadecimal representation is " 0x5d ".
According to the method described above, byte below is expressly carried out to similar processing, can obtain complete key.
In fact, above-mentioned crypto chip light radiation analytical method of counting corresponding relation based on Hamming weight and photon leakage alsoCan further optimize. For 2 medians in the encryption flow of AES shown in Fig. 2 (result of the result of XOR and the conversion of S box)Hamming weight, as certain byte k of process key kiTime, consider extreme case, for example the Chinese of xor operation resultBright weight is 0 or 8, and so, a plaintext is just enough to crack the corresponding byte of key, and this can greatly dwindle hunting zone.
In sum, between the light radiation mark of the crypto chip of running status and processed operand, exist relevantProperty, i.e. the data dependency of so-called light radiation mark. By means of Hamming simulation model, when crypto chip is revealed number of photons and operationThe Hamming weight of number is while being linear approximate relationship, can adopt based on operand Hamming weight and leak light subnumber corresponding relationKey distribution method is implemented AES crypto chip light radiation analytical attack. Our research shows, selects aes algorithm different for the first timeOr after and S box convert after result as median and light leakage signal collection point, by 2 or many known-plaintexts, in conjunction withHamming weight and leak light subnumber corresponding relation, the Hamming weight of the relevant median of acquisition, just can instead push away and crack key, realThe tested result verification feasibility of method and the correctness of key.
Foregoing description only proposes as the enforceable technical scheme of the present invention, not single as to its technical scheme itselfRestrictive condition.

Claims (4)

1. the key distribution method based on light Hamming weight, is applicable to adopt the secret key k of matrix of 4 × 4 bytes to 4 × 4 wordsThe plaintext matrix d of jointiThe AES AES that carries out the operations such as byte replacement, row displacement, row are obscured, InvAddRoundKey, its feature existsIn: the method comprises the steps:
A, fundamental analysis
A-1, Hamming weight analysis: with clear packets diFirst byte di,0For example is set up following analytical model:
H W ( d i , 0 ⊕ k 0 ) = H W ( X i , 0 ) ; H W ( S ( d i , 0 ⊕ k 0 ) ) = H W ( S i , 0 ) ;
Wherein HW () represents Hamming weight, and S () represents the S box map function in aes algorithm process; di,0Represent clear packets diFirst byte, k0Represent first byte of primary key k, HW (Xi,0) expression di,0With k0The Hamming weight being worth after XOR;HW(Si,0) expression di,0With k0The Hamming weight being worth after the conversion of S box again after XOR; To known some clear packets diAddClose computing, obtain respectively under this encryption flow expressly after byte and primary key byte xor operation with the map function of S box after defeatedGo out the Hamming weight of value;
A-2, light leakage point are chosen: corresponding with the analytical model of steps A-1, on selected AES crypto chip, byte conversion is defeatedEnter and export as two light and leak collection point;
B, key distribution
B-1, to first byte of key k k0Analyze: according to the model of steps A-1, m group be expressly encrypted and divide phase separationThe Hamming weight of answering, the number of photons of two light leakage points that acquisition step A-2 selectes simultaneously obtains m bar light radiation mark, when collectionExpressly gather n all over averaging to every group; Relation by contrast number of photons and Hamming weight is determined HW (Xi,0) and HW(Si,0) value; Due to plaintext diKnown, can be to first byte of primary key k k0Probable value set analyze; For 8The k of position0, all possible value has 256 kinds, wherein k0=0,1,2 ... 255, respectively with clear packets diFirstByte di,0Carry out XOR, the Hamming weight that filters out XOR result equals HW (Xi,0) key, obtain one closeKey probable value set k'0; Again to k0Probable value gathers k'0In each element and di,0The result of XOR is carried out the map function of S box,Further obtain Hamming weight and the HW (S of the rear value of S box conversioni,0) equal key probable value, further reduced the scopeKey probable value set k "0; By the screening of above-mentioned two steps, k0Possible key value quantity greatly reduces; If k0Key canEnergy value set k "0Element number be greater than 1, continue to use other different plaintext, repeat above-mentioned two steps operations, toThe key probable value set k arriving "0The key probable value set k definite with upper plaintext "0The computing that seeks common ground, produces newThe set of key probable value, until the element number of key probable value set is 1, draws key k0
B-2, other bytes of key k are analyzed: by other byte of key k being repeated to the operation of step B-1, straightTo drawing whole keys.
2. the key distribution method based on light Hamming weight according to claim 1, is characterized in that: in steps A-2, and instituteState the output that is input as the xor operation before the circulation of the AES first round of byte conversion, be also the defeated of key add operationGo out; Described byte conversion is output as the output of first round S box conversion.
3. the key distribution method based on light Hamming weight according to claim 1, is characterized in that: in step B-1, and mValue be 2 or 3; N value is greater than 5 and reduce by asking for average the interference of electronic noise that is normal distribution.
4. the key distribution method based on light Hamming weight according to claim 1, is characterized in that: in step B-2, rightMany group bytes are analyzed simultaneously or are analyzed successively, until draw whole keys.
CN201610130026.7A 2016-03-08 2016-03-08 A kind of key distribution method based on light Hamming weight Expired - Fee Related CN105591739B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610130026.7A CN105591739B (en) 2016-03-08 2016-03-08 A kind of key distribution method based on light Hamming weight

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610130026.7A CN105591739B (en) 2016-03-08 2016-03-08 A kind of key distribution method based on light Hamming weight

Publications (2)

Publication Number Publication Date
CN105591739A true CN105591739A (en) 2016-05-18
CN105591739B CN105591739B (en) 2018-07-31

Family

ID=55931015

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610130026.7A Expired - Fee Related CN105591739B (en) 2016-03-08 2016-03-08 A kind of key distribution method based on light Hamming weight

Country Status (1)

Country Link
CN (1) CN105591739B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113824549A (en) * 2021-08-30 2021-12-21 中国人民解放军海军工程大学 System and method for reducing information leaked by block cipher bypass
CN113965324A (en) * 2021-12-07 2022-01-21 国家信息技术安全研究中心 Private key recovery method and system for realizing modular reduction attack based on RSA-CRT (rivest-Shamir-Adleman-Critical) of template

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103138917A (en) * 2013-01-25 2013-06-05 国家密码管理局商用密码检测中心 Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input
CN103227717A (en) * 2013-01-25 2013-07-31 国家密码管理局商用密码检测中心 Application of selecting round key XOR input to perform side-channel power analysis of SM4 cryptographic algorithm
CN103825722A (en) * 2013-11-19 2014-05-28 国家密码管理局商用密码检测中心 Second order side channel energy analysis method for SM4 cipher algorithm
CN104836666A (en) * 2015-04-20 2015-08-12 成都信息工程学院 Power analysis attack method for SM2 decryption algorithm
CN104868990A (en) * 2015-04-15 2015-08-26 成都信息工程学院 Template attack method in allusion to SM4 cipher algorithm round output

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103138917A (en) * 2013-01-25 2013-06-05 国家密码管理局商用密码检测中心 Application method of Hamming distance model on SM4 cryptographic algorithm lateral information channel energy analysis and based on S box input
CN103227717A (en) * 2013-01-25 2013-07-31 国家密码管理局商用密码检测中心 Application of selecting round key XOR input to perform side-channel power analysis of SM4 cryptographic algorithm
CN103825722A (en) * 2013-11-19 2014-05-28 国家密码管理局商用密码检测中心 Second order side channel energy analysis method for SM4 cipher algorithm
CN104868990A (en) * 2015-04-15 2015-08-26 成都信息工程学院 Template attack method in allusion to SM4 cipher algorithm round output
CN104836666A (en) * 2015-04-20 2015-08-12 成都信息工程学院 Power analysis attack method for SM2 decryption algorithm

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113824549A (en) * 2021-08-30 2021-12-21 中国人民解放军海军工程大学 System and method for reducing information leaked by block cipher bypass
CN113824549B (en) * 2021-08-30 2023-06-16 中国人民解放军海军工程大学 System and method for reducing leakage information of block cipher bypass
CN113965324A (en) * 2021-12-07 2022-01-21 国家信息技术安全研究中心 Private key recovery method and system for realizing modular reduction attack based on RSA-CRT (rivest-Shamir-Adleman-Critical) of template

Also Published As

Publication number Publication date
CN105591739B (en) 2018-07-31

Similar Documents

Publication Publication Date Title
Sun et al. MILP‐aided bit‐based division property for primitives with non‐bit‐permutation linear layers
Guo et al. Shadow: A lightweight block cipher for IoT nodes
CN103647637B (en) A kind of SM4 algorithm to simple mask carries out second order side channel energy and analyzes method
CN103825722B (en) Second order side channel energy analysis method for SM4 cipher algorithm
CN102201914B (en) Secret communication method based on multi-dimensional single/multi-parameter four-weighted fractional Fourier transform
CN103258312B (en) There is the digital image encryption method of fast key stream generting machanism
CN102388563A (en) Cryptography circuit particularly protected against information-leak observation attacks by the ciphering thereof
CN103532973A (en) Differential power attack testing method for DES (data encryption standard) algorithm circuit
CN104301088A (en) Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method
Mansouri et al. A novel block-based image encryption scheme using a new Sine powered chaotic map generator
CN106656459A (en) Side channel energy analysis method and device for SM3-HMAC
Hu et al. Quantum image encryption scheme based on 2d s ine 2-l ogistic chaotic map
CN105591739A (en) Secret key analysis method based on optical Hamming weight
Hu et al. An effective differential power attack method for advanced encryption standard
Vahi et al. SEPAR: A new lightweight hybrid encryption algorithm with a novel design approach for IoT
CN105812121B (en) A kind of highly stylized key efficient analysis method
CN105812122B (en) The method for establishing crypto chip Hamming weight and light radiation correlativity
Albahrani et al. New secure and efficient substitution and permutation method for audio encryption algorithm
Ravi et al. On threat of hardware trojan to post-quantum lattice-based schemes: a key recovery attack on saber and beyond
Li et al. Fault analysis study of the block cipher FOX64
Cheon et al. Cryptanalyses of branching program obfuscations over GGH13 multilinear map from the NTRU problem
Hu et al. Cross-Subkey Deep-Learning Side-Channel Analysis.
Marzougui et al. On the feasibility of single-trace attacks on the Gaussian sampler using a CDT
Joshi et al. SPSA: Semi-Permanent Stuck-At fault analysis of AES Rijndael SBox
Müller et al. Low-latency hardware masking of PRINCE

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180731

Termination date: 20190308

CF01 Termination of patent right due to non-payment of annual fee