CN105376046B - A kind of encipher-decipher method and device of block cipher attack protection - Google Patents
A kind of encipher-decipher method and device of block cipher attack protection Download PDFInfo
- Publication number
- CN105376046B CN105376046B CN201410384592.1A CN201410384592A CN105376046B CN 105376046 B CN105376046 B CN 105376046B CN 201410384592 A CN201410384592 A CN 201410384592A CN 105376046 B CN105376046 B CN 105376046B
- Authority
- CN
- China
- Prior art keywords
- result
- failure
- cryptographic calculation
- subnormal
- normal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 85
- 230000004224 protection Effects 0.000 title claims abstract description 51
- 238000004364 calculation method Methods 0.000 claims abstract description 107
- 230000006870 function Effects 0.000 claims abstract description 107
- 238000002347 injection Methods 0.000 claims abstract description 60
- 239000007924 injection Substances 0.000 claims abstract description 60
- 230000008569 process Effects 0.000 claims abstract description 33
- 239000000243 solution Substances 0.000 claims description 5
- 239000000203 mixture Substances 0.000 claims 2
- 235000013399 edible fruits Nutrition 0.000 description 9
- 230000007547 defect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method and apparatus of the encryption and decryption of block cipher attack protection, wherein the encryption method includes:Plaintext P to be encrypted is received, two subnormal cryptographic calculations are carried out to plaintext P, export correct encrypted result;When carrying out normal cryptographic calculation, normal cryptographic calculation process is injected failure, output error encrypted result once or twice;After correct encrypted result and wrong encrypted result input F functions, the unserviceable null result of attacker is exported.The embodiment of the present invention is when carrying out first time and/or the second subnormal cryptographic calculation by injection failure, and the encrypted result exported twice is input in F functions, reduce the step of being compared two subnormal cryptographic calculation results, the unserviceable null result of attacker is finally exported by F functions, the effective two point attack resisted to block cipher, improves the safety of block cipher ciphering process.
Description
Technical field
The present invention relates to field of information security technology in the communications field, and in particular, to block cipher attack protection adds solution
Close method and apparatus.
Background technology
With the development of computer and the communication technology, user is to the secure storage of information, safe handling and safe transmission
Demand is more and more stronger.Particularly, with the extensive use of Internet, information security issue becomes more and more important.It solves
One of effective means of the above problem is to use modern cryptographic technique, and various cryptographic algorithms continuously emerge.Block cipher is
A kind of most common cryptographic means, block cipher have the characteristics that speed is fast, are easy to standardize and be realized convenient for software and hardware,
The core cryptographic algorithm of data encryption, message discriminating and certification is realized typically in information security.Currently, popular grouping
Cryptographic algorithm includes DES algorithms, aes algorithm etc..
As information security issue is increasingly subject to the concern of people, also not to the various analyses of cryptographic algorithm and attack method
It is disconnected to occur.Fault attacks are a kind of strong attack methods occurred in recent years.Its basic principle is to set crypto chip
In high-intensity magnetic field, or change supply voltage, working frequency, the temperature etc. of chip, makes register, the memory in crypto chip
Random error is generated in encryption process, certain output bits become 1 or 1 from original 0 and become 0.By to proper password
The differential comparison of output and bad password output, by theory analysis, so that it may obtain the code data information of chip interior.
Block cipher it is common fail-safe attack method include:Multiple operation is carried out to same data, is relatively repeatedly transported
Whether the result of calculation is consistent;To certain data carry out normal operation after, to operation result carry out inverse operation, compare inverse operation result with
Whether original input data is consistent.
As shown in Figure 1, if attacker injects failure when carrying out first time normal operation to plaintext P, this first
The result C of subnormal operation output is mistake as a result, being to the plaintext P result C ' exported when second of normal operation
Correctly as a result, C ≠ C ' at this time;Then result C and result C ' are compared, that is, judge whether C is equal with C ', and in the knot
Failure is re-injected when fruit is compared, and due to the injection of failure, there is the possibility at " C=C ' " by " C ≠ C ' " attack.If injection
Failure attacks " C ≠ C ' " at " C=C ' ", then comparison result output is error result C (or C ').Attacker obtains mistake knot
Fruit C (or C '), in addition acquired correct result C ' before in addition, it will be able to useful fault message is obtained, it is quick to obtain
Feel information.
Similarly, if attacker's unimplanted failure when carrying out first time normal operation to plaintext P, the is carried out to plaintext P
Failure is injected when secondary normal operation, similar with the above situation, attacker can still obtain error result C ' (or C), in addition
In addition acquired correct result C before, it will be able to useful fault message is obtained, to obtain sensitive information.
Invention content
The present invention is in order to overcome block cipher lower defect of safety when preventing attack in the prior art, according to this
The one side of invention proposes a kind of encryption method of block cipher attack protection.
The encryption method of block cipher attack protection according to the ... of the embodiment of the present invention, including:
Plaintext P to be encrypted is received, two subnormal cryptographic calculations are carried out to plaintext P, export correct encrypted result;
When carrying out normal cryptographic calculation, normal cryptographic calculation process is injected failure once or twice, and output error adds
Close result;
After correct encrypted result and wrong encrypted result input F functions, the unserviceable null result of attacker is exported.
The present invention is in order to overcome block cipher lower defect of safety when preventing attack in the prior art, according to this
The other side of invention proposes a kind of encryption device of block cipher attack protection.
The encryption device of block cipher attack protection according to the ... of the embodiment of the present invention, including:
Cryptographic calculation module carries out two subnormal cryptographic calculations, output is just for receiving plaintext P to be encrypted to plaintext P
True encrypted result;
Failure receiving module receives normal cryptographic calculation process by once or two for when carrying out normal cryptographic calculation
The failure of secondary injection, output error encrypted result;
As a result output module, after inputting F functions for correct encrypted result and wrong encrypted result, output attacker can not
The null result utilized.
The embodiment of the invention discloses a kind of encryption method and device of block cipher attack protection, carry out for the first time and/
Or by injection failure when the second subnormal cryptographic calculation, and by the encrypted result of the first subnormal cryptographic calculation output and for the second time
The encrypted result of normal cryptographic calculation output is input in F functions, is reduced and is compared two subnormal cryptographic calculation results
The step of, the unserviceable null result of attacker is finally exported by F functions, has effectively been resisted to the double of block cipher
Point attack, improves the safety of block cipher ciphering process.
The present invention is in order to overcome block cipher lower defect of safety when preventing attack in the prior art, according to this
The one side of invention proposes a kind of decryption method of block cipher attack protection.
The decryption method of block cipher attack protection according to the ... of the embodiment of the present invention, including:
The ciphertext P that need to be decrypted is received, normally decryption operation is carried out twice to ciphertext P, exports correct decrypted result;
When carrying out normal decryption operation, normal cryptographic calculation process is injected failure, output error solution once or twice
Close result;
After correct decrypted result and wrong decrypted result input F functions, the unserviceable null result of attacker is exported.
The present invention is in order to overcome block cipher lower defect of safety when preventing attack in the prior art, according to this
The one side of invention proposes a kind of decryption device of block cipher attack protection.
The decryption device of block cipher attack protection according to the ... of the embodiment of the present invention, including:
Computing module is decrypted, for receiving the ciphertext P that need to be decrypted, normally decryption operation is carried out twice to ciphertext P, output is just
True decrypted result;
Failure receiving module, for when carrying out normal decryption operation, receiving normal cryptographic calculation process by primary or two
The failure of secondary injection, output error decrypted result;
As a result output module, after inputting F functions for correct decrypted result and wrong decrypted result, output attacker can not
The null result utilized.
The embodiment of the invention discloses a kind of decryption method and device of block cipher attack protection, carry out for the first time and/
Or by injection failure when normally decrypting operation for the second time, and the decrypted result and second that operation exports are decrypted by normal for the first time
The decrypted result of normal decryption operation output is input in F functions, is reduced normally decryption operation result is compared twice
The step of, the unserviceable null result of attacker is finally exported by F functions, has effectively been resisted to the double of block cipher
Point attack, improves the safety of block cipher decrypting process.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The purpose of the present invention and other advantages can be by the explanations write
Specifically noted structure is realized and is obtained in book, claims and attached drawing.
Below by drawings and examples, technical scheme of the present invention will be described in further detail.
Description of the drawings
Attached drawing is used to provide further understanding of the present invention, and a part for constitution instruction, the reality with the present invention
It applies example to be used to explain the present invention together, not be construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow diagram for the flow fault attacks for carrying out fault attacks to block cipher in the prior art;
Fig. 2 is the flow chart of the encryption method embodiment 1 of block cipher attack protection of the present invention;
Fig. 3 is the flow chart of the encryption method embodiment 2 of block cipher attack protection of the present invention;
Fig. 4 is the flow chart of the encryption method embodiment 3 of block cipher attack protection of the present invention;
Fig. 5 is the flow chart of the encryption method embodiment 4 of block cipher attack protection of the present invention;
Fig. 6 is the flow chart of the decryption method embodiment 1 of block cipher attack protection of the present invention;
Fig. 7 is the flow chart of the decryption method embodiment 2 of block cipher attack protection of the present invention;
Fig. 8 is the flow chart of the decryption method embodiment 3 of block cipher attack protection of the present invention;
Fig. 9 is the flow chart of the decryption method embodiment 4 of block cipher attack protection of the present invention;
Figure 10 is the structure chart of the encryption device embodiment of block cipher attack protection of the present invention;
Figure 11 is the structure chart of the decryption device embodiment of block cipher attack protection of the present invention.
Specific implementation mode
Below in conjunction with the accompanying drawings, the specific implementation mode of the present invention is described in detail, it is to be understood that the guarantor of the present invention
Shield range is not restricted by specific implementation.
The present inventor analyze and study it is above-mentioned find in the prior art, operation block cipher added
In close or decryption calculating process, if detecting faulty injection, the operation result of the unsuitable output error of chip, otherwise attacker
Differential fault attack can be carried out using the operation result of mistake.An embodiment of the present invention provides a kind of block cipher attack protections
Method, the not output error operation result when faulty injection in calculating process, but export can not for attacker
The null result utilized.
If first time normal operation is not by injection failure, second of normal operation is by injection failure, the null result
Second of normal operation result C ' of correct first time normal operation result C and mistake is by some F function treated fortune
Calculate result.
If first time normal operation, by injection failure, not by injection failure, which is for second of normal operation
The first time normal operation result C of mistake and correct second of normal operation result C ' are by some F function treated fortune
Calculate result.
If first time normal operation is also injected into failure by injection failure, second of normal operation, which is
Second of normal operation result C ' of the first time normal operation result C of mistake and mistake is by some F function treated fortune
Calculate result.
As shown in Fig. 2, the embodiment of the invention discloses a kind of encryption methods of block cipher attack protection, including:
Step 201:Plaintext P is input in encrypting module, carries out the first subnormal cryptographic calculation, meanwhile, this step is noted
Enter failure, therefore that export is wrong encrypted result C;
Step 203:Same plaintext P is again inputted into encrypting module, carries out the second subnormal cryptographic calculation, and output is
Correct encrypted result C ';
Step 205:Correct encrypted result C ' in wrong encrypted result C and step 203 in step 201 is inputted into F letters
The output of number, the function is Y;F functions by judgement learn, C ≠ C ', thus export operation result be the unserviceable nothing of attacker
Imitate result;
For different grouping algorithms, the expression formula of F functions is different, and this specification following list carries out embodiment up to formula and says
It is bright, but the expression formula of F functions should be not limited to following expression formula.
By taking DES algorithms as an example, encrypted result C is made of L and R two parts, and encrypted result C ' is by L ' and R ' two parts form,
That is C=L | | R, C '=L ' | | R ', then F functions can be defined as:
In step 205, F functions both can also be not implanted failure by injection failure.Due to above-mentioned F functions
In the presence of, therefore regardless of whether by injection failure, the operation result of above-mentioned F functions output is all the unserviceable invalid knot of attacker
Fruit.
Step 207:Operation, the unserviceable null result Y of output attacker are encrypted to plaintext P.
Fig. 2 embodiments disclose a kind of encryption method of block cipher attack protection, are carrying out the first subnormal cryptographic calculation
When by injection failure, and will be subnormal by the wrong encrypted result of the first of injection failure the subnormal cryptographic calculation output and second
The correct encrypted result of cryptographic calculation output is input in F functions, is reduced and is compared two subnormal cryptographic calculation results
The step of, the unserviceable null result of attacker is finally exported by F functions, has effectively been resisted to the double of block cipher
Point attack, improves the safety of block cipher ciphering process.
As shown in figure 3, the embodiment of the invention discloses the encryption methods of another block cipher attack protection, including:
Step 301:Plaintext P is input in encrypting module, carries out the first subnormal cryptographic calculation, output is correctly to encrypt
As a result C;
Step 303:Same plaintext P is again inputted into encrypting module, carries out the second subnormal cryptographic calculation, meanwhile, this
Step is by injection failure, therefore that export is wrong encrypted result C ';
Step 305:Wrong encrypted result C ' in correct encrypted result C and step 303 in step 301 is inputted into F letters
The output of number, the function is Y;F functions by judgement learn, C ≠ C ', thus export operation result be the unserviceable nothing of attacker
Imitate result;
For different grouping algorithms, the expression formula of F functions is different.
By taking DES algorithms as an example, encrypted result C is made of L and R two parts, and encrypted result C ' is by L ' and R ' two parts form,
That is C=L | | R, C '=L ' | | R ', then F functions can be defined as:
In step 305, F functions both can also be not implanted failure by injection failure.Due to above-mentioned F functions
In the presence of, therefore regardless of whether by injection failure, the operation result of above-mentioned F functions output is all the unserviceable invalid knot of attacker
Fruit.
Step 307:Operation, the unserviceable null result Y of output attacker are encrypted to plaintext P.
Fig. 3 embodiments disclose a kind of encryption method of block cipher attack protection, are carrying out the second subnormal cryptographic calculation
When by injection failure, and will be subnormal by the wrong encrypted result of the second of injection failure the subnormal cryptographic calculation output and first
The correct encrypted result of cryptographic calculation output is input in F functions, is reduced and is compared two subnormal cryptographic calculation results
The step of, the unserviceable null result of attacker is finally exported by F functions, has effectively been resisted to the double of block cipher
Point attack, improves the safety of block cipher ciphering process.
As shown in figure 4, the embodiment of the invention discloses the encryption methods of the third block cipher attack protection, including:
Step 401:Plaintext P is input in encrypting module, carries out the first subnormal cryptographic calculation, meanwhile, this step is noted
Enter failure, therefore that export is wrong encrypted result C;
Step 403:Same plaintext P is again inputted into encrypting module, carries out the second subnormal cryptographic calculation, meanwhile, this
Step is by injection failure, therefore that export is also wrong encrypted result C ';
Step 405:Wrong encrypted result C ' in wrong encrypted result C and step 403 in step 401 is inputted into F letters
The output of number, the function is Y;F functions by judgement learn, C ≠ C ', thus export operation result be the unserviceable nothing of attacker
Imitate result;
For different grouping algorithms, the expression formula of F functions is different.
By taking DES algorithms as an example, encrypted result C is made of L and R two parts, and encrypted result C ' is by L ' and R ' two parts form,
That is C=L | | R, C '=L ' | | R ', then F functions can be defined as:
In step 405, F functions both can also be not implanted failure by injection failure.Due to above-mentioned F functions
In the presence of, therefore regardless of whether by injection failure, the operation result of above-mentioned F functions output is all the unserviceable invalid knot of attacker
Fruit.
Step 407:Operation, the unserviceable null result Y of output attacker are encrypted to plaintext P.
Fig. 4 embodiments disclose the encryption method of the third block cipher attack protection, are carrying out for the first time and for the second time just
All by injection failure when normal cryptographic calculation, and will be by the wrong encrypted result of the first of injection failure the subnormal cryptographic calculation output
Be input in F functions with the wrong encrypted result equally by the second of injection failure the subnormal cryptographic calculation output, reduce by
The step of two subnormal cryptographic calculation results are compared finally exports the unserviceable null result of attacker by F functions, has
The two point of block cipher is attacked in the resistance of effect, improves the safety of block cipher ciphering process.
As shown in figure 5, the embodiment of the invention discloses the encryption methods of the 4th kind of block cipher attack protection, including:
Step 501:Plaintext P is input in encrypting module, carries out the first subnormal cryptographic calculation, output is correctly to encrypt
As a result C;
Step 503:Same plaintext P is again inputted into encrypting module, carries out the second subnormal cryptographic calculation, output
It is correct encrypted result C ';
Step 505:Correct encrypted result C ' in correct encrypted result C and step 503 in step 501 is inputted into F letters
The output of number, the function is Y;F functions by judgement learn, C=C ', thus export operation result be correct cryptographic calculation knot
Fruit;
In step 505, F functions both can also be not implanted failure by injection failure.If F functions are not noted
Enter failure, the operation result that F functions export is correct cryptographic calculation as a result, if F functions are by injection failure, such as above-mentioned implementation
Example is the same, and F functions will equally export the unserviceable null result of attacker.
Step 507:Operation is encrypted to plaintext P, exports correct cryptographic calculation result.
Fig. 5 embodiments disclose a kind of encryption method of block cipher attack protection, when carrying out two subnormal cryptographic calculations
All not by injection failure, and the correct encrypted result of two subnormal cryptographic calculations is input in F functions, just by the output of F functions
True cryptographic calculation is as a result, the effective two point attack resisted to block cipher, improves block cipher encryption
The safety of process.
As shown in fig. 6, the embodiment of the invention discloses a kind of decryption methods of block cipher attack protection, including:
Step 601:Ciphertext P is input in deciphering module, carries out normal decryption operation for the first time, meanwhile, this step is noted
Enter failure, therefore that export is wrong decrypted result C;
Step 603:Same ciphertext P is again inputted into deciphering module, carries out second of normal decryption operation, and output is
Correct decrypted result C ';
Step 605:Correct decrypted result C ' in wrong decrypted result C and step 603 in step 601 is inputted into F letters
The output of number, the function is Y;F functions by judgement learn, C ≠ C ', thus export operation result be the unserviceable nothing of attacker
Imitate result;
For different grouping algorithms, the expression formula of F functions is different, and this specification following list carries out embodiment up to formula and says
It is bright, but the expression formula of F functions should be not limited to following expression formula.
By taking DES algorithms as an example, decrypted result C is made of L and R two parts, and decrypted result C ' is by L ' and R ' two parts form,
That is C=L | | R, C '=L ' | | R ', then F functions can be defined as:
In step 605, F functions both can also be not implanted failure by injection failure.Due to above-mentioned F functions
In the presence of, therefore regardless of whether by injection failure, the operation result of above-mentioned F functions output is all the unserviceable invalid knot of attacker
Fruit.
Step 607:Operation, the unserviceable null result Y of output attacker are decrypted to ciphertext P.
Fig. 6 embodiments disclose a kind of decryption method of block cipher attack protection, are carrying out normal decryption operation for the first time
When by injection failure, and by the first time of injection failure normally decrypted the wrong decrypted result of operation output and second subnormal
The correct decrypted result of decryption operation output is input in F functions, is reduced normally decryption operation result is compared twice
The step of, the unserviceable null result of attacker is finally exported by F functions, has effectively been resisted to the double of block cipher
Point attack, improves the safety of block cipher decrypting process.
As shown in fig. 7, the embodiment of the invention discloses the decryption methods of another block cipher attack protection, including:
Step 701:Ciphertext P is input in deciphering module, carries out normal decryption operation for the first time, output is correctly to decrypt
As a result C;
Step 703:Same ciphertext P is again inputted into deciphering module, carries out second of normal decryption operation, meanwhile, this
Step is by injection failure, therefore that export is wrong decrypted result C ';
Step 705:Wrong decrypted result C ' in correct decrypted result C and step 703 in step 701 is inputted into F letters
The output of number, the function is Y;F functions by judgement learn, C ≠ C ', thus export operation result be the unserviceable nothing of attacker
Imitate result;
For different grouping algorithms, the expression formula of F functions is different, and this specification following list carries out embodiment up to formula and says
It is bright, but the expression formula of F functions should be not limited to following expression formula.
By taking DES algorithms as an example, decrypted result C is made of L and R two parts, and decrypted result C ' is by L ' and R ' two parts form,
That is C=L | | R, C '=L ' | | R ', then F functions can be defined as:
In step 705, F functions both can also be not implanted failure by injection failure.Due to above-mentioned F functions
In the presence of, therefore regardless of whether by injection failure, the operation result of above-mentioned F functions output is all the unserviceable invalid knot of attacker
Fruit.
Step 707:Operation, the unserviceable null result Y of output attacker are decrypted to ciphertext P.
Fig. 7 embodiments disclose a kind of decryption method of block cipher attack protection, are carrying out second of normal decryption operation
When by injection failure, and will be subnormal by the wrong decrypted result of the second of injection failure normal decryption operation output and first
The correct decrypted result of decryption operation output is input in F functions, is reduced normally decryption operation result is compared twice
The step of, the unserviceable null result of attacker is finally exported by F functions, has effectively been resisted to the double of block cipher
Point attack, improves the safety of block cipher decrypting process.
As shown in figure 8, the embodiment of the invention discloses the decryption methods of the third block cipher attack protection, including:
Step 801:Ciphertext P is input in deciphering module, carries out normal decryption operation for the first time, meanwhile, this step is noted
Enter failure, therefore that export is wrong decrypted result C;
Step 803:Same ciphertext P is again inputted into deciphering module, carries out second of normal decryption operation, meanwhile, this
Step is by injection failure, therefore that export is wrong decrypted result C ';
Step 805:Wrong decrypted result C ' in wrong decrypted result C and step 803 in step 801 is inputted into F letters
The output of number, the function is Y;F functions by judgement learn, C ≠ C ', thus export operation result be the unserviceable nothing of attacker
Imitate result;
For different grouping algorithms, the expression formula of F functions is different, and this specification following list carries out embodiment up to formula and says
It is bright, but the expression formula of F functions should be not limited to following expression formula.
By taking DES algorithms as an example, decrypted result C is made of L and R two parts, and decrypted result C ' is by L ' and R ' two parts form,
That is C=L | | R, C '=L ' | | R ', then F functions can be defined as:
In step 805, F functions both can also be not implanted failure by injection failure.Due to above-mentioned F functions
In the presence of, therefore regardless of whether by injection failure, the operation result of above-mentioned F functions output is all the unserviceable invalid knot of attacker
Fruit.
Step 807:Operation, the unserviceable null result Y of output attacker are decrypted to plaintext P.
Fig. 8 embodiments disclose the decryption method of the third block cipher attack protection, are carrying out for the first time and for the second time just
All by injection failure when often decryption operation, and the first time of injection failure is normally decrypted into the wrong decrypted result that operation exports
Be input in F functions with the wrong decrypted result equally by the second of injection failure normal decryption operation output, reduce by
The step of normally decryption operation result is compared twice, finally exports the unserviceable null result of attacker by F functions, has
The two point of block cipher is attacked in the resistance of effect, improves the safety of block cipher decrypting process.
As shown in figure 9, the embodiment of the invention discloses the decryption methods of the 4th kind of block cipher attack protection, including:
Step 901:Ciphertext P is input in deciphering module, carries out normal decryption operation for the first time, output is correctly to decrypt
As a result C;
Step 903:Same ciphertext P is again inputted into deciphering module, carries out second of normal decryption operation, output
It is correct decrypted result C ';
Step 905:Correct decrypted result C ' in correct decrypted result C and step 903 in step 901 is inputted into F letters
The output of number, the function is Y;F functions by judgement learn, C=C ', thus export operation result be correctly decryption operation knot
Fruit;
For different grouping algorithms, the expression formula of F functions is different, and this specification following list carries out embodiment up to formula and says
It is bright, but the expression formula of F functions should be not limited to following expression formula.
By taking DES algorithms as an example, decrypted result C is made of L and R two parts, and decrypted result C ' is by L ' and R ' two parts form,
That is C=L | | R, C '=L ' | | R ', then F functions can be defined as:
In step 905, F functions both can also be not implanted failure by injection failure.If F functions are not noted
Enter failure, the operation result that F functions export is correct cryptographic calculation as a result, if F functions are by injection failure, such as above-mentioned implementation
Example is the same, and F functions will equally export the unserviceable null result of attacker.
Step 907:Operation is decrypted to ciphertext P, exports correctly decryption operation result.
Fig. 9 embodiments disclose a kind of decryption method of block cipher attack protection, when carrying out normally decryption operation twice
All not by injection failure, and the correct decrypted result for normally decrypting operation twice is input in F functions, just by the output of F functions
True decryption operation result has effectively resisted the two point attack to block cipher, has improved block cipher decryption
The safety of process.
As shown in Figure 10, a kind of encryption device of block cipher attack protection is disclosed, including:
Cryptographic calculation module 10 carries out two subnormal cryptographic calculations, output for receiving plaintext P to be encrypted to plaintext P
Correct encrypted result;
Failure receiving module 20, for when carrying out normal cryptographic calculation, receive normal cryptographic calculation process by once or
The failure injected twice, output error encrypted result;
As a result output module 30, after inputting F functions for correct encrypted result and wrong encrypted result, output attacker without
The null result that method utilizes.
Wherein:Failure receiving module 20 is specifically used for, and when carrying out the first subnormal cryptographic calculation to plaintext P, receives this
The failure that subnormal cryptographic calculation is injected, output error encrypted result;
When carrying out the second subnormal cryptographic calculation to plaintext P, correct encrypted result is exported.
Wherein:Failure receiving module 20 is specifically additionally operable to, when carrying out the first subnormal cryptographic calculation to plaintext P, output
Correct encrypted result;
When carrying out the second subnormal cryptographic calculation to plaintext P, the failure that this subnormal cryptographic calculation is injected is received, it is defeated
Make mistake encrypted result.
Wherein:Failure receiving module 20 is specifically additionally operable to,
When carrying out the first subnormal cryptographic calculation to plaintext P, the failure that this subnormal cryptographic calculation is injected is received, it is defeated
Make mistake encrypted result;
When carrying out the second subnormal cryptographic calculation to plaintext P, the failure that this subnormal cryptographic calculation is injected is received, it is defeated
Make mistake encrypted result.
Figure 10 embodiments disclose a kind of encryption device of block cipher attack protection, are carrying out first time and/or second
By injection failure when normal cryptographic calculation, and the encrypted result that the first subnormal cryptographic calculation is exported and the second subnormal encryption
The encrypted result of operation output is input in F functions, reduces the step of being compared two subnormal cryptographic calculation results, most
The unserviceable null result of attacker is exported by F functions afterwards, the two point attack to block cipher has effectively been resisted, has carried
The high safety of block cipher ciphering process.
As shown in figure 11, a kind of decryption device of block cipher attack protection is disclosed, including:
Computing module 40 is decrypted, for receiving the ciphertext P that need to be decrypted, normally decryption operation, output are carried out twice to ciphertext P
Correct decrypted result;
Failure receiving module 50, for when carrying out normal decryption operation, receive normal cryptographic calculation process by primary or
The failure injected twice, output error decrypted result;
As a result output module 60, after inputting F functions for correct decrypted result and wrong decrypted result, output attacker without
The null result that method utilizes.
Wherein:Failure receiving module 50 is specifically used for, and when carrying out normal decryption operation for the first time to ciphertext P, receives this
The failure that subnormal decryption operation is injected, output error decrypted result;
When carrying out second of normal decryption operation to ciphertext P, correct decrypted result is exported.
Wherein:Failure receiving module 50 is specifically additionally operable to, when carrying out normal decryption operation for the first time to ciphertext P, output
Correct decrypted result;
When carrying out second of normal decryption operation to ciphertext P, the failure that this normal decryption operation is injected is received, it is defeated
Make mistake decrypted result.
Wherein:Failure receiving module 50 is specifically additionally operable to, and when carrying out normal decryption operation for the first time to ciphertext P, is received
The failure that this normal decryption operation is injected, output error decrypted result;
When carrying out second of normal decryption operation to ciphertext P, the failure that this normal decryption operation is injected is received, it is defeated
Make mistake decrypted result.
Figure 11 embodiments disclose a kind of decryption device of block cipher attack protection, are carrying out first time and/or second
By injection failure when normal decryption operation, and the decrypted result for normally decrypting operation output for the first time is normally decrypted with second
The decrypted result of operation output is input in F functions, is reduced by the step of normally decryption operation result is compared twice, most
The unserviceable null result of attacker is exported by F functions afterwards, the two point attack to block cipher has effectively been resisted, has carried
The high safety of block cipher decrypting process.
It is of the invention can there are many various forms of specific implementation modes, above by taking Fig. 2-Figure 11 as an example in conjunction with attached drawing to this hair
Bright technical solution gives an example, this is not meant to that the specific example that the present invention is applied can only be confined to specific flow
Or in example structure, those skilled in the art are it is to be appreciated that specific embodiment presented above is a variety of
Some examples in preferred usage, any embodiment for embodying the claims in the present invention should all be wanted in technical solution of the present invention
Within the scope of asking protection.
Finally it should be noted that:The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention,
Although the present invention is described in detail referring to the foregoing embodiments, for those skilled in the art, still may be used
With technical scheme described in the above embodiments is modified or equivalent replacement of some of the technical features.
All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in the present invention's
Within protection domain.
Claims (20)
1. a kind of encryption method of block cipher attack protection, which is characterized in that including:
Plaintext P to be encrypted is received, two subnormal cryptographic calculations are carried out to the plaintext P, export correct encrypted result;
When carrying out the normal cryptographic calculation, the normal cryptographic calculation process is injected failure once or twice, and output is wrong
Accidentally encrypted result;
After the correct encrypted result and wrong encrypted result input F functions, the unserviceable null result of attacker is exported.
2. according to the method described in claim 1, it is characterized in that, in described two subnormal cryptographic calculations, the first subnormal encryption
The encrypted result of operation is C, and the encrypted result of the second subnormal cryptographic calculation is C ', and the C is made of L and R two parts, the C ' by
L ' and R ' two parts composition, i.e. C=L | | R, C '=L ' | | R ', the F functions are defined as:
OrOr
3. method according to claim 1 or 2, which is characterized in that it is described when carrying out normal cryptographic calculation, it is described normal
The step of cryptographic calculation process is injected failure once or twice, output error encrypted result specifically includes:
When carrying out the first subnormal cryptographic calculation to the plaintext P, this subnormal cryptographic calculation is by injection failure, output error
Encrypted result;
When carrying out the second subnormal cryptographic calculation to the plaintext P, correct encrypted result is exported.
4. method according to claim 1 or 2, which is characterized in that it is described when carrying out normal cryptographic calculation, it is described normal
The step of cryptographic calculation process is injected failure once or twice, output error encrypted result further include specifically:
When carrying out the first subnormal cryptographic calculation to the plaintext P, correct encrypted result is exported;
When carrying out the second subnormal cryptographic calculation to the plaintext P, this subnormal cryptographic calculation is by injection failure, output error
Encrypted result.
5. method according to claim 1 or 2, which is characterized in that it is described when carrying out normal cryptographic calculation, it is described normal
The step of cryptographic calculation process is injected failure once or twice, output error encrypted result further include specifically:
When carrying out the first subnormal cryptographic calculation to the plaintext P, this subnormal cryptographic calculation is by injection failure, output error
Encrypted result;
When carrying out the second subnormal cryptographic calculation to the plaintext P, this subnormal cryptographic calculation is by injection failure, output error
Encrypted result.
6. a kind of decryption method of block cipher attack protection, which is characterized in that including:
The ciphertext P that need to be decrypted is received, normally decryption operation is carried out twice to the ciphertext P, exports correct decrypted result;
When carrying out the normal decryption operation, the normal decryption calculating process is injected failure once or twice, and output is wrong
Accidentally decrypted result;
After the correct decrypted result and wrong decrypted result input F functions, the unserviceable null result of attacker is exported.
7. according to the method described in claim 6, it is characterized in that, in the decryption operation normal twice, normally decrypt for the first time
The decrypted result of operation is C, and the decrypted result of second normal decryption operation is C ', and the C is made of L and R two parts, the C ' by
L ' and R ' two parts composition, i.e. C=L | | R, C '=L ' | | R ', the F functions are defined as:
OrOr
8. the method described according to claim 6 or 7, which is characterized in that it is described when carrying out normal decryption operation, it is described normal
The step of cryptographic calculation process is injected failure once or twice, output error decrypted result specifically includes:
When carrying out normal decryption operation for the first time to the ciphertext P, this normally decrypts operation by injection failure, output error
Decrypted result;
When carrying out second of normal decryption operation to the ciphertext P, correct decrypted result is exported.
9. the method described according to claim 6 or 7, which is characterized in that it is described when carrying out normal decryption operation, it is described normal
The step of cryptographic calculation process is injected failure once or twice, output error decrypted result further include specifically:
When carrying out normal decryption operation for the first time to the ciphertext P, correct decrypted result is exported;
When carrying out second of normal decryption operation to the ciphertext P, this normally decrypts operation by injection failure, output error
Decrypted result.
10. the method described according to claim 6 or 7, which is characterized in that it is described when carrying out normal decryption operation, it is described just
The step of normal cryptographic calculation process is injected failure once or twice, output error decrypted result further include specifically:
When carrying out normal decryption operation for the first time to the ciphertext P, this normally decrypts operation by injection failure, output error
Decrypted result;
When carrying out second of normal decryption operation to the ciphertext P, this normally decrypts operation by injection failure, output error
Decrypted result.
11. a kind of encryption device of block cipher attack protection, which is characterized in that including:
Cryptographic calculation module carries out two subnormal cryptographic calculations, output is just for receiving plaintext P to be encrypted to the plaintext P
True encrypted result;
Failure receiving module, for when carrying out the normal cryptographic calculation, it is primary to receive the normal cryptographic calculation process
Or the failure injected twice, output error encrypted result;
As a result output module, after inputting F functions for correct encrypted result and wrong encrypted result, output attacker can not utilize
Null result.
12. according to the devices described in claim 11, which is characterized in that in two subnormal encryption fortune of the cryptographic calculation module
In calculation, the encrypted result of the first subnormal cryptographic calculation is C, and the encrypted result of the second subnormal cryptographic calculation is C ', the C by
L and R two parts form, and the C ' is by L ' and R ' two parts form, i.e. C=L | | R, C '=L ' | | R ', the result output module
In F functions be defined as:OrOr
13. device according to claim 11 or 12, which is characterized in that the failure receiving module is specifically used for, right
When the plaintext P carries out the first subnormal cryptographic calculation, the failure that this subnormal cryptographic calculation is injected is received, output error adds
Close result;
When carrying out the second subnormal cryptographic calculation to the plaintext P, correct encrypted result is exported.
14. device according to claim 11 or 12, which is characterized in that the failure receiving module is specifically additionally operable to,
When carrying out the first subnormal cryptographic calculation to the plaintext P, correct encrypted result is exported;
When carrying out the second subnormal cryptographic calculation to the plaintext P, the failure that this subnormal cryptographic calculation is injected is received, it is defeated
Make mistake encrypted result.
15. device according to claim 11 or 12, which is characterized in that the failure receiving module is specifically additionally operable to,
When carrying out the first subnormal cryptographic calculation to the plaintext P, the failure that this subnormal cryptographic calculation is injected is received, it is defeated
Make mistake encrypted result;
When carrying out the second subnormal cryptographic calculation to the plaintext P, the failure that this subnormal cryptographic calculation is injected is received, it is defeated
Make mistake encrypted result.
16. a kind of decryption device of block cipher attack protection, which is characterized in that including:
Computing module is decrypted, for receiving the ciphertext P that need to be decrypted, normally decryption operation is carried out twice to the ciphertext P, output is just
True decrypted result;
Failure receiving module, for when carrying out the normal decryption operation, it is primary to receive the normal decryption calculating process
Or the failure injected twice, output error decrypted result;
As a result output module, after inputting F functions for correct decrypted result and wrong decrypted result, output attacker can not utilize
Null result.
17. device according to claim 16, which is characterized in that in the decryption fortune normal twice of the decryption computing module
In calculation, the decrypted result of normal decryption operation is C for the first time, and the decrypted result of second of normal decryption operation is C ', the C by
L and R two parts form, and the C ' is by L ' and R ' two parts form, i.e. C=L | | R, C '=L ' | | R ', the result output module
In F functions be defined as:OrOr
18. device according to claim 16 or 17, which is characterized in that the failure receiving module is specifically used for, right
When the ciphertext P carries out normal decryption operation for the first time, the failure that this normal decryption operation is injected, output error solution are received
Close result;
When carrying out second of normal decryption operation to the ciphertext P, correct decrypted result is exported.
19. device according to claim 16 or 17, which is characterized in that the failure receiving module is specifically additionally operable to,
When carrying out normal decryption operation for the first time to the ciphertext P, correct decrypted result is exported;
When carrying out second of normal decryption operation to the ciphertext P, the failure that this normal decryption operation is injected is received, it is defeated
Make mistake decrypted result.
20. device according to claim 16 or 17, which is characterized in that the failure receiving module is specifically additionally operable to,
When carrying out normal decryption operation for the first time to the ciphertext P, the failure that this normal decryption operation is injected, output error are received
Decrypted result;
When carrying out second of normal decryption operation to the ciphertext P, the failure that this normal decryption operation is injected is received, it is defeated
Make mistake decrypted result.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410384592.1A CN105376046B (en) | 2014-08-06 | 2014-08-06 | A kind of encipher-decipher method and device of block cipher attack protection |
| PCT/CN2014/093472 WO2016019670A1 (en) | 2014-08-06 | 2014-12-10 | Anti-attack encryption and decryption method and device of block cipher |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410384592.1A CN105376046B (en) | 2014-08-06 | 2014-08-06 | A kind of encipher-decipher method and device of block cipher attack protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105376046A CN105376046A (en) | 2016-03-02 |
| CN105376046B true CN105376046B (en) | 2018-08-17 |
Family
ID=55263082
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410384592.1A Active CN105376046B (en) | 2014-08-06 | 2014-08-06 | A kind of encipher-decipher method and device of block cipher attack protection |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105376046B (en) |
| WO (1) | WO2016019670A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106130712B (en) * | 2016-06-14 | 2019-09-06 | 刘雷波 | A kind of opportunistic infections fault-resistant attack method based on INS network |
| CN108737073B (en) * | 2018-06-22 | 2021-09-28 | 北京智芯微电子科技有限公司 | Method and device for resisting energy analysis attack in block encryption operation |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6108419A (en) * | 1998-01-27 | 2000-08-22 | Motorola, Inc. | Differential fault analysis hardening apparatus and evaluation method |
| WO2010045843A1 (en) * | 2008-10-23 | 2010-04-29 | 国民技术股份有限公司 | An aes encryption method of anti-differential power attack |
| CN102404108A (en) * | 2011-10-25 | 2012-04-04 | 宁波大学 | Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm |
| CN103634102A (en) * | 2013-12-16 | 2014-03-12 | 国家电网公司 | Protection method for side channel attack and fault attack |
-
2014
- 2014-08-06 CN CN201410384592.1A patent/CN105376046B/en active Active
- 2014-12-10 WO PCT/CN2014/093472 patent/WO2016019670A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6108419A (en) * | 1998-01-27 | 2000-08-22 | Motorola, Inc. | Differential fault analysis hardening apparatus and evaluation method |
| WO2010045843A1 (en) * | 2008-10-23 | 2010-04-29 | 国民技术股份有限公司 | An aes encryption method of anti-differential power attack |
| CN102404108A (en) * | 2011-10-25 | 2012-04-04 | 宁波大学 | Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm |
| CN103634102A (en) * | 2013-12-16 | 2014-03-12 | 国家电网公司 | Protection method for side channel attack and fault attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105376046A (en) | 2016-03-02 |
| WO2016019670A1 (en) | 2016-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105940439B (en) | Countermeasure to side-channel attacks on cryptographic algorithms using permutation responses | |
| CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
| US8165286B2 (en) | Combination white box/black box cryptographic processes and apparatus | |
| US8767959B2 (en) | Block encryption | |
| US9143317B2 (en) | Protecting against white box attacks using column rotation | |
| US20150215117A1 (en) | White box encryption apparatus and method | |
| CN108475237A (en) | Storage operation is encrypted | |
| JP6499519B2 (en) | Cryptographic scheme for securely exchanging messages and apparatus and system for implementing the scheme | |
| EP3035585B1 (en) | S-box selection in white-box cryptographic implementation | |
| EP2922235B1 (en) | Security module for secure function execution on untrusted platform | |
| CN105406969A (en) | Apparatus And Method For Data Encryption | |
| US20140140504A1 (en) | System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction | |
| CN106101150A (en) | The method and system of AES | |
| CN112906070A (en) | Block cipher side channel attack mitigation for security devices | |
| Ziener et al. | Configuration tampering of BRAM-based AES implementations on FPGAs | |
| CN105376046B (en) | A kind of encipher-decipher method and device of block cipher attack protection | |
| CN112385175A (en) | Device for data encryption and integrity | |
| US10374791B2 (en) | Method of protecting electronic circuit against eavesdropping by power analysis and electronic circuit using the same | |
| CN102882687A (en) | Intelligent household safe access method and system based on searchable cipher text | |
| EP3475825B1 (en) | Cryptographic operations employing non-linear share encoding for protecting from external monitoring attacks | |
| CN104753664B (en) | Safe encryption method and device, secure decryption method and device | |
| CN107766725B (en) | Template attack resistant data transmission method and system | |
| Tsoutsos et al. | Trust no one: Thwarting" heartbleed" attacks using privacy-preserving computation | |
| Chhabra et al. | Towards the enhancement of AES IP security using hardware obfuscation technique: A practical approach for secure data transmission in IoT | |
| CN107872310A (en) | A kind of RFID system of computer-readable recording medium and the application medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |