CN105703896A - Method for detecting resistance of HAS-160 algorithm to differential fault attack - Google Patents
Method for detecting resistance of HAS-160 algorithm to differential fault attack Download PDFInfo
- Publication number
- CN105703896A CN105703896A CN201510960582.2A CN201510960582A CN105703896A CN 105703896 A CN105703896 A CN 105703896A CN 201510960582 A CN201510960582 A CN 201510960582A CN 105703896 A CN105703896 A CN 105703896A
- Authority
- CN
- China
- Prior art keywords
- fault
- imports
- algorithm
- output
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/004—Countermeasures against attacks on cryptographic mechanisms for fault attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Complex Calculations (AREA)
Abstract
The invention relates to a method for detecting resistance of an HAS-160 algorithm to a differential fault attack. The method includes the steps of: randomly generating a plaintext message to be processed; utilizing the HAS-160 algorithm to process the plaintext message to obtain correct output and error output; calculating difference values of the correct output and the error output; and analyzing the difference values, judging whether the HAS-160 algorithm is influenced by a differential fault attack, deriving the position of fault import, and analyzing validity of the position. The method provided by the invention can assess the capability of the HAS-160 algorithm of resisting the differential fault attack.
Description
Technical field
The present invention relates to cryptographic algorithm security fields, particularly relate to a kind of method that the HAS-160 of detection algorithm resists differential fault attack。
Background technology
From ancient times to the present, information security issue is always up the object that people pay close attention to, and along with popularizing of digital management, information security issue has been amplified into the problem of algorithm security in cryptography。HAS-160 algorithm is the hash function used in Korea S's DSS, and it is similar to that SHA-1 algorithm, has done some changes increasing algorithm intensity on the basis of SHA-1。HAS-160 algorithm does not circulate when expansion is expressly so that algorithm security is greatly increased, but the block cipher characteristic of HAS-160 algorithm, cause it can not escape from the threat of differential fault attack。
The characteristic of the differential fault attack structure for block cipher and round function, fault attacks is in conjunction with difference analysis, by many experiments, imports fault when algorithm performs, and analyzing it affects ciphertext, calculates possible key, finally obtains key。There is presently no disclosed report review HAS-160 algorithm and resist the ability of differential fault attack, this leaves potential safety hazard to the product being currently in use HAS-160 algorithm packaging。
Symbol description:
M: clear-text message;
Correct output after C: under normal condition, HAS-160 algorithm process message;
C*: import the mistake output of fault during HAS-160 algorithm for encryption;
Δ C: correct output C exports C with mistake*Between difference value;
XOR;
A, B, C, D, E: buffer registers, each size is 32bit;
ΔC0、ΔC1、ΔC2、ΔC3、ΔC4: represent in buffer area last difference taking turns output result respectively;
Ai,Bi,Ci,Di,Ei: the value in the i-th step buffer area, i ∈ [0,79]。
Summary of the invention
The technical problem to be solved is to provide a kind of method that the HAS-160 of detection algorithm resists differential fault attack, it is possible to evaluates HAS-160 algorithm and resists the ability of differential fault attack。
The technical solution adopted for the present invention to solve the technical problems is: a kind of method providing the HAS-160 of detection algorithm to resist differential fault attack, comprises the following steps:
(1) stochastic generation clear-text message to be processed;
(2) utilize clear-text message described in HAS-160 algorithm process, obtain correct output and mistake output;
(3) difference value of correct output and mistake output is calculated;
(4) difference value is analyzed, it is judged that whether HAS-160 algorithm is subject to the impact of differential fault attack, and derives the position that fault imports, and analyzes its effectiveness。
Described step (4) is specific as follows: make difference value Δ C=(Δ C0, Δ C1, Δ C2, Δ C3, Δ C4), it is stored in the buffer area of 160 bits, the buffer area depositor (Α, Β, C, D, E) of 5 32 bit long represents, wherein, Δ C0, Δ C1, Δ C2,ΔC3With Δ C4It is 32 bits, represents in buffer area last difference taking turns output result respectively;Wherein, the efficiency analysis of abort situation is as follows:
Effective fault:
I) as Δ C0、ΔC1、ΔC2、ΔC3When ≠ 0, the position that fault imports is A77;
Ii) as Δ C0、ΔC1、ΔC2、ΔC4When ≠ 0, the position that fault imports is B77;
Iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In when being all not 0, the position that fault imports is A76And A76Any position before;
Invalid failures:
I) as difference value Δ C=0, illustrating that the fault value imported is equal to the initial value on current location, is equivalently employed without importing fault, fault is invalid;
II) when difference value Δ C ≠ 0:
I) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In have and only have one when being not 0,
A) as Δ C0When ≠ 0, the position that fault imports is A80Or E79;
B) as Δ C1When ≠ 0, the position that fault imports is B80;
C) as Δ C2When ≠ 0, the position that fault imports is C80;
D) as Δ C3When ≠ 0, the position that fault imports is D80;
E) as Δ C4When ≠ 0, the position that fault imports is E80;
Ii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only two while when being not 0,
A) as Δ C0≠ 0 and Δ C1When ≠ 0, the position that fault imports is A79;
B) as Δ C0≠ 0 and Δ C2When ≠ 0, the position that fault imports is B79;
C) as Δ C0≠ 0 and Δ C3When ≠ 0, the position that fault imports is C79;
D) as Δ C0≠ 0 and Δ C4When ≠ 0, the position that fault imports is D79;
Iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only three while when being not 0,
A) as Δ C0、ΔC1With Δ C2When ≠ 0, the position that fault imports is A78;
B) as Δ C0、ΔC1With Δ C3When ≠ 0, the position that fault imports is B78;
C) as Δ C0、ΔC1With Δ C4When ≠ 0, the position that fault imports is C78。
Described step (2) specifically includes following sub-step:
(21) input clear-text message, Control release environment is not by the interference of other any uncorrelated things so that HAS-160 algorithm can correctly carry out, thus obtaining correct output result, is designated as correct output;
(22) re-entering clear-text message, again with HAS-160 algorithm, it is processed, change running environment by physical equipment simultaneously, induction produces fault and disturbs the processing procedure of HAS-160 algorithm, and output result is designated as mistake output。
Described step (22) changes clock, voltage, humidity, radiation, pressure, light and/or vortex flow by physical equipment fault is imported randomly HAS-160 algorithm process flow process, to obtain the output result of mistake。
Beneficial effect
Owing to have employed above-mentioned technical scheme, the present invention is compared with prior art, have the following advantages that and good effect: method provided by the invention is accurate and simple, it is easily achieved, it is possible not only to the assessment HAS-160 algorithm resistivity to differential fault attack, the position of differential fault attack can also be derived, provide theoretical foundation to the safety determination of the product using HAS-160 algorithm packaging。
Accompanying drawing explanation
Fig. 1 is the flow chart of the present invention;
Fig. 2 is the differential fault analysis figure of HAS-160 algorithm;
Fig. 3 is the experimental situation schematic diagram of this programme。
Detailed description of the invention
Below in conjunction with specific embodiment, the present invention is expanded on further。Should be understood that these embodiments are merely to illustrate the present invention rather than restriction the scope of the present invention。In addition, it is to be understood that after having read the content that the present invention lectures, the present invention can be made various changes or modifications by those skilled in the art, and these equivalent form of values fall within the application appended claims limited range equally。
When using HAS-160 algorithm to use same key to process for same message M, if experimental situation (such as clock, voltage, humidity, radiation, pressure, light and vortex flow etc.) is different, assailant can obtain correct output C and mistake output C respectively*, by calculating the output difference value of the two value (namely), key message can be derived。Assailant can run induced failure during HAS-160 algorithm at the equipment of process and occur, but do not know particular location that fault occurs and concrete improper value。Deriving the position that fault imports under given conditions from difference delta C, the fault now imported is called effective fault。On the contrary, in time importing fault and be invalid failures, the fault of this importing offers help to analysis key, namely can not obtain important information by Δ C。
Fig. 1 is the flow chart that detection HAS-160 algorithm provided by the invention resists the method for differential fault attack, and described detection HAS-160 algorithm is resisted the method for differential fault attack and comprised the steps:
Step 1: the current message to be processed of stochastic generation, is designated as M;
Step 2: process message M, obtains correct output and mistake output, is designated as C and C respectively*;
Step 3: calculate correct ciphertext C and mistake ciphertext C*Difference value, result is designated as Δ C;
Step 4: analyze Δ C, infers importing position, and whether judge to import fault effective。
For step 2, with HAS-160 algorithm to M process, in experimentation, running environment is implemented control two kinds different, it may be assumed that
(1) input message M, Control release environment is not by the interference of other any uncorrelated things so that HAS-160 algorithm can correctly carry out, thus obtaining correct output result, is designated as C;
(2) re-entering message M, again with HAS-160 algorithm, it is processed, change running environment by other physical equipments simultaneously, induction produces fault and disturbs the processing procedure of HAS-160 algorithm, and output result is designated as C*。
Wherein, the method that in step (2), induced failure produces includes: change clock, voltage, humidity, radiation, pressure, light and vortex flow etc.;
For step 3, calculate differenceWhereinRepresenting XOR, Δ C is 160 bits, makes Δ C=(Δ C0, Δ C1, Δ C2, Δ C3, Δ C4), it is stored in the buffer area of 160 bits, the buffer area depositor (Α, Β, C, D, E) of 5 32 bit long represents, makes Δ C=(Δ C0, Δ C1, Δ C2, Δ C3, Δ C4), Δ C0, Δ C1, Δ C2,ΔC3With Δ C4It is 32 bits, represents in buffer area last difference taking turns output result respectively;
For step 4, to the difference analysis of Δ C and determine that the principle of abort situation is as follows:
Message is processed by HAS-160 algorithm by the unit that is grouped into of 512 bit long, altogether being taken turns computing by 4 to form, buffer area is all carried out 20 step interative computations by each wheel, is output as the hash value of 160 bits, the intermediate object program of HAS-160 and final result are stored in the buffer area of 160 bits, buffer area depositor (A, B, the C of 5 32 bit long, D, E) represent, as in figure 2 it is shown, the iterative formula of i+1 step is as follows:
Bi+1=Ai,
Ci+1=Sq(Bi),
Di+1=Ci,
Ei+1=Di,
Wherein,Represent XOR;I is the step number of iteration, i ∈ [0,79];Ai, Bi, Ci, Di, EiIt it is the value in the i-th step buffer area;Fi(B, C, D) is the compression function of the i-th step;SP(T) the variable T ring shift left p position of 32 bits is represented;From set, { 5,11,7,15,6,13,8,14,7,12,9,11,8,15,6,12,9,14,5,13} and set { obtain 10,17,25,30} p and q at random respectively;WiIt it is the word of 32 bit long that the packet from 512 bits being currently entered is derived;KiIt it is addition constant。
The correct output C of HAS-160 algorithm is:
(A0,B0,C0,D0,E0) for the initial value in buffer area, substituted into above-mentioned equation and can obtain last output result (A80,B80,C80,D80,D80)。At this,
By B80=A79, C80=Sq(B79), D80=C79, E80=D79, bring A into80, learn in above-mentioned equation, only W79And E79Unknown, and assailant be intended to recover W79If, E79Value be known, then W79Just can be solved by below equation and obtain:
According to the known E of algorithm structure79=D78, namely try to achieve D78Value just may know that E79, thus can derive W79。
In like manner, it is also possible to obtain:
Above formula to be derived W78, it is necessary to know D78And E78, again because of E78=D77, so it is to be appreciated that D77And D78Value, just can try to achieve W78。
By analyzing when the position that fault imports is at B77Time, it is possible to try to achieve D77And D78Value, and then derive W78And W79。By the structure of HAS-160 algorithm it can be seen that should fault import at A together76Time, import at B with fault77Time effect be identical。Thus A76Or B77For effective abort situation。
Wherein, the effectiveness to abort situation, make a concrete analysis of as follows:
1. effective fault:
I () is as Δ C0、ΔC1、ΔC2、ΔC3When ≠ 0, the position that fault imports is A77;
(ii) as Δ C0、ΔC1、ΔC2、ΔC4When ≠ 0, the position that fault imports is B77;
(iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In when being all not 0, the position that fault imports is A76And A76Any position before。
2. invalid failures:
(I) as Δ C=0, illustrating that the fault value imported is equal to the initial value on current location, is equivalently employed without importing fault, fault is invalid;
(II) when Δ C ≠ 0:
I () is as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In have and only have one when being not 0,
A () is as Δ C0When ≠ 0, the position that fault imports is A80Or E79;
B () is as Δ C1When ≠ 0, the position that fault imports is B80;
C () is as Δ C2When ≠ 0, the position that fault imports is C80;
D () is as Δ C3When ≠ 0, the position that fault imports is D80;
E () is as Δ C4When ≠ 0, the position that fault imports is E80;
(ii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only two while when being not 0,
A () is as Δ C0≠ 0 and Δ C1When ≠ 0, the position that fault imports is A79;
B () is as Δ C0≠ 0 and Δ C2When ≠ 0, the position that fault imports is B79;
C () is as Δ C0≠ 0 and Δ C3When ≠ 0, the position that fault imports is C79;
D () is as Δ C0≠ 0 and Δ C4When ≠ 0, the position that fault imports is D79;
(iii) as Δ C0, Δ C1、ΔC2、ΔC3、ΔC4In only three while when being not 0,
A () is as Δ C0、ΔC1With Δ C2When ≠ 0, the position that fault imports is A78;
B () is as Δ C0、ΔC1With Δ C3When ≠ 0, the position that fault imports is B78;
C () is as Δ C0、ΔC1With Δ C4When ≠ 0, the position that fault imports is C78。
To sum up analyze, as Δ C0、ΔC1、ΔC2、ΔC3When ≠ 0, the abort situation of importing is A77, as Δ C0、ΔC1、ΔC2、ΔC4When ≠ 0, the abort situation of importing is B77, as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In when being all not 0, the abort situation of importing is A76And A76Any position before, these positions are effective fault and import position。
For above-mentioned execution step, choice experiment environment is as it is shown on figure 3, its Computer is used for producing the input message M of HAS-160 and analyzing output result;It is packaged with the equipment of HAS-160 algorithm for processing the message of input, namely message M is encrypted;The equipment producing fault is used for changing experiment execution environment, it is therefore an objective to disturbing the processing procedure to input message, thus realizing importing fault function, producing wrong output result。
Utilize above-mentioned analysis method, the present invention is on the computer of Intel (R) Core (TM) i3-2350MCPU2.30GHz4GB internal memory, adopt Java language programming to carry out simulated failure under Eclipse developing instrument to import and message processing procedure, repeat 2000 times, test result indicate that above-mentioned detection method is accurate。The safety that the method is assessment HAS-160 algorithm provides sufficient theoretical foundation, and the method is simple to operate, and result of calculation is accurate。
Claims (4)
1. one kind is detected the method that HAS-160 algorithm resists differential fault attack, it is characterised in that comprise the following steps:
(1) stochastic generation clear-text message to be processed;
(2) utilize clear-text message described in HAS-160 algorithm process, obtain correct output and mistake output;
(3) difference value of correct output and mistake output is calculated;
(4) difference value is analyzed, it is judged that whether HAS-160 algorithm is subject to the impact of differential fault attack, and derives the position that fault imports, and analyzes its effectiveness。
2. the method that detection HAS-160 algorithm according to claim 1 resists differential fault attack, it is characterised in that described step (4) is specific as follows: make difference value Δ C=(Δ C0, Δ C1, Δ C2, Δ C3, Δ C4), it is stored in the buffer area of 160 bits, the buffer area depositor (Α, Β, C, D, E) of 5 32 bit long represents, wherein, Δ C0, Δ C1, Δ C2,ΔC3With Δ C4It is 32 bits, represents in buffer area last difference taking turns output result respectively;Wherein, the efficiency analysis of abort situation is as follows:
Effective fault:
I) as Δ C0、ΔC1、ΔC2、ΔC3When ≠ 0, the position that fault imports is A77;
Ii) as Δ C0、ΔC1、ΔC2、ΔC4When ≠ 0, the position that fault imports is B77;
Iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In when being all not 0, the position that fault imports is A76And A76Any position before;
Invalid failures:
I) as difference value Δ C=0, illustrating that the fault value imported is equal to the initial value on current location, is equivalently employed without importing fault, fault is invalid;
II) when difference value Δ C ≠ 0:
I) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In have and only have one when being not 0,
A) as Δ C0When ≠ 0, the position that fault imports is A80Or E79;
B) as Δ C1When ≠ 0, the position that fault imports is B80;
C) as Δ C2When ≠ 0, the position that fault imports is C80;
D) as Δ C3When ≠ 0, the position that fault imports is D80;
E) as Δ C4When ≠ 0, the position that fault imports is E80;
Ii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only two while when being not 0,
A) as Δ C0≠ 0 and Δ C1When ≠ 0, the position that fault imports is A79;
B) as Δ C0≠ 0 and Δ C2When ≠ 0, the position that fault imports is B79;
C) as Δ C0≠ 0 and Δ C3When ≠ 0, the position that fault imports is C79;
D) as Δ C0≠ 0 and Δ C4When ≠ 0, the position that fault imports is D79;
Iii) as Δ C0、ΔC1、ΔC2、ΔC3、ΔC4In only three while when being not 0,
A) as Δ C0、ΔC1With Δ C2When ≠ 0, the position that fault imports is A78;
B) as Δ C0、ΔC1With Δ C3When ≠ 0, the position that fault imports is B78;
C) as Δ C0、ΔC1With Δ C4When ≠ 0, the position that fault imports is C78。
3. the method that detection HAS-160 algorithm according to claim 1 resists differential fault attack, it is characterised in that described step (2) specifically includes following sub-step:
(21) input clear-text message, Control release environment is not by the interference of other any uncorrelated things so that HAS-160 algorithm can correctly carry out, thus obtaining correct output result, is designated as correct output;
(22) re-entering clear-text message, again with HAS-160 algorithm, it is processed, change running environment by physical equipment simultaneously, induction produces fault and disturbs the processing procedure of HAS-160 algorithm, and output result is designated as mistake output。
4. the method that detection HAS-160 algorithm according to claim 3 resists differential fault attack, it is characterized in that, described step (22) changes clock, voltage, humidity, radiation, pressure, light and/or vortex flow by physical equipment fault is imported randomly HAS-160 algorithm process flow process, to obtain the output result of mistake。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510960582.2A CN105703896A (en) | 2015-12-18 | 2015-12-18 | Method for detecting resistance of HAS-160 algorithm to differential fault attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510960582.2A CN105703896A (en) | 2015-12-18 | 2015-12-18 | Method for detecting resistance of HAS-160 algorithm to differential fault attack |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105703896A true CN105703896A (en) | 2016-06-22 |
Family
ID=56228257
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510960582.2A Pending CN105703896A (en) | 2015-12-18 | 2015-12-18 | Method for detecting resistance of HAS-160 algorithm to differential fault attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105703896A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106411496A (en) * | 2016-11-02 | 2017-02-15 | 东华大学 | Method for detecting capability of RIPEMD-160 algorithm in defending differential fault attacks |
CN106850186A (en) * | 2017-01-06 | 2017-06-13 | 东华大学 | The hashing algorithms of SHA 256 resist the detection method of differential fault attack |
CN108055120A (en) * | 2017-12-27 | 2018-05-18 | 东华大学 | A kind of method for detecting AES-OTR algorithms and resisting differential fault attack |
CN109842483A (en) * | 2019-03-18 | 2019-06-04 | 东华大学 | A method of detection AES-JAMBU resists differential fault attack |
CN110768800A (en) * | 2019-10-25 | 2020-02-07 | 东华大学 | Method for detecting OMD algorithm to resist differential fault attack |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104639310A (en) * | 2014-12-31 | 2015-05-20 | 东华大学 | Method for detecting capacity of SHA-1 algorithm for resisting attack of differential fault |
-
2015
- 2015-12-18 CN CN201510960582.2A patent/CN105703896A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104639310A (en) * | 2014-12-31 | 2015-05-20 | 东华大学 | Method for detecting capacity of SHA-1 algorithm for resisting attack of differential fault |
Non-Patent Citations (3)
Title |
---|
RUILIN LI等: "Differential Fault Analysis on SHACAL-1", 《2009 WORKSHOP ON FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY》 * |
李琳等: "KeeLoq和SHACAL-1算法的差分故障攻击", 《武汉大学学报(理学版)》 * |
魏悦川: "分组密码分析方法的基本原理及其应用", 《中国博士学位论文全文数据库信息科技辑》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106411496A (en) * | 2016-11-02 | 2017-02-15 | 东华大学 | Method for detecting capability of RIPEMD-160 algorithm in defending differential fault attacks |
CN106850186A (en) * | 2017-01-06 | 2017-06-13 | 东华大学 | The hashing algorithms of SHA 256 resist the detection method of differential fault attack |
CN108055120A (en) * | 2017-12-27 | 2018-05-18 | 东华大学 | A kind of method for detecting AES-OTR algorithms and resisting differential fault attack |
CN108055120B (en) * | 2017-12-27 | 2021-07-09 | 东华大学 | Method for detecting AES-OTR algorithm to resist differential fault attack |
CN109842483A (en) * | 2019-03-18 | 2019-06-04 | 东华大学 | A method of detection AES-JAMBU resists differential fault attack |
CN110768800A (en) * | 2019-10-25 | 2020-02-07 | 东华大学 | Method for detecting OMD algorithm to resist differential fault attack |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108199832B (en) | Detection method for CLOC authentication encryption algorithm to resist differential fault attack | |
CN105703896A (en) | Method for detecting resistance of HAS-160 algorithm to differential fault attack | |
Prouff et al. | Statistical analysis of second order differential power analysis | |
CN108055120B (en) | Method for detecting AES-OTR algorithm to resist differential fault attack | |
Medwed et al. | Template attacks on ECDSA | |
CN104639310B (en) | A kind of method that detection algorithms of SHA 1 resist differential fault attack | |
Ding et al. | A statistical model for higher order DPA on masked devices | |
CN109842483A (en) | A method of detection AES-JAMBU resists differential fault attack | |
CN104135362A (en) | Availability computing method of data published based on differential privacy | |
Zadeh et al. | Simple power analysis applied to nonlinear feedback shift registers | |
CN102468954B (en) | Method for preventing symmetric cryptographic algorithm from being attacked | |
CN110912672A (en) | Method for detecting resistance of COLM authentication encryption algorithm to differential fault attack | |
Kuroda et al. | Practical aspects on non-profiled deep-learning side-channel attacks against AES software implementation with two types of masking countermeasures including RSM | |
Sun et al. | A property-based testing framework for encryption programs | |
CN112532374A (en) | Method for detecting SILC authentication encryption algorithm to resist differential fault attack | |
CN106411496A (en) | Method for detecting capability of RIPEMD-160 algorithm in defending differential fault attacks | |
KR101981621B1 (en) | System and Method for Key bit Parameter Randomizating of public key cryptography | |
CN112511291A (en) | Method for detecting OCB authentication encryption algorithm to resist differential fault attack | |
CN106850186A (en) | The hashing algorithms of SHA 256 resist the detection method of differential fault attack | |
Hu et al. | Software implementation of aes-128: Side channel attacks based on power traces decomposition | |
CN112468283A (en) | Method for detecting iFeed [ AES ] algorithm to resist differential fault attack | |
Zhang et al. | A novel template attack on wnaf algorithm of ECC | |
Wang et al. | Single-Trace Side-Channel Attacks on CRYSTALS-Dilithium: Myth or Reality? | |
Echandouri et al. | SEC-CMAC a new message authentication code based on the symmetrical evolutionist ciphering algorithm | |
Al-humaikani et al. | A review on the verification approaches and tools used to verify the correctness of security algorithms and protocols |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination |