CN104158656B - The method that detection MD4 hash functions resist differential fault attack - Google Patents
The method that detection MD4 hash functions resist differential fault attack Download PDFInfo
- Publication number
- CN104158656B CN104158656B CN201410244502.9A CN201410244502A CN104158656B CN 104158656 B CN104158656 B CN 104158656B CN 201410244502 A CN201410244502 A CN 201410244502A CN 104158656 B CN104158656 B CN 104158656B
- Authority
- CN
- China
- Prior art keywords
- failure
- imported
- hash functions
- output
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of detection MD4 hash functions whether by differential fault attack method, including:1) random generation is needed into the message that MD4 is handled, be stored in M;2) MD4 hash functions are used, are handled using M as input, correct output result Y is obtained;3) failure importing is implemented to MD4 hash functions, obtains mistake output Y*;4) the correct output Y based on acquisition and mistake output Y*, calculate output difference score value Δ Y;5) determine whether MD4 hash functions receive the position that differential fault attack and the failure are imported according to output difference score value Δ Y.The present invention can quickly and accurately weigh whether the computing device containing MD4 hash functions receives differential fault attack and may determine that position under attack, for ensureing that the safe operation of MD4 hash functions provides strong support.
Description
Technical field
Present invention is mainly applied to field of information security technology, and in particular to whether detection MD4 hash functions resist difference
Divide the method for fault attacks, be mainly used in the security defence of MD4 hash functions with assessing.
Background technology
In practical application area, hash function has extensive business in electronic signature, message authentication, identification
Using traditional simple internet for being not enough to tackle current complexity from the mathematic(al) structure analysis and research of hash function algorithm
Environment.
The important way that bypass attack is analyzed and researched as hash function, refers to bypass the cumbersome analysis to hash function,
Using the information revealed in the hard-wired computing of hash function algorithm, time, power consumption, electromagnetic radiation are such as performed, with reference to
Statistical theory quickly cracks hash function system.It is used as a kind of important and effective attack pattern of bypass attack, fault attacks
The features such as being realized by feat of outstanding attacking ability and simple software has caused extensive concern both domestic and external.Therefore letter is hashed
Whether number is directly affected the security of corresponding business application product by differential fault attack in actual applications.
The content of the invention
The technical problems to be solved by the invention are whether existing detection technique can not detect MD4 hash functions by difference
Fault attacks, it is impossible to ensure the security of MD4 hash functions.
During differential fault attack, input message M is derived by using output difference Δ Y, and imports the position of failure
Put, there is important influence to output difference Δ Y, the output difference Δ Y only obtained in active position importing failure can just be pushed away
Export input message M.If failure is imported in inoperative position, MD4 hash functions are safe to differential fault attack.
In order to solve the above problems, based on above thinking, difference is resisted the invention provides one kind detection MD4 hash functions
The method of fault attacks, it is characterised in that comprise the following steps:
Step 1):The input message of random generation MD4 hash functions is stored in M;
Step 2):Input message M is handled using MD4 hash functions, correct output result Y is obtained;
Step 3):MD4 hash functions are reused to input message M processing, and implement in processing procedure failure
Import;Obtain the wrong output result Y after failure is imported*;
Step 4):Based on accessed correct and wrong output result, output difference Δ Y is calculated;
Step 5):According to output difference score value Δ Y, determine MD4 hash functions whether by differential fault attack and failure
The position imported.
Preferably, the step 3) specific method it is as follows:
Step i:By inputs of the message M as MD4 hash functions;
Step ii:During MD4 hash functions processing M, random fault is imported, the normal place of MD4 hash functions is influenceed
Reason operation;
Step iii:After failure is imported, the output result Y of record MD4 hash function processing*。
Further, the specific method of the step ii importings random fault is:
Step a):MD4 hash function handling processes are analyzed, the importing position of effective failure is found out;
Step b):In MD4 hash function processing procedures, using means such as electromagnetic pulse, laser emissions, random event is imported
Barrier;
Step c):Failure means are imported using the emulation technology simulation steps b) electromagnetic pulses, laser emission etc.;
Step d):Output result is recorded, Y is stored in*In.
Further, the step a) is specially:According to differential fault attack principle and MD4 hash function processing streams
Journey, finds out effective location of fault in MD4 hash functions.
Preferably, the step 4) circular be:
Correct output Y and mistake output Y for acquisition*, calculate output difference score valueWhereinRepresent different
Or operation;
Output difference Δ Y is 128 bits, by Δ Y (Δ Y0, Δ Y1, Δ Y2, Δ Y3) represent, wherein Δ Y0, Δ Y1, Δ
Y2With Δ Y3It is 32 bits, i.e.,
Preferably, the step 5) specific detection judge method be:
(I) effective failure:If Δ Y0、ΔY1With Δ Y2When ≠ 0, failure is imported in γ46, the current failure that imports is effective event
Barrier;
(II) invalid failures:
(1) as Δ Y=0, then the fault value imported is identical with right value in abort situation is imported, and it is any to import position
Position;
(2) as Δ Y ≠ 0:
If (a) (Δ Y0, Δ Y1, Δ Y2, Δ Y3) in only one of which be 0,
If 1. Δ Y0When ≠ 0, failure is imported in α48;
If 2. Δ Y1When ≠ 0, failure is imported in α47Or β48;
If 3. Δ Y2When ≠ 0, failure is imported in γ48;
If 4. Δ Y3When ≠ 0, failure is imported in ε48;
If (b) (Δ Y0, Δ Y1, Δ Y2, Δ Y3) have two be 0,
If 1. Δ Y0With Δ Y1When ≠ 0, failure is imported in ε47;
If 2. Δ Y1With Δ Y2When ≠ 0, failure is imported in β47Or α46Or ε46;
If 3. Δ Y1With Δ Y3When ≠ 0, failure is imported in γ47;
If (c) (Δ Y0, Δ Y1, Δ Y2, Δ Y3) have three be 0,
If 1. Δ Y1、ΔY2With Δ Y3When ≠ 0, failure is imported in β46Or α45Or γ45Or ε45;
If (d) (Δ Y0, Δ Y1, Δ Y2, Δ Y3) four be not 0, failure is imported in β45Or β45Optional position before.
According to the testing result finally drawn, determine MD4 hash functions whether by differential fault attack, and failure institute
The position of importing.
The detection MD4 hash functions that the present invention is provided whether by differential fault attack basic skills, MD4 is hashed into letter
Several defensive ability/resistance abilities to differential fault attack are reduced to the judgement to output result, and the MD4 that can help fast and accurately to test and assess dissipates
The security of array function Related product, defence and assessment to hash function and its associated safety system provide more positive meaning
Justice and guarantee.
Brief description of the drawings
Fig. 1 for the present invention detection MD4 hash function modules whether by differential fault attack method flow chart;
Fig. 2 is the schematic diagram of differential fault attack;
Fig. 3 is the basic configuration figure of importing random fault acquisition correspondence output in differential fault attack.
Embodiment
To become apparent the present invention, hereby with preferred embodiment, and accompanying drawing is coordinated to be described in detail below.
Embodiment
Detect MD4 hash function modules whether by differential fault attack method, including:
1) by the input message of random generation MD4 hash functions, it is stored in M;
2) using MD4 hash functions processing input message M, correct output result Y is obtained;
3) MD4 hash functions are reused to inputting message M processing, and the implementation failure importing in processing procedure;
Obtain the output result Y after failure is imported*;
4) based on accessed correct and wrong output result, output difference Δ Y is calculated;
5) according to output difference score value Δ Y, determine whether MD4 hash functions are imported by differential fault attack and failure
Position.
As shown in figure 1, its specific flow and method is as follows:
S101:Random generation input message M;
S102:MD4 hash functions handle message M, obtain correct output Y;
S103:In MD4 processing procedures, implement failure importing, obtain mistake output Y*;
S104:Output difference is calculated, i.e.,
S105:Based on output difference, determine MD4 hash functions whether by differential fault attack and the position of failure importing
Put;
Wherein step S103 is imported by failure, is obtained the process of mistake output, that is, is implemented the mistake of differential fault attack
Journey.Its concrete principle is as shown in Fig. 2 comprise the following steps:
A) effective abort situation is determined.It is determined that effectively failure importing position is comprised the following steps:
From MD4 hash function processing procedures, it was observed that each step is all handled accordingly just for module β.According to
Shown in Fig. 2, β can be derived to obtain48For:
β48=(α47+f47(γ48, ε48, α48)+Ψ[R(47)]+λ47) < < < s [47],
It is to the correct output Y of MD4 algorithms:
Y=(Y0, Y1, Y2, Y3)=(α48+α0, β48+β0, γ48+γ0, ε48+ε0),
By known initial value (α0, β0, γ0, ε0) above-mentioned equation is substituted into, the output valve that can obtain final step is (α48, β48,
γ48, ε48)。
According to message processing procedure, following relational expression is obtained:
β47=γ48,
γ47=ε48,
ε47=α48,
R (47)=15
And
S [47]=15.
Above-mentioned formula is substituted into β48Equation in, can derive:
β48=(α47+f47(γ48, ε48, α48)+Ψ[R(47)]+λ47) < < < s [47]
Observation can be obtained, in above-mentioned equation, only two unknown quantity Ψ [R (47)] and α47.And final purpose is extensive
Multiple Ψ [R (47)].If can be in the hope of α47Value, then Ψ [R (47)] can be solved by following equatioies:
Ψ [R (47)]=((β48-γ48) < < < (32-s [47]))-α47-f47(β47, γ47, ε47)-λ47,
α can be learnt by MD4 processing procedures47=ε46.So obtain α47Value be equal to solution ε46.Understand in inverse
2nd wheel γ46Failure is imported, ε is obtained46, you can try to achieve when sub- message Ψ used in front-wheel [R (47)].Therefore effective fault bit
It is set to γ46。
B) in MD4 hash function processing procedures, using means such as electromagnetic pulse, laser emissions, random fault is imported;
C) failure means are imported using the emulation technology simulation steps b) electromagnetic pulses, laser emission etc.;
D) output result is recorded, Y is stored in*In;
Step d) records output result, it is necessary to build the measuring environment of a set of record output.
The critical piece of measurement configuration includes:Electromagnetic pulse equipment, laser equipment, pressurized equipment and a PC, such as Fig. 3 institutes
Show, input message and record output valve, the output valve recorded according to PC with PC, calculate output difference.
The method that specific detection judges is as follows:
(I) effective failure:If Δ Y0、ΔY1With Δ Y2When ≠ 0, failure is imported in γ46, the current failure that imports is effective event
Barrier;
(II) invalid failures:
(1) as Δ Y=0, then the fault value imported is identical with right value in abort situation is imported, and it is any to import position
Position;
(2) as Δ Y ≠ 0:
If (a) (Δ Y0, Δ Y1, Δ Y2, Δ Y3) in only one of which be 0,
If 1. Δ Y0When ≠ 0, failure is imported in α48;
If 2. Δ Y1When ≠ 0, failure is imported in α47Or β48;
If 3. Δ Y2When ≠ 0, failure is imported in γ48;
If 4. Δ Y3When ≠ 0, failure is imported in ε48;
If (b) (Δ Y0, Δ Y1, Δ Y2, Δ Y3) have two be 0,
If 1. Δ Y0With Δ Y1When ≠ 0, failure is imported in ε47;
If 2. Δ Y1With Δ Y2When ≠ 0, failure is imported in β47Or α46Or ε46;
If 3. Δ Y1With Δ Y3When ≠ 0, failure is imported in γ47;
If (c) (Δ Y0, Δ Y1, Δ Y2, Δ Y3) have three be 0,
If 1. Δ Y1、ΔY2With Δ Y3When ≠ 0, failure is imported in β46Or α45Or γ45Or ε45;
If (d) (Δ Y0, Δ Y1, Δ Y2, Δ Y3) four be not 0, failure is imported in β45Or β45Optional position before.
Differential fault attack process is understood according to the method that above-mentioned detection judges, as Δ Y0、ΔY1With Δ Y2When ≠ 0, failure
Import in γ46Prestige is constituted to hash function module as shown in Fig. 2 now importing failure for effective failure, the influence of its fault pervasion
The side of body, you can sensitive information is recovered by differential fault attack.Will not be to the hash function if failure is invalid failures if importing
The security of module is impacted, by our test result, can not only determine hash function module in Differential fault
Security under attack, at the same also can part the position that is imported of determination failure.
Although it have been described that the specific embodiment of the present invention, it should be clear to a person skilled in the art that not departing from
In the scope of essence of the invention, various modifications or deformation can be carried out to the above method.
Symbol is represented for example, changing, to 32 bit lint-long integer ring shift lefts k, equivalence will be replaced with MD4 hash functions
The ring shift right of form 32-k.
Claims (5)
1. a kind of method that detection MD4 hash functions resist differential fault attack, it is characterised in that comprise the following steps:
Step 1):The input message of random generation MD4 hash functions is stored in M;
Step 2):Input message M is handled using MD4 hash functions, correct output result Y is obtained;
Step 3):MD4 hash functions are reused to inputting message M processing, and the implementation failure importing in processing procedure;
Obtain the output result Y ' after failure is imported;
Step 4):Based on accessed correct and wrong output result, output difference Δ Y is calculated;
Step 5):According to output difference score value Δ Y, determine whether MD4 hash functions are led by differential fault attack and failure
The position entered;
The step 4)Circular be:
Correct output Y and mistake output Y ' for acquisition, calculate output difference score value Δ Y=Y ⊕ Y ', wherein ⊕ and represent XOR behaviour
Make;
Output difference Δ Y is 128 bits, and Δ Y is used(ΔY0,ΔY1,ΔY2,ΔY3)Represent, wherein Δ Y0、ΔY1、ΔY2And Δ
Y3Be 32 bits, i.e. Δ Y=Y ⊕ Y '=(ΔY0,ΔY1,ΔY2,ΔY3).
2. the method that detection MD4 hash functions resist differential fault attack as claimed in claim 1, it is characterised in that described
Step 3)Specific method it is as follows:
Step I:By inputs of the message M as MD4 hash functions;
Step II:During MD4 hash functions processing M, random fault, the normal process behaviour of influence MD4 hash functions are imported
Make;
Step III:After failure is imported, the output result Y ' of record MD4 hash function processing.
3. the method that detection MD4 hash functions resist differential fault attack as claimed in claim 2, it is characterised in that described
Step II import random fault specific method be:
Step a):MD4 hash function handling processes are analyzed, the importing position of effective failure is found out;
Step b):In MD4 hash function processing procedures, using electromagnetic pulse, laser emission means, random fault is imported;
Step c):Using emulation technology simulation steps b)The electromagnetic pulse, laser emission etc. import failure means;
Step d):Output result is recorded, is stored in Y '.
4. the method that detection MD4 hash functions resist differential fault attack as claimed in claim 3, it is characterised in that described
Step a)Specially:According to differential fault attack principle and MD4 hash function handling processes, find out in MD4 hash functions
Effective location of fault.
5. the method that detection MD4 hash functions resist differential fault attack as claimed in claim 1, it is characterised in that described
Step 5)Specific detection judge method be:
(I) effective failure:If Y0、ΔY1With Δ Y2When ≠ 0, failure is imported in γ46, the current failure that imports is effective failure;
(II) invalid failures:
(1) as Y '=0, then the fault value imported is identical with right value in abort situation is imported, and importings position is optional position;
(2) as Δ Y ≠ 0:
If (a)(ΔY0,ΔY1,ΔY2,ΔY3)Middle only one of which is not 0,
If 1. Δ Y0When ≠ 0, failure is imported in α48;
If 2. Δ Y1When ≠ 0, failure is imported in α47Or β48;
If 3. Δ Y2When ≠ 0, failure is imported in γ48;
If 4. Δ Y3When ≠ 0, failure is imported in ε48;
If (b)(ΔY0,ΔY1,ΔY2,ΔY3)It is not 0 to have two,
If 1. Δ Y0With Δ Y1When ≠ 0, failure is imported in ε47;
If 2. Δ Y1With Δ Y2When ≠ 0, failure is imported in β47Or α46Or ε46;
If 3. Δ Y1With Δ Y3When ≠ 0, failure is imported in γ47;
If (c)(ΔY0,ΔY1,ΔY2,ΔY3)It is not 0 to have three,
If 1. Δ Y1、ΔY2With Δ Y3When ≠ 0, failure is imported in β46Or α45Or γ45Or ε45;
If (d)(ΔY0,ΔY1,ΔY2,ΔY3)Four are not 0, and failure is imported in β45Or β45Optional position before;
Wherein, αi, βi, γiAnd εiRepresent that i-th takes turns first, second, the 3rd and the 4th 32 bits output in computing respectively
Value, wherein 0≤i≤48;α0, β0, γ0And ε0First, second, three and fourth is represented in initial input message respectively
Individual 32 bit value;α45, β45, γ45And ε45Represent that the 45th takes turns first, second, the 3rd and the 4th 32 ratio in computing respectively
Special output valve;α46, β46, γ46And ε46Represent that the 46th takes turns first, second, the 3rd and the 4th 32 bits in computing respectively
Output valve;α47, β47, γ47And ε47Represent that first, second, the 3rd and the 4th 32 bits are defeated in the 47th wheel computing respectively
Go out value;α48, β48, γ48And ε48Represent that the 48th takes turns first, second, the 3rd and the 4th 32 bits output in computing respectively
Value.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410244502.9A CN104158656B (en) | 2014-06-04 | 2014-06-04 | The method that detection MD4 hash functions resist differential fault attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410244502.9A CN104158656B (en) | 2014-06-04 | 2014-06-04 | The method that detection MD4 hash functions resist differential fault attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104158656A CN104158656A (en) | 2014-11-19 |
CN104158656B true CN104158656B (en) | 2017-08-01 |
Family
ID=51884070
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410244502.9A Expired - Fee Related CN104158656B (en) | 2014-06-04 | 2014-06-04 | The method that detection MD4 hash functions resist differential fault attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104158656B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110768800A (en) * | 2019-10-25 | 2020-02-07 | 东华大学 | Method for detecting OMD algorithm to resist differential fault attack |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104639310B (en) * | 2014-12-31 | 2017-12-29 | 东华大学 | A kind of method that detection algorithms of SHA 1 resist differential fault attack |
CN104836668A (en) * | 2015-05-06 | 2015-08-12 | 东华大学 | Detection method for resistance of MD5 hash function against differential fault attack |
CN106850186A (en) * | 2017-01-06 | 2017-06-13 | 东华大学 | The hashing algorithms of SHA 256 resist the detection method of differential fault attack |
CN108055120B (en) * | 2017-12-27 | 2021-07-09 | 东华大学 | Method for detecting AES-OTR algorithm to resist differential fault attack |
-
2014
- 2014-06-04 CN CN201410244502.9A patent/CN104158656B/en not_active Expired - Fee Related
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110768800A (en) * | 2019-10-25 | 2020-02-07 | 东华大学 | Method for detecting OMD algorithm to resist differential fault attack |
Also Published As
Publication number | Publication date |
---|---|
CN104158656A (en) | 2014-11-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104158656B (en) | The method that detection MD4 hash functions resist differential fault attack | |
CN103188075B (en) | A kind of method of key and real random number generator and generation key and true random number | |
CN103403781A (en) | Secure multiply-accumulate union system, computation device, secure multiply-accumulate union method, and program thereof | |
CN104639310B (en) | A kind of method that detection algorithms of SHA 1 resist differential fault attack | |
CN104125112B (en) | Physical-information fuzzy inference based smart power grid attack detection method | |
CN106603531A (en) | Automatic establishing method of intrusion detection model based on industrial control network and apparatus thereof | |
CN106713354A (en) | Method for evaluating vulnerability node of electric cyber-physical system based on undetectable information attack pre-warning technology | |
CN109842483A (en) | A method of detection AES-JAMBU resists differential fault attack | |
CN104836668A (en) | Detection method for resistance of MD5 hash function against differential fault attack | |
CN108199832A (en) | A kind of CLOC authentication encryption algorithms resist the detection method of differential fault attack | |
CN107819790A (en) | The recognition methods of attack message and device | |
CN105703896A (en) | Method for detecting resistance of HAS-160 algorithm to differential fault attack | |
CN107104987A (en) | A kind of data safe transmission method | |
CN106357378B (en) | Key detection method and its system for SM2 signature | |
CN104635146B (en) | Analog circuit fault diagnosis method based on random sinusoidal signal test and HMM (Hidden Markov Model) | |
Peng et al. | Cyber-physical attack-oriented Industrial Control Systems (ICS) modeling, analysis and experiment environment | |
CN103326861B (en) | A kind of data are carried out the method for RSA security signature, device and safety chip | |
CN106411496A (en) | Method for detecting capability of RIPEMD-160 algorithm in defending differential fault attacks | |
CN101425896B (en) | Network account ciphering method | |
CN106970301A (en) | A kind of detecting system based on smart home power supply circuit | |
CN107678879A (en) | A kind of apparatus and method verified in real time for bus and memory cell data block | |
CN106850186A (en) | The hashing algorithms of SHA 256 resist the detection method of differential fault attack | |
CN105763312A (en) | Cryptographic chip optical fault injection system and attack method | |
CN105046113A (en) | Randomness test-based Android software reinforcement detection method | |
Bi et al. | Intrusion detection based on RBF neural network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170801 Termination date: 20200604 |