CN105703896A - Method for detecting resistance of HAS-160 algorithm to differential fault attack - Google Patents

Method for detecting resistance of HAS-160 algorithm to differential fault attack Download PDF

Info

Publication number
CN105703896A
CN105703896A CN201510960582.2A CN201510960582A CN105703896A CN 105703896 A CN105703896 A CN 105703896A CN 201510960582 A CN201510960582 A CN 201510960582A CN 105703896 A CN105703896 A CN 105703896A
Authority
CN
China
Prior art keywords
fault
imports
algorithm
output
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510960582.2A
Other languages
Chinese (zh)
Inventor
李玮
葛晨雨
高志勇
曹艳琴
夏小玲
曹奇英
黄利利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Donghua University
National Dong Hwa University
Original Assignee
Donghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Donghua University filed Critical Donghua University
Priority to CN201510960582.2A priority Critical patent/CN105703896A/en
Publication of CN105703896A publication Critical patent/CN105703896A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/004Countermeasures against attacks on cryptographic mechanisms for fault attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)

Abstract

The invention relates to a method for detecting resistance of an HAS-160 algorithm to a differential fault attack. The method includes the steps of: randomly generating a plaintext message to be processed; utilizing the HAS-160 algorithm to process the plaintext message to obtain correct output and error output; calculating difference values of the correct output and the error output; and analyzing the difference values, judging whether the HAS-160 algorithm is influenced by a differential fault attack, deriving the position of fault import, and analyzing validity of the position. The method provided by the invention can assess the capability of the HAS-160 algorithm of resisting the differential fault attack.

Description

A kind of method that the HAS-160 of detection algorithm resists differential fault attack
Technical field
The present invention relates to cryptographic algorithm security fields, particularly relate to a kind of method that the HAS-160 of detection algorithm resists differential fault attack。
Background technology
From ancient times to the present, information security issue is always up the object that people pay close attention to, and along with popularizing of digital management, information security issue has been amplified into the problem of algorithm security in cryptography。HAS-160 algorithm is the hash function used in Korea S's DSS, and it is similar to that SHA-1 algorithm, has done some changes increasing algorithm intensity on the basis of SHA-1。HAS-160 algorithm does not circulate when expansion is expressly so that algorithm security is greatly increased, but the block cipher characteristic of HAS-160 algorithm, cause it can not escape from the threat of differential fault attack。
The characteristic of the differential fault attack structure for block cipher and round function, fault attacks is in conjunction with difference analysis, by many experiments, imports fault when algorithm performs, and analyzing it affects ciphertext, calculates possible key, finally obtains key。There is presently no disclosed report review HAS-160 algorithm and resist the ability of differential fault attack, this leaves potential safety hazard to the product being currently in use HAS-160 algorithm packaging。
Symbol description:
M: clear-text message;
Correct output after C: under normal condition, HAS-160 algorithm process message;
C*: import the mistake output of fault during HAS-160 algorithm for encryption;
Δ C: correct output C exports C with mistake*Between difference value;
XOR;
A, B, C, D, E: buffer registers, each size is 32bit;
ΔC0、ΔC1、ΔC2、ΔC3、ΔC4: represent in buffer area last difference taking turns output result respectively;
Ai,Bi,Ci,Di,Ei: the value in the i-th step buffer area, i ∈ [0,79]。
Summary of the invention
The technical problem to be solved is to provide a kind of method that the HAS-160 of detection algorithm resists differential fault attack, it is possible to evaluates HAS-160 algorithm and resists the ability of differential fault attack。
The technical solution adopted for the present invention to solve the technical problems is: a kind of method providing the HAS-160 of detection algorithm to resist differential fault attack, comprises the following steps:
(1) stochastic generation clear-text message to be processed;
(2) utilize clear-text message described in HAS-160 algorithm process, obtain correct output and mistake output;
(3) difference value of correct output and mistake output is calculated;
(4) difference value is analyzed, it is judged that whether HAS-160 algorithm is subject to the impact of differential fault attack, and derives the position that fault imports, and analyzes its effectiveness。
Described step (4) is specific as follows: make difference value Δ C=(Δ C0, Δ C1, Δ C2, Δ C3, Δ C4), it is stored in the buffer area of 160 bits, the buffer area depositor (Α, Β, C, D, E) of 5 32 bit long represents, wherein, Δ C0, Δ C1, Δ C2,ΔC3With Δ C4It is 32 bits, represents in buffer area last difference taking turns output result respectively;Wherein, the efficiency analysis of abort situation is as follows:
Effective fault:
I) as Δ C0、ΔC1、ΔC2、ΔC3When ≠ 0, the position that fault imports is A77
Ii) as Δ C0、ΔC1、ΔC2、ΔC4When ≠ 0, the position that fault imports is B77
Iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In when being all not 0, the position that fault imports is A76And A76Any position before;
Invalid failures:
I) as difference value Δ C=0, illustrating that the fault value imported is equal to the initial value on current location, is equivalently employed without importing fault, fault is invalid;
II) when difference value Δ C ≠ 0:
I) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In have and only have one when being not 0,
A) as Δ C0When ≠ 0, the position that fault imports is A80Or E79
B) as Δ C1When ≠ 0, the position that fault imports is B80
C) as Δ C2When ≠ 0, the position that fault imports is C80
D) as Δ C3When ≠ 0, the position that fault imports is D80
E) as Δ C4When ≠ 0, the position that fault imports is E80
Ii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only two while when being not 0,
A) as Δ C0≠ 0 and Δ C1When ≠ 0, the position that fault imports is A79
B) as Δ C0≠ 0 and Δ C2When ≠ 0, the position that fault imports is B79
C) as Δ C0≠ 0 and Δ C3When ≠ 0, the position that fault imports is C79
D) as Δ C0≠ 0 and Δ C4When ≠ 0, the position that fault imports is D79
Iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only three while when being not 0,
A) as Δ C0、ΔC1With Δ C2When ≠ 0, the position that fault imports is A78
B) as Δ C0、ΔC1With Δ C3When ≠ 0, the position that fault imports is B78
C) as Δ C0、ΔC1With Δ C4When ≠ 0, the position that fault imports is C78
Described step (2) specifically includes following sub-step:
(21) input clear-text message, Control release environment is not by the interference of other any uncorrelated things so that HAS-160 algorithm can correctly carry out, thus obtaining correct output result, is designated as correct output;
(22) re-entering clear-text message, again with HAS-160 algorithm, it is processed, change running environment by physical equipment simultaneously, induction produces fault and disturbs the processing procedure of HAS-160 algorithm, and output result is designated as mistake output。
Described step (22) changes clock, voltage, humidity, radiation, pressure, light and/or vortex flow by physical equipment fault is imported randomly HAS-160 algorithm process flow process, to obtain the output result of mistake。
Beneficial effect
Owing to have employed above-mentioned technical scheme, the present invention is compared with prior art, have the following advantages that and good effect: method provided by the invention is accurate and simple, it is easily achieved, it is possible not only to the assessment HAS-160 algorithm resistivity to differential fault attack, the position of differential fault attack can also be derived, provide theoretical foundation to the safety determination of the product using HAS-160 algorithm packaging。
Accompanying drawing explanation
Fig. 1 is the flow chart of the present invention;
Fig. 2 is the differential fault analysis figure of HAS-160 algorithm;
Fig. 3 is the experimental situation schematic diagram of this programme。
Detailed description of the invention
Below in conjunction with specific embodiment, the present invention is expanded on further。Should be understood that these embodiments are merely to illustrate the present invention rather than restriction the scope of the present invention。In addition, it is to be understood that after having read the content that the present invention lectures, the present invention can be made various changes or modifications by those skilled in the art, and these equivalent form of values fall within the application appended claims limited range equally。
When using HAS-160 algorithm to use same key to process for same message M, if experimental situation (such as clock, voltage, humidity, radiation, pressure, light and vortex flow etc.) is different, assailant can obtain correct output C and mistake output C respectively*, by calculating the output difference value of the two value (namely), key message can be derived。Assailant can run induced failure during HAS-160 algorithm at the equipment of process and occur, but do not know particular location that fault occurs and concrete improper value。Deriving the position that fault imports under given conditions from difference delta C, the fault now imported is called effective fault。On the contrary, in time importing fault and be invalid failures, the fault of this importing offers help to analysis key, namely can not obtain important information by Δ C。
Fig. 1 is the flow chart that detection HAS-160 algorithm provided by the invention resists the method for differential fault attack, and described detection HAS-160 algorithm is resisted the method for differential fault attack and comprised the steps:
Step 1: the current message to be processed of stochastic generation, is designated as M;
Step 2: process message M, obtains correct output and mistake output, is designated as C and C respectively*
Step 3: calculate correct ciphertext C and mistake ciphertext C*Difference value, result is designated as Δ C;
Step 4: analyze Δ C, infers importing position, and whether judge to import fault effective。
For step 2, with HAS-160 algorithm to M process, in experimentation, running environment is implemented control two kinds different, it may be assumed that
(1) input message M, Control release environment is not by the interference of other any uncorrelated things so that HAS-160 algorithm can correctly carry out, thus obtaining correct output result, is designated as C;
(2) re-entering message M, again with HAS-160 algorithm, it is processed, change running environment by other physical equipments simultaneously, induction produces fault and disturbs the processing procedure of HAS-160 algorithm, and output result is designated as C*
Wherein, the method that in step (2), induced failure produces includes: change clock, voltage, humidity, radiation, pressure, light and vortex flow etc.;
For step 3, calculate differenceWhereinRepresenting XOR, Δ C is 160 bits, makes Δ C=(Δ C0, Δ C1, Δ C2, Δ C3, Δ C4), it is stored in the buffer area of 160 bits, the buffer area depositor (Α, Β, C, D, E) of 5 32 bit long represents, makes Δ C=(Δ C0, Δ C1, Δ C2, Δ C3, Δ C4), Δ C0, Δ C1, Δ C2,ΔC3With Δ C4It is 32 bits, represents in buffer area last difference taking turns output result respectively;
For step 4, to the difference analysis of Δ C and determine that the principle of abort situation is as follows:
Message is processed by HAS-160 algorithm by the unit that is grouped into of 512 bit long, altogether being taken turns computing by 4 to form, buffer area is all carried out 20 step interative computations by each wheel, is output as the hash value of 160 bits, the intermediate object program of HAS-160 and final result are stored in the buffer area of 160 bits, buffer area depositor (A, B, the C of 5 32 bit long, D, E) represent, as in figure 2 it is shown, the iterative formula of i+1 step is as follows:
A i + 1 = S P ( A i ) ⊕ f i ( B i , C i , D i ) ⊕ E i ⊕ W i ⊕ K i ,
Bi+1=Ai,
Ci+1=Sq(Bi),
Di+1=Ci,
Ei+1=Di,
Wherein,Represent XOR;I is the step number of iteration, i ∈ [0,79];Ai, Bi, Ci, Di, EiIt it is the value in the i-th step buffer area;Fi(B, C, D) is the compression function of the i-th step;SP(T) the variable T ring shift left p position of 32 bits is represented;From set, { 5,11,7,15,6,13,8,14,7,12,9,11,8,15,6,12,9,14,5,13} and set { obtain 10,17,25,30} p and q at random respectively;WiIt it is the word of 32 bit long that the packet from 512 bits being currently entered is derived;KiIt it is addition constant。
The correct output C of HAS-160 algorithm is:
C = ( A 80 ⊕ A 0 , B 80 ⊕ B 0 , C 80 ⊕ C 0 , D 80 ⊕ D 0 , E 80 ⊕ E 0 ) ,
(A0,B0,C0,D0,E0) for the initial value in buffer area, substituted into above-mentioned equation and can obtain last output result (A80,B80,C80,D80,D80)。At this,
A 80 = S P ( A 79 ) ⊕ f 79 ( B 79 , C 79 , D 79 ) ⊕ E 79 ⊕ W 79 ⊕ K 79 ,
By B80=A79, C80=Sq(B79), D80=C79, E80=D79, bring A into80, learn in above-mentioned equation, only W79And E79Unknown, and assailant be intended to recover W79If, E79Value be known, then W79Just can be solved by below equation and obtain:
W 79 = A 80 ⊕ f 79 ( S q - 1 ( C 80 ) , D 80 , E 80 ) ⊕ E 79 ⊕ S p ( B 80 ) ⊕ K 79 ,
According to the known E of algorithm structure79=D78, namely try to achieve D78Value just may know that E79, thus can derive W79
In like manner, it is also possible to obtain:
W 78 = B 80 ⊕ f 78 ( S q - 1 ( D 80 ) , E 80 . D 78 ) ⊕ S p ( S q - 1 ( C 80 ) ) ⊕ E 78 ⊕ K 78
Above formula to be derived W78, it is necessary to know D78And E78, again because of E78=D77, so it is to be appreciated that D77And D78Value, just can try to achieve W78
By analyzing when the position that fault imports is at B77Time, it is possible to try to achieve D77And D78Value, and then derive W78And W79。By the structure of HAS-160 algorithm it can be seen that should fault import at A together76Time, import at B with fault77Time effect be identical。Thus A76Or B77For effective abort situation。
Wherein, the effectiveness to abort situation, make a concrete analysis of as follows:
1. effective fault:
I () is as Δ C0、ΔC1、ΔC2、ΔC3When ≠ 0, the position that fault imports is A77
(ii) as Δ C0、ΔC1、ΔC2、ΔC4When ≠ 0, the position that fault imports is B77
(iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In when being all not 0, the position that fault imports is A76And A76Any position before。
2. invalid failures:
(I) as Δ C=0, illustrating that the fault value imported is equal to the initial value on current location, is equivalently employed without importing fault, fault is invalid;
(II) when Δ C ≠ 0:
I () is as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In have and only have one when being not 0,
A () is as Δ C0When ≠ 0, the position that fault imports is A80Or E79
B () is as Δ C1When ≠ 0, the position that fault imports is B80
C () is as Δ C2When ≠ 0, the position that fault imports is C80
D () is as Δ C3When ≠ 0, the position that fault imports is D80
E () is as Δ C4When ≠ 0, the position that fault imports is E80
(ii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only two while when being not 0,
A () is as Δ C0≠ 0 and Δ C1When ≠ 0, the position that fault imports is A79
B () is as Δ C0≠ 0 and Δ C2When ≠ 0, the position that fault imports is B79
C () is as Δ C0≠ 0 and Δ C3When ≠ 0, the position that fault imports is C79
D () is as Δ C0≠ 0 and Δ C4When ≠ 0, the position that fault imports is D79
(iii) as Δ C0, Δ C1、ΔC2、ΔC3、ΔC4In only three while when being not 0,
A () is as Δ C0、ΔC1With Δ C2When ≠ 0, the position that fault imports is A78
B () is as Δ C0、ΔC1With Δ C3When ≠ 0, the position that fault imports is B78
C () is as Δ C0、ΔC1With Δ C4When ≠ 0, the position that fault imports is C78
To sum up analyze, as Δ C0、ΔC1、ΔC2、ΔC3When ≠ 0, the abort situation of importing is A77, as Δ C0、ΔC1、ΔC2、ΔC4When ≠ 0, the abort situation of importing is B77, as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In when being all not 0, the abort situation of importing is A76And A76Any position before, these positions are effective fault and import position。
For above-mentioned execution step, choice experiment environment is as it is shown on figure 3, its Computer is used for producing the input message M of HAS-160 and analyzing output result;It is packaged with the equipment of HAS-160 algorithm for processing the message of input, namely message M is encrypted;The equipment producing fault is used for changing experiment execution environment, it is therefore an objective to disturbing the processing procedure to input message, thus realizing importing fault function, producing wrong output result。
Utilize above-mentioned analysis method, the present invention is on the computer of Intel (R) Core (TM) i3-2350MCPU2.30GHz4GB internal memory, adopt Java language programming to carry out simulated failure under Eclipse developing instrument to import and message processing procedure, repeat 2000 times, test result indicate that above-mentioned detection method is accurate。The safety that the method is assessment HAS-160 algorithm provides sufficient theoretical foundation, and the method is simple to operate, and result of calculation is accurate。

Claims (4)

1. one kind is detected the method that HAS-160 algorithm resists differential fault attack, it is characterised in that comprise the following steps:
(1) stochastic generation clear-text message to be processed;
(2) utilize clear-text message described in HAS-160 algorithm process, obtain correct output and mistake output;
(3) difference value of correct output and mistake output is calculated;
(4) difference value is analyzed, it is judged that whether HAS-160 algorithm is subject to the impact of differential fault attack, and derives the position that fault imports, and analyzes its effectiveness。
2. the method that detection HAS-160 algorithm according to claim 1 resists differential fault attack, it is characterised in that described step (4) is specific as follows: make difference value Δ C=(Δ C0, Δ C1, Δ C2, Δ C3, Δ C4), it is stored in the buffer area of 160 bits, the buffer area depositor (Α, Β, C, D, E) of 5 32 bit long represents, wherein, Δ C0, Δ C1, Δ C2,ΔC3With Δ C4It is 32 bits, represents in buffer area last difference taking turns output result respectively;Wherein, the efficiency analysis of abort situation is as follows:
Effective fault:
I) as Δ C0、ΔC1、ΔC2、ΔC3When ≠ 0, the position that fault imports is A77
Ii) as Δ C0、ΔC1、ΔC2、ΔC4When ≠ 0, the position that fault imports is B77
Iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In when being all not 0, the position that fault imports is A76And A76Any position before;
Invalid failures:
I) as difference value Δ C=0, illustrating that the fault value imported is equal to the initial value on current location, is equivalently employed without importing fault, fault is invalid;
II) when difference value Δ C ≠ 0:
I) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In have and only have one when being not 0,
A) as Δ C0When ≠ 0, the position that fault imports is A80Or E79
B) as Δ C1When ≠ 0, the position that fault imports is B80
C) as Δ C2When ≠ 0, the position that fault imports is C80
D) as Δ C3When ≠ 0, the position that fault imports is D80
E) as Δ C4When ≠ 0, the position that fault imports is E80
Ii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only two while when being not 0,
A) as Δ C0≠ 0 and Δ C1When ≠ 0, the position that fault imports is A79
B) as Δ C0≠ 0 and Δ C2When ≠ 0, the position that fault imports is B79
C) as Δ C0≠ 0 and Δ C3When ≠ 0, the position that fault imports is C79
D) as Δ C0≠ 0 and Δ C4When ≠ 0, the position that fault imports is D79
Iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only three while when being not 0,
A) as Δ C0、ΔC1With Δ C2When ≠ 0, the position that fault imports is A78
B) as Δ C0、ΔC1With Δ C3When ≠ 0, the position that fault imports is B78
C) as Δ C0、ΔC1With Δ C4When ≠ 0, the position that fault imports is C78
3. the method that detection HAS-160 algorithm according to claim 1 resists differential fault attack, it is characterised in that described step (2) specifically includes following sub-step:
(21) input clear-text message, Control release environment is not by the interference of other any uncorrelated things so that HAS-160 algorithm can correctly carry out, thus obtaining correct output result, is designated as correct output;
(22) re-entering clear-text message, again with HAS-160 algorithm, it is processed, change running environment by physical equipment simultaneously, induction produces fault and disturbs the processing procedure of HAS-160 algorithm, and output result is designated as mistake output。
4. the method that detection HAS-160 algorithm according to claim 3 resists differential fault attack, it is characterized in that, described step (22) changes clock, voltage, humidity, radiation, pressure, light and/or vortex flow by physical equipment fault is imported randomly HAS-160 algorithm process flow process, to obtain the output result of mistake。
CN201510960582.2A 2015-12-18 2015-12-18 Method for detecting resistance of HAS-160 algorithm to differential fault attack Pending CN105703896A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510960582.2A CN105703896A (en) 2015-12-18 2015-12-18 Method for detecting resistance of HAS-160 algorithm to differential fault attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510960582.2A CN105703896A (en) 2015-12-18 2015-12-18 Method for detecting resistance of HAS-160 algorithm to differential fault attack

Publications (1)

Publication Number Publication Date
CN105703896A true CN105703896A (en) 2016-06-22

Family

ID=56228257

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510960582.2A Pending CN105703896A (en) 2015-12-18 2015-12-18 Method for detecting resistance of HAS-160 algorithm to differential fault attack

Country Status (1)

Country Link
CN (1) CN105703896A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411496A (en) * 2016-11-02 2017-02-15 东华大学 Method for detecting capability of RIPEMD-160 algorithm in defending differential fault attacks
CN106850186A (en) * 2017-01-06 2017-06-13 东华大学 The hashing algorithms of SHA 256 resist the detection method of differential fault attack
CN108055120A (en) * 2017-12-27 2018-05-18 东华大学 A kind of method for detecting AES-OTR algorithms and resisting differential fault attack
CN109842483A (en) * 2019-03-18 2019-06-04 东华大学 A method of detection AES-JAMBU resists differential fault attack
CN110768800A (en) * 2019-10-25 2020-02-07 东华大学 Method for detecting OMD algorithm to resist differential fault attack

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639310A (en) * 2014-12-31 2015-05-20 东华大学 Method for detecting capacity of SHA-1 algorithm for resisting attack of differential fault

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639310A (en) * 2014-12-31 2015-05-20 东华大学 Method for detecting capacity of SHA-1 algorithm for resisting attack of differential fault

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
RUILIN LI等: "Differential Fault Analysis on SHACAL-1", 《2009 WORKSHOP ON FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY》 *
李琳等: "KeeLoq和SHACAL-1算法的差分故障攻击", 《武汉大学学报(理学版)》 *
魏悦川: "分组密码分析方法的基本原理及其应用", 《中国博士学位论文全文数据库信息科技辑》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411496A (en) * 2016-11-02 2017-02-15 东华大学 Method for detecting capability of RIPEMD-160 algorithm in defending differential fault attacks
CN106850186A (en) * 2017-01-06 2017-06-13 东华大学 The hashing algorithms of SHA 256 resist the detection method of differential fault attack
CN108055120A (en) * 2017-12-27 2018-05-18 东华大学 A kind of method for detecting AES-OTR algorithms and resisting differential fault attack
CN108055120B (en) * 2017-12-27 2021-07-09 东华大学 Method for detecting AES-OTR algorithm to resist differential fault attack
CN109842483A (en) * 2019-03-18 2019-06-04 东华大学 A method of detection AES-JAMBU resists differential fault attack
CN110768800A (en) * 2019-10-25 2020-02-07 东华大学 Method for detecting OMD algorithm to resist differential fault attack

Similar Documents

Publication Publication Date Title
CN108199832B (en) Detection method for CLOC authentication encryption algorithm to resist differential fault attack
CN105703896A (en) Method for detecting resistance of HAS-160 algorithm to differential fault attack
Prouff et al. Statistical analysis of second order differential power analysis
CN108055120B (en) Method for detecting AES-OTR algorithm to resist differential fault attack
Medwed et al. Template attacks on ECDSA
CN104639310B (en) A kind of method that detection algorithms of SHA 1 resist differential fault attack
Ding et al. A statistical model for higher order DPA on masked devices
CN109842483A (en) A method of detection AES-JAMBU resists differential fault attack
CN104135362A (en) Availability computing method of data published based on differential privacy
Zadeh et al. Simple power analysis applied to nonlinear feedback shift registers
CN102468954B (en) Method for preventing symmetric cryptographic algorithm from being attacked
CN110912672A (en) Method for detecting resistance of COLM authentication encryption algorithm to differential fault attack
Kuroda et al. Practical aspects on non-profiled deep-learning side-channel attacks against AES software implementation with two types of masking countermeasures including RSM
Sun et al. A property-based testing framework for encryption programs
CN112532374A (en) Method for detecting SILC authentication encryption algorithm to resist differential fault attack
CN106411496A (en) Method for detecting capability of RIPEMD-160 algorithm in defending differential fault attacks
KR101981621B1 (en) System and Method for Key bit Parameter Randomizating of public key cryptography
CN112511291A (en) Method for detecting OCB authentication encryption algorithm to resist differential fault attack
CN106850186A (en) The hashing algorithms of SHA 256 resist the detection method of differential fault attack
Hu et al. Software implementation of aes-128: Side channel attacks based on power traces decomposition
CN112468283A (en) Method for detecting iFeed [ AES ] algorithm to resist differential fault attack
Zhang et al. A novel template attack on wnaf algorithm of ECC
Wang et al. Single-Trace Side-Channel Attacks on CRYSTALS-Dilithium: Myth or Reality?
Echandouri et al. SEC-CMAC a new message authentication code based on the symmetrical evolutionist ciphering algorithm
Al-humaikani et al. A review on the verification approaches and tools used to verify the correctness of security algorithms and protocols

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination