CN105376046B - A kind of encipher-decipher method and device of block cipher attack protection - Google Patents

A kind of encipher-decipher method and device of block cipher attack protection Download PDF

Info

Publication number
CN105376046B
CN105376046B CN201410384592.1A CN201410384592A CN105376046B CN 105376046 B CN105376046 B CN 105376046B CN 201410384592 A CN201410384592 A CN 201410384592A CN 105376046 B CN105376046 B CN 105376046B
Authority
CN
China
Prior art keywords
normal
result
encryption
decryption
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410384592.1A
Other languages
Chinese (zh)
Other versions
CN105376046A (en
Inventor
赵东艳
杜新纲
于艳艳
胡晓波
李娜
甘杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing Nanrui Zhixin Micro Electronics Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201410384592.1A priority Critical patent/CN105376046B/en
Priority to PCT/CN2014/093472 priority patent/WO2016019670A1/en
Publication of CN105376046A publication Critical patent/CN105376046A/en
Application granted granted Critical
Publication of CN105376046B publication Critical patent/CN105376046B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种分组密码防攻击的加解密的方法和装置,其中,该加密方法包括:接收需加密的明文P,对明文P进行两次正常加密运算,输出正确加密结果;在进行正常加密运算时,正常加密运算过程被一次或两次注入故障,输出错误加密结果;正确加密结果和错误加密结果输入F函数后,输出攻击者无法利用的无效结果。本发明实施例在进行第一次和/或第二次正常加密运算时被注入故障,并两次输出的加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。

The invention discloses a block cipher attack-proof encryption and decryption method and device, wherein the encryption method includes: receiving plaintext P to be encrypted, performing two normal encryption operations on the plaintext P, and outputting a correct encryption result; During the encryption operation, the normal encryption operation process is injected with a fault once or twice, and the wrong encryption result is output; after the correct encryption result and the wrong encryption result are input into the F function, an invalid result that cannot be used by the attacker is output. In the embodiment of the present invention, faults are injected during the first and/or second normal encryption operations, and the encrypted results output twice are input into the F function, reducing the steps of comparing the results of the two normal encryption operations, Finally, the F function outputs an invalid result that the attacker cannot use, which effectively resists the double-point attack on the block cipher algorithm and improves the security of the encryption process of the block cipher algorithm.

Description

一种分组密码防攻击的加解密方法和装置Encryption and decryption method and device for block cipher attack prevention

技术领域technical field

本发明涉及通信领域中信息安全技术领域,具体地,涉及分组密码防攻击的加解密的方法和装置。The present invention relates to the technical field of information security in the field of communication, in particular to a method and device for encryption and decryption of block ciphers against attacks.

背景技术Background technique

随着计算机和通信技术的发展,用户对信息的安全存储、安全处理和安全传输的需求越来越强烈。特别地,随着Internet的广泛应用,信息安全问题显得越来越重要。解决上述问题的有效手段之一是使用现代密码技术,各种密码算法不断出现。分组密码算法是一种最常用的加密手段,分组密码算法具有速度快、易于标准化和便于软硬件实现等特点,通常是信息安全中实现数据加密、消息鉴别和认证的核心密码算法。目前,比较流行的分组密码算法包括DES算法、AES算法等。With the development of computer and communication technology, users have increasingly strong demands for safe storage, safe processing and safe transmission of information. Especially, with the wide application of the Internet, the issue of information security becomes more and more important. One of the effective means to solve the above problems is to use modern cryptographic techniques, and various cryptographic algorithms continue to emerge. The block cipher algorithm is one of the most commonly used encryption methods. The block cipher algorithm has the characteristics of fast speed, easy standardization, and easy hardware and software implementation. It is usually the core cryptographic algorithm for data encryption, message authentication, and authentication in information security. Currently, popular block cipher algorithms include DES algorithm, AES algorithm and so on.

随着信息安全问题日益受到人们的关注,对密码算法的各种分析和攻击方法也不断出现。故障攻击是近年来出现的一种强有力的攻击方法。它的基本原理是将密码芯片置于强磁场中,或者改变芯片的电源电压、工作频率、温度等,使密码芯片中的寄存器、存储器在加解密过程中产生随机错误,某些输出比特从原来的0变成1或1变成0。通过对正确密码输出和错误密码输出的差分比较,经过理论分析,就可得出芯片内部的密码数据信息。With the increasing attention of people on the issue of information security, various methods of analyzing and attacking cryptographic algorithms are constantly appearing. Fault attack is a powerful attack method that has emerged in recent years. Its basic principle is to place the encryption chip in a strong magnetic field, or change the power supply voltage, operating frequency, temperature, etc. of the chip, so that the registers and memories in the encryption chip will generate random errors during the encryption and decryption process, and some output bits will change from the original 0's become 1's or 1's become 0's. By comparing the difference between the correct password output and the wrong password output, and through theoretical analysis, the password data information inside the chip can be obtained.

分组密码常见的防故障攻击的方法包括:对同一数据进行多次运算,比较多次运算的结果是否一致;对某数据进行正常运算后,对运算结果进行逆运算,比较逆运算结果与原始输入数据是否一致。The common anti-failure attack methods of block ciphers include: perform multiple operations on the same data, and compare whether the results of multiple operations are consistent; after performing normal operations on a certain data, perform inverse operations on the operation results, and compare the inverse operation results with the original input Are the data consistent.

如图1所示,如果攻击者在对明文P进行第一次正常运算时注入故障,那么该第一次正常运算输出的结果C即为错误的结果,对明文P进行第二次正常运算时输出的结果C’为正确的结果,此时C≠C’;然后将结果C与结果C’进行比较,即判定C与C’是否相等,并在该结果比较时再次注入故障,由于故障的注入,存在将“C≠C’”攻击成“C=C’”的可能。如果注入故障将“C≠C’”攻击成“C=C’”,则比较结果输出为错误结果C(或C’)。攻击者获得该错误结果C(或C’),加上另外之前已获得的正确结果C’,就能够获得有用的故障信息,从而获得敏感信息。As shown in Figure 1, if the attacker injects a fault during the first normal operation on plaintext P, the output result C of the first normal operation is an incorrect result, and the second normal operation on plaintext P The output result C' is the correct result, at this time C≠C'; then compare the result C with the result C', that is, determine whether C and C' are equal, and inject the fault again when the result is compared, due to the fault Injection, there is the possibility of attacking "C≠C'" into "C=C'". If the injection fault attacks "C≠C'" into "C=C'", the comparison result is output as an error result C (or C'). The attacker obtains the wrong result C (or C'), plus the correct result C' obtained before, and can obtain useful fault information, thereby obtaining sensitive information.

同理,如果攻击者在对明文P进行第一次正常运算时未注入故障,对明文P进行第二次正常运算时注入故障,与上述情况类似,攻击者仍就能够获得错误结果C’(或C),加上另外之前已获得的正确结果C,就能够获得有用的故障信息,从而获得敏感信息。Similarly, if the attacker does not inject a fault during the first normal operation on the plaintext P, and injects a fault when performing the second normal operation on the plaintext P, similar to the above situation, the attacker can still obtain the wrong result C'( or C), plus another correct result C that has been obtained before, can obtain useful fault information, thereby obtaining sensitive information.

发明内容Contents of the invention

本发明是为了克服现有技术中分组密码在防止攻击时安全性较低的缺陷,根据本发明的一个方面,提出一种分组密码防攻击的加密方法。The purpose of the present invention is to overcome the defect of low security of the block cipher in the prior art when preventing attacks. According to one aspect of the present invention, an encryption method for block cipher attack prevention is proposed.

根据本发明实施例的分组密码防攻击的加密方法,包括:The block cipher attack-proof encryption method according to an embodiment of the present invention includes:

接收需加密的明文P,对明文P进行两次正常加密运算,输出正确加密结果;Receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the correct encryption result;

在进行正常加密运算时,正常加密运算过程被一次或两次注入故障,输出错误加密结果;During the normal encryption operation, the normal encryption operation process is injected with a fault once or twice, and the wrong encryption result is output;

正确加密结果和错误加密结果输入F函数后,输出攻击者无法利用的无效结果。After the correct encryption result and the wrong encryption result are input into the F function, an invalid result that cannot be exploited by the attacker is output.

本发明是为了克服现有技术中分组密码在防止攻击时安全性较低的缺陷,根据本发明的另一个方面,提出一种分组密码防攻击的加密装置。The purpose of the present invention is to overcome the defect that block ciphers in the prior art have low security when preventing attacks. According to another aspect of the present invention, an encryption device for block ciphers against attacks is proposed.

根据本发明实施例的分组密码防攻击的加密装置,包括:The block cipher attack-proof encryption device according to an embodiment of the present invention includes:

加密运算模块,用于接收需加密的明文P,对明文P进行两次正常加密运算,输出正确加密结果;The encryption operation module is used to receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the correct encryption result;

故障接收模块,用于在进行正常加密运算时,接收正常加密运算过程被一次或两次注入的故障,输出错误加密结果;The fault receiving module is used for receiving the fault injected once or twice during the normal encryption operation process, and outputting the wrong encryption result;

结果输出模块,用于正确加密结果和错误加密结果输入F函数后,输出攻击者无法利用的无效结果。The result output module is used for outputting invalid results that cannot be used by attackers after the correct encrypted results and wrong encrypted results are input into the F function.

本发明实施例公开了一种分组密码防攻击的加密方法和装置,在进行第一次和/或第二次正常加密运算时被注入故障,并将第一次正常加密运算输出的加密结果与第二次正常加密运算输出的加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment of the present invention discloses a block cipher attack-proof encryption method and device, in which a fault is injected during the first and/or second normal encryption operation, and the encryption result output by the first normal encryption operation is compared with the The encryption result output by the second normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations, and finally the F function outputs an invalid result that the attacker cannot use, effectively resisting the block cipher The double-point attack of the algorithm improves the security of the encryption process of the block cipher algorithm.

本发明是为了克服现有技术中分组密码在防止攻击时安全性较低的缺陷,根据本发明的一个方面,提出一种分组密码防攻击的解密方法。The purpose of the present invention is to overcome the defect that block ciphers in the prior art have low security when preventing attacks, and according to one aspect of the present invention, a decryption method for block ciphers against attacks is proposed.

根据本发明实施例的分组密码防攻击的解密方法,包括:The block cipher attack-proof decryption method according to an embodiment of the present invention includes:

接收需解密的密文P,对密文P进行两次正常解密运算,输出正确解密结果;Receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the correct decryption result;

在进行正常解密运算时,正常加密运算过程被一次或两次注入故障,输出错误解密结果;During the normal decryption operation, the normal encryption operation process is injected with a fault once or twice, and the wrong decryption result is output;

正确解密结果和错误解密结果输入F函数后,输出攻击者无法利用的无效结果。After the correct decryption result and the wrong decryption result are input into the F function, an invalid result that cannot be exploited by the attacker is output.

本发明是为了克服现有技术中分组密码在防止攻击时安全性较低的缺陷,根据本发明的一个方面,提出一种分组密码防攻击的解密装置。The purpose of the present invention is to overcome the defect of low security of block cipher in the prior art when preventing attacks. According to one aspect of the present invention, a decryption device for block cipher attack prevention is proposed.

根据本发明实施例的分组密码防攻击的解密装置,包括:The block cipher attack-proof decryption device according to an embodiment of the present invention includes:

解密运算模块,用于接收需解密的密文P,对密文P进行两次正常解密运算,输出正确解密结果;The decryption operation module is used to receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the correct decryption result;

故障接收模块,用于在进行正常解密运算时,接收正常加密运算过程被一次或两次注入的故障,输出错误解密结果;The fault receiving module is used to receive the fault injected once or twice during the normal encryption operation process during the normal decryption operation, and output the wrong decryption result;

结果输出模块,用于正确解密结果和错误解密结果输入F函数后,输出攻击者无法利用的无效结果。The result output module is used for outputting an invalid result that an attacker cannot utilize after the correct decryption result and the wrong decryption result are input into the F function.

本发明实施例公开了一种分组密码防攻击的解密方法和装置,在进行第一次和/或第二次正常解密运算时被注入故障,并将第一次正常解密运算输出的解密结果与第二次正常解密运算输出的解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment of the present invention discloses a block cipher attack-proof decryption method and device, which injects a fault when performing the first and/or second normal decryption operations, and compares the decryption result output by the first normal decryption operation with the The decryption result output by the second normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations, and finally the F function outputs an invalid result that the attacker cannot use, effectively resisting the block cipher The double-point attack of the algorithm improves the security of the decryption process of the block cipher algorithm.

本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

下面通过附图和实施例,对本发明的技术方案做进一步的详细描述。The technical solutions of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments.

附图说明Description of drawings

附图用来提供对本发明的进一步理解,并且构成说明书的一部分,与本发明的实施例一起用于解释本发明,并不构成对本发明的限制。在附图中:The accompanying drawings are used to provide a further understanding of the present invention, and constitute a part of the description, and are used together with the embodiments of the present invention to explain the present invention, and do not constitute a limitation to the present invention. In the attached picture:

图1为现有技术中对分组密码进行故障攻击的流程故障攻击的流程示意图;FIG. 1 is a flow diagram of a fault attack on a block cipher in the prior art;

图2为本发明分组密码防攻击的加密方法实施例1的流程图;Fig. 2 is the flow chart of Embodiment 1 of the encryption method of block cipher attack prevention of the present invention;

图3为本发明分组密码防攻击的加密方法实施例2的流程图;Fig. 3 is the flow chart of Embodiment 2 of the encryption method of block cipher attack prevention of the present invention;

图4为本发明分组密码防攻击的加密方法实施例3的流程图;Fig. 4 is the flow chart of embodiment 3 of the encryption method of block cipher attack prevention of the present invention;

图5为本发明分组密码防攻击的加密方法实施例4的流程图;Fig. 5 is the flow chart of Embodiment 4 of the encryption method for block cipher attack prevention of the present invention;

图6为本发明分组密码防攻击的解密方法实施例1的流程图;Fig. 6 is the flow chart of Embodiment 1 of the decryption method for block cipher attack prevention of the present invention;

图7为本发明分组密码防攻击的解密方法实施例2的流程图;FIG. 7 is a flow chart of Embodiment 2 of the decryption method for block cipher attack prevention in the present invention;

图8为本发明分组密码防攻击的解密方法实施例3的流程图;FIG. 8 is a flow chart of Embodiment 3 of the decryption method for block cipher attack prevention in the present invention;

图9为本发明分组密码防攻击的解密方法实施例4的流程图;FIG. 9 is a flow chart of Embodiment 4 of the decryption method for block cipher attack prevention in the present invention;

图10为本发明分组密码防攻击的加密装置实施例的结构图;FIG. 10 is a structural diagram of an embodiment of an encryption device for block cipher attack prevention according to the present invention;

图11为本发明分组密码防攻击的解密装置实施例的结构图。FIG. 11 is a structural diagram of an embodiment of a block cipher attack-proof decryption device according to the present invention.

具体实施方式Detailed ways

下面结合附图,对本发明的具体实施方式进行详细描述,但应当理解本发明的保护范围并不受具体实施方式的限制。The specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings, but it should be understood that the protection scope of the present invention is not limited by the specific embodiments.

本发明的发明人在分析和研究上述现有技术中发现,在运行分组密码算法进行加密或解密运算过程中,如果检测到有故障注入,芯片不宜输出错误的运算结果,否则攻击者就可以利用错误的运算结果进行差分故障攻击。本发明实施例提供了一种分组密码防攻击的方法,当运算过程中有故障注入时不输出错误运算结果,而是输出对于攻击者来说无法利用的无效结果。The inventors of the present invention found in the analysis and research of the above-mentioned prior art that if a fault injection is detected during the operation of the block cipher algorithm for encryption or decryption, the chip should not output wrong calculation results, otherwise the attacker can use Differential fault attacks are performed on wrong operation results. The embodiment of the present invention provides a block cipher attack prevention method. When there is a fault injection in the operation process, the wrong operation result is not output, but an invalid result that cannot be used by the attacker is output.

如果第一次正常运算未被注入故障,第二次正常运算被注入故障,该无效结果是正确的第一次正常运算结果C与错误的第二次正常运算结果C’经过某个F函数处理后的运算结果。If the first normal operation is not injected into the fault, the second normal operation is injected into the fault, the invalid result is the correct first normal operation result C and the wrong second normal operation result C' processed by a certain F function The result of the subsequent operation.

如果第一次正常运算被注入故障,第二次正常运算未被注入故障,该无效结果是错误的第一次正常运算结果C与正确的第二次正常运算结果C’经过某个F函数处理后的运算结果。If the first normal operation is injected with a fault and the second normal operation is not injected with a fault, the invalid result is the wrong first normal operation result C and the correct second normal operation result C' processed by a certain F function The result of the subsequent operation.

如果第一次正常运算被注入故障,第二次正常运算也被注入故障,该无效结果是错误的第一次正常运算结果C与错误的第二次正常运算结果C’经过某个F函数处理后的运算结果。If the first normal operation is injected with a fault, the second normal operation is also injected with a fault, the invalid result is the wrong first normal operation result C and the wrong second normal operation result C' processed by a certain F function The result of the subsequent operation.

如图2所示,本发明实施例公开了一种分组密码防攻击的加密方法,包括:As shown in Figure 2, the embodiment of the present invention discloses a block cipher anti-attack encryption method, including:

步骤201:明文P输入到加密模块中,进行第一次正常加密运算,同时,本步骤被注入故障,故输出的是错误加密结果C;Step 201: Input the plaintext P into the encryption module to perform the first normal encryption operation. At the same time, this step is injected with a fault, so the output is the wrong encryption result C;

步骤203:同一明文P再次输入到加密模块中,进行第二次正常加密运算,输出的是正确加密结果C’;Step 203: Input the same plaintext P into the encryption module again, perform the second normal encryption operation, and output the correct encryption result C';

步骤205:将步骤201中的错误加密结果C和步骤203中的正确加密结果C’输入F函数,该函数的输出为Y;F函数通过判定得知,C≠C’,故输出运算结果为攻击者无法利用的无效结果;Step 205: Input the wrong encryption result C in step 201 and the correct encryption result C' in step 203 into the F function, and the output of this function is Y; the F function knows through judgment that C≠C', so the output operation result is Invalid results that cannot be exploited by attackers;

对于不同的分组算法,F函数的表达式不同,本说明书以下列表达式进行实施例说明,但F函数的表达式应不限于下列表达式。For different grouping algorithms, the expression of the F function is different. This specification uses the following expressions to describe the embodiment, but the expression of the F function should not be limited to the following expressions.

以DES算法为例,加密结果C由L和R两部分组成,加密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the encryption result C is composed of L and R, and the encryption result C' is composed of L' and R', that is, C=L||R, C'=L'||R', then The F function can be defined as:

在步骤205中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 205, the F function may or may not be injected with a fault. Due to the existence of the above-mentioned F-function, no matter whether a fault is injected or not, the calculation result output by the above-mentioned F-function is an invalid result that cannot be used by an attacker.

步骤207:对明文P进行加密运算,输出攻击者无法利用的无效结果Y。Step 207: Perform an encryption operation on the plaintext P, and output an invalid result Y that cannot be exploited by an attacker.

图2实施例公开了一种分组密码防攻击的加密方法,在进行第一次正常加密运算时被注入故障,并将被注入故障的第一次正常加密运算输出的错误加密结果与第二次正常加密运算输出的正确加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment in Fig. 2 discloses a block cipher anti-attack encryption method, a fault is injected during the first normal encryption operation, and the wrong encryption result output by the first normal encryption operation injected with the fault is compared with the second The correct encryption result output by the normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations, and finally the F function outputs an invalid result that the attacker cannot use, effectively resisting the attack on the block cipher algorithm Double-point attack improves the security of the encryption process of the block cipher algorithm.

如图3所示,本发明实施例公开了另一种分组密码防攻击的加密方法,包括:As shown in Figure 3, the embodiment of the present invention discloses another block cipher anti-attack encryption method, including:

步骤301:明文P输入到加密模块中,进行第一次正常加密运算,输出的是正确加密结果C;Step 301: Input the plaintext P into the encryption module, perform the first normal encryption operation, and output the correct encryption result C;

步骤303:同一明文P再次输入到加密模块中,进行第二次正常加密运算,同时,本步骤被注入故障,故输出的是错误加密结果C’;Step 303: The same plaintext P is input into the encryption module again, and the second normal encryption operation is performed. At the same time, this step is injected with a fault, so the output is the wrong encryption result C';

步骤305:将步骤301中的正确加密结果C和步骤303中的错误加密结果C’输入F函数,该函数的输出为Y;F函数通过判定得知,C≠C’,故输出运算结果为攻击者无法利用的无效结果;Step 305: Input the correct encryption result C in step 301 and the wrong encryption result C' in step 303 into the F function, and the output of this function is Y; the F function knows through judgment that C≠C', so the output operation result is Invalid results that cannot be exploited by attackers;

对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of F function is different.

以DES算法为例,加密结果C由L和R两部分组成,加密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the encryption result C is composed of L and R, and the encryption result C' is composed of L' and R', that is, C=L||R, C'=L'||R', then The F function can be defined as:

在步骤305中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 305, the F-function may or may not be injected with a fault. Due to the existence of the above-mentioned F-function, no matter whether a fault is injected or not, the calculation result output by the above-mentioned F-function is an invalid result that cannot be used by an attacker.

步骤307:对明文P进行加密运算,输出攻击者无法利用的无效结果Y。Step 307: Perform an encryption operation on the plaintext P, and output an invalid result Y that cannot be exploited by an attacker.

图3实施例公开了一种分组密码防攻击的加密方法,在进行第二次正常加密运算时被注入故障,并将被注入故障的第二次正常加密运算输出的错误加密结果与第一次正常加密运算输出的正确加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment in Fig. 3 discloses a block cipher anti-attack encryption method, a fault is injected during the second normal encryption operation, and the wrong encryption result output by the second normal encryption operation injected with the fault is the same as the first The correct encryption result output by the normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations, and finally the F function outputs an invalid result that the attacker cannot use, effectively resisting the attack on the block cipher algorithm Double-point attack improves the security of the encryption process of the block cipher algorithm.

如图4所示,本发明实施例公开了第三种分组密码防攻击的加密方法,包括:As shown in Figure 4, the embodiment of the present invention discloses a third block cipher attack-proof encryption method, including:

步骤401:明文P输入到加密模块中,进行第一次正常加密运算,同时,本步骤被注入故障,故输出的是错误加密结果C;Step 401: Input the plaintext P into the encryption module to perform the first normal encryption operation. At the same time, this step is injected with a fault, so the output is the wrong encryption result C;

步骤403:同一明文P再次输入到加密模块中,进行第二次正常加密运算,同时,本步骤被注入故障,故输出的也是错误加密结果C’;Step 403: Input the same plaintext P into the encryption module again to perform the second normal encryption operation. At the same time, this step is injected with a fault, so the output is also the wrong encryption result C';

步骤405:将步骤401中的错误加密结果C和步骤403中的错误加密结果C’输入F函数,该函数的输出为Y;F函数通过判定得知,C≠C’,故输出运算结果为攻击者无法利用的无效结果;Step 405: Input the wrong encryption result C in step 401 and the wrong encryption result C' in step 403 into the F function, and the output of this function is Y; the F function knows through judgment that C≠C', so the output operation result is Invalid results that cannot be exploited by attackers;

对于不同的分组算法,F函数的表达式不同。For different grouping algorithms, the expression of F function is different.

以DES算法为例,加密结果C由L和R两部分组成,加密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the encryption result C is composed of L and R, and the encryption result C' is composed of L' and R', that is, C=L||R, C'=L'||R', then The F function can be defined as:

在步骤405中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 405, the F-function may or may not be injected with a fault. Due to the existence of the above-mentioned F-function, no matter whether a fault is injected or not, the calculation result output by the above-mentioned F-function is an invalid result that cannot be used by an attacker.

步骤407:对明文P进行加密运算,输出攻击者无法利用的无效结果Y。Step 407: Perform an encryption operation on the plaintext P, and output an invalid result Y that cannot be exploited by an attacker.

图4实施例公开了第三种分组密码防攻击的加密方法,在进行第一次和第二次正常加密运算时都被注入故障,并将被注入故障的第一次正常加密运算输出的错误加密结果与同样被注入故障的第二次正常加密运算输出的错误加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment in Fig. 4 discloses a third block cipher attack-proof encryption method, in which a fault is injected during the first and second normal encryption operations, and the error output by the first normal encryption operation injected with the fault is output The encryption result and the wrong encryption result output by the second normal encryption operation that is also injected into the fault are input into the F function, which reduces the steps of comparing the results of the two normal encryption operations, and finally the F function outputs an invalid value that the attacker cannot exploit. As a result, the two-point attack on the block cipher algorithm is effectively resisted, and the security of the encryption process of the block cipher algorithm is improved.

如图5所示,本发明实施例公开了第四种分组密码防攻击的加密方法,包括:As shown in Figure 5, the embodiment of the present invention discloses a fourth block cipher attack-proof encryption method, including:

步骤501:明文P输入到加密模块中,进行第一次正常加密运算,输出的是正确加密结果C;Step 501: Input the plaintext P into the encryption module, perform the first normal encryption operation, and output the correct encryption result C;

步骤503:同一明文P再次输入到加密模块中,进行第二次正常加密运算,输出的也是正确加密结果C’;Step 503: The same plaintext P is input into the encryption module again, and the second normal encryption operation is performed, and the output is also the correct encryption result C';

步骤505:将步骤501中的正确加密结果C和步骤503中的正确加密结果C’输入F函数,该函数的输出为Y;F函数通过判定得知,C=C’,故输出运算结果为正确的加密运算结果;Step 505: Input the correct encryption result C in step 501 and the correct encryption result C' in step 503 into the F function, and the output of this function is Y; the F function knows through judgment that C=C', so the output operation result is The correct encryption operation result;

在步骤505中,F函数既可以被注入故障,也可以不被注入故障。如果F函数未被注入故障,F函数输出的运算结果为正确的加密运算结果,如果F函数被注入故障,如上述实施例一样,F函数同样将输出攻击者无法利用的无效结果。In step 505, the F-function may or may not be injected with a fault. If the F function is not injected with a fault, the calculation result output by the F function is a correct encrypted calculation result. If the F function is injected with a fault, as in the above embodiment, the F function will also output an invalid result that cannot be used by an attacker.

步骤507:对明文P进行加密运算,输出正确的加密运算结果。Step 507: Perform an encryption operation on the plaintext P, and output a correct encryption operation result.

图5实施例公开了一种分组密码防攻击的加密方法,在进行两次正常加密运算时都未被注入故障,并将两次正常加密运算的正确加密结果输入到F函数中,由F函数输出正确的加密运算结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment in Fig. 5 discloses a block cipher anti-attack encryption method, no fault is injected during two normal encryption operations, and the correct encryption results of the two normal encryption operations are input into the F function, and the F function The output of the correct encryption operation result effectively resists the double-point attack on the block cipher algorithm and improves the security of the encryption process of the block cipher algorithm.

如图6所示,本发明实施例公开了一种分组密码防攻击的解密方法,包括:As shown in Figure 6, the embodiment of the present invention discloses a block cipher anti-attack decryption method, including:

步骤601:密文P输入到解密模块中,进行第一次正常解密运算,同时,本步骤被注入故障,故输出的是错误解密结果C;Step 601: The ciphertext P is input into the decryption module, and the first normal decryption operation is performed. At the same time, this step is injected with a fault, so the output is the wrong decryption result C;

步骤603:同一密文P再次输入到解密模块中,进行第二次正常解密运算,输出的是正确解密结果C’;Step 603: The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed, and the output is the correct decryption result C';

步骤605:将步骤601中的错误解密结果C和步骤603中的正确解密结果C’输入F函数,该函数的输出为Y;F函数通过判定得知,C≠C’,故输出运算结果为攻击者无法利用的无效结果;Step 605: Input the wrong decryption result C in step 601 and the correct decryption result C' in step 603 into the F function, and the output of this function is Y; the F function knows through judgment that C≠C', so the output operation result is Invalid results that cannot be exploited by attackers;

对于不同的分组算法,F函数的表达式不同,本说明书以下列表达式进行实施例说明,但F函数的表达式应不限于下列表达式。For different grouping algorithms, the expression of the F function is different. This specification uses the following expressions to describe the embodiment, but the expression of the F function should not be limited to the following expressions.

以DES算法为例,解密结果C由L和R两部分组成,解密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the decryption result C is composed of L and R, and the decryption result C' is composed of L' and R', that is, C=L||R, C'=L'||R', then The F function can be defined as:

在步骤605中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 605, the F-function may or may not be injected with a fault. Due to the existence of the above-mentioned F-function, no matter whether a fault is injected or not, the calculation result output by the above-mentioned F-function is an invalid result that cannot be used by an attacker.

步骤607:对密文P进行解密运算,输出攻击者无法利用的无效结果Y。Step 607: Perform a decryption operation on the ciphertext P, and output an invalid result Y that cannot be exploited by an attacker.

图6实施例公开了一种分组密码防攻击的解密方法,在进行第一次正常解密运算时被注入故障,并将被注入故障的第一次正常解密运算输出的错误解密结果与第二次正常解密运算输出的正确解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment in Fig. 6 discloses a block cipher anti-attack decryption method, a fault is injected during the first normal decryption operation, and the wrong decryption result output by the first normal decryption operation injected with the fault is compared with the second The correct decryption result output by the normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations, and finally the F function outputs an invalid result that the attacker cannot use, effectively resisting the attack on the block cipher algorithm Double-point attack improves the security of the block cipher algorithm decryption process.

如图7所示,本发明实施例公开了另一种分组密码防攻击的解密方法,包括:As shown in Figure 7, the embodiment of the present invention discloses another block cipher anti-attack decryption method, including:

步骤701:密文P输入到解密模块中,进行第一次正常解密运算,输出的是正确解密结果C;Step 701: Input the ciphertext P into the decryption module, perform the first normal decryption operation, and output the correct decryption result C;

步骤703:同一密文P再次输入到解密模块中,进行第二次正常解密运算,同时,本步骤被注入故障,故输出的是错误解密结果C’;Step 703: The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed. At the same time, this step is injected with a fault, so the output is the wrong decryption result C';

步骤705:将步骤701中的正确解密结果C和步骤703中的错误解密结果C’输入F函数,该函数的输出为Y;F函数通过判定得知,C≠C’,故输出运算结果为攻击者无法利用的无效结果;Step 705: Input the correct decryption result C in step 701 and the wrong decryption result C' in step 703 into the F function, and the output of this function is Y; the F function knows through judgment that C≠C', so the output operation result is Invalid results that cannot be exploited by attackers;

对于不同的分组算法,F函数的表达式不同,本说明书以下列表达式进行实施例说明,但F函数的表达式应不限于下列表达式。For different grouping algorithms, the expression of the F function is different. This specification uses the following expressions to describe the embodiment, but the expression of the F function should not be limited to the following expressions.

以DES算法为例,解密结果C由L和R两部分组成,解密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the decryption result C is composed of L and R, and the decryption result C' is composed of L' and R', that is, C=L||R, C'=L'||R', then The F function can be defined as:

在步骤705中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 705, the F-function may or may not be injected with a fault. Due to the existence of the above-mentioned F-function, no matter whether a fault is injected or not, the calculation result output by the above-mentioned F-function is an invalid result that cannot be used by an attacker.

步骤707:对密文P进行解密运算,输出攻击者无法利用的无效结果Y。Step 707: Perform a decryption operation on the ciphertext P, and output an invalid result Y that cannot be exploited by an attacker.

图7实施例公开了一种分组密码防攻击的解密方法,在进行第二次正常解密运算时被注入故障,并将被注入故障的第二次正常解密运算输出的错误解密结果与第一次正常解密运算输出的正确解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment in Fig. 7 discloses a block cipher anti-attack decryption method, a fault is injected during the second normal decryption operation, and the wrong decryption result output by the second normal decryption operation injected with the fault is the same as the first The correct decryption result output by the normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations, and finally the F function outputs an invalid result that the attacker cannot use, effectively resisting the attack on the block cipher algorithm Double-point attack improves the security of the block cipher algorithm decryption process.

如图8所示,本发明实施例公开了第三种分组密码防攻击的解密方法,包括:As shown in Figure 8, the embodiment of the present invention discloses a third block cipher attack prevention decryption method, including:

步骤801:密文P输入到解密模块中,进行第一次正常解密运算,同时,本步骤被注入故障,故输出的是错误解密结果C;Step 801: The ciphertext P is input into the decryption module, and the first normal decryption operation is performed. At the same time, this step is injected with a fault, so the output is the wrong decryption result C;

步骤803:同一密文P再次输入到解密模块中,进行第二次正常解密运算,同时,本步骤被注入故障,故输出的是错误解密结果C’;Step 803: The same ciphertext P is input into the decryption module again, and the second normal decryption operation is performed. At the same time, this step is injected with a fault, so the output is the wrong decryption result C';

步骤805:将步骤801中的错误解密结果C和步骤803中的错误解密结果C’输入F函数,该函数的输出为Y;F函数通过判定得知,C≠C’,故输出运算结果为攻击者无法利用的无效结果;Step 805: Input the wrong decryption result C in step 801 and the wrong decryption result C' in step 803 into the F function, and the output of this function is Y; the F function knows through judgment that C≠C', so the output operation result is Invalid results that cannot be exploited by attackers;

对于不同的分组算法,F函数的表达式不同,本说明书以下列表达式进行实施例说明,但F函数的表达式应不限于下列表达式。For different grouping algorithms, the expression of the F function is different. This specification uses the following expressions to describe the embodiment, but the expression of the F function should not be limited to the following expressions.

以DES算法为例,解密结果C由L和R两部分组成,解密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the decryption result C is composed of L and R, and the decryption result C' is composed of L' and R', that is, C=L||R, C'=L'||R', then The F function can be defined as:

在步骤805中,F函数既可以被注入故障,也可以不被注入故障。由于上述F函数的存在,故无论是否被注入故障,上述F函数输出的运算结果都为攻击者无法利用的无效结果。In step 805, the F-function may or may not be injected with a fault. Due to the existence of the above-mentioned F-function, no matter whether a fault is injected or not, the calculation result output by the above-mentioned F-function is an invalid result that cannot be used by an attacker.

步骤807:对明文P进行解密运算,输出攻击者无法利用的无效结果Y。Step 807: Perform a decryption operation on the plaintext P, and output an invalid result Y that cannot be exploited by an attacker.

图8实施例公开了第三种分组密码防攻击的解密方法,在进行第一次和第二次正常解密运算时都被注入故障,并将被注入故障的第一次正常解密运算输出的错误解密结果与同样被注入故障的第二次正常解密运算输出的错误解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment in Figure 8 discloses the third block cipher anti-attack decryption method, which injects faults when performing the first and second normal decryption operations, and outputs errors from the first normal decryption operation that is injected with faults The decryption result and the wrong decryption result output by the second normal decryption operation that is also injected into the fault are input into the F function, which reduces the steps of comparing the results of the two normal decryption operations, and finally the F function outputs an invalid value that the attacker cannot exploit. As a result, the two-point attack on the block cipher algorithm is effectively resisted, and the security of the decryption process of the block cipher algorithm is improved.

如图9所示,本发明实施例公开了第四种分组密码防攻击的解密方法,包括:As shown in Figure 9, the embodiment of the present invention discloses a fourth block cipher attack prevention decryption method, including:

步骤901:密文P输入到解密模块中,进行第一次正常解密运算,输出的是正确解密结果C;Step 901: input the ciphertext P into the decryption module, perform the first normal decryption operation, and output the correct decryption result C;

步骤903:同一密文P再次输入到解密模块中,进行第二次正常解密运算,输出的也是正确解密结果C’;Step 903: The same ciphertext P is input into the decryption module again, and the normal decryption operation is performed for the second time, and the output is also the correct decryption result C';

步骤905:将步骤901中的正确解密结果C和步骤903中的正确解密结果C’输入F函数,该函数的输出为Y;F函数通过判定得知,C=C’,故输出运算结果为正确的解密运算结果;Step 905: Input the correct decryption result C in step 901 and the correct decryption result C' in step 903 into the F function, and the output of this function is Y; the F function knows through judgment that C=C', so the output operation result is The correct decryption operation result;

对于不同的分组算法,F函数的表达式不同,本说明书以下列表达式进行实施例说明,但F函数的表达式应不限于下列表达式。For different grouping algorithms, the expression of the F function is different. This specification uses the following expressions to describe the embodiment, but the expression of the F function should not be limited to the following expressions.

以DES算法为例,解密结果C由L和R两部分组成,解密结果C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,则F函数可以定义为:Taking the DES algorithm as an example, the decryption result C is composed of L and R, and the decryption result C' is composed of L' and R', that is, C=L||R, C'=L'||R', then The F function can be defined as:

在步骤905中,F函数既可以被注入故障,也可以不被注入故障。如果F函数未被注入故障,F函数输出的运算结果为正确的加密运算结果,如果F函数被注入故障,如上述实施例一样,F函数同样将输出攻击者无法利用的无效结果。In step 905, the F function may or may not be injected with a fault. If the F function is not injected with a fault, the calculation result output by the F function is a correct encrypted calculation result. If the F function is injected with a fault, as in the above embodiment, the F function will also output an invalid result that cannot be used by an attacker.

步骤907:对密文P进行解密运算,输出正确的解密运算结果。Step 907: Perform a decryption operation on the ciphertext P, and output a correct decryption operation result.

图9实施例公开了一种分组密码防攻击的解密方法,在进行两次正常解密运算时都未被注入故障,并将两次正常解密运算的正确解密结果输入到F函数中,由F函数输出正确的解密运算结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment in Fig. 9 discloses a block cipher anti-attack decryption method, no fault is injected during two normal decryption operations, and the correct decryption results of the two normal decryption operations are input into the F function, and the F function The correct decryption operation result is output, effectively resisting the double-point attack on the block cipher algorithm, and improving the security of the decryption process of the block cipher algorithm.

如图10所示,公开了一种分组密码防攻击的加密装置,包括:As shown in Figure 10, an encryption device for block cipher attack prevention is disclosed, including:

加密运算模块10,用于接收需加密的明文P,对明文P进行两次正常加密运算,输出正确加密结果;The encryption operation module 10 is used to receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the correct encryption result;

故障接收模块20,用于在进行正常加密运算时,接收正常加密运算过程被一次或两次注入的故障,输出错误加密结果;The fault receiving module 20 is used to receive the fault injected once or twice during the normal encryption operation process, and output the wrong encryption result;

结果输出模块30,用于正确加密结果和错误加密结果输入F函数后,输出攻击者无法利用的无效结果。The result output module 30 is used for outputting an invalid result that cannot be used by an attacker after the correct encryption result and the wrong encryption result are input into the F function.

其中:故障接收模块20具体用于,在对明文P进行第一次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果;Wherein: the failure receiving module 20 is specifically used to receive the injected failure of this normal encryption operation when performing the first normal encryption operation on the plaintext P, and output an error encryption result;

在对明文P进行第二次正常加密运算时,输出正确加密结果。When the second normal encryption operation is performed on the plaintext P, the correct encryption result is output.

其中:故障接收模块20具体还用于,在对明文P进行第一次正常加密运算时,输出正确加密结果;Wherein: the failure receiving module 20 is specifically also used for outputting a correct encryption result when performing the first normal encryption operation on the plaintext P;

在对明文P进行第二次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果。When the second normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and an erroneous encryption result is output.

其中:故障接收模块20具体还用于,Wherein: the fault receiving module 20 is also specifically used for,

在对明文P进行第一次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果;When the first normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and the wrong encryption result is output;

在对明文P进行第二次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果。When the second normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and an erroneous encryption result is output.

图10实施例公开了一种分组密码防攻击的加密装置,在进行第一次和/或第二次正常加密运算时被注入故障,并将第一次正常加密运算输出的加密结果与第二次正常加密运算输出的加密结果输入到F函数中,减少了将两次正常加密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法加密过程的安全性。The embodiment of Fig. 10 discloses a block cipher attack-proof encryption device, which is injected with a fault when performing the first and/or second normal encryption operation, and compares the encryption result output by the first normal encryption operation with the second The encryption result output by the second normal encryption operation is input into the F function, which reduces the steps of comparing the results of the two normal encryption operations, and finally the F function outputs an invalid result that the attacker cannot use, effectively resisting the attack on the block cipher algorithm Double-point attack improves the security of the encryption process of the block cipher algorithm.

如图11所示,公开了一种分组密码防攻击的解密装置,包括:As shown in Figure 11, a decryption device for block cipher attack prevention is disclosed, including:

解密运算模块40,用于接收需解密的密文P,对密文P进行两次正常解密运算,输出正确解密结果;The decryption operation module 40 is used to receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the correct decryption result;

故障接收模块50,用于在进行正常解密运算时,接收正常加密运算过程被一次或两次注入的故障,输出错误解密结果;The fault receiving module 50 is used for receiving the fault injected once or twice during the normal decryption operation, and outputting the wrong decryption result;

结果输出模块60,用于正确解密结果和错误解密结果输入F函数后,输出攻击者无法利用的无效结果。The result output module 60 is used for outputting an invalid result that cannot be used by an attacker after the correct decryption result and the wrong decryption result are input into the F function.

其中:故障接收模块50具体用于,在对密文P进行第一次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果;Wherein: the failure receiving module 50 is specifically used to receive the injected failure of this normal decryption operation when performing the first normal decryption operation on the ciphertext P, and output an error decryption result;

在对密文P进行第二次正常解密运算时,输出正确解密结果。When the second normal decryption operation is performed on the ciphertext P, the correct decryption result is output.

其中:故障接收模块50具体还用于,在对密文P进行第一次正常解密运算时,输出正确解密结果;Wherein: the failure receiving module 50 is specifically also used for outputting a correct decryption result when the first normal decryption operation is performed on the ciphertext P;

在对密文P进行第二次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果。When the second normal decryption operation is performed on the ciphertext P, the fault injected into this normal decryption operation is received, and an error decryption result is output.

其中:故障接收模块50具体还用于,在对密文P进行第一次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果;Wherein: the fault receiving module 50 is specifically also used for receiving the fault injected into the normal decryption operation during the first normal decryption operation on the ciphertext P, and outputting an error decryption result;

在对密文P进行第二次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果。When the second normal decryption operation is performed on the ciphertext P, the fault injected into this normal decryption operation is received, and an error decryption result is output.

图11实施例公开了一种分组密码防攻击的解密装置,在进行第一次和/或第二次正常解密运算时被注入故障,并将第一次正常解密运算输出的解密结果与第二次正常解密运算输出的解密结果输入到F函数中,减少了将两次正常解密运算结果进行比较的步骤,最后由F函数输出攻击者无法利用的无效结果,有效的抵抗了对分组密码算法的双点攻击,提高了分组密码算法解密过程的安全性。The embodiment in Fig. 11 discloses a block cipher anti-attack decryption device, which is injected with a fault when performing the first and/or second normal decryption operation, and compares the decryption result output by the first normal decryption operation with the second The decryption result output by the second normal decryption operation is input into the F function, which reduces the steps of comparing the results of the two normal decryption operations, and finally the F function outputs an invalid result that the attacker cannot use, effectively resisting the attack on the block cipher algorithm Double-point attack improves the security of the block cipher algorithm decryption process.

本发明能有多种不同形式的具体实施方式,上面以图2-图11为例结合附图对本发明的技术方案作举例说明,这并不意味着本发明所应用的具体实例只能局限在特定的流程或实施例结构中,本领域的普通技术人员应当了解,上文所提供的具体实施方案只是多种优选用法中的一些示例,任何体现本发明权利要求的实施方式均应在本发明技术方案所要求保护的范围之内。The present invention can have multiple specific implementations in different forms. The technical solution of the present invention is illustrated by taking Fig. 2-Fig. 11 as an example in conjunction with the accompanying drawings. In the specific process or embodiment structure, those skilled in the art should understand that the specific implementations provided above are only some examples of various preferred usages, and any implementation that embodies the claims of the present invention shall be included in the present invention. Within the scope of protection required by the technical solution.

最后应说明的是:以上所述仅为本发明的优选实施例而已,并不用于限制本发明,尽管参照前述实施例对本发明进行了详细的说明,对于本领域的技术人员来说,其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。Finally, it should be noted that: the above is only a preferred embodiment of the present invention, and is not intended to limit the present invention. Although the present invention has been described in detail with reference to the foregoing embodiments, for those skilled in the art, it still The technical solutions recorded in the foregoing embodiments may be modified, or some technical features thereof may be equivalently replaced. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (20)

1.一种分组密码防攻击的加密方法,其特征在于,包括:1. An encryption method for block cipher attack prevention, characterized in that, comprising: 接收需加密的明文P,对所述明文P进行两次正常加密运算,输出正确加密结果;Receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output the correct encryption result; 在进行所述正常加密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误加密结果;When performing the normal encryption operation, the normal encryption operation process is injected with a fault once or twice, and an incorrect encryption result is output; 所述正确加密结果和错误加密结果输入F函数后,输出攻击者无法利用的无效结果。After the correct encryption result and the wrong encryption result are input into the F function, an invalid result that cannot be exploited by an attacker is output. 2.根据权利要求1所述的方法,其特征在于,在所述两次正常加密运算中,第一次正常加密运算的加密结果为C,第二次正常加密运算的加密结果为C’,所述C由L和R两部分组成,所述C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,所述F函数定义为: 2. The method according to claim 1, characterized in that, in the two normal encryption operations, the encryption result of the first normal encryption operation is C, and the encryption result of the second normal encryption operation is C', The C is composed of L and R, the C' is composed of L' and R', that is, C=L||R, C'=L'||R', and the F function is defined as: or or 3.根据权利要求1或2所述的方法,其特征在于,所述在进行正常加密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误加密结果的步骤具体包括:3. The method according to claim 1 or 2, characterized in that, when the normal encryption operation is performed, the normal encryption operation process is injected with a fault once or twice, and the step of outputting an error encryption result specifically includes: 在对所述明文P进行第一次正常加密运算时,本次正常加密运算被注入故障,输出错误加密结果;When the first normal encryption operation is performed on the plaintext P, a fault is injected into the normal encryption operation this time, and an incorrect encryption result is output; 在对所述明文P进行第二次正常加密运算时,输出正确加密结果。When the second normal encryption operation is performed on the plaintext P, a correct encryption result is output. 4.根据权利要求1或2所述的方法,其特征在于,所述在进行正常加密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误加密结果的步骤具体还包括:4. The method according to claim 1 or 2, characterized in that, when the normal encryption operation is performed, the normal encryption operation process is injected with a fault once or twice, and the step of outputting an error encryption result specifically further comprises: 在对所述明文P进行第一次正常加密运算时,输出正确加密结果;When the first normal encryption operation is performed on the plaintext P, a correct encryption result is output; 在对所述明文P进行第二次正常加密运算时,本次正常加密运算被注入故障,输出错误加密结果。When the second normal encryption operation is performed on the plaintext P, a fault is injected into the normal encryption operation this time, and an incorrect encryption result is output. 5.根据权利要求1或2所述的方法,其特征在于,所述在进行正常加密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误加密结果的步骤具体还包括:5. The method according to claim 1 or 2, characterized in that, when the normal encryption operation is performed, the normal encryption operation process is injected with a fault once or twice, and the step of outputting an error encryption result specifically further comprises: 在对所述明文P进行第一次正常加密运算时,本次正常加密运算被注入故障,输出错误加密结果;When the first normal encryption operation is performed on the plaintext P, a fault is injected into the normal encryption operation this time, and an incorrect encryption result is output; 在对所述明文P进行第二次正常加密运算时,本次正常加密运算被注入故障,输出错误加密结果。When the second normal encryption operation is performed on the plaintext P, a fault is injected into the normal encryption operation this time, and an incorrect encryption result is output. 6.一种分组密码防攻击的解密方法,其特征在于,包括:6. A decryption method for block cipher attack prevention, characterized in that, comprising: 接收需解密的密文P,对所述密文P进行两次正常解密运算,输出正确解密结果;Receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the correct decryption result; 在进行所述正常解密运算时,所述正常解密运算过程被一次或两次注入故障,输出错误解密结果;When performing the normal decryption operation, the normal decryption operation process is injected with a fault once or twice, and an incorrect decryption result is output; 所述正确解密结果和错误解密结果输入F函数后,输出攻击者无法利用的无效结果。After the correct decryption result and the wrong decryption result are input into the F function, an invalid result that cannot be used by an attacker is output. 7.根据权利要求6所述的方法,其特征在于,在所述两次正常解密运算中,第一次正常解密运算的解密结果为C,第二次正常解密运算的解密结果为C’,所述C由L和R两部分组成,所述C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,所述F函数定义为: 7. The method according to claim 6, characterized in that, in the two normal decryption operations, the decryption result of the first normal decryption operation is C, and the decryption result of the second normal decryption operation is C', The C is composed of L and R, the C' is composed of L' and R', that is, C=L||R, C'=L'||R', and the F function is defined as: or or 8.根据权利要求6或7所述的方法,其特征在于,所述在进行正常解密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误解密结果的步骤具体包括:8. The method according to claim 6 or 7, wherein when the normal decryption operation is performed, the normal encryption operation process is injected with a fault once or twice, and the step of outputting an error decryption result specifically includes: 在对所述密文P进行第一次正常解密运算时,本次正常解密运算被注入故障,输出错误解密结果;When the first normal decryption operation is performed on the ciphertext P, a fault is injected into the normal decryption operation this time, and an incorrect decryption result is output; 在对所述密文P进行第二次正常解密运算时,输出正确解密结果。When the second normal decryption operation is performed on the ciphertext P, a correct decryption result is output. 9.根据权利要求6或7所述的方法,其特征在于,所述在进行正常解密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误解密结果的步骤具体还包括:9. The method according to claim 6 or 7, wherein when the normal decryption operation is performed, the normal encryption operation process is injected with a fault once or twice, and the step of outputting an error decryption result specifically further comprises: 在对所述密文P进行第一次正常解密运算时,输出正确解密结果;When the first normal decryption operation is performed on the ciphertext P, a correct decryption result is output; 在对所述密文P进行第二次正常解密运算时,本次正常解密运算被注入故障,输出错误解密结果。When the second normal decryption operation is performed on the ciphertext P, a fault is injected into the normal decryption operation this time, and an incorrect decryption result is output. 10.根据权利要求6或7所述的方法,其特征在于,所述在进行正常解密运算时,所述正常加密运算过程被一次或两次注入故障,输出错误解密结果的步骤具体还包括:10. The method according to claim 6 or 7, wherein when the normal decryption operation is performed, the normal encryption operation process is injected with a fault once or twice, and the step of outputting an error decryption result specifically further comprises: 在对所述密文P进行第一次正常解密运算时,本次正常解密运算被注入故障,输出错误解密结果;When the first normal decryption operation is performed on the ciphertext P, a fault is injected into the normal decryption operation this time, and an incorrect decryption result is output; 在对所述密文P进行第二次正常解密运算时,本次正常解密运算被注入故障,输出错误解密结果。When the second normal decryption operation is performed on the ciphertext P, a fault is injected into the normal decryption operation this time, and an incorrect decryption result is output. 11.一种分组密码防攻击的加密装置,其特征在于,包括:11. An encryption device for block cipher attack prevention, characterized in that it comprises: 加密运算模块,用于接收需加密的明文P,对所述明文P进行两次正常加密运算,输出正确加密结果;An encryption operation module is used to receive the plaintext P to be encrypted, perform two normal encryption operations on the plaintext P, and output a correct encryption result; 故障接收模块,用于在进行所述正常加密运算时,接收所述正常加密运算过程被一次或两次注入的故障,输出错误加密结果;The fault receiving module is used to receive the fault injected once or twice in the normal encryption operation process when performing the normal encryption operation, and output an error encryption result; 结果输出模块,用于正确加密结果和错误加密结果输入F函数后,输出攻击者无法利用的无效结果。The result output module is used for outputting invalid results that cannot be used by attackers after the correct encrypted results and wrong encrypted results are input into the F function. 12.根据权利要求11所述的装置,其特征在于,在所述加密运算模块的两次正常加密运算中,第一次正常加密运算的加密结果为C,第二次正常加密运算的加密结果为C’,所述C由L和R两部分组成,所述C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,所述结果输出模块中的F函数定义为: 12. The device according to claim 11, characterized in that, in the two normal encryption operations of the encryption operation module, the encryption result of the first normal encryption operation is C, and the encryption result of the second normal encryption operation is C. is C', the C is composed of two parts L and R, and the C' is composed of two parts L' and R', that is, C=L||R, C'=L'||R', the result The F function in the output module is defined as: or or 13.根据权利要求11或12所述的装置,其特征在于,所述故障接收模块具体用于,在对所述明文P进行第一次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果;13. The device according to claim 11 or 12, wherein the fault receiving module is specifically configured to, when performing the normal encryption operation on the plaintext P for the first time, receive the input code injected into the normal encryption operation this time. Failure, output wrong encryption result; 在对所述明文P进行第二次正常加密运算时,输出正确加密结果。When the second normal encryption operation is performed on the plaintext P, a correct encryption result is output. 14.根据权利要求11或12所述的装置,其特征在于,所述故障接收模块具体还用于,在对所述明文P进行第一次正常加密运算时,输出正确加密结果;14. The device according to claim 11 or 12, wherein the fault receiving module is further configured to output a correct encryption result when performing a normal encryption operation on the plaintext P for the first time; 在对所述明文P进行第二次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果。When the second normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and an erroneous encryption result is output. 15.根据权利要求11或12所述的装置,其特征在于,所述故障接收模块具体还用于,15. The device according to claim 11 or 12, characterized in that, the fault receiving module is further used for: 在对所述明文P进行第一次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果;When performing the normal encryption operation on the plaintext P for the first time, receiving the fault injected into this normal encryption operation, and outputting an error encryption result; 在对所述明文P进行第二次正常加密运算时,接收本次正常加密运算被注入的故障,输出错误加密结果。When the second normal encryption operation is performed on the plaintext P, the fault injected into this normal encryption operation is received, and an erroneous encryption result is output. 16.一种分组密码防攻击的解密装置,其特征在于,包括:16. A block cipher anti-attack decryption device, characterized in that it comprises: 解密运算模块,用于接收需解密的密文P,对所述密文P进行两次正常解密运算,输出正确解密结果;The decryption operation module is used to receive the ciphertext P to be decrypted, perform two normal decryption operations on the ciphertext P, and output the correct decryption result; 故障接收模块,用于在进行所述正常解密运算时,接收所述正常解密运算过程被一次或两次注入的故障,输出错误解密结果;The fault receiving module is used to receive the fault injected once or twice in the normal decryption operation process when performing the normal decryption operation, and output an error decryption result; 结果输出模块,用于正确解密结果和错误解密结果输入F函数后,输出攻击者无法利用的无效结果。The result output module is used for outputting an invalid result that an attacker cannot utilize after the correct decryption result and the wrong decryption result are input into the F function. 17.根据权利要求16所述的装置,其特征在于,在所述解密运算模块的两次正常解密运算中,第一次正常解密运算的解密结果为C,第二次正常解密运算的解密结果为C’,所述C由L和R两部分组成,所述C’由L’和R’两部分组成,即C=L||R,C’=L’||R’,所述结果输出模块中的F函数定义为: 17. The device according to claim 16, characterized in that, in the two normal decryption operations of the decryption operation module, the decryption result of the first normal decryption operation is C, and the decryption result of the second normal decryption operation is is C', the C is composed of two parts L and R, and the C' is composed of two parts L' and R', that is, C=L||R, C'=L'||R', the result The F function in the output module is defined as: or or 18.根据权利要求16或17所述的装置,其特征在于,所述故障接收模块具体用于,在对所述密文P进行第一次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果;18. The device according to claim 16 or 17, wherein the fault receiving module is specifically configured to, when the first normal decryption operation is performed on the ciphertext P, receive this normal decryption operation to be injected failure, the wrong decryption result is output; 在对所述密文P进行第二次正常解密运算时,输出正确解密结果。When the second normal decryption operation is performed on the ciphertext P, a correct decryption result is output. 19.根据权利要求16或17所述的装置,其特征在于,所述故障接收模块具体还用于,在对所述密文P进行第一次正常解密运算时,输出正确解密结果;19. The device according to claim 16 or 17, wherein the fault receiving module is further configured to output a correct decryption result when performing a normal decryption operation on the ciphertext P for the first time; 在对所述密文P进行第二次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果。When the second normal decryption operation is performed on the ciphertext P, the fault injected into this normal decryption operation is received, and an erroneous decryption result is output. 20.根据权利要求16或17所述的装置,其特征在于,所述故障接收模块具体还用于,在对所述密文P进行第一次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果;20. The device according to claim 16 or 17, wherein the fault receiving module is further configured to, when performing a normal decryption operation on the ciphertext P for the first time, receive this normal decryption operation Injected failure, output wrong decryption result; 在对所述密文P进行第二次正常解密运算时,接收本次正常解密运算被注入的故障,输出错误解密结果。When the second normal decryption operation is performed on the ciphertext P, the fault injected into this normal decryption operation is received, and an erroneous decryption result is output.
CN201410384592.1A 2014-08-06 2014-08-06 A kind of encipher-decipher method and device of block cipher attack protection Active CN105376046B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410384592.1A CN105376046B (en) 2014-08-06 2014-08-06 A kind of encipher-decipher method and device of block cipher attack protection
PCT/CN2014/093472 WO2016019670A1 (en) 2014-08-06 2014-12-10 Anti-attack encryption and decryption method and device of block cipher

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410384592.1A CN105376046B (en) 2014-08-06 2014-08-06 A kind of encipher-decipher method and device of block cipher attack protection

Publications (2)

Publication Number Publication Date
CN105376046A CN105376046A (en) 2016-03-02
CN105376046B true CN105376046B (en) 2018-08-17

Family

ID=55263082

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410384592.1A Active CN105376046B (en) 2014-08-06 2014-08-06 A kind of encipher-decipher method and device of block cipher attack protection

Country Status (2)

Country Link
CN (1) CN105376046B (en)
WO (1) WO2016019670A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106130712B (en) * 2016-06-14 2019-09-06 刘雷波 A kind of opportunistic infections fault-resistant attack method based on INS network
CN108737073B (en) * 2018-06-22 2021-09-28 北京智芯微电子科技有限公司 Method and device for resisting energy analysis attack in block encryption operation
CN113886810A (en) * 2021-10-15 2022-01-04 中国科学技术大学 Detection and error correction method for persistent fault attack based on SPN structure
CN115795820B (en) * 2022-11-12 2025-03-25 西北工业大学 A Differential Fault Analysis Method Based on Formal Verification

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6108419A (en) * 1998-01-27 2000-08-22 Motorola, Inc. Differential fault analysis hardening apparatus and evaluation method
WO2010045843A1 (en) * 2008-10-23 2010-04-29 国民技术股份有限公司 An aes encryption method of anti-differential power attack
CN102404108A (en) * 2011-10-25 2012-04-04 宁波大学 Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm
CN103634102A (en) * 2013-12-16 2014-03-12 国家电网公司 Protection method for side channel attack and fault attack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6108419A (en) * 1998-01-27 2000-08-22 Motorola, Inc. Differential fault analysis hardening apparatus and evaluation method
WO2010045843A1 (en) * 2008-10-23 2010-04-29 国民技术股份有限公司 An aes encryption method of anti-differential power attack
CN102404108A (en) * 2011-10-25 2012-04-04 宁波大学 Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm
CN103634102A (en) * 2013-12-16 2014-03-12 国家电网公司 Protection method for side channel attack and fault attack

Also Published As

Publication number Publication date
WO2016019670A1 (en) 2016-02-11
CN105376046A (en) 2016-03-02

Similar Documents

Publication Publication Date Title
KR102430042B1 (en) Memory Behavior Encryption
US11960589B2 (en) System for and method of authenticating a component of an electronic device
US8516268B2 (en) Secure field-programmable gate array (FPGA) architecture
CN106529308B (en) A data encryption method, device and mobile terminal
US9716584B2 (en) Systems and methods for operating secure elliptic curve cryptosystems
CN108418691A (en) SGX-based dynamic network identity authentication method
US9819486B2 (en) S-box in cryptographic implementation
US11171780B2 (en) Systems and methods for operating secure elliptic curve cryptosystems
US11989273B2 (en) Biometric locking methods and systems for internet of things and the connected person
CN105376046B (en) A kind of encipher-decipher method and device of block cipher attack protection
WO2019047062A1 (en) Anti-dpa attack encryption method and computer-readable storage medium
CN104901810A (en) Data encryption storage method based on domestic cryptographic algorithm
CN106101150A (en) The method and system of AES
US7779272B2 (en) Hardware cryptographic engine and encryption method
US8751819B1 (en) Systems and methods for encoding data
CN111884814A (en) Method and system for preventing counterfeiting of intelligent terminal
Ziener et al. Configuration tampering of BRAM-based AES implementations on FPGAs
CN108809889B (en) Data deterministic deletion method based on data block random position negation
JP5469631B2 (en) Decryption result verification apparatus, method and program
CN105049433B (en) Markization card number information transmits verification method and system
CN118369888A (en) Automatic key rotation for link encryption
CN102710416A (en) Password encryption method for social website
Banga et al. Protecting user credentials against SQL injection through cryptography and image steganography
CN207070061U (en) A kind of encrypting module
CN119210766A (en) A data processing method, a computer device and a storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant