WO2016019670A1 - Anti-attack encryption and decryption method and device of block cipher - Google Patents

Anti-attack encryption and decryption method and device of block cipher Download PDF

Info

Publication number
WO2016019670A1
WO2016019670A1 PCT/CN2014/093472 CN2014093472W WO2016019670A1 WO 2016019670 A1 WO2016019670 A1 WO 2016019670A1 CN 2014093472 W CN2014093472 W CN 2014093472W WO 2016019670 A1 WO2016019670 A1 WO 2016019670A1
Authority
WO
WIPO (PCT)
Prior art keywords
normal
encryption
result
decryption
output
Prior art date
Application number
PCT/CN2014/093472
Other languages
French (fr)
Chinese (zh)
Inventor
赵东艳
杜新纲
于艳艳
胡晓波
李娜
甘杰
Original Assignee
国家电网公司
北京南瑞智芯微电子科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国家电网公司, 北京南瑞智芯微电子科技有限公司 filed Critical 国家电网公司
Publication of WO2016019670A1 publication Critical patent/WO2016019670A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols

Definitions

  • the present invention relates to the technical field of information security in the communication field, in particular to a method and device for encryption and decryption of block ciphers against attacks.
  • Block cipher algorithm is one of the most commonly used encryption methods. Block cipher algorithm has the characteristics of fast speed, easy standardization and easy implementation of software and hardware. It is usually the core cipher algorithm for data encryption, message authentication and authentication in information security. At present, the more popular block cipher algorithms include DES algorithm, AES algorithm and so on.
  • Fault attack is a powerful attack method that has emerged in recent years. Its basic principle is to place the cryptographic chip in a strong magnetic field, or change the power supply voltage, operating frequency, temperature, etc. of the chip, so that the registers and memory in the cryptographic chip generate random errors during the encryption and decryption process, and some output bits are changed from the original The 0 becomes 1 or 1 becomes 0. By comparing the difference between the correct password output and the wrong password output, after theoretical analysis, the password data information inside the chip can be obtained.
  • Common methods for preventing failure attacks in block ciphers include: performing multiple operations on the same data and comparing the results of multiple operations to see if the results are consistent; after performing normal operations on certain data, perform inverse operations on the results of the operations, and compare the results of the inverse operations with the original input Whether the data is consistent.
  • the present invention is to overcome the defect of low security of block cipher in preventing attacks in the prior art. According to one aspect of the present invention, a block cipher anti-attack encryption method is proposed.
  • the F function When the wrong encryption result is input to the F function, the invalid result that the attacker cannot use is output; when the two normal encryption operations are not injected with faults, the F function outputs the correct encryption operation result.
  • the present invention is to overcome the defect of low security of block ciphers in preventing attacks in the prior art.
  • an encryption device for block ciphers against attacks is proposed.
  • Encryption operation module used to receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the encryption result for the input F function;
  • the fault receiving module is used to receive the faults injected once or twice during the normal encryption operation during the normal encryption operation, and instruct the encryption operation module to output the wrong encryption result;
  • the result output module is used to output the invalid result that the attacker cannot use after the wrong encryption result is input into the F function; when the two normal encryption operations are not injected with faults, the correct encryption operation result is output.
  • the embodiment of the invention discloses a block cipher anti-attack encryption method and device, which are injected with faults during the first and/or second normal encryption operation, and the encryption result output by the first normal encryption operation is compared with The encryption result output by the second normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations. Finally, the F function outputs invalid results that cannot be used by the attacker, effectively resisting block ciphers.
  • the double-point attack of the algorithm improves the security of the encryption process of the block cipher algorithm.
  • the present invention is to overcome the defect of low security of block cipher in preventing attacks in the prior art. According to one aspect of the present invention, a decryption method for block cipher to prevent attacks is proposed.
  • the F function When the wrong decryption result is input into the F function, the invalid result that the attacker cannot use is output; when the two normal decryption operations are not injected with faults, the F function outputs the correct decryption operation result.
  • the present invention is to overcome the defect of low security of block ciphers in preventing attacks in the prior art.
  • a decryption device for block ciphers against attacks is proposed.
  • the decryption operation module is used to receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the decryption result for the input F function;
  • the fault receiving module is used to receive the faults injected once or twice during the normal decryption operation during the normal decryption operation, and instruct the decryption operation module to output the wrong decryption result;
  • the result output module is used to output an invalid result that cannot be used by the attacker after the wrong decryption result is input into the F function; when no fault is injected into the two normal decryption operations, the correct decryption operation result is output.
  • the embodiment of the present invention discloses a decryption method and device for preventing block ciphers from attacking.
  • a fault is injected during the first and/or second normal decryption operation, and the decryption result output by the first normal decryption operation is compared with The decryption result output by the second normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations.
  • the F function outputs invalid results that the attacker cannot use, effectively resisting block ciphers.
  • the double-point attack of the algorithm improves the security of the decryption process of the block cipher algorithm.
  • FIG. 1 is a schematic diagram of the flow of the failure attack on the block cipher in the prior art
  • Embodiment 1 of an encryption method for preventing block cipher attacks according to the present invention
  • FIG. 3 is a flowchart of Embodiment 2 of the encryption method for block cipher attack prevention according to the present invention
  • Embodiment 4 is a flowchart of Embodiment 3 of an encryption method for preventing block cipher attacks according to the present invention
  • FIG. 5 is a flowchart of Embodiment 4 of an encryption method for preventing block cipher attacks according to the present invention
  • Embodiment 6 is a flowchart of Embodiment 1 of the decryption method for preventing block cipher attacks according to the present invention
  • FIG. 7 is a flowchart of Embodiment 2 of the decryption method for preventing block cipher attacks according to the present invention.
  • FIG. 8 is a flowchart of Embodiment 3 of the decryption method for preventing the block cipher from attacking according to the present invention.
  • Embodiment 9 is a flowchart of Embodiment 4 of the decryption method for block cipher anti-attack according to the present invention.
  • FIG. 10 is a structural diagram of an embodiment of an encryption device for preventing block cipher attacks according to the present invention.
  • Fig. 11 is a structural diagram of an embodiment of a decryption device for preventing block cipher attacks according to the present invention.
  • the inventor of the present invention found in the analysis and research of the above-mentioned prior art that in the process of running a block cipher algorithm for encryption or decryption, if a faulty injection is detected, the chip should not output the wrong calculation result, otherwise the attacker can use it. Incorrect calculation results are used for differential fault attacks.
  • the embodiment of the present invention provides a block cipher anti-attack method. When a fault is injected in the operation process, an incorrect operation result is not output, but an invalid result that cannot be used by an attacker is output.
  • the invalid result is the correct first normal operation result C and the wrong second normal operation result C'(that is, the second error encryption Result)
  • the result of the operation processed by a certain F function.
  • the invalid result is the wrong first normal operation result C (that is, the first wrong encryption result) and correct
  • the second normal operation result C' is the result of the operation after being processed by a certain F function.
  • the invalid result is the wrong first normal operation result C (that is, the first wrong encryption result) and the wrong second normal operation result C'(that is, the second wrong encryption result) is the result of the operation after being processed by a certain F function.
  • the embodiment of the present invention discloses a block cipher anti-attack encryption method, including:
  • Step 201 The plaintext P is input into the encryption module, and the first normal encryption operation is performed. At the same time, the fault is injected into this step, so the output is the wrong encryption result C;
  • Step 203 The same plaintext P is input into the encryption module again, and the second normal encryption operation is performed, and the output is the correct encryption result C';
  • Step 205 Input the wrong encryption result C in step 201 and the correct encryption result C'in step 203 into the F function, and the output of this function is Y; the input of the F function contains the wrong encryption result C, so the output operation result is an attack Invalid results that cannot be used by the person;
  • the encryption result C consists of two parts L and R
  • R, C' L'
  • the F function can be defined as:
  • the F function may or may not be injected into the fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that cannot be used by an attacker.
  • Step 207 Perform an encryption operation on the plaintext P, and output an invalid result Y that the attacker cannot use.
  • the embodiment of Figure 2 discloses a block cipher anti-attack encryption method.
  • a fault is injected during the first normal encryption operation, and the error encryption result output by the first normal encryption operation and the second time
  • the correct encryption result output by the normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations.
  • the F function outputs invalid results that cannot be used by the attacker, effectively resisting the block cipher algorithm.
  • the double-point attack improves the security of the encryption process of the block cipher algorithm.
  • the embodiment of the present invention discloses another block cipher anti-attack encryption method, including:
  • Step 301 The plaintext P is input into the encryption module, and the first normal encryption operation is performed, and the output is the correct encryption result C;
  • Step 303 The same plaintext P is input into the encryption module again, and the second normal encryption operation is performed. At the same time, a fault is injected into this step, so the output is the wrong encryption result C';
  • Step 305 Input the correct encryption result C in step 301 and the incorrect encryption result C'in step 303 into the F function, and the output of this function is Y; the input of the F function contains the incorrect encryption result C', so the output operation result is Invalid results that cannot be exploited by the attacker;
  • the encryption result C consists of two parts L and R
  • R, C' L'
  • the F function can be defined as:
  • the F function may or may not be injected into a fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that an attacker cannot use.
  • Step 307 Perform an encryption operation on the plaintext P, and output an invalid result Y that the attacker cannot use.
  • the embodiment of Figure 3 discloses a block cipher anti-attack encryption method.
  • a fault is injected during the second normal encryption operation, and the wrong encryption result output by the second normal encryption operation in which the fault is injected is compared with that of the first normal encryption operation.
  • the correct encryption result output by the normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations.
  • the F function outputs invalid results that cannot be used by the attacker, effectively resisting the block cipher algorithm.
  • the double-point attack improves the security of the encryption process of the block cipher algorithm.
  • the embodiment of the present invention discloses a third block cipher anti-attack encryption method, including:
  • Step 401 The plaintext P is input into the encryption module, and the first normal encryption operation is performed. At the same time, the fault is injected into this step, so the wrong encryption result C is output;
  • Step 403 The same plaintext P is input into the encryption module again, and the second normal encryption is performed To At the same time, the fault is injected into this step, so the output is also the wrong encryption result C’;
  • Step 405 Input the wrong encryption result C in step 401 and the wrong encryption result C'in step 403 into the F function, and the output of this function is Y; the input of the F function contains the wrong encryption results C and C', so the output operation The result is an invalid result that cannot be exploited by the attacker;
  • the encryption result C consists of two parts L and R
  • R, C' L'
  • the F function can be defined as:
  • the F function may or may not be injected into a fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that an attacker cannot use.
  • Step 407 Perform an encryption operation on the plaintext P, and output an invalid result Y that the attacker cannot use.
  • the embodiment of Fig. 4 discloses a third block cipher anti-attack encryption method. Faults are injected during the first and second normal encryption operations, and errors are injected into the output of the first normal encryption operation.
  • the encryption result and the wrong encryption result output from the second normal encryption operation that is also injected with the fault are input into the F function, which reduces the steps of comparing the results of the two normal encryption operations, and finally the F function outputs the invalidity that cannot be exploited by the attacker.
  • the double-point attack on the block cipher algorithm is effectively resisted, and the security of the encryption process of the block cipher algorithm is improved.
  • the embodiment of the present invention discloses a fourth block cipher anti-attack encryption method, including:
  • Step 501 The plaintext P is input into the encryption module, and the first normal encryption operation is performed, and the output is the correct encryption result C;
  • Step 503 The same plaintext P is input into the encryption module again, and the second normal encryption operation is performed, and the output is also the correct encryption result C';
  • Step 505 Input the correct encryption result C in step 501 and the correct encryption result C'in step 503 into the F function, and the output of the function is Y; the input of the F function is the correct encryption result, so the output operation result is correct The result of encryption operation;
  • the F function may or may not be injected into a fault. Such as To If the F function is not injected with a fault, the operation result output by the F function is the correct encryption operation result. If the F function is injected with a fault, as in the above embodiment, the F function will also output an invalid result that cannot be used by an attacker.
  • Step 507 Perform an encryption operation on the plaintext P, and output a correct encryption operation result.
  • the embodiment of Figure 5 discloses a block cipher anti-attack encryption method. No fault is injected during two normal encryption operations, and the correct encryption results of the two normal encryption operations are input into the F function, which is determined by the F function. Output the correct encryption operation result, effectively resist the double-point attack on the block cipher algorithm, and improve the security of the encryption process of the block cipher algorithm.
  • an embodiment of the present invention discloses a decryption method for block cipher attack prevention, including:
  • Step 601 The ciphertext P is input into the decryption module, and the first normal decryption operation is performed. At the same time, the fault is injected into this step, so the wrong decryption result C is output;
  • Step 603 The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed, and the output is the correct decryption result C';
  • Step 605 Input the wrong decryption result C in step 601 and the correct decryption result C'in step 603 into the F function, and the output of this function is Y; the input of the F function contains the wrong decryption result C, so the output operation result is an attack Invalid results that cannot be used by the person;
  • the decryption result C consists of two parts L and R
  • R, C' L'
  • the F function can be defined as:
  • the F function may or may not be injected into the fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that cannot be used by an attacker.
  • Step 607 Perform a decryption operation on the ciphertext P, and output an invalid result Y that the attacker cannot use.
  • the embodiment of Fig. 6 discloses a decryption method for block ciphers against attacks.
  • a fault is injected during the first normal decryption operation, and the error decryption result output by the first normal decryption operation and the second decryption result of the injected fault are compared with the second normal decryption operation.
  • the correct decryption result output by the normal decryption operation is input to the F function To It reduces the steps of comparing the results of two normal decryption operations.
  • the F function outputs invalid results that cannot be used by the attacker. This effectively resists the double-point attack on the block cipher algorithm and improves the decryption process of the block cipher algorithm. safety.
  • the embodiment of the present invention discloses another method for decrypting block ciphers against attacks, including:
  • Step 701 The ciphertext P is input into the decryption module, the first normal decryption operation is performed, and the correct decryption result C is output;
  • Step 703 The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed. At the same time, a fault is injected into this step, so the wrong decryption result C'is output;
  • Step 705 Input the correct decryption result C in step 701 and the incorrect decryption result C'in step 703 into the F function, and the output of this function is Y; the input of the F function contains the wrong decryption result C', so the output operation result is Invalid results that cannot be exploited by the attacker;
  • the decryption result C consists of two parts L and R
  • R, C' L'
  • the F function can be defined as:
  • the F function may or may not be injected into a fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that cannot be used by an attacker.
  • Step 707 Perform a decryption operation on the ciphertext P, and output an invalid result Y that the attacker cannot use.
  • FIG. 7 discloses a decryption method for block cipher attack prevention.
  • a fault is injected during the second normal decryption operation, and the error decryption result output by the second normal decryption operation of the injected fault is compared with the first normal decryption operation.
  • the correct decryption result output by the normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations.
  • the F function outputs invalid results that the attacker cannot use, effectively resisting the block cipher algorithm.
  • the double-point attack improves the security of the decryption process of the block cipher algorithm.
  • the embodiment of the present invention discloses a third method for decrypting block ciphers against attacks, including: To
  • Step 801 The ciphertext P is input into the decryption module, and the first normal decryption operation is performed. At the same time, the fault is injected into this step, so the output is the wrong decryption result C;
  • Step 803 The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed. At the same time, a fault is injected into this step, so the wrong decryption result C'is output;
  • Step 805 Input the wrong decryption result C in step 801 and the wrong decryption result C in step 803 into the F function, and the output of this function is Y; the input of the F function contains the wrong decryption results C and C', so the output operation The result is an invalid result that cannot be exploited by the attacker;
  • the decryption result C consists of two parts L and R
  • R, C' L'
  • the F function can be defined as:
  • the F function may or may not be injected into the fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that cannot be used by an attacker.
  • Step 807 Perform a decryption operation on the plaintext P, and output an invalid result Y that the attacker cannot use.
  • the embodiment of Figure 8 discloses a third block cipher anti-attack decryption method. Faults are injected during the first and second normal decryption operations, and errors are injected into the first normal decryption operation. The decryption result and the wrong decryption result output from the second normal decryption operation that is also injected into the fault are input into the F function, which reduces the steps of comparing the results of the two normal decryption operations. Finally, the F function outputs the invalidity that the attacker cannot use. As a result, the double-point attack on the block cipher algorithm is effectively resisted, and the security of the decryption process of the block cipher algorithm is improved.
  • the embodiment of the present invention discloses a fourth block cipher anti-attack decryption method, including:
  • Step 901 The ciphertext P is input into the decryption module, and the first normal decryption operation is performed, and the correct decryption result C is output;
  • Step 903 The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed, and the output is also the correct decryption result C';
  • Step 905 Decrypt the correct decryption result C in step 901 and the correct decryption in step 903 To Result C’ inputs the F function, and the output of the function is Y; the input of the F function is the correct decryption result, so the output operation result is the correct decryption operation result;
  • the decryption result C consists of two parts L and R
  • R, C' L'
  • the F function can be defined as:
  • the F function may or may not be injected into a fault. If the F function is not injected with a fault, the operation result output by the F function is the correct decryption operation result. If the F function is injected with a fault, as in the above embodiment, the F function will also output an invalid result that the attacker cannot use.
  • Step 907 Perform a decryption operation on the ciphertext P, and output a correct decryption operation result.
  • Fig. 9 discloses a decryption method for block ciphers against attacks. No fault is injected during two normal decryption operations, and the correct decryption results of the two normal decryption operations are input into the F function, which is determined by the F function. Output the correct decryption operation result, effectively resist the double-point attack on the block cipher algorithm, and improve the security of the decryption process of the block cipher algorithm.
  • a block cipher anti-attack encryption device including:
  • the encryption operation module 10 is used to receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the correct encryption result;
  • the fault receiving module 20 is used to receive the faults injected once or twice during the normal encryption operation during the normal encryption operation, and instruct the encryption operation module 10 to output the wrong encryption result;
  • the result output module 30 is used to output an invalid result that cannot be used by an attacker after the wrong encryption result is input into the F function; when no fault is injected into the two normal encryption operation processes, output the correct encryption operation result.
  • the encryption result of the first normal encryption operation is C
  • the encryption result of the second normal encryption operation is C'.
  • C is composed of two parts, L and R
  • R, C' L'
  • the fault receiving module 20 is specifically used to receive the fault injected into the normal encryption operation for the first time when the plaintext P is subjected to the first normal encryption operation, and output the wrong encryption result;
  • the fault receiving module 20 is specifically used to output the correct encryption result when the plaintext P is subjected to the first normal encryption operation
  • the fault receiving module 20 is also specifically used for,
  • FIG. 10 discloses a block cipher anti-attack encryption device, which is injected with a fault during the first and/or second normal encryption operation, and combines the encryption result output by the first normal encryption operation with the second
  • the encryption result output by the normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations.
  • the F function outputs invalid results that cannot be used by the attacker, effectively resisting the block cipher algorithm.
  • the double-point attack improves the security of the encryption process of the block cipher algorithm.
  • a decryption device for block cipher attack prevention including:
  • the decryption operation module 40 is used to receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the correct decryption result;
  • the fault receiving module 50 is configured to receive the faults injected once or twice during the normal decryption operation during the normal decryption operation, and instruct the decryption operation module 40 to output the wrong decryption result;
  • the result output module 60 is used to output an invalid result that cannot be used by an attacker after the wrong decryption result is input into the F function; when no fault is injected into the two normal decryption operations, output the correct decryption operation result.
  • the decryption result of the first normal decryption operation is C
  • the decryption result of the second normal decryption operation is C'.
  • R, C' L'
  • the fault receiving module 50 is specifically configured to receive the fault injected into the normal decryption operation this time when performing the first normal decryption operation on the ciphertext P, and output the wrong decryption result;
  • the fault receiving module 50 is also specifically used to output the correct decryption result when performing the first normal decryption operation on the ciphertext P;
  • the fault receiving module 50 is also specifically used to receive the fault injected into the normal decryption operation this time when performing the first normal decryption operation on the ciphertext P, and output the wrong decryption result;
  • the embodiment of Figure 11 discloses a block cipher anti-attack decryption device, which is injected with a fault during the first and/or second normal decryption operation, and combines the decryption result output from the first normal decryption operation with the second normal decryption operation.
  • the decryption result output by the normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations.
  • the F function outputs invalid results that cannot be used by the attacker, effectively resisting the block cipher algorithm.
  • the double-point attack improves the security of the decryption process of the block cipher algorithm.

Abstract

Disclosed are an anti-attack encryption and decryption method and device of a block cipher, the encryption method comprising: receiving a plaintext P requiring encryption, conducting normal encryption calculations on the plaintext P twice, and outputting a correct encryption result for input into an F function; when conducting the normal encryption calculations, inserting a fault during the normal encryption calculation process once or twice, and outputting a wrong encryption result; and after inputting the wrong encryption result into the F function, outputting an invalid result unusable by an attacker. An embodiment of the present invention is inserted with the fault during a first and/or second normal encryption calculations, and inputs into the F function two output encryption results, eliminating the step of comparing the two normal encryption calculation results, and the F function outputs the invalid result unusable by the attacker, thus effectively resisting a double-point attack on a block cipher algorithm, and improving the security of the encryption process of the block cipher algorithm.

Description

一种分组密码防攻击的加解密方法和装置Method and device for encrypting and decrypting block cipher against attack 技术领域Technical field
本发明涉及通信领域中信息安全技术领域,具体地,涉及分组密码防攻击的加解密的方法和装置。The present invention relates to the technical field of information security in the communication field, in particular to a method and device for encryption and decryption of block ciphers against attacks.
背景技术Background technique
随着计算机和通信技术的发展,用户对信息的安全存储、安全处理和安全传输的需求越来越强烈。特别地,随着Internet的广泛应用,信息安全问题显得越来越重要。解决上述问题的有效手段之一是使用现代密码技术,各种密码算法不断出现。分组密码算法是一种最常用的加密手段,分组密码算法具有速度快、易于标准化和便于软硬件实现等特点,通常是信息安全中实现数据加密、消息鉴别和认证的核心密码算法。目前,比较流行的分组密码算法包括DES算法、AES算法等。With the development of computer and communication technology, users have increasingly strong demands for the safe storage, safe processing and safe transmission of information. In particular, with the widespread use of the Internet, information security issues become more and more important. One of the effective means to solve the above-mentioned problems is to use modern cryptographic technology, and various cryptographic algorithms continue to appear. Block cipher algorithm is one of the most commonly used encryption methods. Block cipher algorithm has the characteristics of fast speed, easy standardization and easy implementation of software and hardware. It is usually the core cipher algorithm for data encryption, message authentication and authentication in information security. At present, the more popular block cipher algorithms include DES algorithm, AES algorithm and so on.
随着信息安全问题日益受到人们的关注,对密码算法的各种分析和攻击方法也不断出现。故障攻击是近年来出现的一种强有力的攻击方法。它的基本原理是将密码芯片置于强磁场中,或者改变芯片的电源电压、工作频率、温度等,使密码芯片中的寄存器、存储器在加解密过程中产生随机错误,某些输出比特从原来的0变成1或1变成0。通过对正确密码输出和错误密码输出的差分比较,经过理论分析,就可得出芯片内部的密码数据信息。As the issue of information security has received increasing attention from people, various analysis and attack methods of cryptographic algorithms have continued to appear. Fault attack is a powerful attack method that has emerged in recent years. Its basic principle is to place the cryptographic chip in a strong magnetic field, or change the power supply voltage, operating frequency, temperature, etc. of the chip, so that the registers and memory in the cryptographic chip generate random errors during the encryption and decryption process, and some output bits are changed from the original The 0 becomes 1 or 1 becomes 0. By comparing the difference between the correct password output and the wrong password output, after theoretical analysis, the password data information inside the chip can be obtained.
分组密码常见的防故障攻击的方法包括:对同一数据进行多次运算,比较多次运算的结果是否一致;对某数据进行正常运算后,对运算结果进行逆运算,比较逆运算结果与原始输入数据是否一致。Common methods for preventing failure attacks in block ciphers include: performing multiple operations on the same data and comparing the results of multiple operations to see if the results are consistent; after performing normal operations on certain data, perform inverse operations on the results of the operations, and compare the results of the inverse operations with the original input Whether the data is consistent.
如图1所示,如果攻击者在对明文P进行第一次正常运算时注入故障,那么该第一次正常运算输出的结果C即为错误的结果,对明文P进行第二次正常运算时输出的结果C’为正确的结果,此时C≠C’;然后将结果C与结果C’进行比较,即判定C与C’是否相等,并在该结果比较时再次注入故障,由于故障的注入,存在将“C≠C’”攻击成“C=C’”的可能。如果注入故障将“C≠C’”攻击成“C=C’”,则比较结果输出为错误结果C。攻击者获得该错误结果C,加上另外之前已获得的正确结果C’,就能够获得有用的故障信息,从而获得敏感信息。 As shown in Figure 1, if the attacker injects a fault during the first normal operation of the plaintext P, then the output result C of the first normal operation is the wrong result. When the second normal operation is performed on the plaintext P The output result C'is the correct result, at this time C≠C'; then the result C is compared with the result C', that is, it is determined whether C and C'are equal, and the fault is injected again when the result is compared. Injection, there is a possibility of attacking "C≠C'" into "C=C'". If the injection fault attacks "C≠C'" into "C=C'", the comparison result is output as the wrong result C. The attacker obtains the erroneous result C, plus the correct result C'obtained before, to obtain useful fault information, thereby obtaining sensitive information. To
同理,如果攻击者在对明文P进行第一次正常运算时未注入故障,对明文P进行第二次正常运算时注入故障,与上述情况类似,攻击者仍就能够获得错误结果C’,加上另外之前已获得的正确结果C,就能够获得有用的故障信息,从而获得敏感信息。Similarly, if the attacker does not inject a fault during the first normal operation of the plaintext P, and injects a fault during the second normal operation of the plaintext P, similar to the above situation, the attacker can still obtain the wrong result C', With the addition of the correct result C that has been obtained before, useful fault information can be obtained, and thus sensitive information can be obtained.
发明内容Summary of the invention
本发明是为了克服现有技术中分组密码在防止攻击时安全性较低的缺陷,根据本发明的一个方面,提出一种分组密码防攻击的加密方法。The present invention is to overcome the defect of low security of block cipher in preventing attacks in the prior art. According to one aspect of the present invention, a block cipher anti-attack encryption method is proposed.
根据本发明实施例的分组密码防攻击的加密方法,包括:The encryption method for block cipher attack prevention according to the embodiment of the present invention includes:
接收需加密的明文P,对明文P进行两次正常加密运算,输出用于输入F函数的加密结果;Receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the encryption result for the input F function;
在进行正常加密运算时,当正常加密运算过程被一次或两次注入故障时,输出错误加密结果;During the normal encryption operation, when the normal encryption operation process is injected into the fault once or twice, the wrong encryption result will be output;
当错误加密结果输入F函数后,输出攻击者无法利用的无效结果;当两次正常加密运算过程未被注入故障时,F函数输出正确的加密运算结果。When the wrong encryption result is input to the F function, the invalid result that the attacker cannot use is output; when the two normal encryption operations are not injected with faults, the F function outputs the correct encryption operation result.
本发明是为了克服现有技术中分组密码在防止攻击时安全性较低的缺陷,根据本发明的另一个方面,提出一种分组密码防攻击的加密装置。The present invention is to overcome the defect of low security of block ciphers in preventing attacks in the prior art. According to another aspect of the present invention, an encryption device for block ciphers against attacks is proposed.
根据本发明实施例的分组密码防攻击的加密装置,包括:The block cipher anti-attack encryption device according to the embodiment of the present invention includes:
加密运算模块,用于接收需加密的明文P,对明文P进行两次正常加密运算,输出用于输入F函数的加密结果;Encryption operation module, used to receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the encryption result for the input F function;
故障接收模块,用于在进行正常加密运算时,接收正常加密运算过程被一次或两次注入的故障,并指示加密运算模块输出错误加密结果;The fault receiving module is used to receive the faults injected once or twice during the normal encryption operation during the normal encryption operation, and instruct the encryption operation module to output the wrong encryption result;
结果输出模块,用于错误加密结果输入F函数后,输出攻击者无法利用的无效结果;当两次正常加密运算过程未被注入故障时,输出正确的加密运算结果。The result output module is used to output the invalid result that the attacker cannot use after the wrong encryption result is input into the F function; when the two normal encryption operations are not injected with faults, the correct encryption operation result is output.
本发明实施例公开了一种分组密码防攻击的加密方法和装置,在进行第一次和/或第二次正常加密运算时被注入故障,并将第一次正常加密运算输出的加密结果与第二次正常加密运算输出的加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。 The embodiment of the invention discloses a block cipher anti-attack encryption method and device, which are injected with faults during the first and/or second normal encryption operation, and the encryption result output by the first normal encryption operation is compared with The encryption result output by the second normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations. Finally, the F function outputs invalid results that cannot be used by the attacker, effectively resisting block ciphers. The double-point attack of the algorithm improves the security of the encryption process of the block cipher algorithm. To
本发明是为了克服现有技术中分组密码在防止攻击时安全性较低的缺陷,根据本发明的一个方面,提出一种分组密码防攻击的解密方法。The present invention is to overcome the defect of low security of block cipher in preventing attacks in the prior art. According to one aspect of the present invention, a decryption method for block cipher to prevent attacks is proposed.
根据本发明实施例的分组密码防攻击的解密方法,包括:The decryption method for block cipher attack prevention according to the embodiment of the present invention includes:
接收需解密的密文P,对密文P进行两次正常解密运算,输出用于输入F函数的解密结果;Receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the decryption result for the input F function;
在进行正常解密运算时,当正常解密运算过程被一次或两次注入故障时,输出错误解密结果;During the normal decryption operation, when the normal decryption operation process is injected into the fault once or twice, the wrong decryption result will be output;
当错误解密结果输入F函数后,输出攻击者无法利用的无效结果;当两次正常解密运算过程未被注入故障时,F函数输出正确的解密运算结果。When the wrong decryption result is input into the F function, the invalid result that the attacker cannot use is output; when the two normal decryption operations are not injected with faults, the F function outputs the correct decryption operation result.
本发明是为了克服现有技术中分组密码在防止攻击时安全性较低的缺陷,根据本发明的一个方面,提出一种分组密码防攻击的解密装置。The present invention is to overcome the defect of low security of block ciphers in preventing attacks in the prior art. According to one aspect of the present invention, a decryption device for block ciphers against attacks is proposed.
根据本发明实施例的分组密码防攻击的解密装置,包括:The decryption device for preventing block cipher attack according to the embodiment of the present invention includes:
解密运算模块,用于接收需解密的密文P,对密文P进行两次正常解密运算,输出用于输入F函数的解密结果;The decryption operation module is used to receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the decryption result for the input F function;
故障接收模块,用于在进行正常解密运算时,接收正常解密运算过程被一次或两次注入的故障,并指示解密运算模块输出错误解密结果;The fault receiving module is used to receive the faults injected once or twice during the normal decryption operation during the normal decryption operation, and instruct the decryption operation module to output the wrong decryption result;
结果输出模块,用于在错误解密结果输入F函数后,输出攻击者无法利用的无效结果;当两次正常解密运算过程未被注入故障时,输出正确的解密运算结果。The result output module is used to output an invalid result that cannot be used by the attacker after the wrong decryption result is input into the F function; when no fault is injected into the two normal decryption operations, the correct decryption operation result is output.
本发明实施例公开了一种分组密码防攻击的解密方法和装置,在进行第一次和/或第二次正常解密运算时被注入故障,并将第一次正常解密运算输出的解密结果与第二次正常解密运算输出的解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment of the present invention discloses a decryption method and device for preventing block ciphers from attacking. A fault is injected during the first and/or second normal decryption operation, and the decryption result output by the first normal decryption operation is compared with The decryption result output by the second normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations. Finally, the F function outputs invalid results that the attacker cannot use, effectively resisting block ciphers. The double-point attack of the algorithm improves the security of the decryption process of the block cipher algorithm.
本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present invention will be described in the following description, and partly become obvious from the description, or understood by implementing the present invention. The purpose and other advantages of the present invention can be realized and obtained by the structures specifically pointed out in the written description, claims, and drawings.
下面通过附图和实施例,对本发明的技术方案做进一步的详细描述。 The technical solutions of the present invention will be further described in detail below through the accompanying drawings and embodiments. To
附图说明Description of the drawings
附图用来提供对本发明的进一步理解,并且构成说明书的一部分,与本发明的实施例一起用于解释本发明,并不构成对本发明的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present invention and constitute a part of the specification. Together with the embodiments of the present invention, they are used to explain the present invention, and do not constitute a limitation to the present invention. In the attached picture:
图1为现有技术中对分组密码进行故障攻击的流程故障攻击的流程示意图;FIG. 1 is a schematic diagram of the flow of the failure attack on the block cipher in the prior art;
图2为本发明分组密码防攻击的加密方法实施例1的流程图;2 is a flowchart of Embodiment 1 of an encryption method for preventing block cipher attacks according to the present invention;
图3为本发明分组密码防攻击的加密方法实施例2的流程图;FIG. 3 is a flowchart of Embodiment 2 of the encryption method for block cipher attack prevention according to the present invention;
图4为本发明分组密码防攻击的加密方法实施例3的流程图;4 is a flowchart of Embodiment 3 of an encryption method for preventing block cipher attacks according to the present invention;
图5为本发明分组密码防攻击的加密方法实施例4的流程图;FIG. 5 is a flowchart of Embodiment 4 of an encryption method for preventing block cipher attacks according to the present invention;
图6为本发明分组密码防攻击的解密方法实施例1的流程图;6 is a flowchart of Embodiment 1 of the decryption method for preventing block cipher attacks according to the present invention;
图7为本发明分组密码防攻击的解密方法实施例2的流程图;FIG. 7 is a flowchart of Embodiment 2 of the decryption method for preventing block cipher attacks according to the present invention;
图8为本发明分组密码防攻击的解密方法实施例3的流程图;FIG. 8 is a flowchart of Embodiment 3 of the decryption method for preventing the block cipher from attacking according to the present invention;
图9为本发明分组密码防攻击的解密方法实施例4的流程图;9 is a flowchart of Embodiment 4 of the decryption method for block cipher anti-attack according to the present invention;
图10为本发明分组密码防攻击的加密装置实施例的结构图;10 is a structural diagram of an embodiment of an encryption device for preventing block cipher attacks according to the present invention;
图11为本发明分组密码防攻击的解密装置实施例的结构图。Fig. 11 is a structural diagram of an embodiment of a decryption device for preventing block cipher attacks according to the present invention.
具体实施方式Detailed ways
下面结合附图,对本发明的具体实施方式进行详细描述,但应当理解本发明的保护范围并不受具体实施方式的限制。The specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings, but it should be understood that the protection scope of the present invention is not limited by the specific embodiments.
本发明的发明人在分析和研究上述现有技术中发现,在运行分组密码算法进行加密或解密运算过程中,如果检测到有故障注入,芯片不宜输出错误的运算结果,否则攻击者就可以利用错误的运算结果进行差分故障攻击。本发明实施例提供了一种分组密码防攻击的方法,当运算过程中有故障注入时不输出错误运算结果,而是输出对于攻击者来说无法利用的无效结果。The inventor of the present invention found in the analysis and research of the above-mentioned prior art that in the process of running a block cipher algorithm for encryption or decryption, if a faulty injection is detected, the chip should not output the wrong calculation result, otherwise the attacker can use it. Incorrect calculation results are used for differential fault attacks. The embodiment of the present invention provides a block cipher anti-attack method. When a fault is injected in the operation process, an incorrect operation result is not output, but an invalid result that cannot be used by an attacker is output.
如果第一次正常运算未被注入故障,第二次正常运算被注入故障,该无效结果是正确的第一次正常运算结果C与错误的第二次正常运算结果C’(即第二错误加密结果)经过某个F函数处理后的运算结果。If the fault is not injected into the first normal operation and the fault is injected into the second normal operation, the invalid result is the correct first normal operation result C and the wrong second normal operation result C'(that is, the second error encryption Result) The result of the operation processed by a certain F function.
如果第一次正常运算被注入故障,第二次正常运算未被注入故障,该无效结果是错误的第一次正常运算结果C(即第一错误加密结果)与正确 的第二次正常运算结果C’经过某个F函数处理后的运算结果。If the fault is injected into the first normal operation, and the fault is not injected into the second normal operation, the invalid result is the wrong first normal operation result C (that is, the first wrong encryption result) and correct To The second normal operation result C'is the result of the operation after being processed by a certain F function.
如果第一次正常运算被注入故障,第二次正常运算也被注入故障,该无效结果是错误的第一次正常运算结果C(即第一错误加密结果)与错误的第二次正常运算结果C’(即第二错误加密结果)经过某个F函数处理后的运算结果。If a fault is injected into the first normal operation and a fault is injected into the second normal operation, the invalid result is the wrong first normal operation result C (that is, the first wrong encryption result) and the wrong second normal operation result C'(that is, the second wrong encryption result) is the result of the operation after being processed by a certain F function.
如图2所示,本发明实施例公开了一种分组密码防攻击的加密方法,包括:As shown in Figure 2, the embodiment of the present invention discloses a block cipher anti-attack encryption method, including:
步骤201:明文P输入到加密模块中,进行第一次正常加密运算,同时,本步骤被注入故障,故输出的是错误加密结果C;Step 201: The plaintext P is input into the encryption module, and the first normal encryption operation is performed. At the same time, the fault is injected into this step, so the output is the wrong encryption result C;
步骤203:同一明文P再次输入到加密模块中,进行第二次正常加密运算,输出的是正确加密结果C’;Step 203: The same plaintext P is input into the encryption module again, and the second normal encryption operation is performed, and the output is the correct encryption result C';
步骤205:将步骤201中的错误加密结果C和步骤203中的正确加密结果C’输入F函数,该函数的输出为Y;F函数的输入中含有错误加密结果C,故输出运算结果为攻击者无法利用的无效结果;Step 205: Input the wrong encryption result C in step 201 and the correct encryption result C'in step 203 into the F function, and the output of this function is Y; the input of the F function contains the wrong encryption result C, so the output operation result is an attack Invalid results that cannot be used by the person;
对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of the F function is different.
以DES算法为例,加密结果C由L和R两部分组成,加密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the encryption result C consists of two parts L and R, and the encryption result C'consists of two parts L'and R', namely C=L||R, C'=L'||R', then The F function can be defined as:
F(C,C’)=C’⊕L⊕L’⊕R⊕R’F(C,C’)=C’⊕L⊕L’⊕R⊕R’
在步骤205中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 205, the F function may or may not be injected into the fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that cannot be used by an attacker.
步骤207:对明文P进行加密运算,输出攻击者无法利用的无效结果Y。Step 207: Perform an encryption operation on the plaintext P, and output an invalid result Y that the attacker cannot use.
图2实施例公开了一种分组密码防攻击的加密方法,在进行第一次正常加密运算时被注入故障,并将被注入故障的第一次正常加密运算输出的错误加密结果与第二次正常加密运算输出的正确加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。 The embodiment of Figure 2 discloses a block cipher anti-attack encryption method. A fault is injected during the first normal encryption operation, and the error encryption result output by the first normal encryption operation and the second time The correct encryption result output by the normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations. Finally, the F function outputs invalid results that cannot be used by the attacker, effectively resisting the block cipher algorithm. The double-point attack improves the security of the encryption process of the block cipher algorithm. To
如图3所示,本发明实施例公开了另一种分组密码防攻击的加密方法,包括:As shown in Figure 3, the embodiment of the present invention discloses another block cipher anti-attack encryption method, including:
步骤301:明文P输入到加密模块中,进行第一次正常加密运算,输出的是正确加密结果C;Step 301: The plaintext P is input into the encryption module, and the first normal encryption operation is performed, and the output is the correct encryption result C;
步骤303:同一明文P再次输入到加密模块中,进行第二次正常加密运算,同时,本步骤被注入故障,故输出的是错误加密结果C’;Step 303: The same plaintext P is input into the encryption module again, and the second normal encryption operation is performed. At the same time, a fault is injected into this step, so the output is the wrong encryption result C';
步骤305:将步骤301中的正确加密结果C和步骤303中的错误加密结果C’输入F函数,该函数的输出为Y;F函数的输入中含有错误加密结果C’,故输出运算结果为攻击者无法利用的无效结果;Step 305: Input the correct encryption result C in step 301 and the incorrect encryption result C'in step 303 into the F function, and the output of this function is Y; the input of the F function contains the incorrect encryption result C', so the output operation result is Invalid results that cannot be exploited by the attacker;
对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of the F function is different.
以DES算法为例,加密结果C由L和R两部分组成,加密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the encryption result C consists of two parts L and R, and the encryption result C'consists of two parts L'and R', namely C=L||R, C'=L'||R', then The F function can be defined as:
F(C,C’)=C’⊕L⊕L’⊕R⊕R’F(C,C’)=C’⊕L⊕L’⊕R⊕R’
在步骤305中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 305, the F function may or may not be injected into a fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that an attacker cannot use.
步骤307:对明文P进行加密运算,输出攻击者无法利用的无效结果Y。Step 307: Perform an encryption operation on the plaintext P, and output an invalid result Y that the attacker cannot use.
图3实施例公开了一种分组密码防攻击的加密方法,在进行第二次正常加密运算时被注入故障,并将被注入故障的第二次正常加密运算输出的错误加密结果与第一次正常加密运算输出的正确加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment of Figure 3 discloses a block cipher anti-attack encryption method. A fault is injected during the second normal encryption operation, and the wrong encryption result output by the second normal encryption operation in which the fault is injected is compared with that of the first normal encryption operation. The correct encryption result output by the normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations. Finally, the F function outputs invalid results that cannot be used by the attacker, effectively resisting the block cipher algorithm. The double-point attack improves the security of the encryption process of the block cipher algorithm.
如图4所示,本发明实施例公开了第三种分组密码防攻击的加密方法,包括:As shown in Figure 4, the embodiment of the present invention discloses a third block cipher anti-attack encryption method, including:
步骤401:明文P输入到加密模块中,进行第一次正常加密运算,同时,本步骤被注入故障,故输出的是错误加密结果C;Step 401: The plaintext P is input into the encryption module, and the first normal encryption operation is performed. At the same time, the fault is injected into this step, so the wrong encryption result C is output;
步骤403:同一明文P再次输入到加密模块中,进行第二次正常加密 运算,同时,本步骤被注入故障,故输出的也是错误加密结果C’;Step 403: The same plaintext P is input into the encryption module again, and the second normal encryption is performed To At the same time, the fault is injected into this step, so the output is also the wrong encryption result C’;
步骤405:将步骤401中的错误加密结果C和步骤403中的错误加密结果C’输入F函数,该函数的输出为Y;F函数的输入中含有错误加密结果C和C’,故输出运算结果为攻击者无法利用的无效结果;Step 405: Input the wrong encryption result C in step 401 and the wrong encryption result C'in step 403 into the F function, and the output of this function is Y; the input of the F function contains the wrong encryption results C and C', so the output operation The result is an invalid result that cannot be exploited by the attacker;
对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of the F function is different.
以DES算法为例,加密结果C由L和R两部分组成,加密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the encryption result C consists of two parts L and R, and the encryption result C'consists of two parts L'and R', namely C=L||R, C'=L'||R', then The F function can be defined as:
F(C,C’)=C’⊕L⊕L’⊕R⊕R’F(C,C’)=C’⊕L⊕L’⊕R⊕R’
在步骤405中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 405, the F function may or may not be injected into a fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that an attacker cannot use.
步骤407:对明文P进行加密运算,输出攻击者无法利用的无效结果Y。Step 407: Perform an encryption operation on the plaintext P, and output an invalid result Y that the attacker cannot use.
图4实施例公开了第三种分组密码防攻击的加密方法,在进行第一次和第二次正常加密运算时都被注入故障,并将被注入故障的第一次正常加密运算输出的错误加密结果与同样被注入故障的第二次正常加密运算输出的错误加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment of Fig. 4 discloses a third block cipher anti-attack encryption method. Faults are injected during the first and second normal encryption operations, and errors are injected into the output of the first normal encryption operation. The encryption result and the wrong encryption result output from the second normal encryption operation that is also injected with the fault are input into the F function, which reduces the steps of comparing the results of the two normal encryption operations, and finally the F function outputs the invalidity that cannot be exploited by the attacker. As a result, the double-point attack on the block cipher algorithm is effectively resisted, and the security of the encryption process of the block cipher algorithm is improved.
如图5所示,本发明实施例公开了第四种分组密码防攻击的加密方法,包括:As shown in Figure 5, the embodiment of the present invention discloses a fourth block cipher anti-attack encryption method, including:
步骤501:明文P输入到加密模块中,进行第一次正常加密运算,输出的是正确加密结果C;Step 501: The plaintext P is input into the encryption module, and the first normal encryption operation is performed, and the output is the correct encryption result C;
步骤503:同一明文P再次输入到加密模块中,进行第二次正常加密运算,输出的也是正确加密结果C’;Step 503: The same plaintext P is input into the encryption module again, and the second normal encryption operation is performed, and the output is also the correct encryption result C';
步骤505:将步骤501中的正确加密结果C和步骤503中的正确加密结果C’输入F函数,该函数的输出为Y;F函数的输入均为正确的加密结果,故输出运算结果为正确的加密运算结果;Step 505: Input the correct encryption result C in step 501 and the correct encryption result C'in step 503 into the F function, and the output of the function is Y; the input of the F function is the correct encryption result, so the output operation result is correct The result of encryption operation;
在步骤505中,F函数既可以被注入故障,也可以不被注入故障。如 果F函数未被注入故障,F函数输出的运算结果为正确的加密运算结果,如果F函数被注入故障,如上述实施例一样,F函数同样将输出攻击者无法利用的无效结果。In step 505, the F function may or may not be injected into a fault. Such as To If the F function is not injected with a fault, the operation result output by the F function is the correct encryption operation result. If the F function is injected with a fault, as in the above embodiment, the F function will also output an invalid result that cannot be used by an attacker.
步骤507:对明文P进行加密运算,输出正确的加密运算结果。Step 507: Perform an encryption operation on the plaintext P, and output a correct encryption operation result.
图5实施例公开了一种分组密码防攻击的加密方法,在进行两次正常加密运算时都未被注入故障,并将两次正常加密运算的正确加密结果输入到F函数中,由F函数输出正确的加密运算结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment of Figure 5 discloses a block cipher anti-attack encryption method. No fault is injected during two normal encryption operations, and the correct encryption results of the two normal encryption operations are input into the F function, which is determined by the F function. Output the correct encryption operation result, effectively resist the double-point attack on the block cipher algorithm, and improve the security of the encryption process of the block cipher algorithm.
如图6所示,本发明实施例公开了一种分组密码防攻击的解密方法,包括:As shown in Figure 6, an embodiment of the present invention discloses a decryption method for block cipher attack prevention, including:
步骤601:密文P输入到解密模块中,进行第一次正常解密运算,同时,本步骤被注入故障,故输出的是错误解密结果C;Step 601: The ciphertext P is input into the decryption module, and the first normal decryption operation is performed. At the same time, the fault is injected into this step, so the wrong decryption result C is output;
步骤603:同一密文P再次输入到解密模块中,进行第二次正常解密运算,输出的是正确解密结果C’;Step 603: The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed, and the output is the correct decryption result C';
步骤605:将步骤601中的错误解密结果C和步骤603中的正确解密结果C’输入F函数,该函数的输出为Y;F函数的输入中含有错误解密结果C,故输出运算结果为攻击者无法利用的无效结果;Step 605: Input the wrong decryption result C in step 601 and the correct decryption result C'in step 603 into the F function, and the output of this function is Y; the input of the F function contains the wrong decryption result C, so the output operation result is an attack Invalid results that cannot be used by the person;
对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of the F function is different.
以DES算法为例,解密结果C由L和R两部分组成,解密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the decryption result C consists of two parts L and R, and the decryption result C'consists of two parts L'and R', namely C=L||R, C'=L'||R', then The F function can be defined as:
F(C,C’)=C’⊕L⊕L’⊕R⊕R’F(C,C’)=C’⊕L⊕L’⊕R⊕R’
在步骤605中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 605, the F function may or may not be injected into the fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that cannot be used by an attacker.
步骤607:对密文P进行解密运算,输出攻击者无法利用的无效结果Y。Step 607: Perform a decryption operation on the ciphertext P, and output an invalid result Y that the attacker cannot use.
图6实施例公开了一种分组密码防攻击的解密方法,在进行第一次正常解密运算时被注入故障,并将被注入故障的第一次正常解密运算输出的错误解密结果与第二次正常解密运算输出的正确解密结果输入到F函数 中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment of Fig. 6 discloses a decryption method for block ciphers against attacks. A fault is injected during the first normal decryption operation, and the error decryption result output by the first normal decryption operation and the second decryption result of the injected fault are compared with the second normal decryption operation. The correct decryption result output by the normal decryption operation is input to the F function To It reduces the steps of comparing the results of two normal decryption operations. Finally, the F function outputs invalid results that cannot be used by the attacker. This effectively resists the double-point attack on the block cipher algorithm and improves the decryption process of the block cipher algorithm. safety.
如图7所示,本发明实施例公开了另一种分组密码防攻击的解密方法,包括:As shown in Figure 7, the embodiment of the present invention discloses another method for decrypting block ciphers against attacks, including:
步骤701:密文P输入到解密模块中,进行第一次正常解密运算,输出的是正确解密结果C;Step 701: The ciphertext P is input into the decryption module, the first normal decryption operation is performed, and the correct decryption result C is output;
步骤703:同一密文P再次输入到解密模块中,进行第二次正常解密运算,同时,本步骤被注入故障,故输出的是错误解密结果C’;Step 703: The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed. At the same time, a fault is injected into this step, so the wrong decryption result C'is output;
步骤705:将步骤701中的正确解密结果C和步骤703中的错误解密结果C’输入F函数,该函数的输出为Y;F函数的输入中含有错误解密结果C’,故输出运算结果为攻击者无法利用的无效结果;Step 705: Input the correct decryption result C in step 701 and the incorrect decryption result C'in step 703 into the F function, and the output of this function is Y; the input of the F function contains the wrong decryption result C', so the output operation result is Invalid results that cannot be exploited by the attacker;
对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of the F function is different.
以DES算法为例,解密结果C由L和R两部分组成,解密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the decryption result C consists of two parts L and R, and the decryption result C'consists of two parts L'and R', namely C=L||R, C'=L'||R', then The F function can be defined as:
F(C,C’)=C’⊕L⊕L’⊕R⊕R’F(C,C’)=C’⊕L⊕L’⊕R⊕R’
在步骤705中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 705, the F function may or may not be injected into a fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that cannot be used by an attacker.
步骤707:对密文P进行解密运算,输出攻击者无法利用的无效结果Y。Step 707: Perform a decryption operation on the ciphertext P, and output an invalid result Y that the attacker cannot use.
图7实施例公开了一种分组密码防攻击的解密方法,在进行第二次正常解密运算时被注入故障,并将被注入故障的第二次正常解密运算输出的错误解密结果与第一次正常解密运算输出的正确解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment of FIG. 7 discloses a decryption method for block cipher attack prevention. A fault is injected during the second normal decryption operation, and the error decryption result output by the second normal decryption operation of the injected fault is compared with the first normal decryption operation. The correct decryption result output by the normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations. Finally, the F function outputs invalid results that the attacker cannot use, effectively resisting the block cipher algorithm. The double-point attack improves the security of the decryption process of the block cipher algorithm.
如图8所示,本发明实施例公开了第三种分组密码防攻击的解密方法,包括: As shown in Figure 8, the embodiment of the present invention discloses a third method for decrypting block ciphers against attacks, including: To
步骤801:密文P输入到解密模块中,进行第一次正常解密运算,同时,本步骤被注入故障,故输出的是错误解密结果C;Step 801: The ciphertext P is input into the decryption module, and the first normal decryption operation is performed. At the same time, the fault is injected into this step, so the output is the wrong decryption result C;
步骤803:同一密文P再次输入到解密模块中,进行第二次正常解密运算,同时,本步骤被注入故障,故输出的是错误解密结果C’;Step 803: The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed. At the same time, a fault is injected into this step, so the wrong decryption result C'is output;
步骤805:将步骤801中的错误解密结果C和步骤803中的错误解密结果C’输入F函数,该函数的输出为Y;F函数的输入中含有错误解密结果C和C’,故输出运算结果为攻击者无法利用的无效结果;Step 805: Input the wrong decryption result C in step 801 and the wrong decryption result C in step 803 into the F function, and the output of this function is Y; the input of the F function contains the wrong decryption results C and C', so the output operation The result is an invalid result that cannot be exploited by the attacker;
对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of the F function is different.
以DES算法为例,解密结果C由L和R两部分组成,解密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the decryption result C consists of two parts L and R, and the decryption result C'consists of two parts L'and R', namely C=L||R, C'=L'||R', then The F function can be defined as:
F(C,C’)=C’⊕L⊕L’⊕R⊕R’F(C,C’)=C’⊕L⊕L’⊕R⊕R’
在步骤805中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 805, the F function may or may not be injected into the fault. Due to the existence of the above-mentioned F function, no matter whether a fault is injected or not, the operation result output by the above-mentioned F function is an invalid result that cannot be used by an attacker.
步骤807:对明文P进行解密运算,输出攻击者无法利用的无效结果Y。Step 807: Perform a decryption operation on the plaintext P, and output an invalid result Y that the attacker cannot use.
图8实施例公开了第三种分组密码防攻击的解密方法,在进行第一次和第二次正常解密运算时都被注入故障,并将被注入故障的第一次正常解密运算输出的错误解密结果与同样被注入故障的第二次正常解密运算输出的错误解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment of Figure 8 discloses a third block cipher anti-attack decryption method. Faults are injected during the first and second normal decryption operations, and errors are injected into the first normal decryption operation. The decryption result and the wrong decryption result output from the second normal decryption operation that is also injected into the fault are input into the F function, which reduces the steps of comparing the results of the two normal decryption operations. Finally, the F function outputs the invalidity that the attacker cannot use. As a result, the double-point attack on the block cipher algorithm is effectively resisted, and the security of the decryption process of the block cipher algorithm is improved.
如图9所示,本发明实施例公开了第四种分组密码防攻击的解密方法,包括:As shown in Figure 9, the embodiment of the present invention discloses a fourth block cipher anti-attack decryption method, including:
步骤901:密文P输入到解密模块中,进行第一次正常解密运算,输出的是正确解密结果C;Step 901: The ciphertext P is input into the decryption module, and the first normal decryption operation is performed, and the correct decryption result C is output;
步骤903:同一密文P再次输入到解密模块中,进行第二次正常解密运算,输出的也是正确解密结果C’;Step 903: The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed, and the output is also the correct decryption result C';
步骤905:将步骤901中的正确解密结果C和步骤903中的正确解密 结果C’输入F函数,该函数的输出为Y;F函数的输入均为正确解密结果,故输出运算结果为正确的解密运算结果;Step 905: Decrypt the correct decryption result C in step 901 and the correct decryption in step 903 To Result C’ inputs the F function, and the output of the function is Y; the input of the F function is the correct decryption result, so the output operation result is the correct decryption operation result;
对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of the F function is different.
以DES算法为例,解密结果C由L和R两部分组成,解密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the decryption result C consists of two parts L and R, and the decryption result C'consists of two parts L'and R', namely C=L||R, C'=L'||R', then The F function can be defined as:
F(C,C’)=C’⊕L⊕L’⊕R⊕R’F(C,C’)=C’⊕L⊕L’⊕R⊕R’
在步骤905中,F函数既可以被注入故障,也可以不被注入故障。如果F函数未被注入故障,F函数输出的运算结果为正确的解密运算结果,如果F函数被注入故障,如上述实施例一样,F函数同样将输出攻击者无法利用的无效结果。In step 905, the F function may or may not be injected into a fault. If the F function is not injected with a fault, the operation result output by the F function is the correct decryption operation result. If the F function is injected with a fault, as in the above embodiment, the F function will also output an invalid result that the attacker cannot use.
步骤907:对密文P进行解密运算,输出正确的解密运算结果。Step 907: Perform a decryption operation on the ciphertext P, and output a correct decryption operation result.
图9实施例公开了一种分组密码防攻击的解密方法,在进行两次正常解密运算时都未被注入故障,并将两次正常解密运算的正确解密结果输入到F函数中,由F函数输出正确的解密运算结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment of Fig. 9 discloses a decryption method for block ciphers against attacks. No fault is injected during two normal decryption operations, and the correct decryption results of the two normal decryption operations are input into the F function, which is determined by the F function. Output the correct decryption operation result, effectively resist the double-point attack on the block cipher algorithm, and improve the security of the decryption process of the block cipher algorithm.
如图10所示,公开了一种分组密码防攻击的加密装置,包括:As shown in Figure 10, a block cipher anti-attack encryption device is disclosed, including:
加密运算模块10,用于接收需加密的明文P,对明文P进行两次正常加密运算,输出正确加密结果;The encryption operation module 10 is used to receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the correct encryption result;
故障接收模块20,用于在进行正常加密运算时,接收正常加密运算过程被一次或两次注入的故障,并指示加密运算模块10输出错误加密结果;The fault receiving module 20 is used to receive the faults injected once or twice during the normal encryption operation during the normal encryption operation, and instruct the encryption operation module 10 to output the wrong encryption result;
结果输出模块30,用于当错误加密结果输入F函数后,输出攻击者无法利用的无效结果;当两次正常加密运算过程未被注入故障时,输出正确的加密运算结果。The result output module 30 is used to output an invalid result that cannot be used by an attacker after the wrong encryption result is input into the F function; when no fault is injected into the two normal encryption operation processes, output the correct encryption operation result.
其中:在加密运算模块10的两次正常加密运算中,第一次正常加密运算的加密结果为C,第二次正常加密运算的加密结果为C’,C由L和R两部分组成,C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,结果输出模块30中的F函数定义为:F(C,C’)=C’⊕L⊕L’⊕R⊕R’。Among them: in the two normal encryption operations of the encryption operation module 10, the encryption result of the first normal encryption operation is C, and the encryption result of the second normal encryption operation is C'. C is composed of two parts, L and R, and C 'It is composed of two parts: L'and R', namely C=L||R, C'=L'||R', the F function in the result output module 30 is defined as: F(C,C')=C' ⊕L⊕L'⊕R⊕R'.
其中:故障接收模块20具体用于,在对明文P进行第一次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果; Wherein: the fault receiving module 20 is specifically used to receive the fault injected into the normal encryption operation for the first time when the plaintext P is subjected to the first normal encryption operation, and output the wrong encryption result; To
在对明文P进行第二次正常加密运算时,输出正确加密结果。When the second normal encryption operation is performed on the plaintext P, the correct encryption result is output.
其中:故障接收模块20具体还用于,在对明文P进行第一次正常加密运算时,输出正确加密结果;Wherein: the fault receiving module 20 is specifically used to output the correct encryption result when the plaintext P is subjected to the first normal encryption operation;
在对明文P进行第二次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果。When the second normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and the wrong encryption result is output.
其中:故障接收模块20具体还用于,Wherein: the fault receiving module 20 is also specifically used for,
在对明文P进行第一次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果;When performing the first normal encryption operation on the plaintext P, receive the fault injected in this normal encryption operation, and output the wrong encryption result;
在对明文P进行第二次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果。When the second normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and the wrong encryption result is output.
图10实施例公开了一种分组密码防攻击的加密装置,在进行第一次和/或第二次正常加密运算时被注入故障,并将第一次正常加密运算输出的加密结果与第二次正常加密运算输出的加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment of FIG. 10 discloses a block cipher anti-attack encryption device, which is injected with a fault during the first and/or second normal encryption operation, and combines the encryption result output by the first normal encryption operation with the second The encryption result output by the normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations. Finally, the F function outputs invalid results that cannot be used by the attacker, effectively resisting the block cipher algorithm. The double-point attack improves the security of the encryption process of the block cipher algorithm.
如图11所示,公开了一种分组密码防攻击的解密装置,包括:As shown in Figure 11, a decryption device for block cipher attack prevention is disclosed, including:
解密运算模块40,用于接收需解密的密文P,对密文P进行两次正常解密运算,输出正确解密结果;The decryption operation module 40 is used to receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the correct decryption result;
故障接收模块50,用于在进行正常解密运算时,接收正常解密运算过程被一次或两次注入的故障,并指示解密运算模块40输出错误解密结果;The fault receiving module 50 is configured to receive the faults injected once or twice during the normal decryption operation during the normal decryption operation, and instruct the decryption operation module 40 to output the wrong decryption result;
结果输出模块60,用于当错误解密结果输入F函数后,输出攻击者无法利用的无效结果;当两次正常解密运算过程未被注入故障时,输出正确的解密运算结果。The result output module 60 is used to output an invalid result that cannot be used by an attacker after the wrong decryption result is input into the F function; when no fault is injected into the two normal decryption operations, output the correct decryption operation result.
其中:在解密运算模块40的两次正常解密运算中,第一次正常解密运算的解密结果为C,第二次正常解密运算的解密结果为C’,C由L和R两部分组成,C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,结果输出模块60中的F函数定义为:F(C,C’)=C’⊕L⊕L’⊕R⊕R’。Among them: in the two normal decryption operations of the decryption operation module 40, the decryption result of the first normal decryption operation is C, and the decryption result of the second normal decryption operation is C'. C is composed of two parts, L and R, and C 'Consists of L'and R', namely C=L||R, C'=L'||R', the F function in the result output module 60 is defined as: F(C,C')=C' ⊕L⊕L'⊕R⊕R'.
其中:故障接收模块50具体用于,在对密文P进行第一次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果; Wherein: the fault receiving module 50 is specifically configured to receive the fault injected into the normal decryption operation this time when performing the first normal decryption operation on the ciphertext P, and output the wrong decryption result; To
在对密文P进行第二次正常解密运算时,输出正确解密结果。When the second normal decryption operation is performed on the ciphertext P, the correct decryption result is output.
其中:故障接收模块50具体还用于,在对密文P进行第一次正常解密运算时,输出正确解密结果;Wherein: the fault receiving module 50 is also specifically used to output the correct decryption result when performing the first normal decryption operation on the ciphertext P;
在对密文P进行第二次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果。When the second normal decryption operation is performed on the ciphertext P, the fault injected into this normal decryption operation is received, and the wrong decryption result is output.
其中:故障接收模块50具体还用于,在对密文P进行第一次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果;Wherein: the fault receiving module 50 is also specifically used to receive the fault injected into the normal decryption operation this time when performing the first normal decryption operation on the ciphertext P, and output the wrong decryption result;
在对密文P进行第二次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果。When the second normal decryption operation is performed on the ciphertext P, the fault injected into this normal decryption operation is received, and the wrong decryption result is output.
图11实施例公开了一种分组密码防攻击的解密装置,在进行第一次和/或第二次正常解密运算时被注入故障,并将第一次正常解密运算输出的解密结果与第二次正常解密运算输出的解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment of Figure 11 discloses a block cipher anti-attack decryption device, which is injected with a fault during the first and/or second normal decryption operation, and combines the decryption result output from the first normal decryption operation with the second normal decryption operation. The decryption result output by the normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations. Finally, the F function outputs invalid results that cannot be used by the attacker, effectively resisting the block cipher algorithm. The double-point attack improves the security of the decryption process of the block cipher algorithm.
本发明能有多种不同形式的具体实施方式,上面以图2-图11为例结合附图对本发明的技术方案作举例说明,这并不意味着本发明所应用的具体实例只能局限在特定的流程或实施例结构中,本领域的普通技术人员应当了解,上文所提供的具体实施方案只是多种优选用法中的一些示例,任何体现本发明权利要求的实施方式均应在本发明技术方案所要求保护的范围之内。The present invention can have a variety of specific implementations in different forms. Above, the technical solutions of the present invention are illustrated by taking Figures 2-11 as examples in conjunction with the accompanying drawings. This does not mean that the specific examples applied by the present invention can only be limited to In a specific process or example structure, those of ordinary skill in the art should understand that the specific implementations provided above are just some examples of a variety of preferred usages, and any implementations that embody the claims of the present invention should be included in the present invention. Within the scope of protection required by the technical solution.
最后应说明的是:以上所述仅为本发明的优选实施例而已,并不用于限制本发明,尽管参照前述实施例对本发明进行了详细的说明,对于本领域的技术人员来说,其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 Finally, it should be noted that the above descriptions are only preferred embodiments of the present invention and are not intended to limit the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, it is still for those skilled in the art. The technical solutions described in the foregoing embodiments may be modified, or some of the technical features may be equivalently replaced. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention. To

Claims (20)

  1. 一种分组密码防攻击的加密方法,其特征在于,包括:A block cipher anti-attack encryption method, which is characterized in that it includes:
    接收需加密的明文P,对所述明文P进行两次正常加密运算,输出用于输入F函数的加密结果;Receiving the plaintext P to be encrypted, performing two normal encryption operations on the plaintext P, and outputting the encryption result for the input F function;
    在进行所述正常加密运算时,当所述正常加密运算过程被一次或两次注入故障时,输出错误加密结果;When performing the normal encryption operation, when the normal encryption operation process is injected into a fault once or twice, output an error encryption result;
    当所述错误加密结果输入F函数后,输出攻击者无法利用的无效结果;当两次所述正常加密运算过程未被注入故障时,F函数输出正确的加密运算结果。When the wrong encryption result is input into the F function, an invalid result that cannot be used by an attacker is output; when no fault is injected into the normal encryption operation process twice, the F function outputs the correct encryption operation result.
  2. 根据权利要求1所述的方法,其特征在于,在所述两次正常加密运算中,第一次正常加密运算的加密结果为C,第二次正常加密运算的加密结果为C’,所述C由L和R两部分组成,所述C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,所述F函数定义为:The method according to claim 1, wherein in the two normal encryption operations, the encryption result of the first normal encryption operation is C, and the encryption result of the second normal encryption operation is C', and the C is composed of L and R. The C'is composed of L'and R', namely C=L||R, C'=L'||R', and the F function is defined as:
    Figure PCTCN2014093472-appb-100001
    Figure PCTCN2014093472-appb-100001
  3. 根据权利要求1或2所述的方法,其特征在于,所述在进行正常加密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误加密结果的步骤具体包括:The method according to claim 1 or 2, characterized in that, during the normal encryption operation, the normal encryption operation process is injected into a fault once or twice, and the step of outputting the wrong encryption result specifically includes:
    在对所述明文P进行第一次正常加密运算时,本次正常加密运算被注入故障,输出第一错误加密结果;When performing the first normal encryption operation on the plaintext P, this normal encryption operation is injected with a fault, and the first incorrect encryption result is output;
    在对所述明文P进行第二次正常加密运算时,输出正确加密结果。When the second normal encryption operation is performed on the plaintext P, the correct encryption result is output.
  4. 根据权利要求1或2所述的方法,其特征在于,所述在进行正常加密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误加密结果的步骤具体还包括:The method according to claim 1 or 2, characterized in that, during the normal encryption operation, the normal encryption operation process is injected into a fault once or twice, and the step of outputting the wrong encryption result specifically further comprises:
    在对所述明文P进行第一次正常加密运算时,输出正确加密结果;When performing the first normal encryption operation on the plaintext P, output the correct encryption result;
    在对所述明文P进行第二次正常加密运算时,本次正常加密运算被注入故障,输出第二错误加密结果。 When the second normal encryption operation is performed on the plaintext P, a fault is injected into the normal encryption operation this time, and a second incorrect encryption result is output. To
  5. 根据权利要求1或2所述的方法,其特征在于,所述在进行正常加密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误加密结果的步骤具体还包括:The method according to claim 1 or 2, characterized in that, during the normal encryption operation, the normal encryption operation process is injected into a fault once or twice, and the step of outputting the wrong encryption result specifically further comprises:
    在对所述明文P进行第一次正常加密运算时,本次正常加密运算被注入故障,输出第一错误加密结果;When performing the first normal encryption operation on the plaintext P, this normal encryption operation is injected with a fault, and the first incorrect encryption result is output;
    在对所述明文P进行第二次正常加密运算时,本次正常加密运算被注入故障,输出第二错误加密结果。When the second normal encryption operation is performed on the plaintext P, a fault is injected into the normal encryption operation this time, and a second incorrect encryption result is output.
  6. 一种分组密码防攻击的解密方法,其特征在于,包括:A method for decrypting block cipher against attacks, which is characterized in that it comprises:
    接收需解密的密文P,对所述密文P进行两次正常解密运算,输出用于输入F函数的解密结果;Receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the decryption result for the input F function;
    在进行所述正常解密运算时,当所述正常解密运算过程被一次或两次注入故障时,输出错误解密结果;When the normal decryption operation is performed, when the normal decryption operation process is injected into a fault once or twice, an error decryption result is output;
    当所述错误解密结果输入F函数后,输出攻击者无法利用的无效结果;当两次所述正常解密运算过程未被注入故障时,F函数输出正确的解密运算结果。When the wrong decryption result is input into the F function, an invalid result that cannot be used by an attacker is output; when no fault is injected into the normal decryption operation process twice, the F function outputs the correct decryption operation result.
  7. 根据权利要求6所述的方法,其特征在于,在所述两次正常解密运算中,第一次正常解密运算的解密结果为C,第二次正常解密运算的解密结果为C’,所述C由L和R两部分组成,所述C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,所述F函数定义为:The method according to claim 6, wherein in the two normal decryption operations, the decryption result of the first normal decryption operation is C, and the decryption result of the second normal decryption operation is C', and C is composed of L and R. The C'is composed of L'and R', namely C=L||R, C'=L'||R', and the F function is defined as:
    Figure PCTCN2014093472-appb-100002
    Figure PCTCN2014093472-appb-100002
  8. 根据权利要求6或7所述的方法,其特征在于,所述在进行正常解密运算时,所述正常解密运算过程被一次或两次注入故障,输出错误解密结果的步骤具体包括:The method according to claim 6 or 7, characterized in that, during the normal decryption operation, the normal decryption operation process is injected into a fault once or twice, and the step of outputting the wrong decryption result specifically includes:
    在对所述密文P进行第一次正常解密运算时,本次正常解密运算被注入故障,输出第一错误解密结果;When the first normal decryption operation is performed on the ciphertext P, this normal decryption operation is injected into a fault, and the first incorrect decryption result is output;
    在对所述密文P进行第二次正常解密运算时,输出正确解密结果。 When the second normal decryption operation is performed on the ciphertext P, the correct decryption result is output. To
  9. 根据权利要求6或7所述的方法,其特征在于,所述在进行正常解密运算时,所述正常解密运算过程被一次或两次注入故障,输出错误解密结果的步骤具体还包括:The method according to claim 6 or 7, characterized in that, when the normal decryption operation is performed, the normal decryption operation process is injected into a fault once or twice, and the step of outputting the wrong decryption result specifically further comprises:
    在对所述密文P进行第一次正常解密运算时,输出正确解密结果;When performing the first normal decryption operation on the ciphertext P, output a correct decryption result;
    在对所述密文P进行第二次正常解密运算时,本次正常解密运算被注入故障,输出第二错误解密结果。When the second normal decryption operation is performed on the ciphertext P, this normal decryption operation is injected into a fault, and a second incorrect decryption result is output.
  10. 根据权利要求6或7所述的方法,其特征在于,所述在进行正常解密运算时,所述正常解密运算过程被一次或两次注入故障,输出错误解密结果的步骤具体还包括:The method according to claim 6 or 7, characterized in that, when the normal decryption operation is performed, the normal decryption operation process is injected into a fault once or twice, and the step of outputting the wrong decryption result specifically further comprises:
    在对所述密文P进行第一次正常解密运算时,本次正常解密运算被注入故障,输出第一错误解密结果;When the first normal decryption operation is performed on the ciphertext P, this normal decryption operation is injected into a fault, and the first incorrect decryption result is output;
    在对所述密文P进行第二次正常解密运算时,本次正常解密运算被注入故障,输出第二错误解密结果。When the second normal decryption operation is performed on the ciphertext P, this normal decryption operation is injected into a fault, and a second incorrect decryption result is output.
  11. 一种分组密码防攻击的加密装置,其特征在于,包括:A block cipher anti-attack encryption device, which is characterized in that it comprises:
    加密运算模块,用于接收需加密的明文P,对所述明文P进行两次正常加密运算,输出用于输入F函数的加密结果;The encryption operation module is used to receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the encryption result used to input the F function;
    故障接收模块,用于在进行所述正常加密运算时,接收所述正常加密运算过程被一次或两次注入的故障,并指示所述加密运算模块输出错误加密结果;The fault receiving module is configured to receive the faults injected once or twice during the normal encryption operation during the normal encryption operation, and instruct the encryption operation module to output an incorrect encryption result;
    结果输出模块,用于当错误加密结果输入F函数后,输出攻击者无法利用的无效结果;当两次所述正常加密运算过程未被注入故障时,输出正确的加密运算结果。The result output module is used to output an invalid result that cannot be used by an attacker after the wrong encryption result is input into the F function; when no fault is injected into the normal encryption operation process twice, output the correct encryption operation result.
  12. 根据权利要求11所述的装置,其特征在于,在所述加密运算模块的两次正常加密运算中,第一次正常加密运算的加密结果为C,第二次正常加密运算的加密结果为C’,所述C由L和R两部分组成,所述C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,所述结果输出模块中的F函数定义为: The device according to claim 11, wherein in the two normal encryption operations of the encryption operation module, the encryption result of the first normal encryption operation is C, and the encryption result of the second normal encryption operation is C ', the C is composed of two parts, L and R, the C'is composed of two parts, L'and R', namely C=L||R, C'=L'||R', the result output module The F function in is defined as: To
    Figure PCTCN2014093472-appb-100003
    Figure PCTCN2014093472-appb-100003
  13. 根据权利要求11或12所述的装置,其特征在于,所述故障接收模块具体用于,在对所述明文P进行第一次正常加密运算时,接收本次正常加密运算被注入的故障,输出第一错误加密结果;The device according to claim 11 or 12, wherein the fault receiving module is specifically configured to receive the fault injected in the normal encryption operation for the first time when the plaintext P is subjected to the first normal encryption operation, Output the first wrong encryption result;
    在对所述明文P进行第二次正常加密运算时,输出正确加密结果。When the second normal encryption operation is performed on the plaintext P, the correct encryption result is output.
  14. 根据权利要求11或12所述的装置,其特征在于,所述故障接收模块具体还用于,在对所述明文P进行第一次正常加密运算时,输出正确加密结果;The device according to claim 11 or 12, wherein the failure receiving module is further configured to output a correct encryption result when performing the first normal encryption operation on the plaintext P;
    在对所述明文P进行第二次正常加密运算时,接收本次正常加密运算被注入的故障,输出第二错误加密结果。When the second normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and the second incorrect encryption result is output.
  15. 根据权利要求11或12所述的装置,其特征在于,所述故障接收模块具体还用于,The device according to claim 11 or 12, wherein the fault receiving module is further configured to:
    在对所述明文P进行第一次正常加密运算时,接收本次正常加密运算被注入的故障,输出第一错误加密结果;When performing the first normal encryption operation on the plaintext P, receive the fault injected in this normal encryption operation, and output the first incorrect encryption result;
    在对所述明文P进行第二次正常加密运算时,接收本次正常加密运算被注入的故障,输出第二错误加密结果。When the second normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and the second incorrect encryption result is output.
  16. 一种分组密码防攻击的解密装置,其特征在于,包括:An anti-attack decryption device for block ciphers, which is characterized in that it comprises:
    解密运算模块,用于接收需解密的密文P,对所述密文P进行两次正常解密运算,输出用于输入F函数的解密结果;The decryption operation module is used to receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the decryption result for the input F function;
    故障接收模块,用于在进行所述正常解密运算时,接收所述正常解密运算过程被一次或两次注入的故障,并指示所述解密运算模块输出错误解密结果;The fault receiving module is configured to receive faults injected once or twice during the normal decryption operation during the normal decryption operation, and instruct the decryption operation module to output an error decryption result;
    结果输出模块,用于在错误解密结果输入F函数后,输出攻击者无法利用的无效结果;当两次所述正常解密运算过程未被注入故障时,输出正确的解密运算结果。The result output module is used to output the invalid result that the attacker cannot use after the wrong decryption result is input into the F function; when no fault is injected into the normal decryption operation process twice, the correct decryption operation result is output.
  17. 根据权利要求16所述的装置,其特征在于,在所述解密运算模块 的两次正常解密运算中,第一次正常解密运算的解密结果为C,第二次正常解密运算的解密结果为C’,所述C由L和R两部分组成,所述C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,所述结果输出模块中的F函数定义为:
    Figure PCTCN2014093472-appb-100004
         The device according to claim 16, wherein in the two normal decryption operations of the decryption operation module, the decryption result of the first normal decryption operation is C, and the decryption result of the second normal decryption operation is C ', the C is composed of two parts, L and R, the C'is composed of two parts, L'and R', namely C=L||R, C'=L'||R', the result output module The F function in is defined as:
    Figure PCTCN2014093472-appb-100004
  18. 根据权利要求16或17所述的装置,其特征在于,所述故障接收模块具体用于,在对所述密文P进行第一次正常解密运算时,接收本次正常解密运算被注入的故障,输出第一错误解密结果;The device according to claim 16 or 17, wherein the fault receiving module is specifically configured to receive the fault injected into the ciphertext P during the first normal decryption operation. , Output the first error decryption result;
    在对所述密文P进行第二次正常解密运算时,输出正确解密结果。When the second normal decryption operation is performed on the ciphertext P, the correct decryption result is output.
  19. 根据权利要求16或17所述的装置,其特征在于,所述故障接收模块具体还用于,在对所述密文P进行第一次正常解密运算时,输出正确解密结果;The device according to claim 16 or 17, wherein the failure receiving module is specifically further configured to output a correct decryption result when performing the first normal decryption operation on the ciphertext P;
    在对所述密文P进行第二次正常解密运算时,接收本次正常解密运算被注入的故障,输出第二错误解密结果。When the second normal decryption operation is performed on the ciphertext P, the fault injected into this normal decryption operation is received, and the second wrong decryption result is output.
  20. 根据权利要求16或17所述的装置,其特征在于,所述故障接收模块具体还用于,在对所述密文P进行第一次正常解密运算时,接收本次正常解密运算被注入的故障,输出第一错误解密结果;The device according to claim 16 or 17, wherein the fault receiving module is further configured to receive the information injected into the ciphertext P during the first normal decryption operation. Failure, output the first error decryption result;
    在对所述密文P进行第二次正常解密运算时,接收本次正常解密运算被注入的故障,输出第二错误解密结果。 When the second normal decryption operation is performed on the ciphertext P, the fault injected into this normal decryption operation is received, and the second wrong decryption result is output. To
PCT/CN2014/093472 2014-08-06 2014-12-10 Anti-attack encryption and decryption method and device of block cipher WO2016019670A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410384592.1A CN105376046B (en) 2014-08-06 2014-08-06 A kind of encipher-decipher method and device of block cipher attack protection
CN201410384592.1 2014-08-06

Publications (1)

Publication Number Publication Date
WO2016019670A1 true WO2016019670A1 (en) 2016-02-11

Family

ID=55263082

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/093472 WO2016019670A1 (en) 2014-08-06 2014-12-10 Anti-attack encryption and decryption method and device of block cipher

Country Status (2)

Country Link
CN (1) CN105376046B (en)
WO (1) WO2016019670A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106130712B (en) * 2016-06-14 2019-09-06 刘雷波 A kind of opportunistic infections fault-resistant attack method based on INS network
CN108737073B (en) * 2018-06-22 2021-09-28 北京智芯微电子科技有限公司 Method and device for resisting energy analysis attack in block encryption operation

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6108419A (en) * 1998-01-27 2000-08-22 Motorola, Inc. Differential fault analysis hardening apparatus and evaluation method
CN101729241A (en) * 2008-10-23 2010-06-09 国民技术股份有限公司 AES encryption method for resisting differential power attacks
CN102404108A (en) * 2011-10-25 2012-04-04 宁波大学 Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm
CN103634102A (en) * 2013-12-16 2014-03-12 国家电网公司 Protection method for side channel attack and fault attack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6108419A (en) * 1998-01-27 2000-08-22 Motorola, Inc. Differential fault analysis hardening apparatus and evaluation method
CN101729241A (en) * 2008-10-23 2010-06-09 国民技术股份有限公司 AES encryption method for resisting differential power attacks
CN102404108A (en) * 2011-10-25 2012-04-04 宁波大学 Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm
CN103634102A (en) * 2013-12-16 2014-03-12 国家电网公司 Protection method for side channel attack and fault attack

Also Published As

Publication number Publication date
CN105376046B (en) 2018-08-17
CN105376046A (en) 2016-03-02

Similar Documents

Publication Publication Date Title
KR102430042B1 (en) Memory Behavior Encryption
US11533297B2 (en) Secure communication channel with token renewal mechanism
US8516268B2 (en) Secure field-programmable gate array (FPGA) architecture
CN102138300B (en) Message authentication code pre-computation with applications to secure memory
US8767959B2 (en) Block encryption
US7499552B2 (en) Cipher method and system for verifying a decryption of an encrypted user data key
US11960589B2 (en) System for and method of authenticating a component of an electronic device
US9544132B2 (en) Cryptographic method for protecting a key hardware register against fault attacks
US7779272B2 (en) Hardware cryptographic engine and encryption method
EP3584737B1 (en) Improved detection of laser fault injection attacks on cryptographic devices
WO2016019670A1 (en) Anti-attack encryption and decryption method and device of block cipher
CN110321737B (en) Method for preventing injection type attack of data encryption standard coprocessor
Zhu et al. Research on Fault Attack of SMS4 Block Cipher
WO2020087381A1 (en) Model data loading method and device, apparatus, and storage medium
CN110555311A (en) Electronic signature system security design method and system based on pure soft cryptographic operation
WO2023107278A1 (en) Automatic key rolling for link encryption
BR102015013579B1 (en) CRYPTOGRAPHIC METHOD FOR SECURE EXCHANGE OF MESSAGES BETWEEN AT LEAST TWO DEVICES, CRYPTOGRAPHIC DEVICE AND SYSTEM
BR102015013579A2 (en) Cryptographic method for safe message exchange and device and method for implementation of this method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14899384

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14899384

Country of ref document: EP

Kind code of ref document: A1