CN101183945A - Bypass operator based elliptical curve anti-bypass attack method - Google Patents

Bypass operator based elliptical curve anti-bypass attack method Download PDF

Info

Publication number
CN101183945A
CN101183945A CNA2007101725982A CN200710172598A CN101183945A CN 101183945 A CN101183945 A CN 101183945A CN A2007101725982 A CNA2007101725982 A CN A2007101725982A CN 200710172598 A CN200710172598 A CN 200710172598A CN 101183945 A CN101183945 A CN 101183945A
Authority
CN
China
Prior art keywords
elliptic curve
bypass
operator
const
territory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007101725982A
Other languages
Chinese (zh)
Inventor
张爱新
杨福祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
Original Assignee
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University filed Critical Shanghai Jiaotong University
Priority to CNA2007101725982A priority Critical patent/CN101183945A/en
Publication of CN101183945A publication Critical patent/CN101183945A/en
Pending legal-status Critical Current

Links

Landscapes

  • Complex Calculations (AREA)

Abstract

The invention discloses an ellipse curve method for anti bypass attack based on the bypass operator, belonging to the technical field of information security, which comprises the following steps: firstly the mistakes of the prior technical proposal are modified to get the correct bypass equivalent execution sequence of the doubled point-point addition operation of the ellipse curve in the finite field Fp and the bypass equivalent execution sequence is expressed as a correct operator module matrix of doubled point-point addition of the ellipse curve; then aiming at the code mechanism of the ellipse curve, an implementation scheme of the C++ software is made, and the core steps of the encryption and decryption of the code mechanism of the ellipse curve is achieved in the software technical proposal, namely, a scalar point multiplication operation of the ellipse curve based on the bypass operator in the finite field. The invention has an advantage of improving the anti bypass-attack ability of the code of the ellipse curve according to adding correct pseudo operation sequence.

Description

Elliptic curve anti-bypass attack method based on the bypass operator
Technical field
The present invention relates to a kind of method of field of information security technology, specifically is a kind of elliptic curve anti-bypass attack method based on the bypass operator.
Background technology
Bypass attack (SCA) is based on the analytical technology of physical features, the assailant can be under the situation that obtains cryptographic algorithm operation carrier (computer, crypto, encryption box, smart card etc.), utilize the characteristic of running environment to attack, thereby obtain key fast, decode whole cryptographic system.Characteristics such as key is short, encryption/decryption speed fast because elliptic curve cryptosystem (ECC) has, low-power consumption, narrow bandwidth and memory space are little such as are applied to move, hand usually at wireless device, and environment for use is abominable relatively, and is very vulnerable.Therefore the high-performance elliptic curve cipher optimisation technique and the implementation thereof of research defence bypass attack technology are extremely urgent.
Find by prior art documents, B.Chevallier-Mames etc. are in " IEEETransactions on Computers " (IEEE Chinese journal of computers) (2004 53 the 6th phases of volume, the 760-768 page or leaf) " the Low Cost Solutions for Preventing Simple Side-Channel Analysis:Side-Channel Atomicity " that delivers (prevents the low-cost solution that simple bypass is analyzed: the bypass operator) proposed the method for bypass operator in order to resist simple power consumption attack, this method has at first defined and can not have been analyzed the operator module of being discerned of equal value by bypass, then by inserting pseudo-operation, one continuous command sequence is expressed as the sequence that repeats of bypass operator, has obtained an elliptic curve times point-plus operator modular matrix.But the elliptic curve dot product operation of carrying out on the prime field by such scheme is wrong, though the middle sequence of carrying out of elliptic curve cipher scalar dot product operation has been upset in the pseudo-operation of adding in this scheme, the execution result of these pseudo-operations is not cancelled each other behind the dot product EO.Cause the reason of described mistake to be: the employed result register of some pseudo-operations is relevant with the arithmetic register that follow-up middle some basic operation of carrying out sequence is used, the result register that is a certain pseudo-operation is the arithmetic register of follow-up some basic operation, make the introducing of pseudo-operation change the intermediate object program of carrying out sequence, and its influence can't finally be eliminated, and has obtained a wrong times point-plus operator modular matrix thus.
Summary of the invention
The objective of the invention is at deficiency of the prior art, a kind of elliptic curve anti-bypass attack method based on the bypass operator is provided, make it revise the mistake of existing scheme in the above-mentioned background technology, under the prerequisite that does not increase computation complexity, effectively take precautions against simple power consumption attack, can be used for fields such as cipher theory, password cracking, safety chip design, smart card designs.
The present invention is achieved by the following technical solutions, and the present invention at first revises the mistake of existing scheme, obtains finite field F pGo up the bypass execution of equal value sequence of a correct elliptic curve times point-add operation, and it is expressed as a correct elliptic curve times point-plus operator modular matrix; Then at elliptic curve cryptosystem efficient, optimize, safety realizes, formulate its C++ software implement scheme, and in this software scenario, realize the core procedure of elliptic curve cryptosystem encryption and decryption---the elliptic curve scalar dot product based on the bypass operator on the finite field is operated.This technical scheme has realized the raising of elliptic curve cipher opposing bypass attack ability by adding correct pseudo-operation sequence.
Described existing scheme is meant that people such as B.Chevallier-Mames in the background technology is in 2004 schemes that propose.
Described finite field F pGo up the bypass sequence of carrying out of equal value of a correct elliptic curve times point-add operation, be meant: what obtain after reselecting the pseudo-operation sequence and carrying out register operates execution sequence of equal value with basic elliptic curve dot product.Be specially: mask register T 6Replace the related register in the existing scheme, this is because register T 6Only carry out assignment by other registers, before this its operation of carrying out all be can be used as pseudo-operation in last some steps of intermediary operation.
A described correct elliptic curve times point-plus operator modular matrix is meant described finite field F pGo up the bypass matrix notation of carrying out sequence of equal value of a correct elliptic curve times point-add operation, be specially:
Figure S2007101725982D00031
Based on the elliptic curve scalar dot product operation of bypass operator, be the basic step that realizes the elliptic curve cryptosystem encryption and decryption on the described finite field, be specially:
Known definition is at large prime field F pElliptic curve E/F on (P is big prime number) p: y 2=x 3Some P on the+ax+b 1=(X 1, Y 1, Z 1), a wherein, b ∈ F p, X 1, Y 1, Z 1Be respectively a P 1X, Y, Z sit target value under Jacobi's coordinate system, and well-known key d=(1, d M-2..., d 0) 2, promptly d is the binary system positive integer of m bit, each bit is respectively d i, i=0 ..., m-1, and d M-1=1, adopt a described elliptic curve times point-plus operator modular matrix , realize the scalar multiplication P that puts on the elliptic curve d=dP 1=(X d, Y d, Z d) process, P wherein dBe same elliptic curve E/F pOn point, X d, Y d, Z dBe respectively a P dX, Y, Z sit target value under Jacobi's coordinate system.
If the register of usefulness is R j, j=0 ..., 9.At first be each register initialize R 0=a, R 1=X 1, R 2=Y 1, R 3=Z 1, R 7=X 1, R 8=Z 1, R 9=Z 1, get intermediate variable i, s, and be respectively its initialize i=m-2, s=1.Carry out following register assignment operation then:
K=( s) * (k+1), the k representing matrix
Figure S2007101725982D00041
K capable;
s=d i×(kdiv?25)+(-d i)×(kdiv?9);
R u k , 0 * = R u k , 1 * × R u k , 2 * ; R u k , 3 * = R u k , 4 * + R u k , 5 * ;
R u k , 6 * = - R u k , 6 * ; R u k , 7 * = R u k , 8 * + R u k , 9 * ;
U wherein K, l *The matrix element of representing the capable l row of k of a described correct elliptic curve times point-plus operator modular matrix.
Value with i becomes i-s afterwards, if above-mentioned register assignment operation is then repeated in i 〉=0, otherwise register R 1, R 2, R 3Value just be respectively a P dX, Y, Z coordinate, so P d(X d, Y d, Z d)=(R 1, R 2, R 3).P dBe P 1Result after elliptic curve cryptosystem is handled.
The C++ software implement scheme of described elliptic curve cryptosystem, be for guarantee elliptic curve cryptosystem efficient, optimize, safety realizes the C++ software implement scheme formulated.Be specially: the level of at first determining to realize elliptic curve cryptosystem according to the mathematic(al) structure of elliptic curve, the operation of putting on the elliptic curve progressively is decomposed into the operation that CPU can bear, define the data type of each layer from low to high successively by level then, and realize the master data operation of each layer.
The level of described realization elliptic curve cryptosystem is meant: the operation of putting on the elliptic curve is divided into three layers of realization, and top layer is the cryptographic system on the elliptic curve; Middle one deck is the operation of putting on the elliptic curve, comprises the addition put on the elliptic curve and the multiplication of point; The bottom is the operation on the finite field, comprises on subtraction on territory levels, the territory, territory comultiplication, the territory inverting, asking mould etc. on the territory.
Data type of described each layer and master data operation, be meant: for realizing the operation on the described bottom finite field, at first define big integer class, make up mould P integer class then, P is big prime number; Realize prime field F subsequently pOn master data handle operation, comprise on subtraction on territory levels, the territory, territory comultiplication, the territory and invert, ask mould on the territory; Be the operation of putting on the elliptic curve of realizing described intermediate layer, at first make up affine coordinate mooring points class and Jacobi's coordinate mooring points class, and define its friendly each other metaclass, in these two classes, realize the operation of point subsequently respectively, and in Jacobi's coordinate mooring points class, realizing mutual conversion, mutual operation under the different coordinates, described dot product operation based on the bypass operator also realizes in Jacobi's coordinate points class; Be the cryptographic system on the elliptic curve of realizing described top layer, make up the public private key pair class respectively, realize class of a curve etc.
The present invention can guarantee quick, safe, the correct realization of elliptic curve cryptosystem, adopt the delamination software implementation of elliptic curve cipher system, guaranteed the independence of each layer realization, make change that any one deck realizes can be to other each layer generation too much influence, and the improvement of any one deck, the overall performance of elliptic curve cipher system is improved in the capital, improves the ability that anti-bypass is supplied with.The present invention can be advantageously applied to the optimization realization of elliptic curve cipher system, the applications such as Safety Design of high speed elliptic curve cryptography chip.
Embodiment
Below embodiments of the invention are elaborated: present embodiment is being to implement under the prerequisite with the technical solution of the present invention, provided detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
If embodiment intends plaintext M, adopt key d to carry out elliptic curve cryptography and handle.According to elliptic curve cryptosystem, at first plaintext M is converted to elliptic curve E/F p: y 2=x 3Some P on the+ax+b operates Q=dP by the scalar multiplication of implementing to put on the elliptic curve then, obtains the expression Q of the point of the ciphertext on same elliptic curve.When specific implementation, select prime field F pOn the elliptic curve parameter can fix.Such as getting elliptic curve equation y 2=x 3+ ax+b, a, b ∈ F pA=0x bb8e5e8f bc115e13 9fe6a814 fe48aaa6f0ada1aa 5df91985, b=0x 1854bebd c31b21b7 aefc80ab 0ecd10d5 b1b3308e6dbf11c1, big prime number p is got 0x bdb6f4fe 3e8b1d9e 0da8c0d4 6f4c318c efe4afe3b6b8551f, basic point x coordinate is taken as 0x 4ad5f704 8de709ad 51236de6 5e4d4b48 2c836dc6e4106640, basic point y coordinate is 0x 02bb3a02 d4aaadac ae24817a 4ca3a1b0 14b5270432db27d2, and basic point rank n is 0x bdb6f4fe 3e8b1d9e 0da8c0d4 0fc96219 5dfae76f56564677.Whole invention adopts the specific implementation process of above-mentioned C++ implementation as follows:
1, for obtaining the point of ciphertext on the elliptic curve,, at first needs to realize finite field F according to the C++ software hierarchy implementation of above-mentioned elliptic curve cryptosystem pOperation.At finite field F pDown, the element in the territory all needs to adopt the form of big integer to represent, wherein for any one element m, 0≤m≤(p-1) is arranged all.If
Figure S2007101725982D00061
Figure S2007101725982D00062
Therefore, field element can be stored in the word of forming by t 32 bits: a=(a T-1..., a 2, a 1, a 0).The definition bottom big integer class class BIGINT6 and mould prime number class class Pint.The definition example of concrete data type and basic operation thereof is as follows:
class?BIGINT6
{
friend?int?operator>=(const?BIGINT6?&?A,const?BIGINT6?&?B);
friend?int?operator>(const?BIGINT6?&?A,const?BIGINT6?&?B);
friend?int?operator<=(const?BIGINT6?&?A,const?BIGINT6?&?B);
friend?int?operator<(const?BIGINT6?&?A,const?BIGINT6?&?B);
friend?int?operator==(const?BIGINT6?&?A,const?BIGINT6?&?B);
friend?WORD32_sub(const?WORD32*pa,const?WORD32*pb,WORD32*dest);
friend?WORD32_add(const?WORD32*pa,const?WORD32*pb,WORD32*dest);
friend?ostream&operator<<(ostream&output,const?BIGINT6&N);
public:
BIGINT6(void);
BIGINT6(const?int?N);
BIGINT6(const?WORD32?N);
BIGINT6(const?WORD32?wor[]);
BIGINT6(const?BIGINT6&aBig);
public:
~BIGINT6(void);
/* We?use?a?word?as?the?smallest?cell?to?avoid?little-endia?or?big-endia?problem.
* data;store?192?bit?BIGINT
* The?represent?struct:
* data[5]||?data[4]||?data[3]||?data[2]||?data[1]||data[0]
* most?significant?word least?significant?word*/
WORD32?data[6];
};
class?PInt
{
friend?PInt?&?operator+(const?PInt?&?PA,const?PInt?&?PB);
friend?PInt?&?operator-(const?PInt?&?PA,const?PInt?&?PB);
friend?PInt?&?operator*(const?PInt?&?PA,const?PInt?&?PB);
friend?int?operator>=(const?PInt?&?A,const?PInt?&?B);
friend?int?operator>(const?PInt?&?A,const?PInt?&?B);
friend?int?operator<=(const?PInt?&?A,const?PInt?&?B);
friend?int?operator<(const?PInt?&?A,const?PInt?&?B);
friend?int?operator==(const?PInt?&?A,const?PInt?&?B);
friend?int NAF(const?PInt?A,char*trsf_result);
friend?int BINARY(const?PInt?A,char*trsf_result);
friend?void?SHIFTRIGHT(PInt?&?l,unsigned?int?amt);
friend?ostream?&?operator<<(ostream?&?output,const?PInt?&?N);
friend?PInt?&?operator%(const?PInt?&?P,const?PInt?&?N);
friend?PInt?&?ranBigInt(void);
public:
PInt(void);
PInt(const?BIGINT6?&?big);
PInt(const?WORD32?wor[]);
PInt(const?PInt?&?P);
PInt(const?WORD32?N);
PInt(const?int?N);
PInt?&?operator~(void)const;
PInt?&?operator-(void)const;
static?int?setPri_N(void);
stat?ic?int?setPri_P(void);
stat?ic?PInt?&?getPrime(void);
public:
~PInt(void);
private:
BIGINT6?pInt;
static?BIGINT6?pri;
};
2, according to above-mentioned C++ software hierarchy implementation, in the basic operation that realizes the point of elliptic curve on the prime field on above-mentioned 1 the basis.At first define the some class on the elliptic curve, comprise affine coordinate mooring points class class APoint and Jacobi's coordinate mooring points class class JPoint, the friendly each other metaclass of two classes; Secondly, mutual conversion, the mutual operation under the realization different coordinates in Jacobi's coordinate mooring points class.The definition example of data type and operation thereof is as follows:
class?APoint
{
friend?class?JPoint;
friend?APoint?&?operator+(const?APoint?&?LP,const?APoint?&?RP);/////ADDITION//////////
friend?APoint?&?operator-(const?APoint?&?LP,const?APoint?&?RP);//////////////SUBTRATION//
friend?APoint?&?operator*(const?PInt?&?k,const?APoint&P);/////POINT?MULTIPLY////////
friend?APoint?&?operator*(const?APoint?&?P,const?PInt?&?k);
friend?ostream?&?operator<<(ostream&output,const?APoint?&?P);///////////DISPLAY//////
public:
APoint(void);
APoint(const?APoint?&?P);
APoint(const?PInt?&?x,const?PInt?&?y);
APoint(const?int?x,const?int?y);
APoint(const?JPoint?&?P);
APoint?&?operator-(void)const;//////////////////NEGTIVE?POINT////////////
int?operator==(const?APoint&rP)?const;////////////////COMPARE//////////////////
int?operator||(const?APoint&rP)const;///////is_Couple?no->0;yes->1this=rP///////
int?operator!(void)const?;/////////is?infinite?no->0;yes->1////////////
int?is_on_curve?(void)?const;/////////is?on?the?curve?no->0;yes->1//?////////
public:
~APoint(void);
private:
PInt?Px;
PInt?Py;
};
class?JPoint
{
friend?class?APoint;
//////////////////////////////////////////ADDITION////////////////////////////////////////
friend?JPoint?&?operator+(const?JPoint?&?L,const?JPoint?&?R);
//BETWEEN**************************************************************
friend?JPoint?&?operator+(const?JPoint?&?LP,const?APoint?&?RP);
friend?JPoint?&?operator+(const?APoint?&?LP,const?JPoint?&?RP);
friend?JPoint?&?PointAddition(const?JPoint?&?p1,const?JPoint?&?p2);
friend?JPoint?&?Doubling(const?JPoint?&?p);
/////////////////////////////////////SUBTRATION///////////////////////////////////////////
friend?JPoint?&?operator-(const?JPoint?&?L,const?JPoint?&?R);
//BETWEEN**************************************************************
friend?JPoint?&?operator-(const?JPoint?&?LP,const?APoint?&?RP);
friend?JPoint?&?operator-(const?APoint?&?LP,const?JPoint?&?RP);
//////////////////////////////////////POINT?MULTIPLY//////////////////////////////////////
friend?JPoint?&?operator*(const?JPoint?&?P,const?PInt?&?D);
friend?JPoint?&?operator*(const?PInt?&?D,const?JPoint?&?P);
///////////////////////////////////////////DISPLAY///////////////////////////////////////
friend?ostream?&?operator<<(ostream?&?output,const?JPoint?&?P);
public:
JPoint(void);
JPoint(const?PInt?&?x,const?PInt?&?y,const?PInt?&?z);
JPoint(const int?x,const?int?y,const int?z);
JPoint(const?JPoint?&?P);
JPoint(const?APoint?&?P);
//////////////////////////////////////////NEGTIVE?POINT////////////////////////////////////
JPoint?&?operator-(void)const;
////////////////////////////////////////COMPARE////////////////////////////////////?////////
int?operator==(const?JPoint?&?P)const;
/////////////////////////////////////////is_Couple?no->0;yes->1this=-rP///////////////
int?operator||(const?JPoint?&?rP)const;
//////////////////////////////////////////is?infinite?no->0;yes>1////////////////////////
int?operator!(void)const;
public:
~JPoint(void);
private:
PInt?PX;
PInt?PY;
PInt?PZ;
};
3, for improving the anti-bypass attack ability of elliptic curve cryptosystem, its key operation---elliptic curve scalar dot product adopts on the above-mentioned finite field elliptic curve scalar dot product scheme based on the bypass operator.Concrete, on above-mentioned 2 basis, at the function JPoint of JPoint class ﹠amp; Operator* (JPoint ﹠amp; P, PInt ﹠amp; D) realize in.Concrete steps are:
At first define a described times of point-plus operator modular matrix
Figure S2007101725982D00111
int?u?[26]?[10]=
{{4,1,1,5,4,4,3,4,4,5}, {5,3,3,1,1,1,3,6,1,3}, {5,5,5,1,1,3,3,1,L?3}, {5,0,5,4,4,5,3,5,2,2},
{3,3,5,1,1,3,3,1,1,3}, {2,2,2,2,2,2,4,6,1,3}, {5,1,2,1,1,5,5,1,1,5}, {1,4,4,1,?1,5,4,1,1,5},
{2,2,2,2,2,2,3,5,1,5}, {4,4,5,2,2,4,2,4,4,5}, {4,9,9,5,1,5,5,5,1,5}, {1,1,4,5,1,5,5,5,1,5},
{4,4,9,5,1,5,5,5,1,5},{2,2,4,5,1,5,5,5,1,5},{4,3,3,5,1,5,5,5,1,5},{5,4,7,6,2,5,5,5,1,5},
{4,3,4,6,2,5,6,6,5,6},{4,4,8,6,5,6,4,4,2,4},{3,3,9,6,5,6,6,6,5,6},{3,3,5,6,5,6,6,6,5,6},
{6,5,5,6,3,6,3,6,3,6},{1,1,6,1,1,4,4,1,1,4},{5,5,6,6,1,2,2,6,2,6},{1,4,4,1,1,5,6,1,1,6},
{2,2,5,1,1,6,3,6,1,6},{4,4,6,2,2,4,6,6,1,6}};
Secondly, realize on the finite field elliptic curve scalar dot product based on the bypass operator.If the some P=(X of plaintext M correspondence 1, Y 1, Z 1), X 1, Y 1, Z 1Be respectively a P X, Y, Z under Jacobi's coordinate system and sit target value; If key d is the binary system positive integer of m bit, promptly d=(1, d M-2..., d 0) 2, d M-1=1; If the point that obtains after dot product is handled is Q=(X d, Y d, Z d), X d, Y d, Z dBe respectively a Q X, Y, Z under Jacobi's coordinate system and sit target value; If the register that uses in the scheme implementation is R j, j=0 ..., 9.Detailed process is:
(1). each register initialize R 0=a, R 1=X 1, R 2=Y 1, R 3=Z 1, R 7=X 1, R 8=Y 1, R 9=Z 1
(2). get intermediate variable i, s, and be respectively its initialize i=m-2, s=1;
(3). carry out following register assignment operation:
(3.1) k=( s) * (k+1), the k representing matrix
Figure S2007101725982D00112
K capable;
(3.2)s=d i×(kdiv?25)+(-d i)×(kdiv?9);
( 3.3 ) , R u k , 0 * = R u k , 1 * × R u k , 2 * ;
( 3.4 ) , R u k , 3 * = R u k , 4 * + R u k , 5 * ;
( 3.5 ) , R u k , 6 * = - R u k , 6 * ;
( 3.6 ) , R u k , 7 * = R u k , 8 * + R u k , 9 * ;
(3.7)i=i-s,
(4) if. i 〉=0, then repeated execution of steps 3; Otherwise register R 1, R 2, R 3Value just be respectively X, Y, the Z coordinate of a Q, so Q=(X d, Y d, Z d)=(R 1, R 2, R 3).
The C++ realization example of above process is as follows:
JPoint?&?operator*(JPoint?&?P,PInt?&?D)
{
static?JPoint?res;
if((!P)||(D==0))
res=INFINITE_POINT;
else{
char*d=new?char[200];
int?N=BINARY(D,d);
PInt?R[10];
int?i,s,k;
R[0]=coeA;
R[1]=P.PX;
R[2]=P.PY;
R[3]=P.PZ;
R[7]=P.PX;
R[8]=P.PY;
R[9]=P.PZ;
i=N-2;
s=1;
while(i>=0)
{
if(s==1)
k=0;
else?if(s==0)
k=k+1;
if(d[i]==0)
s=k/9;
else?if(d[i]==1)
s=k/25;
R[u[k][0]]=R[u[k][1]]*R[u[k][2]];
R[u[k][3]]=R[u[k][4]]+R[u[k][5]];
R[u[k][6]]=-R[u[k][6]];
R[u[k][7]]=R[u[k][8]]+R[u[k][9]];
i=i-s;
}
res.PX=R[1];
res.PY=R[2];
res.PZ=R[3];
delete[]d;}
return?res;
}
4,, finished the C++ software hierarchy of elliptic curve cryptosystem and realized through above-mentioned 3 steps.For obtaining the some Q of ciphertext on elliptic curve in the present embodiment, only need in main program, call on the above-mentioned finite field elliptic curve scalar dot product function JPoint::JPoint﹠amp based on the bypass operator; Operator* (JPoint ﹠amp; P, PInt﹠amp; D), get final product Q=P*d.
5, at last again with this Q according to the elliptic curve cryptosystem recompile, get final product the hexadecimal string of ciphertext, by adding correct pseudo-operation sequence, realized the raising of elliptic curve cipher opposing bypass attack ability.
Above embodiment shows, the present invention is based on bypass operator anti-bypass attack method and can improve the ability that elliptic curve cryptosystem is taken precautions against simple power consumption attack, adopt the delamination software implementation of elliptic curve cipher system, guaranteed the independence of each layer realization, effectively improved systematic function.

Claims (7)

1. the elliptic curve anti-bypass attack method based on the bypass operator is characterized in that, at first revises the mistake of existing scheme, obtains finite field F pGo up the bypass sequence of carrying out of equal value of a correct elliptic curve times point-add operation, and it is expressed as a correct elliptic curve times point-plus operator modular matrix, formulate its C++ software implement scheme at elliptic curve cryptosystem then, and realize that in this software scenario the elliptic curve scalar dot product based on the bypass operator is operated on the finite field, thereby, realize the raising of elliptic curve cipher opposing bypass attack ability by adding correct pseudo-operation sequence.
2. the elliptic curve anti-bypass attack method based on the bypass operator according to claim 1 is characterized in that, described finite field F pGo up the bypass sequence of carrying out of equal value of a correct elliptic curve times point-add operation, be meant: what obtain after reselecting the pseudo-operation sequence and carrying out register operates execution sequence of equal value, i.e. mask register T with basic elliptic curve dot product 6Replace the related register in the existing scheme.
3. the elliptic curve anti-bypass attack method based on the bypass operator according to claim 1 is characterized in that, a described correct elliptic curve times point-plus operator modular matrix is specially:
4. the elliptic curve anti-bypass attack method based on the bypass operator according to claim 1 is characterized in that, based on the elliptic curve scalar dot product operation of bypass operator, is specially on the described finite field:
Known definition is at large prime field F pOn elliptic curve E/F p: y 2=x 3Some P on the+ax+b 1=(X 1, Y 1, Z 1), P is big prime number, a wherein, b ∈ F p, X 1, Y 1, Z 1Be respectively a P 1X, Y, Z sit target value under Jacobi's coordinate system, and well-known key d=(1, d M-2..., d 0) 2, promptly d is the binary system positive integer of m bit, each bit is respectively d i, i=0 ..., m-1, and d M-1=1, adopt a described elliptic curve times point-plus operator modular matrix
Figure S2007101725982C00022
, realize the scalar multiplication P that puts on the elliptic curve d=dP 1=(X d, Y d, Z d) process, P wherein dBe same elliptic curve E/F pOn point, X d, Y d, Z dNot Wei the some P dX, Y, Z sit target value under Jacobi's coordinate system;
If the register of usefulness is R j, j=0 ..., 9, at first be each register initialize R 0=a, R 1=X 1, R 2=Y 1, R 3=Z 1, R 7=X 1, R 8=Y 1, R 9=Z 1, get intermediate variable i, s, and be respectively its initialize i=m-2, s=1, carry out following register assignment operation then:
K=( s) * (k+1), the k representing matrix
Figure S2007101725982C00031
K capable,
s=d i×(kdiv?25)+(-d i)×(kdiv?9),
R u k , 0 * = R u k , 1 * × R u k , 2 * ; R u k , 3 * = R u k , 4 * + R u k , 5 * ,
R u k , 6 * = - R u k , 6 * ; R u k , 7 * = R u k , 8 * + R u k , 9 * ,
U wherein K, l *The matrix element of representing the capable l row of k of a described correct elliptic curve times point-plus operator modular matrix;
Value with i becomes i-s afterwards, if above-mentioned register assignment operation is then repeated in i 〉=0, otherwise register R 1, R 2, R 3Value just be respectively a P dX, Y, Z coordinate, so P d=(X d, Y d, Z d)=(R 1, R 2, R 3), P dBe P 1Result after elliptic curve cryptosystem is handled.
5. the elliptic curve anti-bypass attack method based on the bypass operator according to claim 1, it is characterized in that, the C++ software implement scheme of described elliptic curve cryptosystem, be specially: the level of at first determining to realize elliptic curve cryptosystem according to the mathematic(al) structure of elliptic curve, the operation of putting on the elliptic curve progressively is decomposed into the operation that CPU can bear, define the data type of each layer from low to high successively by level then, and realize the master data operation of each layer.
6. the elliptic curve anti-bypass attack method based on the bypass operator according to claim 5, it is characterized in that, the level of described realization elliptic curve cryptosystem, be meant: the operation of putting on the elliptic curve is divided into three layers of realization, top layer is the cryptographic system on the elliptic curve, middle one deck is the operation of putting on the elliptic curve, comprise the addition put on the elliptic curve and the multiplication of point, the bottom is the operation on the finite field, comprises on subtraction on territory levels, the territory, territory comultiplication, the territory inverting, asking mould on the territory.
7. the elliptic curve anti-bypass attack method based on the bypass operator according to claim 5, it is characterized in that, data type of described each layer and master data operation, be meant: for realizing the operation on the described bottom finite field, at first define big integer class, then make up mould P integer class, P is big prime number, realizes prime field F subsequently pOn master data handle operation, comprise on subtraction on territory levels, the territory, territory comultiplication, the territory and invert, ask mould on the territory; Be the operation of putting on the elliptic curve of realizing described intermediate layer, at first make up affine coordinate mooring points class and Jacobi's coordinate mooring points class, and define its friendly each other metaclass, in these two classes, realize the operation of point subsequently respectively, and in Jacobi's coordinate mooring points class, realize mutual conversion, mutual operation under the different coordinates, described dot product operation based on the bypass operator also realizes in Jacobi's coordinate points class, be the cryptographic system on the elliptic curve of realizing described top layer, make up the public private key pair class respectively, realize class of a curve.
CNA2007101725982A 2007-12-20 2007-12-20 Bypass operator based elliptical curve anti-bypass attack method Pending CN101183945A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2007101725982A CN101183945A (en) 2007-12-20 2007-12-20 Bypass operator based elliptical curve anti-bypass attack method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2007101725982A CN101183945A (en) 2007-12-20 2007-12-20 Bypass operator based elliptical curve anti-bypass attack method

Publications (1)

Publication Number Publication Date
CN101183945A true CN101183945A (en) 2008-05-21

Family

ID=39449042

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007101725982A Pending CN101183945A (en) 2007-12-20 2007-12-20 Bypass operator based elliptical curve anti-bypass attack method

Country Status (1)

Country Link
CN (1) CN101183945A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102193060A (en) * 2010-03-01 2011-09-21 英赛瑟库尔公司 Process for testing the immunity of an integrated circuit to bypass analysis
CN101639885B (en) * 2009-08-26 2012-05-09 成都卫士通信息产业股份有限公司 Safe preparation method for cipher chip to resist against bypass attack
CN102468954A (en) * 2010-11-10 2012-05-23 上海华虹集成电路有限责任公司 Method for preventing symmetric cryptographic algorithm from being attacked
CN106161022A (en) * 2015-03-31 2016-11-23 上海复旦微电子集团股份有限公司 Anti-attack method based on ECC crypto module and device
WO2019242562A1 (en) * 2018-06-22 2019-12-26 北京智芯微电子科技有限公司 Elliptic curve point multiplication operation method and apparatus
CN110708160A (en) * 2019-10-10 2020-01-17 山东省计算中心(国家超级计算济南中心) SM2 algorithm scalar multiplication coding-based side channel attack resisting method and system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101639885B (en) * 2009-08-26 2012-05-09 成都卫士通信息产业股份有限公司 Safe preparation method for cipher chip to resist against bypass attack
CN102193060A (en) * 2010-03-01 2011-09-21 英赛瑟库尔公司 Process for testing the immunity of an integrated circuit to bypass analysis
CN102193060B (en) * 2010-03-01 2015-05-06 英赛瑟库尔公司 Method and system for testing integrated circuit devices
CN102468954A (en) * 2010-11-10 2012-05-23 上海华虹集成电路有限责任公司 Method for preventing symmetric cryptographic algorithm from being attacked
CN102468954B (en) * 2010-11-10 2014-07-23 上海华虹集成电路有限责任公司 Method for preventing symmetric cryptographic algorithm from being attacked
CN106161022A (en) * 2015-03-31 2016-11-23 上海复旦微电子集团股份有限公司 Anti-attack method based on ECC crypto module and device
WO2019242562A1 (en) * 2018-06-22 2019-12-26 北京智芯微电子科技有限公司 Elliptic curve point multiplication operation method and apparatus
US11003769B2 (en) 2018-06-22 2021-05-11 Beijing Smartchip Microelectronics Technology Comp Elliptic curve point multiplication operation method and apparatus
CN110708160A (en) * 2019-10-10 2020-01-17 山东省计算中心(国家超级计算济南中心) SM2 algorithm scalar multiplication coding-based side channel attack resisting method and system

Similar Documents

Publication Publication Date Title
US8443205B2 (en) Secure function evaluation techniques for circuits containing XOR gates with applications to universal circuits
CN101097511B (en) Modular reduction using folding
CN100536390C (en) A novel elliptic curve password coprocessor
CN101183945A (en) Bypass operator based elliptical curve anti-bypass attack method
CN101479698A (en) Mulptiplying two numbers
Seo et al. Optimized implementation of SIKE round 2 on 64-bit ARM Cortex-A processors
CN113434886B (en) Method and device for jointly generating data tuples for secure computation
CN115756386A (en) Efficient lightweight NTT multiplier circuit based on lattice code
JP2020515093A (en) Computing device for coded addition
CN108875416B (en) Elliptic curve multiple point operation method and device
CN110708160B (en) SM2 algorithm scalar multiplication coding-based side channel attack resisting method and system
Liu et al. Efficient implementation of ECDH key exchange for MSP430-based wireless sensor networks
Jalali et al. ARMv8 SIKE: Optimized supersingular isogeny key encapsulation on ARMv8 processors
KR101061906B1 (en) Basic Computing Device and Method Safe for Power Analysis Attack
Chung et al. Alternative tower field construction for quantum implementation of the AES S-box
CN115906126A (en) Data processing method and device in multi-party security computing
Biasse et al. A framework for reducing the overhead of the quantum oracle for use with Grover’s algorithm with applications to cryptanalysis of SIKE
Kotukh et al. Method of Security Improvement for MST3 Cryptosystem Based on Automorphism Group of Ree Function Field
Joye Recovering lost efficiency of exponentiation algorithms on smart cards
EP1818810B1 (en) Circuit and method for multiplying long integer values
CN116225369A (en) SM2 algorithm scalar multiplication operation optimization method and system
Liu et al. Secure and verifiable outsourcing protocol for non-negative matrix factorisation
KR100564599B1 (en) Inverse calculation circuit, inverse calculation method, and storage medium encoded with computer-readable computer program code
CN106775575B (en) The multiplier of low cost RFID authentication protocol based on quadratic residue
Mitra et al. Time-memory trade-off attacks on multiplications and T-functions

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20080521