CN113225187A - Energy attack resisting compensation method and system for elliptic curve crypto chip - Google Patents

Energy attack resisting compensation method and system for elliptic curve crypto chip Download PDF

Info

Publication number
CN113225187A
CN113225187A CN202110401458.8A CN202110401458A CN113225187A CN 113225187 A CN113225187 A CN 113225187A CN 202110401458 A CN202110401458 A CN 202110401458A CN 113225187 A CN113225187 A CN 113225187A
Authority
CN
China
Prior art keywords
probability distribution
value
mapping matrix
cost function
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110401458.8A
Other languages
Chinese (zh)
Other versions
CN113225187B (en
Inventor
李伟
曾涵
陈韬
南龙梅
杜怡然
别梦妮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN202110401458.8A priority Critical patent/CN113225187B/en
Publication of CN113225187A publication Critical patent/CN113225187A/en
Application granted granted Critical
Publication of CN113225187B publication Critical patent/CN113225187B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The method comprises the steps of constructing models of intermediate value probability distribution difference values corresponding to all possible key values based on group operation characteristics in the calculation process of an elliptic curve cryptographic algorithm, constructing a cost function model related to the probability distribution difference values and a compensated Hamming distance on the basis, establishing a model for describing the probability distribution of points on the elliptic curve through the compensation models, and searching a compensation scheme which enables the generation of the redundant power consumption to be minimum on the premise of ensuring that information is effectively hidden through a preset mapping matrix obtained on the basis, so that the power consumption cost is effectively reduced. Meanwhile, the established compensation model can be suitable for a certain elliptic curve, and a new sample does not need to be acquired for retraining unless the parameters of the elliptic curve are changed, so that the method is suitable for off-line learning, the extra circuit cost is reduced, and the introduction of random numbers is avoided.

Description

Energy attack resisting compensation method and system for elliptic curve crypto chip
Technical Field
The present application relates to the field of encryption technologies, and in particular, to an anti-energy attack compensation method and system for an elliptic curve crypto chip.
Background
For cryptographic devices, energy attack is a serious threat to security as an attack mode with low implementation cost and high decoding speed.
When the energy attack is resisted by adopting a hidden power consumption mode, the power consumption of the equipment is almost the same by adopting a power consumption smoothing mode, so that the power consumption overhead of the equipment is seriously increased, the effect of eliminating the correlation is poor, and the high-order attack cannot be resisted. If an extra random number is introduced to ensure the protection capability, a large amount of overhead is brought to the implementation of the cryptographic equipment, and the problem of a large amount of power consumption is caused, which is not beneficial to the efficient implementation of the cryptographic algorithm.
Disclosure of Invention
In order to solve the technical problems, the application provides an energy attack resistant compensation method and system for an elliptic curve crypto chip, so as to achieve the purpose of ensuring the protection capability against high-order energy attack on the premise of not introducing random numbers. Meanwhile, the introduction of power consumption and area overhead is reduced, and the requirements of low cost and safety of the password equipment are met.
In order to achieve the technical purpose, the embodiment of the application provides the following technical scheme:
an energy attack resisting compensation method for an elliptic curve crypto chip is realized based on machine learning, and comprises the following steps:
acquiring a pre-trained preset mapping matrix, wherein a cost function of the preset mapping matrix is smaller than a preset threshold value;
inputting the preset mapping matrix as configuration information to a configuration port of a compensation circuit of a password chip so that the compensation circuit generates compensation power consumption according to the preset mapping matrix;
the training process of the preset mapping matrix comprises the following steps:
acquiring an elliptic curve currently used by the password chip;
acquiring discrete probability distribution data of the intermediate Hamming value of the password chip according to the elliptic curve;
constructing a fuzzy probability distribution difference function, taking the fuzzy probability distribution difference function as a model, taking the discrete probability distribution data as a sample, and obtaining a parameter set in the model through a machine learning fitting algorithm;
and substituting the values of the parameter set into a cost function, and obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm.
Optionally, the obtaining of the dispersion probability distribution data of the middle hamming value of the cryptographic chip according to the elliptic curve includes:
using a random base point and a random private key value as input, and collecting a value of an intermediate value register in a circuit of the password chip as initial sample data;
and carrying out probability distribution statistics on the initial sample data to obtain the discrete probability distribution data.
Optionally, the constructing the fuzzy probability distribution difference function includes:
for any point a ═ (x, y) on the elliptic curve, let hd (a) ═ hd (x) + hd (y); wherein HD (A) represents the Hamming distance of point A, HD (x) represents the Hamming distance of coordinate x, and HD (y) represents the Hamming distance of coordinate y;
establishing a Hamming distance probability distribution model aiming at the point multiplication value of a random base point P: HD ([ k ]]P)∈N(μkk 2) (ii) a Wherein, [ k ]]P represents a multiple point operation in the orientation of the ellipse, N (. mu.)kk 2) Is expressed in μkIs a mean value, σkNormal distribution of standard deviation;
performing multiple iterations on the Hamming distance probability distribution model of the point product value of the random base point P by using the m-bit key;
summing the probability distribution difference functions obtained by each iteration to obtain an overall probability distribution difference function;
and establishing the fuzzy probability distribution difference function according to the overall probability distribution difference function.
Optionally, the construction process of the cost function model includes:
constructing a mapping matrix PM with the scale of (m +1) × (m +1), wherein m is the bit number of a private key, and each element PM (i, j) in the mapping matrix belongs to {0,1 };
let the initial hamming distance matrix HD be (0,1, …, m), where the value of the ith element represents the circuit actual median hamming distance as i;
let HD*=PM·HD,HD*The ith element of (a) represents a new hamming value compensated when the current hamming distance is i;
definition Am*1=APDD(Bm*1)=(APDD(b1),APDD(b2),…,APDD(bm) In which B) ism*1=(b1,b2,…,bm) Let P be APDD (HD)*) Representing the probability distribution value set of all the Hamming distance values after compensation;
constructing a cost function by reducing the sum of probability distribution differences of intermediate values under different keys and reducing compensated energy consumption as a target:
Figure BDA0003020489670000031
constructing an h function: h (x) ═ ax/m,x∈[0,m]The value range of the h function includes [1, a ]],a>1, the h function is an increasing concave function on a domain;
assuming that the preset threshold is 10-b
Figure BDA0003020489670000033
The cost function is then expressed as:
Figure BDA0003020489670000032
optionally, substituting the values of the parameter set into a cost function, and obtaining a preset mapping matrix that makes the cost function smaller than the preset threshold value through an optimization algorithm includes:
initializing a learning value w as 1/3;
generating an adjusting random number r, and adjusting each element with the value of 1 in the mapping matrix according to the adjusting random number;
updating the learning factor of the learning value according to the change condition of the cost function corresponding to the adjusted mapping matrix and the adjustment condition of the element with the value of 1 in the mapping matrix;
and judging whether the cost function corresponding to the adjusted mapping matrix is smaller than the preset threshold value, if so, taking the current mapping matrix as the preset mapping matrix which enables the cost function to be smaller than the preset threshold value, and if not, returning to the step of generating the adjusted random number r.
An energy attack resisting compensation system for an elliptic curve crypto chip is realized based on machine learning, and comprises:
the matrix acquisition module is used for acquiring a pre-trained preset mapping matrix, and the cost function of the preset mapping matrix is smaller than a preset threshold value;
the power consumption compensation module is used for inputting the preset mapping matrix as configuration information to a configuration port of a compensation circuit of the password chip so that the compensation circuit generates compensation power consumption according to the preset mapping matrix;
the preset mapping matrix is trained by a machine learning module, and the process of training the preset mapping matrix by the machine learning module specifically comprises the following steps:
acquiring an elliptic curve currently used by the password chip;
acquiring discrete probability distribution data of the intermediate Hamming value of the password chip according to the elliptic curve;
constructing a fuzzy probability distribution difference function, taking the fuzzy probability distribution difference function as a model, taking the discrete probability distribution data as a sample, and obtaining a parameter set in the model through a machine learning fitting algorithm;
and substituting the values of the parameter set into a cost function, and obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm.
Optionally, the process of obtaining the discrete probability distribution data of the intermediate hamming value of the cryptographic chip by the machine learning module according to the elliptic curve specifically includes:
using a random base point and a random private key value as input, and collecting a value of an intermediate value register in a circuit of the password chip as initial sample data;
and carrying out probability distribution statistics on the initial sample data to obtain the discrete probability distribution data.
Optionally, the process of constructing the fuzzy probability distribution difference function by the machine learning module specifically includes:
for any point a ═ (x, y) on the elliptic curve, let hd (a) ═ hd (x) + hd (y); wherein HD (A) represents the Hamming distance of point A, HD (x) represents the Hamming distance of coordinate x, and HD (y) represents the Hamming distance of coordinate y;
establishing a Hamming distance probability distribution model aiming at the point multiplication value of a random base point P: HD ([ k ]]P)∈N(μkk 2) (ii) a Wherein, [ k ]]P represents a multiple point operation in the orientation of the ellipse, N (. mu.)kk 2) Is expressed in μkIs a mean value, σkNormal distribution of standard deviation;
performing multiple iterations on the Hamming distance probability distribution model of the point product value of the random base point P by using the m-bit key;
summing the probability distribution difference functions obtained by each iteration to obtain an overall probability distribution difference function;
and establishing the fuzzy probability distribution difference function according to the overall probability distribution difference function.
Optionally, the specific process of constructing the cost function model by the machine learning module includes:
constructing a mapping matrix PM with the scale of (m +1) × (m +1), wherein m is the bit number of a private key, and each element PM (i, j) in the mapping matrix belongs to {0,1 };
let the initial hamming distance matrix HD be (0,1, …, m), where the value of the ith element represents the circuit actual median hamming distance as i;
let HD*=PM·HD,HD*The ith element of (a) represents a new hamming value compensated when the current hamming distance is i;
definition Am*1=APDD(Bm*1)=(APDD(b1),APDD(b2),…,APDD(bm) In which B) ism*1=(b1,b2,…,bm) Let P be APDD (HD)*) Representing the probability distribution value set of all the Hamming distance values after compensation;
constructing a cost function by reducing the sum of probability distribution differences of intermediate values under different keys and reducing compensated energy consumption as a target:
Figure BDA0003020489670000051
constructing an h function: h (x) ═ ax/m,x∈[0,m]The value range of the h function includes [1, a ]],a>1, the h function is an increasing concave function on a domain;
assuming that the preset threshold is 10-b
Figure BDA0003020489670000053
The cost function is then expressed as:
Figure BDA0003020489670000052
optionally, the process of substituting the value of the parameter set into the cost function by the machine learning module and obtaining the preset mapping matrix which makes the cost function smaller than the preset threshold through the optimization algorithm specifically includes:
initializing a learning value w as 1/3;
generating an adjusting random number r, and adjusting each element with the value of 1 in the mapping matrix according to the adjusting random number;
updating the learning factor of the learning value according to the change condition of the cost function corresponding to the adjusted mapping matrix and the adjustment condition of the element with the value of 1 in the mapping matrix;
and judging whether the cost function corresponding to the adjusted mapping matrix is smaller than the preset threshold value, if so, taking the current mapping matrix as the preset mapping matrix which enables the cost function to be smaller than the preset threshold value, and if not, returning to the step of generating the adjusted random number r.
From the technical scheme, the embodiment of the application provides an energy attack resistant compensation method and system for an elliptic curve crypto chip, wherein when a pre-trained preset mapping matrix is obtained, discrete probability distribution data of a middle hamming value of the crypto chip is obtained according to an elliptic curve currently used by the crypto chip, then data statistical characteristics of the elliptic curve crypto at different keys are analyzed, a probability distribution model of hamming distances of points on the current elliptic curve is established, so that a fuzzy probability distribution difference function is obtained, the fuzzy probability distribution difference function is used as a model, the discrete probability distribution data is used as a sample, and a parameter set in the model is obtained through a machine learning fitting algorithm; and finally, substituting the value of the parameter set into a cost function which is in direct proportion to the sum of the difference values of all different keys in the private key set and the Hamming distance after compensation, obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm, inputting the preset mapping matrix into a configuration port of a compensation circuit of a cryptographic chip as configuration information so that the compensation circuit generates compensation power consumption according to the preset mapping matrix, and establishing a model for describing the probability distribution of points on the elliptic curve through the compensation model. Meanwhile, the established compensation model can be suitable for a certain elliptic curve, and a new sample does not need to be acquired for retraining unless the parameters of the elliptic curve are changed, so that the method is suitable for off-line learning, thereby reducing the extra circuit cost and avoiding the introduction of random numbers.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of an energy attack resistant compensation method for an elliptic curve cryptography chip according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a training process of a preset mapping matrix according to an embodiment of the present application;
FIG. 3 is a diagram illustrating possible intermediate values in an iterative process of a dot product algorithm according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a compensation circuit according to an embodiment of the present application;
fig. 5 is a timing diagram of nodes of a compensation circuit according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides an energy attack resisting compensation method for an elliptic curve crypto chip, which is realized based on machine learning and comprises the following steps:
s101: acquiring a pre-trained preset mapping matrix, wherein the cost function of the preset mapping matrix is smaller than a preset threshold value;
s102: inputting the preset mapping matrix as configuration information to a configuration port of a compensation circuit of a password chip so that the compensation circuit generates compensation power consumption according to the preset mapping matrix;
referring to fig. 2, the training process of the preset mapping matrix includes:
s201: acquiring an elliptic curve currently used by the password chip;
s202: acquiring discrete probability distribution data of the intermediate Hamming value of the password chip according to the elliptic curve;
s203: constructing a fuzzy probability distribution difference function, taking the fuzzy probability distribution difference function as a model, taking the discrete probability distribution data as a sample, and obtaining a parameter set in the model through a machine learning fitting algorithm;
s204: and substituting the values of the parameter set into a cost function, and obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm.
Because the operation in the elliptic curve cryptographic algorithm is based on the algorithm of points on the elliptic curve, different from the block cryptographic algorithm, the probability distribution of the Hamming distance of the intermediate value after the operation needs to be deduced through a complex theory, the calculated amount of the probability distribution is in direct proportion to the index of the elliptic curve bit width, and the probability distribution of the intermediate value in the elliptic curve cryptographic algorithm is obtained through direct deduction, so that the difficulty is high. Secondly, considering that the cost of safety protection is reduced without using a random source, the power consumption hiding strategy protection effect without introducing a random number can only resist first-order energy attack under the theoretical condition and cannot play a protection role for high-order attack. Because the hidden protection method needs to change the current power consumption value into a new power consumption value, extra power consumption cost is brought, no matter a random factor is introduced or a compensation circuit based on machine learning aims at reducing the signal-to-noise ratio at present, and the redundant energy generated by the final protection scheme is seriously consumed.
So far, hidden protection strategies for amplitude dimensions of public keys are few, and few research results are researched on the statistical characteristics of intermediate values of elliptic curve cryptography algorithms and applied to security protection realized by public key hardware. For the most significant cost in the concealment process, power consumption, a compromise needs to be found between protection and cost.
Based on this, when the pre-trained preset mapping matrix is obtained, the method for compensating for energy attack resistance of an elliptic curve cryptographic chip provided by the embodiment of the application firstly obtains discrete probability distribution data of a middle hamming value of the cryptographic chip according to an elliptic curve currently used by the cryptographic chip, then analyzes data statistical characteristics of elliptic curve cryptography at different keys, establishes a probability distribution model of hamming distances of points on the current elliptic curve, thereby obtaining a fuzzy probability distribution difference function, takes the fuzzy probability distribution difference function as a model, takes the discrete probability distribution data as a sample, and obtains a parameter set in the model through a machine learning fitting algorithm; and finally, substituting the value of the parameter set into a cost function which is in direct proportion to the sum of the difference values of all different keys in the private key set and the compensated Hamming distance, obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm, inputting the preset mapping matrix into a configuration port of a compensation circuit of a cryptographic chip as configuration information so that the compensation circuit generates compensation power consumption according to the preset mapping matrix, and establishing a model for describing the probability distribution of points on the elliptic curve through the compensation model. Meanwhile, the established compensation model can be suitable for a certain elliptic curve, and a new sample does not need to be acquired for retraining unless the parameters of the elliptic curve are changed, so that the method is suitable for off-line learning, the extra circuit cost is reduced, and the introduction of random numbers is avoided.
A specific feasible implementation process of each step of the training process of the preset mapping matrix provided in the embodiment of the present application is described below.
Optionally, the obtaining of the dispersion probability distribution data of the middle hamming value of the cryptographic chip according to the elliptic curve includes:
s2021: using a random base point and a random private key value as input, and collecting a value of an intermediate value register in a circuit of the password chip as initial sample data;
s2022: and carrying out probability distribution statistics on the initial sample data to obtain the discrete probability distribution data.
Optionally, the constructing the fuzzy probability distribution difference function includes:
s2031: for any point a ═ (x, y) on the elliptic curve, let hd (a) ═ hd (x) + hd (y); where hd (a) represents the hamming distance of point a, hd (x) represents the hamming distance of coordinate x, and hd (y) represents the hamming distance of coordinate y.
S2032: establishing a Hamming distance probability distribution model aiming at the point product value of a random base point P according to the Hamming weight probability distribution characteristics: HD ([ k ]]P)∈N(μkk 2) (ii) a Wherein, [ k ]]P represents a multiple point operation in the orientation of the ellipse, N (. mu.)kk 2) Is expressed in μkIs a mean value, σkIs a normal distribution of standard deviations.
S2033: and performing multiple iterations on the Hamming distance probability distribution model of the point product value of the random base point P by using the m-bit key.
For public key cryptographic algorithms such as ECC (elliptic curve cryptography), it is assumed that the secret key is mbit, and the secret keys of mbit participate in calculation in sequence in time, so it is also guessed in order when making an attack, and it is assumed that an attacker guesses 1bit each time, then there are 2 kinds of possible secret keys (0 or 1) at this time, taking a binary point multiplication algorithm from right to left as an example, in the iterative process of the point multiplication algorithm, the possible intermediate values are shown in fig. 3, and the set of all possible intermediate values is { [ k ]]P|k=0~2m-1},[k]P is indicated in the ellipseMultiple point operation on the curve, also called scalar dot multiplication or dot multiplication, P is a point on the elliptic curve, [ k ]]P equals K P, the result of which is a point on the elliptic curve. For other point-by-point analysis, the set of possible intermediate values is the same as the set.
In the ith iteration, when the private key is 0 and 1, the intermediate values are [ k ] respectivelyi']P、[ki'+2i]P, wherein ki'=ki-1·2i-1+ki-2·2i-2+…+k1·2+k0. A preliminary probability distribution difference function for the ith round can be obtained:
PDDi(Hd)=(f([ki']P)-f([ki'+2i]P))2
notably, such a cost function only eliminates the intermediate value differences that the ith round brings for the private key, but includes k 'in the calculation of the ith round'RiThat is, this time contains not only the secret information of the current bit but also the secret information of the previous (i-1) bit, for example, for the 2 nd round calculation, when k is1When 0 or 1, Q is O or 2P (k)00), or Q is P or 3P (k)01) when the cost function should be built with O and 2P and 3P as objects. The probability distribution difference function for the ith round can therefore be further constructed as:
Figure BDA0003020489670000101
s2034: and summing the probability distribution difference functions obtained by each iteration to obtain an overall probability distribution difference function.
Since in each round (f ([ k ])i']P)-f([ki'+2i]P))2,ki'=0~2i-11 would have identical terms added only once, and the overall probability distribution difference function would be (the coefficient mechanism for identical terms is a binary field addition, i.e. 1+ 1-0, 1+ 0-1, 0+ 1-1, 0+ 0-0):
Figure BDA0003020489670000102
wherein the content of the first and second substances,
Figure BDA0003020489670000103
since the other point multiplication algorithms are the same as the intermediate value sets of the right-to-left binary point multiplication algorithm, the overall probability distribution difference function is applicable to the other point multiplication algorithms.
S2035: and establishing the fuzzy probability distribution difference function according to the overall probability distribution difference function.
After the overall probability distribution difference function is obtained, the parameter set in the probability distribution difference function at this time is huge, and the effect of sample fitting is poor. For normal probability distribution curves with different parameters, when the central values of the normal probability distribution curves are closer, the curve obtained by adding the normal probability distribution curves and the normal probability distribution curves can be replaced by a new normal distribution probability distribution curve, so that a fuzzy probability distribution difference function is established:
Figure BDA0003020489670000104
in the fuzzy probability distribution difference function, t normal probability distribution curves are used for fitting actual probability distribution differences, and theoretically, the larger the t value is, the more accurate the fitting of the actual sample is, and the fitting complexity is higher. In fact, when the value of t is too large, the accuracy achieved using a number of curves less than t may be comparable thereto. Generally, 3-5 normal probability distribution curves are used, and certain fitting accuracy can be guaranteed.
Optionally, the construction process of the cost function model includes:
constructing a mapping matrix PM with the size of (m +1) × (m +1), wherein m is the bit number of the private key, each element PM (i, j) in the mapping matrix is equal to {0,1}, namely only one element in each column is 1, the rest elements are 0, and PM (i, j) ═ 1 represents that the register value of HW ═ i is compensated to HW ═ j, and the compensation value can only be increased and cannot be reduced because the circuit can only increase the current power consumption by generating extra power consumption, and when PM (i, j) × (1), i is larger than or equal to j. The initial mapping matrix PM is a diagonal matrix of (m +1) × (m + 1):
Figure BDA0003020489670000111
let the initial hamming distance matrix HD ═ 0,1, …, m)TWhere the value of the ith element represents the circuit's actual median hamming distance i, the initial hamming distance matrix is a (m +1) × 1 column vector.
Let HD*=PM·HD,HD*The ith element of (a) represents a new hamming value compensated when the current hamming distance is i;
definition Am*1=APDD(Bm*1)=(APDD(b1),APDD(b2),…,APDD(bm) In which B) ism*1=(b1,b2,…,bm) Let P be APDD (HD)*) The probability distribution value set of all hamming distance values after compensation is shown, and P is a (m +1) × 1 column vector.
Constructing a cost function by reducing the sum of probability distribution differences of intermediate values under different keys and reducing compensated energy consumption as a target:
Figure BDA0003020489670000112
due to the fact that
Figure BDA0003020489670000113
Far more than the safety protection performance
Figure BDA0003020489670000114
The compensated hamming distance needs to be transformed by an h function.
Therefore, an h-function needs to be constructed: h (x) ═ ax/m,x∈[0,m]The value range of the h function includes [1, a ]], a>1, the h function is an increasing concave function on the domain of definition. In general, according toDifferent protection capability requirements can be met, and the preset threshold value can be 0.1, 0.01, 0.001 and the like.
Assuming that the preset threshold is 10-b
Figure BDA0003020489670000115
The cost function is then expressed as:
Figure BDA0003020489670000121
correspondingly, substituting the values of the parameter set into the cost function, and obtaining the preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm includes:
initializing a learning value w as 1/3;
generating an adjusting random number r, and adjusting each element with the value of 1 in the mapping matrix according to the adjusting random number;
updating the learning factor of the learning value (increasing the learning factor alpha or reducing the learning factor alpha) according to the change condition (increasing or reducing condition) of the cost function corresponding to the adjusted mapping matrix and the adjustment condition (left shift, right shift or invariance) of the element with the value of 1 in the mapping matrix;
and judging whether the cost function corresponding to the adjusted mapping matrix is smaller than the preset threshold value, if so, taking the current mapping matrix as the preset mapping matrix which enables the cost function to be smaller than the preset threshold value, and if not, returning to the step of generating the adjusted random number r.
In adjusting the mapping matrices, there are three variations for each element in the mapping matrices that is a "1": and w is a number between 0 and 1 during the adjustment process, and represents the probability that the element at each position is kept at the current position, and the value of w at each position is different, so that the probability that the element at the position moves upwards or downwards is (1-w)/2. A random number r is generated for each shift, the position of the element "1" is unchanged when r is smaller than w, left shifted when r < (1+ w)/2, and right shifted when r > (1+ w)/2.
After the preset mapping matrix is obtained, the current register in the circuit can be turned over (Hamming distance) through the compensation circuit according to the found optimal preset mapping matrix, a Hamming value to be compensated (namely a power consumption value to be newly added) is obtained through the transformation of the preset mapping matrix, and the corresponding compensation power consumption is generated by controlling the input turning bit value of the redundancy circuit, so that the current circuit power consumption is compensated and changed into a new power consumption value, and the secret information in the circuit is hidden.
The design of the compensation circuit needs to consider the following points: (1) the redundant circuit needs to generate power consumption with the same magnitude as that of an actual circuit so as to complete power consumption compensation under the condition of changing the Hamming value; (2) because the compensation circuit has other circuits besides the redundant circuit which generates compensation power consumption, additional power consumption is generated, and the area overhead of other circuits is reduced as much as possible under the precondition of ensuring the function; (3) considering the performance of the cryptographic chip, the design of the compensation circuit is carried out on the premise of not influencing the critical path of the circuit too much; (4) in order to ensure the hidden protection effect, the power consumption of the compensation circuit needs to be generated in the same clock cycle as the actual register inversion.
The structure of the compensation circuit is shown in fig. 4, and the difference or value input and output by the register in the circuit is collected as a sample at the initial stage, so as to generate a sample set, and perform off-line machine learning training to obtain a corresponding preset mapping matrix (i.e., a compensation matrix). And inputting the preset mapping matrix as configuration information to a corresponding port of a compensation circuit (LUT), and performing power consumption compensation after the circuit starts to work. In the calculation process of the elliptic curve cryptographic algorithm, most of the register inversion occurs at the input or the output of the modular operation unit, so the core operation module in the elliptic curve cryptographic algorithm, namely the modular operation unit, is selected as a redundant circuit. The function of the preset mapping matrix is to realize the transformation from (m +1) to (m +1), and since each column in the preset mapping matrix has only one element of 1, the preset mapping matrix can be compressed into one (m +1) to (m +1) mapping matrix
Figure BDA0003020489670000131
The size of the counting selection logic is reduced when the counting selection is implemented. In order to avoid excessive increase of a key path and ensure that compensation power consumption and actual turnover occur in the same clock cycle, the input and output values of a register in a password circuit are subjected to XOR and then subjected to primary register, and the output of the register sequentially enters a digital selection logic and an analog operation unit circuit of a preset mapping matrix to generate redundant power consumption. In fig. 4, Register _1 and Register _2 … … Register _ n respectively represent different buffers, D1, Q1, D2, Q2, MM _ out, and PM _ out in fig. 4 respectively represent different nodes in the circuit, a circuit timing diagram of the nodes at this time is as shown in fig. 5, the Register is inverted (Q1) and the redundant circuit operates (MM _ out) in one clock cycle from t2 to t3, and clock in fig. 5 represents the timing of the clock signal.
The elliptic curve cryptographic chip-oriented energy attack resistant compensation system provided by the embodiment of the application is described below, and the elliptic curve cryptographic chip-oriented energy attack resistant compensation system described below and the elliptic curve cryptographic chip-oriented energy attack resistant compensation method described above can be referred to correspondingly.
Correspondingly, the embodiment of the present application further provides an energy attack resistant compensation system for the elliptic curve cryptographic chip, which is implemented based on machine learning, and the energy attack resistant compensation system for the elliptic curve cryptographic chip includes:
the matrix acquisition module is used for acquiring a pre-trained preset mapping matrix, and the cost function of the preset mapping matrix is smaller than a preset threshold value;
the power consumption compensation module is used for inputting the preset mapping matrix as configuration information to a configuration port of a compensation circuit of the password chip so that the compensation circuit generates compensation power consumption according to the preset mapping matrix;
the preset mapping matrix is trained by a machine learning module, and the process of training the preset mapping matrix by the machine learning module specifically comprises the following steps:
acquiring an elliptic curve currently used by the password chip;
acquiring discrete probability distribution data of the intermediate Hamming value of the password chip according to the elliptic curve;
constructing a fuzzy probability distribution difference function, taking the fuzzy probability distribution difference function as a model, taking the discrete probability distribution data as a sample, and obtaining a parameter set in the model through a machine learning fitting algorithm;
and substituting the values of the parameter set into a cost function, and obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm.
Optionally, the process of obtaining the discrete probability distribution data of the intermediate hamming value of the cryptographic chip by the machine learning module according to the elliptic curve specifically includes:
using a random base point and a random private key value as input, and collecting a value of an intermediate value register in a circuit of the password chip as initial sample data;
and carrying out probability distribution statistics on the initial sample data to obtain the discrete probability distribution data.
Optionally, the process of constructing the fuzzy probability distribution difference function by the machine learning module specifically includes:
for any point a ═ (x, y) on the elliptic curve, let hd (a) ═ hd (x) + hd (y); wherein HD (A) represents the Hamming distance of point A, HD (x) represents the Hamming distance of coordinate x, and HD (y) represents the Hamming distance of coordinate y;
establishing a Hamming distance probability distribution model aiming at the point multiplication value of a random base point P: HD ([ k ]]P)∈N(μkk 2) (ii) a Wherein, [ k ]]P represents a multiple point operation in the orientation of the ellipse, N (. mu.)kk 2) Is expressed in μkIs a mean value, σkNormal distribution of standard deviation;
performing multiple iterations on the Hamming distance probability distribution model of the point product value of the random base point P by using the m-bit key;
summing the probability distribution difference functions obtained by each iteration to obtain an overall probability distribution difference function;
and establishing the fuzzy probability distribution difference function according to the overall probability distribution difference function.
Optionally, the specific process of constructing the cost function model by the machine learning module includes:
constructing a mapping matrix PM with the scale of (m +1) × (m +1), wherein m is the bit number of a private key, and each element PM (i, j) in the mapping matrix belongs to {0,1 };
let the initial hamming distance matrix HD be (0,1, …, m), where the value of the ith element represents the circuit actual median hamming distance as i;
let HD*=PM·HD,HD*The ith element of (a) represents a new hamming value compensated when the current hamming distance is i;
definition Am*1=APDD(Bm*1)=(APDD(b1),APDD(b2),…,APDD(bm) In which B) ism*1=(b1,b2,…,bm) Let P be APDD (HD)*) Representing the probability distribution value set of all the Hamming distance values after compensation;
constructing a cost function by reducing the sum of probability distribution differences of intermediate values under different keys and reducing compensated energy consumption as a target:
Figure BDA0003020489670000151
constructing an h function: h (x) ═ ax/m,x∈[0,m]The value range of the h function includes [1, a ]],a>1, the h function is an increasing concave function on a domain;
assuming that the preset threshold is 10-b
Figure BDA0003020489670000153
The cost function is then expressed as:
Figure BDA0003020489670000152
optionally, the process of substituting the value of the parameter set into the cost function by the machine learning module and obtaining the preset mapping matrix which makes the cost function smaller than the preset threshold through the optimization algorithm specifically includes:
initializing a learning value w as 1/3;
generating an adjusting random number r, and adjusting each element with the value of 1 in the mapping matrix according to the adjusting random number;
updating the learning factor of the learning value according to the change condition of the cost function corresponding to the adjusted mapping matrix and the adjustment condition of the element with the value of 1 in the mapping matrix;
and judging whether the cost function corresponding to the adjusted mapping matrix is smaller than the preset threshold value, if so, taking the current mapping matrix as the preset mapping matrix which enables the cost function to be smaller than the preset threshold value, and if not, returning to the step of generating the adjusted random number r.
To sum up, the embodiment of the present application provides an energy attack resistance compensation method and system for an elliptic curve cryptographic chip, wherein when a pre-trained preset mapping matrix is obtained, the energy attack resistance compensation method for the elliptic curve cryptographic chip first obtains discrete probability distribution data of a middle hamming value of the cryptographic chip according to an elliptic curve currently used by the cryptographic chip, then analyzes data statistical characteristics of the elliptic curve cryptographic chip at different keys, and establishes a probability distribution model of hamming distances of points on the current elliptic curve, so as to obtain a fuzzy probability distribution difference function, and obtains a parameter set in the model by using the fuzzy probability distribution difference function as a model, using the discrete probability distribution data as a sample and using a machine learning fitting algorithm; and finally, substituting the value of the parameter set into a cost function which is in direct proportion to the difference sum of all different keys in the private key set and the Hamming distance after compensation, obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm, and inputting the preset mapping matrix into a configuration port of a compensation circuit of a cryptographic chip as configuration information so that the compensation circuit generates compensation power consumption according to the preset mapping matrix. Meanwhile, the established compensation model can be suitable for a certain elliptic curve, and a new sample does not need to be acquired for retraining unless the parameters of the elliptic curve are changed, so that the method is suitable for off-line learning, the extra circuit cost is reduced, and the introduction of random numbers is avoided.
Features described in the embodiments in the present specification may be replaced with or combined with each other, each embodiment is described with a focus on differences from other embodiments, and the same and similar portions among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. An energy attack resisting compensation method for an elliptic curve cryptochip is characterized by being realized based on machine learning, and comprising the following steps of:
acquiring a pre-trained preset mapping matrix, wherein a cost function of the preset mapping matrix is smaller than a preset threshold value;
inputting the preset mapping matrix as configuration information to a configuration port of a compensation circuit of a password chip so that the compensation circuit generates compensation power consumption according to the preset mapping matrix;
the training process of the preset mapping matrix comprises the following steps:
acquiring an elliptic curve currently used by the password chip;
acquiring discrete probability distribution data of the intermediate Hamming value of the password chip according to the elliptic curve;
constructing a fuzzy probability distribution difference function, taking the fuzzy probability distribution difference function as a model, taking the discrete probability distribution data as a sample, and obtaining a parameter set in the model through a machine learning fitting algorithm;
and substituting the values of the parameter set into a cost function, and obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm.
2. The method of claim 1, wherein obtaining discrete probability distribution data of intermediate hamming values of the cryptographic chip from the elliptic curve comprises:
using a random base point and a random private key value as input, and collecting a value of an intermediate value register in a circuit of the password chip as initial sample data;
and carrying out probability distribution statistics on the initial sample data to obtain the discrete probability distribution data.
3. The method of claim 1, wherein constructing the fuzzy probability distribution difference function comprises:
for any point a ═ (x, y) on the elliptic curve, let hd (a) ═ hd (x) + hd (y); wherein HD (A) represents the Hamming distance of point A, HD (x) represents the Hamming distance of coordinate x, and HD (y) represents the Hamming distance of coordinate y;
establishing a Hamming distance probability distribution model aiming at the point multiplication value of a random base point P:
HD([k]P)∈N(μkk 2) (ii) a Wherein, [ k ]]P represents a multiple point operation in the orientation of the ellipse, N (. mu.)kk 2) Is expressed in μkIs a mean value, σkNormal distribution of standard deviation;
performing multiple iterations on the Hamming distance probability distribution model of the point product value of the random base point P by using the m-bit key;
summing the probability distribution difference functions obtained by each iteration to obtain an overall probability distribution difference function;
and establishing the fuzzy probability distribution difference function according to the overall probability distribution difference function.
4. The method of claim 1, wherein the constructing of the cost function model comprises:
constructing a mapping matrix PM with the scale of (m +1) × (m +1), wherein m is the bit number of a private key, and each element PM (i, j) in the mapping matrix belongs to {0,1 };
let the initial hamming distance matrix HD be (0,1, …, m), where the value of the ith element represents the circuit actual median hamming distance as i;
let HD*=PM·HD,HD*The ith element of (a) represents a new hamming value compensated when the current hamming distance is i;
definition Am*1=APDD(Bm*1)=(APDD(b1),APDD(b2),…,APDD(bm) In which B) ism*1=(b1,b2,…,bm) Let P be APDD (HD)*) Representing the probability distribution value set of all the Hamming distance values after compensation;
constructing a cost function by reducing the sum of probability distribution differences of intermediate values under different keys and reducing compensated energy consumption as a target:
Figure FDA0003020489660000021
constructing an h function: h (x) ═ ax/m,x∈[0,m]The value range of the h function includes [1, a ]],a>1, the h function is an increasing concave function on a domain;
assuming that the preset threshold is 10-b
Figure FDA0003020489660000023
The cost function is then expressed as:
Figure FDA0003020489660000022
5. the method according to claim 4, wherein the substituting the values of the parameter set into a cost function, and obtaining a preset mapping matrix that makes the cost function smaller than the preset threshold value through an optimization algorithm comprises:
initializing a learning value w as 1/3;
generating an adjusting random number r, and adjusting each element with the value of 1 in the mapping matrix according to the adjusting random number;
updating the learning factor of the learning value according to the change condition of the cost function corresponding to the adjusted mapping matrix and the adjustment condition of the element with the value of 1 in the mapping matrix;
and judging whether the cost function corresponding to the adjusted mapping matrix is smaller than the preset threshold value, if so, taking the current mapping matrix as the preset mapping matrix which enables the cost function to be smaller than the preset threshold value, and if not, returning to the step of generating the adjusted random number r.
6. The energy attack resisting compensation system for the elliptic curve crypto chip is realized based on machine learning and comprises the following components:
the matrix acquisition module is used for acquiring a pre-trained preset mapping matrix, and the cost function of the preset mapping matrix is smaller than a preset threshold value;
the power consumption compensation module is used for inputting the preset mapping matrix as configuration information to a configuration port of a compensation circuit of the password chip so that the compensation circuit generates compensation power consumption according to the preset mapping matrix;
the preset mapping matrix is trained by a machine learning module, and the process of training the preset mapping matrix by the machine learning module specifically comprises the following steps:
acquiring an elliptic curve currently used by the password chip;
acquiring discrete probability distribution data of the intermediate Hamming value of the password chip according to the elliptic curve;
constructing a fuzzy probability distribution difference function, taking the fuzzy probability distribution difference function as a model, taking the discrete probability distribution data as a sample, and obtaining a parameter set in the model through a machine learning fitting algorithm;
and substituting the values of the parameter set into a cost function, and obtaining a preset mapping matrix which enables the cost function to be smaller than the preset threshold value through an optimization algorithm.
7. The system of claim 6, wherein the process of the machine learning module obtaining the discrete probability distribution data of the intermediate hamming value of the cryptographic chip according to the elliptic curve specifically comprises:
using a random base point and a random private key value as input, and collecting a value of an intermediate value register in a circuit of the password chip as initial sample data;
and carrying out probability distribution statistics on the initial sample data to obtain the discrete probability distribution data.
8. The system according to claim 6, wherein the process of constructing the fuzzy probability distribution difference function by the machine learning module specifically comprises:
for any point a ═ (x, y) on the elliptic curve, let hd (a) ═ hd (x) + hd (y); wherein HD (A) represents the Hamming distance of point A, HD (x) represents the Hamming distance of coordinate x, and HD (y) represents the Hamming distance of coordinate y;
establishing a Hamming distance probability distribution model aiming at the point multiplication value of a random base point P:
HD([k]P)∈N(μkk 2) (ii) a Wherein, [ k ]]P represents a multiple point operation in the orientation of the ellipse, N (. mu.)kk 2) Is expressed in μkIs a mean value, σkNormal distribution of standard deviation;
performing multiple iterations on the Hamming distance probability distribution model of the point product value of the random base point P by using the m-bit key;
summing the probability distribution difference functions obtained by each iteration to obtain an overall probability distribution difference function;
and establishing the fuzzy probability distribution difference function according to the overall probability distribution difference function.
9. The system of claim 6, wherein the specific process of the machine learning module to construct the cost function model comprises:
constructing a mapping matrix PM with the scale of (m +1) × (m +1), wherein m is the bit number of a private key, and each element PM (i, j) in the mapping matrix belongs to {0,1 };
let the initial hamming distance matrix HD be (0,1, …, m), where the value of the ith element represents the circuit actual median hamming distance as i;
let HD*=PM·HD,HD*The ith element of (a) represents a new hamming value compensated when the current hamming distance is i;
definition Am*1=APDD(Bm*1)=(APDD(b1),APDD(b2),…,APDD(bm) In which B) ism*1=(b1,b2,…,bm) Let P be APDD (HD)*) Representing the probability distribution value set of all the Hamming distance values after compensation;
constructing a cost function by reducing the sum of probability distribution differences of intermediate values under different keys and reducing compensated energy consumption as a target:
Figure FDA0003020489660000041
constructing an h function: h (x) ═ ax/m,x∈[0,m]The value range of the h function includes [1, a ]],a>1, the h function is an increasing concave function on a domain;
assuming that the preset threshold is 10-b
Figure FDA0003020489660000043
Then the cost function tableShown as follows:
Figure FDA0003020489660000042
10. the system according to claim 9, wherein the process of the machine learning module substituting the values of the parameter set into the cost function and obtaining the preset mapping matrix that makes the cost function smaller than the preset threshold value through the optimization algorithm specifically comprises:
initializing a learning value w as 1/3;
generating an adjusting random number r, and adjusting each element with the value of 1 in the mapping matrix according to the adjusting random number;
updating the learning factor of the learning value according to the change condition of the cost function corresponding to the adjusted mapping matrix and the adjustment condition of the element with the value of 1 in the mapping matrix;
and judging whether the cost function corresponding to the adjusted mapping matrix is smaller than the preset threshold value, if so, taking the current mapping matrix as the preset mapping matrix which enables the cost function to be smaller than the preset threshold value, and if not, returning to the step of generating the adjusted random number r.
CN202110401458.8A 2021-04-14 2021-04-14 Energy attack resisting compensation method and system for elliptic curve crypto chip Active CN113225187B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110401458.8A CN113225187B (en) 2021-04-14 2021-04-14 Energy attack resisting compensation method and system for elliptic curve crypto chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110401458.8A CN113225187B (en) 2021-04-14 2021-04-14 Energy attack resisting compensation method and system for elliptic curve crypto chip

Publications (2)

Publication Number Publication Date
CN113225187A true CN113225187A (en) 2021-08-06
CN113225187B CN113225187B (en) 2022-07-12

Family

ID=77087218

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110401458.8A Active CN113225187B (en) 2021-04-14 2021-04-14 Energy attack resisting compensation method and system for elliptic curve crypto chip

Country Status (1)

Country Link
CN (1) CN113225187B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114386444A (en) * 2021-12-29 2022-04-22 中电海康集团有限公司 RFID label anti-collision method and system based on fuzzy collision probability prediction
CN114679251A (en) * 2022-05-26 2022-06-28 广州万协通信息技术有限公司 Reconfigurable array power consumption attack resisting method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562522A (en) * 2009-05-06 2009-10-21 深圳先进技术研究院 Realization method of elliptic curve cryptosystem for preventing side-channel attack
CN101826142A (en) * 2010-04-19 2010-09-08 中国人民解放军信息工程大学 Reconfigurable elliptic curve cipher processor
CN103646219A (en) * 2013-11-29 2014-03-19 东南大学 Power consumption compensation and attack resisting circuit based on neural network power consumption predication and control method
CN103812642A (en) * 2014-01-24 2014-05-21 天津大学 Security detection method for design of cryptographic algorithm hardware
CN104917608A (en) * 2015-05-19 2015-09-16 清华大学 Key anti-power attack method
US20160134417A1 (en) * 2014-11-10 2016-05-12 Umm Al-Qura University Method for efficiently protecting elliptic curve cryptography against simple power analysis attacks

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562522A (en) * 2009-05-06 2009-10-21 深圳先进技术研究院 Realization method of elliptic curve cryptosystem for preventing side-channel attack
CN101826142A (en) * 2010-04-19 2010-09-08 中国人民解放军信息工程大学 Reconfigurable elliptic curve cipher processor
CN103646219A (en) * 2013-11-29 2014-03-19 东南大学 Power consumption compensation and attack resisting circuit based on neural network power consumption predication and control method
CN103812642A (en) * 2014-01-24 2014-05-21 天津大学 Security detection method for design of cryptographic algorithm hardware
US20160134417A1 (en) * 2014-11-10 2016-05-12 Umm Al-Qura University Method for efficiently protecting elliptic curve cryptography against simple power analysis attacks
CN104917608A (en) * 2015-05-19 2015-09-16 清华大学 Key anti-power attack method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ANUM SAJJAD: "Kleptographic Attack on Elliptic Curve Based Cryptographic Protocols", 《IEEE ACCESS》 *
ZHAO TUO: "Method for improving energy efficiency of elliptic curve cryptography algorithm on reconfigurable symmetric cipher processor", 《ASICON》 *
戴紫彬等: "椭圆曲线密码处理器的高效并行处理架构研究与设计", 《电子与信息学报》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114386444A (en) * 2021-12-29 2022-04-22 中电海康集团有限公司 RFID label anti-collision method and system based on fuzzy collision probability prediction
CN114386444B (en) * 2021-12-29 2024-02-13 中电海康集团有限公司 RFID tag anti-collision method and system based on fuzzy collision probability prediction
CN114679251A (en) * 2022-05-26 2022-06-28 广州万协通信息技术有限公司 Reconfigurable array power consumption attack resisting method, device, equipment and storage medium
CN114679251B (en) * 2022-05-26 2022-10-18 广州万协通信息技术有限公司 Reconfigurable array power consumption attack resisting method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN113225187B (en) 2022-07-12

Similar Documents

Publication Publication Date Title
Zhang et al. Set-based obfuscation for strong PUFs against machine learning attacks
Shi et al. Approximation attacks on strong PUFs
CN113225187B (en) Energy attack resisting compensation method and system for elliptic curve crypto chip
Guan et al. Chaos-based image encryption algorithm
Liu et al. Privacy-preserving outsourced support vector machine design for secure drug discovery
CN106023051B (en) DNA image encryption method and system based on cloud model and hyperchaotic system
Zhao et al. PVD-FL: A privacy-preserving and verifiable decentralized federated learning framework
Hong et al. A versatile pulse control method to generate arbitrary multidirection multibutterfly chaotic attractors
Santikellur et al. A computationally efficient tensor regression network-based modeling attack on XOR arbiter PUF and its variants
CN107241324B (en) Machine learning-based method and circuit for preventing bypass attack by power consumption compensation of cryptographic circuit
Kong et al. A class of 2n+ 1 dimensional simplest hamiltonian conservative chaotic systems and fast image encryption schemes
Wang et al. An image encryption scheme using a chaotic neural network and a network with multistable hyperchaos
Karras et al. On neural network techniques in the secure management of communication systems through improving and quality assessing pseudorandom stream generators
CN110190951A (en) A kind of power consumption attack method and system for the overturning of DES algorithm L register
Xiao et al. A dynamic-varying parameter enhanced ZNN model for solving time-varying complex-valued tensor inversion with its application to image encryption
Wang et al. Privacy-preserving split learning for large-scaled vision pre-training
Cao et al. Privacy-preserving healthcare monitoring for IoT devices under edge computing
Temenos et al. A stochastic computing sigma-delta adder architecture for efficient neural network design
Su et al. Machine learning attacks on voltage over-scaling-based lightweight authentication
CN114358323A (en) Third-party-based efficient Pearson coefficient calculation method in federated learning environment
Feizi et al. Digital hardware implementation of lightweight cryptography algorithm using neural networks
Aizaz et al. Energy efficient approximate booth multipliers using compact error compensation circuit for mitigation of truncation error
Xu et al. HyperMetric: Robust Hyperdimensional Computing on Error-prone Memories using Metric Learning
CN111600700A (en) Nonlinear mapping order-preserving encryption method based on random function
Ma et al. Machine learning attacks resistant strong PUF design utilizing response obfuscates challenge with lower hardware overhead

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant