CN103634102B - A kind of means of defence of side-channel attack and fault attacks - Google Patents
A kind of means of defence of side-channel attack and fault attacks Download PDFInfo
- Publication number
- CN103634102B CN103634102B CN201310690055.5A CN201310690055A CN103634102B CN 103634102 B CN103634102 B CN 103634102B CN 201310690055 A CN201310690055 A CN 201310690055A CN 103634102 B CN103634102 B CN 103634102B
- Authority
- CN
- China
- Prior art keywords
- computing
- level production
- random number
- plaintext
- production line
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004519 manufacturing process Methods 0.000 claims abstract description 50
- 238000000034 method Methods 0.000 claims abstract description 35
- 230000000052 comparative effect Effects 0.000 claims description 2
- 238000004422 calculation algorithm Methods 0.000 description 10
- 238000004458 analytical method Methods 0.000 description 4
- 230000004888 barrier function Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- BYACHAOCSIPLCM-UHFFFAOYSA-N 2-[2-[bis(2-hydroxyethyl)amino]ethyl-(2-hydroxyethyl)amino]ethanol Chemical group OCCN(CCO)CCN(CCO)CCO BYACHAOCSIPLCM-UHFFFAOYSA-N 0.000 description 1
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention provides the means of defence of a kind of side-channel attack and fault attacks, and this method comprises the following steps:I, the computing of block cipher is divided into some level production lines;II, random selection two level production lines input are real in plain text, and other inputs at different levels are random number;III, progress computing, it is when computing terminates, whether two True Data comparison operation results are consistent.This method can resist side-channel attack, fault attacks, high safety, and execution efficiency can be resisted again high.
Description
Technical field
The present invention relates to a kind of method in intelligent card chip field, and in particular to a kind of side-channel attack and fault attacks
Means of defence.
Background technology
With the development of computer technology, the continuous improvement of social informatization degree, information security issue increasingly by
The extensive reproduction of people.Encryption is playing an important role as a strong weapon in information security, various encryptions
Algorithm is continued to bring out, and block cipher popular at present has DES, AES etc..Block cipher is to regular length
The algorithm being encrypted in plain text.Plaintext is grouped by it by certain length, obtains ciphertext by cryptographic calculation with key in plain text.Solution
When close, ciphertext and key are reduced into plain text by decryption computing.
With the progress of measurement analysis method, various attack methods are also continued to develop.Side-channel attack and fault attacks are
In recent years two kinds of representative and stronger to the chip menace attack methods proposed.Side-channel attack make use of encryption device
The side information and the median of cryptographic algorithm revealed during operation have certain correlation, by repeatedly measuring side information and then entering
Row statistical analysis, and then obtain key information.The general principle of fault attacks is that crypto chip is placed in high-intensity magnetic field, Huo Zhegai
Become supply voltage, working frequency, temperature of chip etc., the register in crypto chip, memory is produced in encryption process
Raw random error, some output bit become 1 or 1 from original 0 and become 0.By being exported to the output of correct ciphertext and wrong ciphertext
Comparison, the secret data information of chip internal is obtained by theory analysis.The method of common defence side-channel attack is main
It is that data or key are carried out with random mask etc., the method for common defence fault attacks has calculates right twice to identical data
Whether comparison operation result is consistent afterwards.
Existing method is that grouping algorithm each round computing is divided into some steps, real on the basis of institute's partiting step
Row pile line operation computing.Each level production line calculates different data, and each clock cycle carries out the different fortune of different pieces of information
Calculate, random number mask is applied to each level production line processing data, it is ensured that the heterogeneite of actual treatment data.
Power consumption analysis is as a kind of method of side-channel attack, and prior art can only resist power consumption attack, it is impossible to resistance therefore
Barrier attack.To side Multiple Channel Analysis can be resisted, fault attacks can be resisted again, and prior art also needs to increase other protection sides
Method, more resources can be taken when realizing.And each circle computing of symmetry algorithm is divided into some sub-steps in the prior art,
In general symmetry algorithm can include multiple circle computings, if some sub-steps are divided into each circle computing, in algorithm fortune
Efficiency can be very low during row, has performed an enciphering/deciphering computing and may require that many clock cycle could complete.
The content of the invention
In order to overcome the defect of above-mentioned prior art, the present invention provides the protection side of a kind of side-channel attack and fault attacks
Method, this method can resist side-channel attack, fault attacks, high safety, and execution efficiency can be resisted again high.
In order to realize foregoing invention purpose, the present invention is adopted the following technical scheme that:
A kind of means of defence of side-channel attack and fault attacks, it is theed improvement is that:Methods described includes following step
Suddenly:I, the computing of block cipher is divided into streamline;
II, random selection two level production lines input are real in plain text, and other inputs at different levels are random number;
III, progress computing, when computing terminates, whether two True Datas that comparison operation result is determined are consistent.
Further, methods described passes through in the different data of synchronization pipeline operation not at the same level, random number ginseng
With computing produce side information as noise takeover True Data side information, so as to resist side-channel attack.
Further, the Comparative result after methods described is by the way that two true ciphertext computings are terminated, if two computing knots
Fruit is consistent, then it is assumed that do not broken down in calculating process, so as to resist fault attacks.
Further, the step I includes:
Block cipher wheel operand is set as 2N, N is positive integer, each level production line includes k wheel computing;
Whole computing is divided into n level production lines, n=2N/k, 2N/k is integer.
Further, the step II includes:
It is real plaintext to randomly select the input of A level production lines and B level production lines, is left(n-2)Level production line it is defeated
Enter for random number.
Further, the step III includes:
Enter A level production lines in plain text and carry out computing, it is remaining(n-1)Level production line inputs random number, and the side that computing is produced
The true side information that information is produced as noise takeover plaintext P computings;
Enter B level production lines in plain text and carry out computing, it is remaining(n-2)Level production line inputs random number, and the side that computing is produced
The true side information that information is produced as noise takeover plaintext P computings;
Until 2N wheel computings terminate, two ciphertexts are obtained respectively, judge whether two ciphertexts are consistent, unanimously then think computing
Process fault-free, otherwise sends a warning.
Compared with prior art, the beneficial effects of the present invention are:
1st, method of the invention, which is solved in the prior art, has that execution efficiency is low, consume resource, or past
Toward only consideration preventing side-channel attack, and resistance fault attacks are have ignored, or on the contrary, the problem of therefore security is not high, this hair
Bright method can resist side-channel attack, fault attacks, high safety, and execution efficiency can be resisted again high.
2nd, method of the invention selects suitable pipeline series according to the limitation of hardware resource, convenient, flexible when realizing,
Execution efficiency is high.
3rd, the means of defence for resisting side-channel attack and fault attacks is combined by method of the invention, is greatly reduced
Due to protection, increased extra resource, is easy to implement.
4th, method of the invention can not only keep higher computing to imitate when carrying out encryption and decryption computing to mass data
Rate, while also having stronger security protection ability.
Brief description of the drawings
Fig. 1 is the flow chart with the inventive method;
Fig. 2 is the flow chart that DES algorithms are carried out with the inventive method
Embodiment
The invention will be further described below in conjunction with the accompanying drawings.
The present invention provides a kind of means of defence for resisting side-channel attack and fault attacks, and this method uses streamline skill
Art.The present invention method be:The computing of block cipher is divided into some level production lines, two-stage stream therein is randomly choosed
Waterline, the real plaintext of input of two level production line, other inputs at different levels are random number.
Due to being that different data participate in computing in synchronization streamline not at the same level, random number participates in producing during computing
Side information as noise takeover, True Data participates in the side information that computing is produced, so as to resisting side-channel attack.
It is whether consistent by the operation result for comparing two True Datas at the end of computing, think if consistent without event
Barrier attack, so as to resist fault attacks.The computing refers to the encryption or decryption computing of block cipher.
General, the wheel operand of block cipher is even number, it is assumed that block cipher wheel operand is 2N, N
For positive integer, it is assumed that each level production line includes k wheel computing.Whole computing is divided into n=2N/k level production lines, k needs energy
It is integer to decompose 2N, i.e. 2N/k, can select suitable pipeline series according to the limitation of hardware resource, convenient spirit when realizing
It is living.It is real plaintext to randomly select the input of two level production lines, is left(n-2)The input of level production line is random number.
As shown in figure 1, Fig. 1 is the flow chart with the inventive method;In the present embodiment, it is assumed that block cipher wheel is transported
Count as 2N, N is positive integer, and 2N/k is integer;Assuming that the input of the first order and the second level production line is real plaintext P, the
The input of three-level to the n-th level production line is random number.Step then in calculating process is as follows:
1st, at the Time1 moment, first plaintext P enter the first level production line carry out the 1st to kth wheel computing, now the
Two grades of inputs to the n-th level production line are random number, and the side information that the computing of the second level and the n-th level production line is produced can be as making an uproar
Sound covers the true side information of plaintext P computings generation.
2nd, at the Time2 moment, first plaintext P enters the second level production line and carries out the computing that kth+1 is taken turns to 2k, second
Individual plaintext P enter the first level production line carry out the 1st to kth wheel computing, now the third level to the n-th level production line input be with
Machine number, the true side information that the side information that its computing is produced can be produced as noise takeover plaintext P computings.
3rd, at the Time3 moment, first plaintext P enters third level streamline and carries out the computing that 2k+1 to 3k takes turns, the
Two plaintext P enter the second level production line and carry out the computing that kth+1 take turns to 2k, and random number enters the first level production line progress the
1 to kth wheel computing, now the fourth stage to the n-th level production line input be random number, its computing produce side information can conduct
The true side information that noise takeover plaintext P computings are produced.
4th, by that analogy, at the Time n moment, first plaintext P enters the n-th level production line and carries out (n-1) k+1 to the
The computing of nk wheels, so far first plaintext P encryption terminates, and obtains first ciphertext C.
5th, it can also encrypt and finish in second plaintext P of Time n+1 moment, obtain second ciphertext C;Compare first it is close
Whether literary C and second ciphertext C be equal, illustrates to be not injected into failure in calculating process if the two ciphertexts are equal, encryption
As a result it can use;Otherwise corresponding warning message can be produced.
With being illustrated exemplified by DES algorithms, DES algorithms have 16 wheel computings, are divided into four level production lines, per one-level flowing water
Line includes 4 wheel computings, and figure bend part represents that random number participates in the level production line computing.Comprise the following steps that:
1st, at the Time1 moment, first plaintext P enters the computing that the first level production line carries out the 1st to 4 wheel, and now second
The input of level to fourth stage streamline is random number, and the side information that the computing of the second level to fourth stage streamline is produced can be as making an uproar
Sound covers the true side information of plaintext P computings generation.
2nd, at the Time2 moment, first plaintext P enters the computing that the second level production line carries out the 5th to 8 wheel, and second bright
Literary P enters the computing that the first level production line carries out the 1st to 4 wheel, and the now input of the third level to fourth stage streamline is random number,
The true side information that the side information that its computing is produced can be produced as noise takeover plaintext P computings.
3rd, at the Time3 moment, first plaintext P enters the computing that third level streamline carries out the 9th to 12 wheel, and second bright
Literary P enters the computing that the second level production line carries out the 5th to 8 wheel, and random number enters the fortune that the first level production line carries out the 1st to 4 wheel
Calculate, the now input of fourth stage streamline is random number, the side information that its computing is produced can be produced as noise takeover plaintext P computings
Raw true side information.
4th, at the Time4 moment, first plaintext P enters the computing that fourth stage streamline carries out the 13rd to 16 wheel, and so far the
One plaintext P encryption terminates, and obtains first ciphertext C;
Second plaintext P enters the computing that third level streamline carries out the 9th to 12 wheel, random number respectively enter the second level,
First level production line carries out the 5th to 8 wheel, the computing of the 1st to 4 wheel.
5th, it can also encrypt and finish in second plaintext P of Time5 moment, obtain second ciphertext C.
Compare first ciphertext C and whether second ciphertext C be equal, if the two ciphertexts are equal, illustrate in computing
Failure is not injected into journey, encrypted result can use;Otherwise corresponding warning message can be produced.
Finally it should be noted that:The above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, to the greatest extent
The present invention is described in detail with reference to above-described embodiment for pipe, those of ordinary skills in the art should understand that:Still
The embodiment of the present invention can be modified or equivalent substitution, and without departing from any of spirit and scope of the invention
Modification or equivalent substitution, it all should cover among scope of the presently claimed invention.
Claims (1)
1. the means of defence of a kind of side-channel attack and fault attacks, it is characterised in that:It the described method comprises the following steps:I, general
The computing of block cipher is divided into streamline;
II, random selection two level production lines input are real in plain text, and other inputs at different levels are random number;
III, progress computing, when computing terminates, whether two True Datas that comparison operation result is determined are consistent;
Methods described is by the way that in the different data of synchronization pipeline operation not at the same level, random number participates in the side that computing is produced
Information as noise takeover True Data side information, so as to resist side-channel attack;
Methods described by the way that two true ciphertext computings are terminated after Comparative result, if two operation results are consistent, then it is assumed that
Do not broken down in calculating process, so as to resist fault attacks;
The step I includes:
Block cipher wheel operand is set as 2N, N is positive integer, each level production line includes k wheel computing;
Whole computing is divided into n level production lines, n=2N/k, 2N/k is integer;
The step II includes:
It is real plaintext to randomly select the input of A level production lines and B level production lines, and the input of remaining (n-2) level production line is
Random number;
The step III includes:
Enter A level production lines in plain text and carry out computing, remaining (n-1) level production line input random number, and the side information that computing is produced
The true side information produced as noise takeover plaintext P computings;
Enter B level production lines in plain text and carry out computing, remaining (n-2) level production line input random number, and the side information that computing is produced
The true side information produced as noise takeover plaintext P computings;
Until 2N wheel computings terminate, two ciphertexts are obtained respectively, judge whether two ciphertexts are consistent, unanimously then think calculating process
Fault-free, otherwise sends a warning.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310690055.5A CN103634102B (en) | 2013-12-16 | 2013-12-16 | A kind of means of defence of side-channel attack and fault attacks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310690055.5A CN103634102B (en) | 2013-12-16 | 2013-12-16 | A kind of means of defence of side-channel attack and fault attacks |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103634102A CN103634102A (en) | 2014-03-12 |
| CN103634102B true CN103634102B (en) | 2017-11-07 |
Family
ID=50214762
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310690055.5A Active CN103634102B (en) | 2013-12-16 | 2013-12-16 | A kind of means of defence of side-channel attack and fault attacks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103634102B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105376046B (en) * | 2014-08-06 | 2018-08-17 | 国家电网公司 | A kind of encipher-decipher method and device of block cipher attack protection |
| CN105610568A (en) * | 2014-11-21 | 2016-05-25 | 南方电网科学研究院有限责任公司 | Fault detection method and device for block cipher algorithm |
| CN105809063B (en) * | 2014-12-29 | 2019-01-15 | 联想(北京)有限公司 | A kind of data processing method and safety chip device |
| CN106156614B (en) * | 2015-03-25 | 2018-12-28 | 北京南瑞智芯微电子科技有限公司 | A kind of means of defence and device for resisting fault attacks |
| CN105933108B (en) * | 2016-05-30 | 2019-04-12 | 清华大学 | A kind of pair of SM4 algorithm realizes the method cracked |
| CN109039590A (en) * | 2017-06-09 | 2018-12-18 | 深圳九磊科技有限公司 | Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack |
| CN111224770B (en) * | 2019-12-25 | 2021-03-30 | 中国科学院软件研究所 | Comprehensive protection method for resisting side channel and fault attack based on threshold technology |
| CN111600873B (en) * | 2020-05-13 | 2023-03-10 | 江苏芯盛智能科技有限公司 | Method for preventing side channel attack and related device |
| IT202000013390A1 (en) * | 2020-06-05 | 2021-12-05 | Milano Politecnico | An IT platform to prevent side channel attacks |
| CN112187444A (en) * | 2020-09-02 | 2021-01-05 | 中国科学院软件研究所 | Comprehensive protection method for resisting side channel and fault attack |
| CN112653546A (en) * | 2020-12-15 | 2021-04-13 | 电子科技大学 | Fault attack detection method based on power consumption analysis |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101872294A (en) * | 2009-04-23 | 2010-10-27 | 索尼公司 | Signal conditioning package, operation verifying method and program |
| CN102970131A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Circuit structure for preventing power attacks on grouping algorithm |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2367316B1 (en) * | 2010-03-12 | 2017-07-05 | STMicroelectronics (Rousset) SAS | Method and circuitry for detecting a fault attack |
| US20110299678A1 (en) * | 2010-06-07 | 2011-12-08 | Alexander Roger Deas | Secure means for generating a specific key from unrelated parameters |
-
2013
- 2013-12-16 CN CN201310690055.5A patent/CN103634102B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101872294A (en) * | 2009-04-23 | 2010-10-27 | 索尼公司 | Signal conditioning package, operation verifying method and program |
| CN102970131A (en) * | 2011-08-31 | 2013-03-13 | 北京中电华大电子设计有限责任公司 | Circuit structure for preventing power attacks on grouping algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103634102A (en) | 2014-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103634102B (en) | A kind of means of defence of side-channel attack and fault attacks | |
| Zhang et al. | A framework for the analysis and evaluation of algebraic fault attacks on lightweight block ciphers | |
| CN103716157B (en) | Grouped multiple-key encryption method and grouped multiple-key encryption device | |
| CN106301759B (en) | A kind of method of data encryption, the method and device of decryption | |
| CN106664204A (en) | Differential power analysis countermeasures | |
| CN108476132A (en) | Key for an encrypting operation sequence generates | |
| CN102238003B (en) | A kind of production method of root key | |
| Soni et al. | Using genetic algorithm for symmetric key generation in image encryption | |
| CN107980212A (en) | The encryption method and computer-readable recording medium of anti-DPA attacks | |
| CN105933108B (en) | A kind of pair of SM4 algorithm realizes the method cracked | |
| Duan et al. | Differential power analysis attack and efficient countermeasures on PRESENT | |
| CN102710413A (en) | System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention | |
| CN103607276A (en) | Grouping encryption method based on random functions and resisting to known plaintext cipher attacks | |
| CN107204841A (en) | A kind of method that many S boxes of the block cipher for resisting differential power attack are realized | |
| CN104486068A (en) | Stream cipher algorithm SNRR based on nonlinear circulating shift register | |
| Soni et al. | Key generation using genetic algorithm for image encryption | |
| CN103516513A (en) | Block ciphering method based on random function to resist against known plaintext-ciphertext pair attack | |
| Zhao et al. | Algebraic fault analysis on GOST for key recovery and reverse engineering | |
| CN109347621A (en) | The high speed AES encryption circuit of defensive collision attack based on random delay S box | |
| Saberi et al. | Enhanced key expansion for AES-256 by using even-odd method | |
| Rana et al. | A new key generation technique based on neural networks for lightweight block ciphers | |
| CN106921486A (en) | The method and apparatus of data encryption | |
| Dahiya et al. | Hybrid parallel partial model for robust & secure authentication in healthcare IoT environments | |
| CN106788971A (en) | A kind of sub-key generation method based on stream cipher arithmetic | |
| CN103384197B (en) | A kind of defence circuit, chip and method to grouping algorithm Attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |