CN106161022A - Anti-attack method based on ECC crypto module and device - Google Patents
Anti-attack method based on ECC crypto module and device Download PDFInfo
- Publication number
- CN106161022A CN106161022A CN201510149100.5A CN201510149100A CN106161022A CN 106161022 A CN106161022 A CN 106161022A CN 201510149100 A CN201510149100 A CN 201510149100A CN 106161022 A CN106161022 A CN 106161022A
- Authority
- CN
- China
- Prior art keywords
- parameter
- data
- operational order
- crypto module
- computing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a kind of anti-attack method based on ECC crypto module and device.Described method includes: when performing to first condition jump instruction, the 3rd data are performed the first operational order;Described first condition jump instruction includes: at the bit d of input private keyiWhen=0, the first data are performed the first operational order, otherwise, the second data is performed described first operational order;Wherein: at diWhen=0, described first operational order parameter when performing described 3rd data is identical with parameter when performing described first data;At diWhen=1, parameter when described 3rd data are performed by described first operational order is identical with parameter when performing described second data.Apply described method to be possible to prevent assailant to attack based on ECC crypto module by analyzing power consumption difference, improve described safety based on ECC crypto module.
Description
Technical field
The present invention relates to technical field of data security, based on ECC crypto module anti-attack particularly to a kind of
Hit method and device.
Background technology
Elliptic curve cryptosystem (Elliptic Curve Cryptosystem, ECC) is based on elliptic curve
A kind of public-key cryptosystem of mathematics.Relative to the most general public-key cryptosystem, it can be shorter
Key provides the safety of greater degree.
Crypto module based on ECC, during the private key inputted is carried out computing, needs to call two and enters
Algorithm for Scalar Multiplication processed carries out repeatedly binary point multiplication.Every time during binary point multiplication, due to
Existence condition jump instruction, i.e. according to the difference of private key bit value, performs different flow processs, causes
Corresponding energy mark is different.Therefore, assailant, when attacking crypto module based on ECC, can use
The attack meanses such as simple power consumption analysis, by distinguishing the difference of energy mark corresponding to private key difference bit,
Crack out private key.
At present, in order to resist the attack meanses such as simple power consumption analysis, occur in that substantial amounts of means of defence, example
As, in binary point multiplication algorithm, nesting point arithmetic of rational point or Montgomery Algorithm for Scalar Multiplication the most again support
Attack resistance.But, when implementing, use the binary point multiplication algorithm of above-mentioned means of defence still can not
Need the execution that the value deciding section according to private key bit instructs with avoiding, assailant is by analyzing private
The nuance of the energy mark that key difference bit is corresponding, remains to crack out private key.
Summary of the invention
The present invention solve problem be how to prevent assailant pass through district analyze private key difference bit corresponding
The nuance of energy mark and crack private key.
For solving the problems referred to above, the embodiment of the present invention provides a kind of attack protection side based on ECC crypto module
Method, described method includes:
When performing to first condition jump instruction, the 3rd data are performed the first operational order;Described
One conditional jump instructions includes: at the bit d of input private keyiWhen=0, the first data are performed the first fortune
Calculate instruction, otherwise, the second data are performed described first operational order;Wherein: at diWhen=0, described
First operational order parameter when described 3rd data are performed and ginseng when described first data are performed
Number is identical;At diWhen=1, described first operational order is to parameter during described 3rd data execution and to institute
State parameter when the second data perform identical;I is positive integer.
Alternatively, described first operational order parameter when performing described 3rd data, equal to described
When described second data to parameter corresponding during described first data execution and are performed by the first operational order
Parameter at least one with described diCarry out the result after computing.
Alternatively, described first operational order parameter when performing described 3rd data includes: first
Parameter and the second parameter, the parameter correspondence when performing described second data includes: the 3rd parameter and the
Four parameters, the parameter correspondence when performing described first data includes: the 5th parameter and the 6th parameter,
Described first parameter is equal at least one in described 3rd parameter and the 5th parameter and described diCarry out computing
After result, described second parameter equal at least one in described 4th parameter and the 6th parameter with described
diCarry out the result after computing.
Alternatively, described first parameter is equal to the difference of described 3rd parameter and the 5th parameter and described diTake advantage of
Amass and sue for peace with the 5th parameter again.
Alternatively, described second parameter is equal to the difference of described 4th parameter and the 6th parameter and described diTake advantage of
Amass and sue for peace with the 6th parameter again.
Alternatively, described first operational order include following any one: modular multiplication instruct, mould adds computing
Instruction and mould subtract operational order.
The embodiment of the present invention additionally provides a kind of attack protection device based on ECC crypto module, described device
Including:
Judging unit, is used for judging whether to perform to first condition jump instruction, and described first condition redirects
Instruction includes: at the bit d of input private keyiWhen=0, the first data are performed the first operational order, no
Then the second data being performed described first operational order, wherein, i is positive integer;
3rd data, for when performing to first condition jump instruction, are performed the first fortune by performance element
Calculate instruction;Wherein: at di=0, described first operational order parameter when described 3rd data are performed
Identical with parameter when described first data are performed;At diWhen=1, described first operational order is to described
Parameter when 3rd data perform is identical with parameter when performing described second data.
Alternatively, described first operational order parameter when performing described 3rd data, equal to described
When described second data to parameter corresponding during described first data execution and are performed by the first operational order
At least one in corresponding parameter and described diCarry out the result after computing.
Alternatively, described first operational order parameter when performing described 3rd data includes: first
Parameter and the second parameter, the parameter correspondence when performing described second data includes: the 3rd parameter and the
Four parameters, the parameter correspondence when performing described first data includes: the 5th parameter and the 6th parameter,
Described first parameter is equal at least one in described 3rd parameter and the 5th parameter and described diCarry out computing
After result, described second parameter equal at least one in described 4th parameter and the 6th parameter with described
diCarry out the result after computing.
Alternatively, described first parameter is equal to the difference of described 3rd parameter and the 5th parameter and described diTake advantage of
Amass and sue for peace with the 5th parameter again.
Alternatively, described second parameter is equal to the difference of described 4th parameter and the 6th parameter and described diTake advantage of
Amass and sue for peace with the 6th parameter again.
Alternatively, described first operational order include following any one: modular multiplication instruct, mould adds computing
Instruction and mould subtract operational order.
Compared with prior art, whether embodiments of the invention have the advantage that by performing to
One conditional jump instructions judges, and when performing to first condition jump instruction, holds the 3rd data
Row the first operational order, and first condition jump instruction need not be performed, can be inherently eliminated because of private key
The difference that the instruction that the difference of bit value is caused performs, the most just can avoid consequent power consumption
Difference, therefore it is possible to prevent assailant to attack based on ECC crypto module by analyzing above-mentioned power consumption difference
Hit, improve described safety based on ECC crypto module.
Accompanying drawing explanation
Fig. 1 is the flow chart of anti-attack method based on ECC crypto module in the embodiment of the present invention;
Fig. 2 is the structural representation of attack protection device based on ECC crypto module in the embodiment of the present invention.
Detailed description of the invention
Crypto module based on ECC, during the private key inputted is carried out computing, needs according to private key
Bit length and call binary point multiplication algorithm and carry out taking turns computing more, wherein, each take turns computing for private
One bit of key is carried out.
Under normal circumstances, binary point multiplication algorithm can include point doubling and point add operation, to private key
A bit diWhen carrying out computing, at diWhen=0, only do a point doubling and can complete this and take turns computing,
And at diWhen=1, after finishing a point doubling, in addition it is also necessary to try again point add operation, just can complete this
The computing of wheel.It is to say, private key bit diValue have decided on whether perform point add operation, and
Point doubling and the execution sequence of point add operation.Owing to described crypto module is performing point add operation and times point
Power consumption during computing is different, and therefore, assailant often can use the means such as simple power consumption analysis, to institute
State crypto module to be analyzed in the power consumption often taking turns in calculating process, finally crack out private key.
In order to resist the attack meanses such as simple power consumption analysis, generally in binary point multiplication algorithm, nesting is always
Point arithmetic of rational point or Montgomery Algorithm for Scalar Multiplication complete the computing of bit a certain to private key again.Either
In binary point multiplication algorithm, nesting point arithmetic of rational point or Montgomery Algorithm for Scalar Multiplication the most again, the most permissible
Make each to take turns computing after having performed point doubling, perform point add operation, and need not be according to private key bit
The value of position decides whether to perform point add operation and point doubling and the execution sequence of point add operation, from
And the power consumption difference thus caused can be reduced, it is effective against the attack of assailant.
In being embodied as, binary point multiplication algorithm is typically the hardware elementary operation relevant by software scheduling
Unit realizes, although always in binary point multiplication algorithm nested some arithmetic of rational point again or cover brother
Horse profit Algorithm for Scalar Multiplication, but, always realize again relying on the hardware basic processing unit that software scheduling is relevant
When point arithmetic of rational point or Montgomery Algorithm for Scalar Multiplication, the parameter of fractional hardware basic processing unit remains a need for
Value according to private key bit determines, i.e. still suffers from conditional jump instructions, thus causes often taking turns computing
Execution still suffer from subtle difference.Therefore, assailant often takes turns computing by analyzing binary point multiplication algorithm
The nuance performed, still can crack out private key.
For the problems referred to above, The embodiment provides a kind of attack protection based on ECC crypto module
Method.Described method is passed through to judge whether to perform to first condition jump instruction, and is performing to Article 1
During part jump instruction, the 3rd data are performed the first operational order, thus first condition need not be performed and redirect
Instruction, therefore can be inherently eliminated because of the difference of private key bit value caused instruction perform
Different, it is to avoid consequent power consumption difference, effectively prevent assailant from utilizing above-mentioned power consumption difference to described
Crypto module is attacked, and improves described safety based on ECC crypto module.
Understandable, below in conjunction with the accompanying drawings for enabling the above-mentioned purpose of the present invention, feature and advantage to become apparent from
The specific embodiment of the present invention is explained.Elaborate a lot of detail in the following description
So that fully understanding the present invention, but the present invention can also use other be different from described here other
Mode is implemented, and therefore the present invention is not limited by following public specific embodiment.
The embodiment provides a kind of anti-attack method based on ECC crypto module, concrete real
Shi Zhong, described method may be adapted to described run binary point multiplication algorithm based on ECC crypto module during,
Described method anti-attack method specifically may include steps of:
Step 101, it may be judged whether perform to first condition jump instruction.
In embodiments of the invention, input private key based on ECC crypto module is d, and private key d can wrap
Include n bit, wherein diRepresenting i-th bit, 1≤i≤n, i and n is positive integer.
In order to avoid the power consumption difference caused because of execution point doubling and point add operation, can be at binary system
Nesting point arithmetic of rational point or Montgomery Algorithm for Scalar Multiplication the most again in Algorithm for Scalar Multiplication so that binary system dot product is calculated
In the often wheel computing of method, no matter diValue be 0 or 1, all performing after a point doubling, then performing
Point add operation.
When concrete execution point doubling or point add operation, software is needed to dispatch multiple hardware elementary operations
Unit realizes, and the parameter of fractional hardware basic processing unit still depends on bit diValue, thus
Cause the difference in power consumption.Wherein, described hardware basic processing unit can be modular multiplication unit, mould
Add arithmetic element or mould subtracts arithmetic element etc..Such as, when performing point doubling, wherein a mould adds fortune
Calculate the parameter of unit at di0x1fc8 and 0x03010102 it is respectively when=0, and at diThen it is respectively when=1
0x1c81 and 0x03010203.The existence of described conditional jump instructions can cause the nuance of power consumption.
In order to avoid causing the difference in above-mentioned power consumption, in the specific implementation, first judge whether to perform to the
One conditional jump instructions, and when performing to first condition jump instruction, perform step 102.Wherein, institute
State first condition jump instruction to include: at the bit d of input private key diWhen=0, the first data are performed
Second data otherwise, are performed described first operational order by the first operational order.
In being embodied as, described first operational order is corresponding with described hardware basic processing unit, than
As, described first operational order can be modular multiplication instruction, it is also possible to adds operational order for mould, also may be used
Think that mould subtracts operational order.The parameter of described first operational order is corresponding with the concrete data performed, can
By by coming in the way of changing parameter the different data corresponding computings of execution.Such as, when the first computing
When the parameter of instruction is 0x1fc8 and 0x03010102, the first data is performed mould and adds computing.When the first fortune
The parameter calculating instruction is 0x1c81 and 0x03010203, then the second data are performed mould and add computing.
3rd data, when performing to first condition jump instruction, are performed the first operational order by step 102.
It is to say, during the execution of binary point multiplication algorithm, perform to first condition jump instruction
Time, directly the 3rd data are performed the first operational order, and no longer perform described first condition jump instruction.
Therefore can avoid because performing the power consumption difference caused by first condition jump instruction.
In being embodied as, if di=0, parameter when the 3rd data are performed by the most described first operational order
Identical with parameter when the first data are performed.If di=1, the most described first operational order is to the 3rd data
Parameter during execution is identical with parameter when performing the second data.Ginseng due to described first operational order
Number is corresponding with the concrete data performed, the parameter when the 3rd data are performed by described first operational order
Time identical with parameter when the first data are performed, so that described 3rd data and described first data
Identical.In like manner, the parameter when the 3rd data are performed by described first operational order is held with to the second data
Parameter during row is identical, so that described 3rd data are identical with described second data.
In being embodied as, various ways can be used to obtain described first operational order pair under different situations
Parameter when 3rd data perform.Such as, parameter when the 3rd data are performed by described first operational order
Can be that described first operational order is to parameter corresponding during the first data execution and diCarry out the knot after computing
Really, it is also possible to parameter corresponding when the second data being performed for described first operational order and diCarry out computing
After result, it is also possible to corresponding parameter when the first data being performed for described first operational order and
Parameter corresponding when second data are performed and diCarry out the result after computing.
Include as a example by two parameters by described first operational order below, first computing described to above-mentioned acquisition
Instruct parameter when the 3rd data are performed to illustrate:
Parameter when 3rd data are performed by described first operational order is respectively as follows: the first parameter and the second ginseng
Number, parameter when performing the second data corresponds to: the 3rd parameter and the 4th parameter, holds the first data
Parameter during row corresponds to: the 5th parameter and the 6th parameter.Wherein, described first parameter can be described
3rd parameter and diCarry out the result after computing, it is also possible to be the 5th parameter and diCarry out the result after computing,
Can also be the 3rd parameter and the 5th parameter and diCarry out the result after computing.Described second parameter is permissible
For described 4th parameter and diCarry out the result after computing, it is also possible to be the 6th parameter and diAfter carrying out computing
Result, it is also possible to be the 4th parameter and the 6th parameter and diCarry out the result after computing.
In being embodied as, described and bit diCarrying out the result after computing can be and diCarry out one
The result of computing, it is also possible to for diThe result of two kinds of computings, it is also possible to for diCarry out multiple computing
Result.Described computing can be additive operation, it is also possible to for subtraction, it is also possible to for other computings.
In being embodied as, described first parameter can equal to the difference of described 3rd parameter and the 5th parameter with
Described diProduct again with the 5th parameter summation.Described second parameter can be equal to described 4th parameter and the
The difference of six parameters and described diProduct again with the 6th parameter summation.Such as, it is equal to when the 3rd parameter
0x1c81, the 4th parameter is equal to 0x03010203, and the 5th parameter is equal to 0x1fc8, and the 6th parameter is equal to
During 0x03010102, described first parameter is equal to (0x1fc8+di* (0x1c81-0x1fc8)), described
Two parameters are equal to (0x03010102+di*(0x03010203-0x03010102))。
By step 101 and step 102 it can be seen that method in the embodiment of the present invention, by first judging
Whether perform to first condition jump instruction, and when performing to first condition jump instruction, to the 3rd number
According to performing the first operational order, and no longer perform first condition jump instruction, therefore can avoid because performing
Power consumption difference caused by first condition jump instruction, prevents assailant from utilizing above-mentioned power consumption difference to password
Module is attacked, and improves safety based on ECC crypto module.
During it is understood that be embodied as, call binary system dot product described based on ECC crypto module
During algorithm carries out computing, described anti-attack method may run once, it is also possible to runs repeatedly,
Carrying out practically number of times is relevant with the number of described conditional jump instructions, as long as performing to described conditional jump to refer to
Order, can use described anti-attack method.
In order to make those skilled in the art be more fully understood that and realize the present invention, below to based on ECC password
The device that the anti-attack method of module is corresponding is described in detail.
As in figure 2 it is shown, The embodiment provides a kind of attack protection based on ECC crypto module dress
Putting 20, described attack protection device 20 may include that judging unit 201 and performance element 202.Wherein,
Described judging unit 201 may be used for judging whether to perform to first condition jump instruction.Described perform list
Unit 202 may be used for, when performing to first condition jump instruction, the 3rd data being performed the first computing and referring to
Order.
In being embodied as, described first condition jump instruction may include that the bit at input private key
diWhen=0, the first data are performed described first operational order, otherwise the second data is performed described first
Operational order, wherein, i is positive integer.Described first operational order can be modular multiplication instruction, and mould adds
Operational order or mould subtract operational order etc..At diWhen=0, described first operational order is to the described 3rd
Parameter when data perform is identical with parameter when performing the first data.At diWhen=1, described first fortune
Calculate parameter when described 3rd data are performed by instruction identical with parameter when described second data are performed.
In being embodied as, various ways can be used to obtain described first operational order pair under different situations
Parameter when 3rd data perform.Such as, parameter when the 3rd data are performed by described first operational order
Can be that described first operational order is to parameter corresponding during the first data execution and diCarry out the knot after computing
Really, it is also possible to parameter corresponding when the second data being performed for described first operational order and diCarry out computing
After result, it is also possible to corresponding parameter when the first data being performed for described first operational order and
Parameter corresponding when second data are performed and diCarry out the result after computing.
When described first operational order includes two parameters, the most described first operational order is to the 3rd number
Being respectively as follows: the first parameter and the second parameter according to parameter when processing, parameter when processing the second data is divided
Be not: the 3rd parameter and the 4th parameter, to first data process time parameter be respectively as follows: the 5th parameter and
6th parameter, the most described first parameter can be described 3rd parameter and diCarry out the result after computing, also
Can be the 5th parameter and diCarry out the result after computing, it is also possible to be the 3rd parameter and the 5th parameter with
diCarry out the result after computing.Described second parameter can be described 4th parameter and diAfter carrying out computing
Result, it is also possible to be the 6th parameter and diCarry out the result after computing, it is also possible to be the 4th parameter and
Six parameters and diCarry out the result after computing.
In being embodied as, described first parameter can equal to the difference of described 3rd parameter and the 5th parameter with
diProduct again with the 5th parameter summation.Described second parameter is equal to the difference of described 4th parameter with the 6th parameter
With diProduct again with the 6th parameter summation.
By the attack protection device 20 in the embodiment of the present invention, judge to perform to first at judging unit 201
During conditional jump instructions, performance element 202 the 3rd data are performed the first operational order, and no longer hold
Row first condition jump instruction, can fundamentally remove conditional jump instructions, it is to avoid jump because performing condition
Turn the power consumption difference caused by instruction, be therefore possible to prevent assailant that described crypto module is attacked.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment
Suddenly the program that can be by completes to instruct relevant hardware, and this program can be stored in a computer can
Reading in storage medium, storage medium may include that ROM, RAM, disk or CD etc..
Although present disclosure is as above, but the present invention is not limited to this.Any those skilled in the art,
Without departing from the spirit and scope of the present invention, all can make various changes or modifications, therefore the guarantor of the present invention
The scope of protecting should be as the criterion with claim limited range.
Claims (12)
1. an anti-attack method based on ECC crypto module, it is characterised in that including: when performing to the
During one conditional jump instructions, the 3rd data are performed the first operational order;Described first condition jump instruction
Including: at the bit d of input private keyiWhen=0, the first data are performed the first operational order, otherwise,
Second data are performed described first operational order;Wherein: at diWhen=0, described first operational order exists
Parameter when performing described 3rd data is identical with parameter when performing described first data;At di=1
Time, parameter when described 3rd data are performed by described first operational order performs with to described second data
Time parameter identical;I is positive integer.
2. anti-attack method based on ECC crypto module as claimed in claim 1, it is characterised in that institute
State first operational order parameter when described 3rd data are performed, equal to described first operational order pair
When described first data perform in corresponding parameter and parameter time described second data are performed at least one
Individual with described diCarry out the result after computing.
3. anti-attack method based on ECC crypto module as claimed in claim 2, it is characterised in that institute
State first operational order parameter when described 3rd data are performed to include: the first parameter and the second parameter,
Parameter correspondence when performing described second data includes: the 3rd parameter and the 4th parameter, to described
Parameter correspondence when first data perform includes: the 5th parameter and the 6th parameter, described first parameter is equal to
At least one in described 3rd parameter and the 5th parameter and described diCarry out the result after computing, described
Two parameters are equal at least one in described 4th parameter and the 6th parameter and described diCarry out the knot after computing
Really.
4. anti-attack method based on ECC crypto module as claimed in claim 3, it is characterised in that institute
State the first parameter and be equal to the difference of described 3rd parameter and the 5th parameter and described diProduct again with the 5th parameter
Summation.
5. the anti-attack method based on ECC crypto module as described in claim 3 or 4, it is characterised in that
Described second parameter is equal to the difference of described 4th parameter and the 6th parameter and described diProduct again with the 6th ginseng
Number summation.
6. anti-attack method based on ECC crypto module as claimed in claim 1, it is characterised in that institute
State the first operational order include following any one: modular multiplication instruct, mould adds operational order and mould subtracts computing
Instruction.
7. an attack protection device based on ECC crypto module, it is characterised in that including:
Judging unit, is used for judging whether to perform to first condition jump instruction, described first condition jump instruction
Including: at the bit d of input private keyiWhen=0, the first data are performed the first operational order, the most right
Second data perform described first operational order, and wherein, i is positive integer;
Performance element, for when performing to first condition jump instruction, performing the first computing to the 3rd data and refer to
Order;Wherein: at di=0, described first operational order parameter when performing described 3rd data is with right
Parameter when described first data perform is identical;At diWhen=1, described first operational order is to the described 3rd
Parameter when data perform is identical with parameter when performing described second data.
8. attack protection device based on ECC crypto module as claimed in claim 7, it is characterised in that institute
State first operational order parameter when described 3rd data are performed, equal to described first operational order pair
When described first data perform in corresponding parameter and parameter corresponding time described second data are performed
At least one is with described diCarry out the result after computing.
9. attack protection device based on ECC crypto module as claimed in claim 8, it is characterised in that institute
State first operational order parameter when described 3rd data are performed to include: the first parameter and the second parameter,
Parameter correspondence when performing described second data includes: the 3rd parameter and the 4th parameter, to described
Parameter correspondence when first data perform includes: the 5th parameter and the 6th parameter, described first parameter is equal to
At least one in described 3rd parameter and the 5th parameter and described diCarry out the result after computing, described
Two parameters are equal at least one in described 4th parameter and the 6th parameter and described diCarry out the knot after computing
Really.
10. attack protection device based on ECC crypto module as claimed in claim 9, it is characterised in that institute
State the first parameter and be equal to the difference of described 3rd parameter and the 5th parameter and described diProduct again with the 5th parameter
Summation.
The 11. attack protection devices based on ECC crypto module as described in claim 9 or 10, its feature exists
In, described second parameter is equal to the difference of described 4th parameter and the 6th parameter and described diProduct again with
Six parameter summations.
12. attack protection devices based on ECC crypto module as claimed in claim 7, it is characterised in that institute
State the first operational order include following any one: modular multiplication instruct, mould adds operational order and mould subtracts computing
Instruction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510149100.5A CN106161022B (en) | 2015-03-31 | 2015-03-31 | Anti-attack method and device based on ECC crypto module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510149100.5A CN106161022B (en) | 2015-03-31 | 2015-03-31 | Anti-attack method and device based on ECC crypto module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106161022A true CN106161022A (en) | 2016-11-23 |
| CN106161022B CN106161022B (en) | 2019-11-22 |
Family
ID=57338189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510149100.5A Active CN106161022B (en) | 2015-03-31 | 2015-03-31 | Anti-attack method and device based on ECC crypto module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106161022B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330424A (en) * | 2015-06-17 | 2017-01-11 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device of password module based on SM3 algorithm |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1831754A (en) * | 2005-11-04 | 2006-09-13 | 北京浦奥得数码技术有限公司 | Elliptic curve cipher system and implementing method |
| CN101183945A (en) * | 2007-12-20 | 2008-05-21 | 上海交通大学 | Bypass operator based elliptical curve anti-bypass attack method |
| CN101197668A (en) * | 2007-12-06 | 2008-06-11 | 上海交通大学 | Elliptic curve anti-bypass attack method based on randomizing multiplication with symbol scalar |
| WO2009002940A2 (en) * | 2007-06-25 | 2008-12-31 | Sandisk Corporation | Systems and methods of reading nonvolatile memory |
| CN101562522A (en) * | 2009-05-06 | 2009-10-21 | 深圳先进技术研究院 | Realization method of elliptic curve cryptosystem for preventing side-channel attack |
| CN103441846A (en) * | 2013-08-12 | 2013-12-11 | 国家密码管理局商用密码检测中心 | Chosen plaintext side channel energy analysis method for ECC algorithm of P domain |
-
2015
- 2015-03-31 CN CN201510149100.5A patent/CN106161022B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1831754A (en) * | 2005-11-04 | 2006-09-13 | 北京浦奥得数码技术有限公司 | Elliptic curve cipher system and implementing method |
| WO2009002940A2 (en) * | 2007-06-25 | 2008-12-31 | Sandisk Corporation | Systems and methods of reading nonvolatile memory |
| CN101197668A (en) * | 2007-12-06 | 2008-06-11 | 上海交通大学 | Elliptic curve anti-bypass attack method based on randomizing multiplication with symbol scalar |
| CN101183945A (en) * | 2007-12-20 | 2008-05-21 | 上海交通大学 | Bypass operator based elliptical curve anti-bypass attack method |
| CN101562522A (en) * | 2009-05-06 | 2009-10-21 | 深圳先进技术研究院 | Realization method of elliptic curve cryptosystem for preventing side-channel attack |
| CN103441846A (en) * | 2013-08-12 | 2013-12-11 | 国家密码管理局商用密码检测中心 | Chosen plaintext side channel energy analysis method for ECC algorithm of P domain |
Non-Patent Citations (1)
| Title |
|---|
| 赵加: "《针对公钥密码算法的抗能量分析攻击研究》", 《万方学位论文》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330424A (en) * | 2015-06-17 | 2017-01-11 | 上海复旦微电子集团股份有限公司 | Anti-attack method and device of password module based on SM3 algorithm |
| CN106330424B (en) * | 2015-06-17 | 2019-11-05 | 上海复旦微电子集团股份有限公司 | The anti-attack method and device of crypto module based on SM3 algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106161022B (en) | 2019-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nascimento et al. | Attacking embedded ECC implementations through cmov side channels | |
| Oswald et al. | Template attacks on masking—resistance is futile | |
| Bauer et al. | Horizontal collision correlation attack on elliptic curves: –Extended Version– | |
| US8505099B2 (en) | Machine-implemented method and system for determining whether a to-be-analyzed software is a known malware or a variant of the known malware | |
| EP3126959B1 (en) | Elliptic curve point multiplication procedure resistant to side-channel information leakage | |
| CN106339204B (en) | Encryption computing method and device | |
| US8774406B2 (en) | Masking addition operation device for prevention of side channel attack | |
| US10721056B2 (en) | Key processing method and device | |
| CN108875416B (en) | Elliptic curve multiple point operation method and device | |
| CN103309893A (en) | Character string comparing method and device | |
| EP3329364B1 (en) | Data processing | |
| CN106161022A (en) | Anti-attack method based on ECC crypto module and device | |
| CN107248973B (en) | Safe outsourcing method for two bilinear pairs based on double cloud servers | |
| CN106330424A (en) | Anti-attack method and device of password module based on SM3 algorithm | |
| US20120039462A1 (en) | Rsa signature method and apparatus | |
| CN106936561A (en) | A kind of side-channel attack protective capacities appraisal procedure and system | |
| EP3738059A1 (en) | Systems and methods for detecting and mitigating code injection attacks | |
| CN104579651A (en) | Method and device for elliptic curve cryptography point multiplication operation | |
| CN114465728B (en) | Method, device, equipment and storage medium for attacking elliptic curve signature algorithm | |
| US9239927B2 (en) | Static analysis for discovery of timing attack vulnerabilities in a computer software application | |
| KR101562323B1 (en) | System and Method for multi-precision Squaring for Public Key Cryptography | |
| CN107104800B (en) | Bilinear pairing secure outsourcing method based on single cloud server | |
| CN114629694B (en) | Distributed denial of service (DDoS) detection method and related device | |
| CN113923006B (en) | Equipment data authentication method and device and electronic equipment | |
| KR102192055B1 (en) | Method of switching arithmetic to boolean masking, computer readable medium for performing the method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |