CN109583235B - Method and system for obtaining secret key in password chip - Google Patents

Method and system for obtaining secret key in password chip Download PDF

Info

Publication number
CN109583235B
CN109583235B CN201811474308.4A CN201811474308A CN109583235B CN 109583235 B CN109583235 B CN 109583235B CN 201811474308 A CN201811474308 A CN 201811474308A CN 109583235 B CN109583235 B CN 109583235B
Authority
CN
China
Prior art keywords
linear regression
key
plaintext
group
energy trace
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811474308.4A
Other languages
Chinese (zh)
Other versions
CN109583235A (en
Inventor
傅山
魏凡星
国炜
潘娟
李煜光
王嘉义
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Academy of Information and Communications Technology CAICT
Original Assignee
China Academy of Information and Communications Technology CAICT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Academy of Information and Communications Technology CAICT filed Critical China Academy of Information and Communications Technology CAICT
Priority to CN201811474308.4A priority Critical patent/CN109583235B/en
Publication of CN109583235A publication Critical patent/CN109583235A/en
Application granted granted Critical
Publication of CN109583235B publication Critical patent/CN109583235B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Complex Calculations (AREA)

Abstract

The invention provides a method and a system for acquiring a secret key in a cryptographic chip, which can effectively improve the efficiency of secret key recovery by using a multivariate linear regression method, can recover a plurality of bits of the obtained secret key at the same time no matter how long the secret key is, quickens the speed of secret key analysis, saves detection time and improves detection efficiency compared with the traditional single-bit analysis method, and have remarkable advantages. Meanwhile, the invention utilizes the method of multiple linear regression to carry out energy analysis, the change of round output does not influence the correlation between the intermediate value and the energy trace, the analysis method is very effective to the cryptographic algorithm using the mask, the success rate of attack can be greatly improved, in addition, the invention also has very strong expandability, and is also applicable to the cryptographic algorithms with similar algorithm structures.

Description

Method and system for obtaining secret key in password chip
Technical Field
The present invention relates to a key obtaining technology in a cryptographic chip, and more particularly, to a method and a system for obtaining a key in a cryptographic chip.
Background
The password device is a physical device carrier on which the password chip depends, and the password chip has strong functions of authenticating and storing confidential information and is widely applied to the aspects of telecommunication, finance, social security and the like. When the cryptographic equipment runs the encryption operation, the cryptographic equipment will have physical interaction with the working environment where the cryptographic equipment is located, and will also be influenced by the working environment. This interaction may be exploited by an attacker to generate information that facilitates cryptanalysis, referred to as "side information" and attacks that exploit side information are referred to as side channel analysis. The side channel analysis obtains intermediate information in the operation process of the cryptographic algorithm by using physical information (such as electromagnetism and power consumption) in the operation process of the chip, and can recover a longer key in a segmented manner.
The detection method of the side channel can avoid the complex design of the chip, collect the externally leaked information, and carry out energy attack by utilizing the correlation between the instantaneous energy consumed by the password chip and the execution operation or the operated data thereof. At present, the existing energy analysis method at home and abroad is related performance analysis (CPA). However, the attack method has limitations, for example, because the value obtained by the actual energy trace calculation is an intermediate value obtained by performing linear and nonlinear transformation after the actual key is xored with the mask, the actual information of the key is difficult to derive through the intermediate value, and therefore, the cryptographic algorithm can effectively resist the energy analysis attack after the mask is used. And in many scenes, the key can hardly be obtained successfully by the traditional CPA means, such as a leakage scene in the process of attacking the XOR operation and a scene of selecting plaintext attack by grouping password wheel output.
Therefore, it is desirable to provide a key obtaining method in a cryptographic chip to solve at least one of the above problems.
Disclosure of Invention
In order to solve the problems that the traditional CPA method can not analyze the cryptographic algorithm using the mask code and can not successfully obtain the key in many scenes, the invention provides a method and a system for obtaining the key in the cryptographic chip,
in some embodiments, a method for obtaining a key in a cryptographic chip includes:
providing a plurality of groups of plaintexts to be encrypted, and respectively recording energy traces generated when the cryptographic equipment provided with the cryptographic chip performs encryption operation on each group of plaintexts; wherein each set of plaintext has the same bits as the key;
according to each energy trace, establishing an energy trace multiple linear regression model corresponding to each group of plaintext one by one, and calculating a correlation coefficient of each energy trace multiple linear regression model; each energy trace multi-linear model comprises a multi-linear regression formula corresponding to each bit one to one;
determining the key according to a linear regression coefficient set in an energy trace multiple linear model corresponding to a group of plaintext with the maximum correlation coefficient; and the linear regression coefficient set consists of linear regression coefficients of all multiple linear regression formulas in the corresponding energy trace multiple linear model.
In some embodiments, the determining the key according to the linear regression coefficient set in the energy trace multiple linear model corresponding to the group of plaintext with the largest correlation coefficient includes:
judging whether the value of the linear regression coefficient in each multiple linear regression formula in the energy trace multiple linear model corresponding to the group of plaintext with the maximum correlation coefficient is a positive number;
defining a hypothetical key according to the judgment result;
negating the hypothetical key, verifying the hypothetical key and the negated hypothetical key respectively by using a hamming weight model and an energy trace corresponding to a set of plain texts with the maximum correlation, determining the correct key,
the Hamming weight model is a model representing the corresponding relation between the energy trace of each group of plaintext and the group of plaintext, the key in the cryptographic chip, the quantization coefficient and the noise.
In certain embodiments, the method further comprises:
and selecting a linear regression coefficient set in the energy trace multiple linear model corresponding to the group of the plaintext with the maximum correlation coefficient.
In some embodiments, the selecting the set of linear regression coefficients in the set of plaintext corresponding energy trace multiple linear models with the largest correlation coefficient includes:
establishing a numerical matrix formed by the plaintext numerical values of each bit of each group of plaintext;
according to the energy trace of each group of plaintext, taking the numerical matrix as a numerical matrix of a multiple linear regression model to obtain a linear regression coefficient set in the energy trace multiple linear model corresponding to each group of plaintext;
and selecting a linear regression coefficient set corresponding to the group of the plaintexts with the maximum correlation coefficient from the linear regression coefficient sets in the energy trace multiple linear models corresponding to each group of the plaintexts.
In some embodiments, the calculating the correlation coefficient of each energy trace multiple linear regression model comprises:
and calculating the correlation coefficient of the multiple linear regression model of each energy trace one by adopting a least square method according to the point on the energy trace corresponding to each bit.
In some embodiments, a system for obtaining a key in a cryptographic chip, comprises:
the providing module is used for providing a plurality of groups of plaintexts to be encrypted and respectively recording energy traces generated when the cryptographic equipment provided with the cryptographic chip performs encryption operation on each group of plaintexts; wherein each set of plaintext has the same bits as the key;
the model establishing module is used for establishing an energy trace multiple linear regression model which corresponds to each group of plaintext one by one according to each energy trace and calculating a correlation coefficient of each energy trace multiple linear regression model; each energy trace multi-linear model comprises a multi-linear regression formula corresponding to each bit one to one;
the determining module is used for determining the key according to a linear regression coefficient set in the energy trace multi-linear model corresponding to a group of plaintext with the maximum correlation coefficient; and the linear regression coefficient set consists of linear regression coefficients of all multiple linear regression formulas in the corresponding energy trace multiple linear model.
In some embodiments, the determining module comprises:
the judging unit is used for judging whether the value of the linear regression coefficient in each multiple linear regression formula in the energy trace multiple linear model corresponding to the group of plaintext with the maximum correlation coefficient is a positive number or not;
a hypothetical key defining unit that defines a hypothetical key based on the determination result;
the key verification unit is used for negating the assumed key, verifying the assumed key and the negated assumed key respectively by utilizing a Hamming weight model and an energy trail corresponding to a group of plain texts with the maximum correlation, and determining the correct key;
the Hamming weight model is a model representing the corresponding relation between the energy trace of each group of plaintext and the group of plaintext, the key in the cryptographic chip, the quantization coefficient and the noise.
In certain embodiments, the system further comprises:
the selection module is used for selecting a linear regression coefficient set in the energy trace multi-linear model corresponding to the group of the plaintext with the maximum correlation coefficient;
in some embodiments, the selecting module comprises:
a numerical matrix establishing unit for establishing a numerical matrix formed by the plaintext numerical values of each bit of each group of the plaintext;
the coefficient set acquisition unit is used for acquiring a linear regression coefficient set in an energy trace multi-linear model corresponding to each group of plaintext according to the numerical matrix and the energy trace of each group of plaintext;
and the coefficient set selecting unit selects a linear regression coefficient set corresponding to a group of plaintexts with the maximum correlation coefficient from the linear regression coefficient sets in the energy trace multi-linear model corresponding to each group of plaintexts.
In some embodiments, the model building module calculates the correlation coefficient of the multiple linear regression model of each energy trace one by using a least square method according to the point on the energy trace corresponding to each bit.
In some embodiments, a computer device comprises a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the key obtaining method in the cryptographic chip as described above when executing the program.
In certain embodiments, a computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the key acquisition method in a cryptographic chip as described above.
The invention has the advantages of
The invention provides a method and a system for obtaining a secret key in a cryptographic chip, which can effectively improve the efficiency of secret key recovery by utilizing a multivariate linear regression method, can recover a plurality of bits of the obtained secret key at the same time no matter how long the secret key is, quickens the speed of secret key analysis, saves detection time, improves detection efficiency and has obvious advantages compared with the traditional single-bit analysis method. Meanwhile, the invention utilizes the method of multiple linear regression to carry out energy analysis, the change of round output does not influence the correlation between the intermediate value and the energy trace, the analysis method is very effective to the cryptographic algorithm using the mask, the success rate of attack can be greatly improved, in addition, the invention also has very strong expandability, and is also applicable to the cryptographic algorithms with similar algorithm structures.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart illustrating a key obtaining method in a cryptographic chip according to an embodiment of the present invention.
Fig. 2 is a flow chart illustrating one sub-step of a key obtaining method in a cryptographic chip according to an embodiment of the present invention.
Fig. 3 shows a detailed flowchart of step S3 in fig. 1.
Fig. 4 is a schematic structural diagram illustrating a key obtaining system in a cryptographic chip according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of one subsystem of a key obtaining method in a cryptographic chip according to an embodiment of the present invention.
Fig. 6 is a schematic diagram illustrating a specific structure of the determination module 300 in fig. 4.
FIG. 7 illustrates a schematic block diagram of a computer device suitable for use in implementing embodiments of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
At present, the existing energy analysis method at home and abroad is related performance analysis (CPA), the CPA attack technology utilizes the pearson correlation coefficient in statistics to carry out analysis attack, and the attack process is described as follows:
1) in the cipher chip system, n groups of different plaintext (ciphertext) data and a real key are encrypted (decrypted) and energy consumption of the cipher equipment is obtained and is recorded as T.
2) And generating a corresponding intermediate value by guessing the key, and calculating to obtain the assumed energy consumption, namely D, according to the leakage of the Hamming weight or the Hamming distance of the intermediate value.
3) The linear correlation coefficient of the assumed energy consumption and the measured energy trace is calculated according to the following formula.
Figure BDA0001891809290000051
In the formula (1), E () represents averaging, and Var () represents variance. The range of p is [ -1,1], and when p is the maximum of absolute values, i.e. assuming that the linear correlation (i.e. correlation coefficient p) between the energy consumption and the actually measured energy trace is the maximum, the guessed key corresponding to D is the correct key.
The CPA attack method has its limitations, for example, when the cryptographic algorithm uses a mask, it can effectively resist the energy analysis attack, because the value obtained by the actual energy trace calculation is the intermediate value obtained by the xor between the actual key and the mask and the linear and nonlinear transformation, and it is difficult to derive the true information of the key through the intermediate value. And in many scenarios, the key can hardly be obtained successfully by the traditional CPA means, such as a leakage scenario of attacking the xor operation process and a scenario of selecting plaintext attack by grouping the password wheel output. In addition, the current CPA method can only crack the value of each bit in the key one by one, when the number of bits of the key reaches 64 bits, it may take more than 3 days to obtain the complete key, and when the number of bits of the key reaches 128 bits, the current CPA method cannot obtain the complete key.
The method aims to solve the problems that the traditional CPA attack means can not acquire the key using the mask and the traditional CPA attack means can not successfully acquire the key in a complex scene or when the bit number of the key is too large at present. The application provides a method and a system for obtaining a secret key in a cryptographic chip, and further provides electronic equipment and a computer storage medium for realizing the method for obtaining the secret key in the cryptographic chip.
In the method, the efficiency of recovering the key can be effectively improved by using a multiple linear regression method, and no matter how long the key is, a plurality of bits of the key can be recovered simultaneously. Meanwhile, the invention utilizes the method of multiple linear regression to carry out energy analysis, the change of round output does not influence the correlation between the intermediate value and the energy trace, the analysis method is very effective to the cryptographic algorithm using the mask, the success rate of attack can be greatly improved, in addition, the invention also has very strong expandability, and is also applicable to the cryptographic algorithms with similar algorithm structures.
As an example, a key obtaining method in a cryptographic chip, as shown in fig. 1, includes:
and S1, providing a plurality of groups of plaintexts to be encrypted, and respectively recording energy traces generated by the encryption operation of the cryptographic equipment equipped with the cryptographic chip on each group of plaintexts.
In step S1, each set of plaintext has the same bits as the key. The energy trace in the present application can be known from the prior art known in the art, and when an encryption or decryption operation is performed on a cryptographic device, the generated energy consumption corresponds to a curve formed by each bit. Hereinafter, the symbol "T" is used.
In a key acquisition scenario, first N sets of plaintext are randomly given, which may be block plaintext, for example, giving a length NX (i.e., a value representing the result of multiplying N by X) of plaintext divided into N blocks, where each block of plaintext has the same number of bits corresponding to a key in the block plaintext as is well known in the art. Obviously, in this embodiment, the number of bits of the key and each set of plaintext is X.
In another embodiment, each of the N randomly presented plaintext blocks is a complete plaintext block. The application is not limited herein.
And encrypting the provided plaintext by adopting a secret key in the cipher chip, and recording the energy consumption in the encryption operation process. Since the encryption process is run bit by bit, the energy trace can show the energy consumption value of each bit.
And S2, establishing an energy trace multiple linear regression model corresponding to each group of plaintext one by one according to each energy trace, and calculating a correlation coefficient of each energy trace multiple linear regression model.
In step S2, each energy trace multiple linear model includes multiple linear regression formulas corresponding to each bit.
In one embodiment, the calculation may be performed by a hamming weight model, where hamming weight is the hamming distance of a string relative to a zero string of the same length. In terms of calculation, the hamming weight of a character string is the number of non-zero elements in the character string. For a commonly used binary string, the number of the digits 1 in the string is the same. In the present application, a hamming weight model is a model representing the correspondence between the energy trace of each set of plaintext and the set of plaintext, the key in the cryptographic chip, the quantization coefficient, and the noise.
Expressed by specific examples, the hamming weight model is:
Figure BDA0001891809290000071
in this model, T represents the energy trace and a represents the quantityAnd quantizing coefficients, wherein the quantizing coefficients correspond to each bit one by one, and the quantizing coefficients of two bits are not necessarily related, that is, the quantizing coefficients of any two bits can be the same or different. HW represents the weight of the hamming weight,
Figure BDA0001891809290000072
expressing the XOR operator, and the algorithm is as follows:
Figure BDA0001891809290000073
in the above model, c represents the energy consumption of the constant, and the energy consumption generated when the cryptographic device performs the encryption operation is divided into two aspects, one is the energy consumption for performing the encryption operation, the other is the energy consumption of the cryptographic device itself, for example, the energy consumption of the resistor of the internal circuit of the cryptographic device, and the energy consumption of the constant is a fixed value, and the energy consumption of the constant inevitably occurs as long as the device operates.
k is a key, and the key is a binary code, i.e. composed of "0" and "1", for example, taking a certain 4-bit key as an example, the key k is 1010, i.e. the corresponding k [ j ] is [1,0,1,0 ]. σ is noise.
m is the plaintext of the set, and for n bits, m ═ m [ n ]],m[n-1],...,m[1]),T=(T1,T2,…,Tn)
The multiple linear regression formula in this example is Tj=βj0j1m[1]+…+βjnm[n]. I.e. for each bit 1-n on the energy trace, corresponding to T1~Tn. Wherein, betaj=(βj0j1,…,βjn)TThat is, each multiple linear regression formula can be abbreviated as Tj=βjm,βjIs the linear regression coefficient of the multiple linear regression formula with the j th bit. In this embodiment, each energy trace multivariate linear model is: t ═ T (T)0,T1,…,Tn)TThat is, the i-th group of plaintext corresponds to an energy trace multivariate linear model of Ti=(Ti0,Ti1,…,Tin)T
The correlation coefficient is a statistical index reflecting the closeness of correlation between variables, and in general, in practical applications, the correlation coefficient is obtained by calculating a covariance and a standard deviation, for example, the pearson correlation coefficient (Px, Y) of two continuous variables (X, Y) is equal to the product (σ X, σ Y) of the covariance cov (X, Y) between them divided by their respective standard deviations. In the multiple linear regression formula, the correlation coefficient is obtained by the least square method, and the correlation coefficient in this embodiment can be expressed as:
Figure BDA0001891809290000081
where j denotes the jth bit, TjCalculating the energy consumption value on the energy trace corresponding to the jth bit by calculating the R corresponding to each group of plain texts2Obtaining N groups R2I.e. R1 2-RN 2Selecting one R with the largest value2Is denoted as Rb 2. I.e. the corresponding plaintext block is b block.
And S3, determining the key according to the linear regression coefficient set in the energy trace multiple linear model corresponding to the group of plaintext with the maximum correlation coefficient.
In step S3, the linear regression coefficient set in the energy trace multiple linear model is composed of the linear regression coefficients of all multiple linear regression formulas in the model.
It can be understood from the above description that the linear regression coefficient set in the multivariate linear model corresponding to the ith group of plain texts is βi=(βi1i2,…,βin)T
In one embodiment, the linear regression coefficient β in the linear regression formula corresponding to each bit of the ith group of plaintext is calculated by first calculating a set of linear regression coefficientsij
In one embodiment, before step S3, S4 is performed to select the set of linear regression coefficients in the set of plaintext corresponding energy trace multivariate linear models with the largest correlation coefficient. As shown in fig. 2, the selecting step S4 includes:
s41, establishing a numerical matrix formed by the plaintext numerical values of each bit of each group of plaintext;
s42, obtaining a linear regression coefficient set in the energy trace multiple linear model corresponding to each group of plaintext according to the numerical matrix and the energy trace of each group of plaintext;
and S43, selecting the linear regression coefficient set corresponding to the group of the plaintexts with the maximum correlation coefficient from the linear regression coefficient sets in the energy trace multiple linear models corresponding to each group of the plaintexts.
In one embodiment, the overall regression coefficient with N samples (i.e. N sets of plaintext, one sample per set of plaintext) can be calculated in the matrix formed by the linear regression models of all energy traces
Figure BDA0001891809290000082
Wherein M represents a numerical matrix in the multiple linear regression model,
Figure BDA0001891809290000083
the above-mentioned overall regression coefficient is represented,
Figure BDA0001891809290000084
a matrix formed by the coefficient sets in the energy trace multiple regression model corresponding to each group of plaintext,
Figure BDA0001891809290000085
the matrix of values M is shown below:
Figure BDA0001891809290000091
where N represents N sets of plaintext and N represents a bit of each set of plaintext. I.e., M represents a matrix of plaintext values for each bit of all plaintext. Since all plaintext is a known variable provided. Therefore, M is also known. Thereby can calculate
Figure BDA0001891809290000092
Due to the fact that
Figure BDA0001891809290000093
Is a matrix formed by linear regression coefficient sets corresponding to N groups of plain texts, so that
Figure BDA0001891809290000094
When known, the matrix beta formed by the linear regression coefficient set corresponding to each group of plaintext12,…,βnAre known, whereby each bit corresponds to a linear regression coefficient β in the linear regression formulaijAre all known.
As shown in fig. 3, step S3 specifically includes:
s31, judging whether the value of the linear regression coefficient in each multiple linear regression formula in the energy trace multiple linear model corresponding to the group of plaintext with the maximum correlation coefficient is a positive number;
and S32, defining a hypothesis key according to the judgment result.
Specifically, if yes, the value of the key corresponding to the bit is defined as 0, and if no, the value of the key corresponding to the bit is defined as 1, so that the assumed key is correspondingly obtained. Selecting the group of cleartext with the maximum correlation coefficient, and combining the linear regression coefficient beta in the linear regression formula corresponding to each bit of the group of cleartext calculated in the previous stepijThe linear regression coefficient beta in the linear regression formula corresponding to each bit in the group of plaintext with the largest correlation coefficient can be foundbj. By judging betabjIf it is positive, determining the assumed key when beta isbjIf the value is greater than 0, the value of the corresponding bit of the key is assumed to be 0, and when the value is betabjAssume that the value of the corresponding bit of the key is 1. For example, in a 4-bit key, βb1Greater than 0, betab2Less than 0, betab3Greater than 0, betab4Less than 0, the hypothetical key thus obtained is 0101.
The key obtained by the above method (i.e. the assumed key) may or may not be the correct key, but is assumed to be the inverse of the correct key. Also taking 0101 as an example of the hypothetical key, the inverse of the hypothetical key, i.e., 1010, needs to be calculated. Then an assumed key 0101 is obtained at this point, as well as a inverse of the assumed key 1010.
And S33, negating the assumed key, and respectively verifying the assumed key and the negated assumed key by utilizing a Hamming weight model and an energy trail corresponding to a group of plain texts with the maximum correlation to determine the correct key.
In combination with the hamming weight model described above, it can be seen that k [ j ] ═ 0,1, or 1,0,1, 0. These two keys (i.e., 0101 and 1010) are respectively introduced into the hamming weight model, since T is known, k [ j ], m [ j ], σ and c are known, and although a is unknown, a corresponds to each bit, but k [ j ] ═ 0,1, or 1,0,1,0 can be introduced into the hamming weight model for verification, so as to determine the correct key, which is the assumed key or the inverse of the assumed key. This way the key in the cryptographic chip is obtained.
Obviously, the method can calculate the values of the key bytes of all the bits at the same time, the value of the key byte of each bit does not need to be calculated one by one, the efficiency of recovering the key can be effectively improved, no matter how long the key is, a plurality of bits of the key can be recovered at the same time, the analysis efficiency is improved greatly compared with that of the traditional single bit, the method has the advantages of saving the detection time and improving the detection efficiency. Meanwhile, the invention utilizes the method of multiple linear regression to carry out energy analysis, the correlation between the intermediate value and the energy trace cannot be influenced by the change of round output, and the analysis method is very effective to the cryptographic algorithm using the mask code and can greatly improve the success rate of attack. In addition, the method has strong expandability and is also applicable to cryptographic algorithms with similar algorithm structures.
Based on the same inventive concept, the second aspect of the present application provides a system for acquiring a key of a cryptographic chip. As shown in fig. 4, includes:
a providing module 100, configured to provide multiple groups of plaintext to be encrypted, and respectively record an energy trace generated when a cryptographic device equipped with the cryptographic chip performs an encryption operation on each group of plaintext, where each group of plaintext has the same number of bits as the secret key;
the model establishing module 200 is used for establishing an energy trace multiple linear regression model corresponding to each group of plaintext one by one according to each energy trace and calculating a correlation coefficient of the energy trace multiple linear regression model, wherein each energy trace multiple linear model comprises a multiple linear regression formula corresponding to each bit one by one;
the determining module 300 determines the key according to a linear regression coefficient set in an energy trace multiple linear model corresponding to a group of plaintext with the largest correlation coefficient, wherein the linear regression coefficient set in the energy trace multiple linear model is composed of linear regression coefficients of all multiple linear regression formulas in the model.
In a specific embodiment, the system further comprises:
the selection module is used for selecting a linear regression coefficient set in the energy trace multi-linear model corresponding to the group of the plaintext with the maximum correlation coefficient;
as shown in fig. 5, the selecting module includes:
a numerical matrix establishing unit 401 that establishes a numerical matrix formed by the plaintext numerical values of each bit of each group of plaintext;
a coefficient set obtaining unit 402, configured to obtain a linear regression coefficient set in an energy trace multiple linear model corresponding to each group of plaintext according to the numerical matrix and the energy trace of each group of plaintext;
coefficient set selection section 403 selects a linear regression coefficient set corresponding to the plaintext with the largest correlation coefficient from the linear regression coefficient sets in the energy trace multiple linear model corresponding to each group of plaintext.
Furthermore, as shown in fig. 6, the determining module 300 includes:
the judging unit is used for judging whether the value of the linear regression coefficient in each multiple linear regression formula in the energy trace multiple linear model corresponding to the group of plaintext with the maximum correlation coefficient is a positive number or not;
and an assumed key acquisition unit that defines an assumed key based on the determination result.
In one embodiment, if yes, the value of the key corresponding to the bit is 0, and if no, the value of the key corresponding to the bit is 1, so as to obtain the assumed key correspondingly;
and the key verification unit is used for negating the assumed key, verifying the assumed key and the negated assumed key respectively by utilizing a Hamming weight model and an energy trail corresponding to a group of plain texts with the maximum correlation, and determining the correct key.
The above systems are described in detail below with reference to specific examples.
In a key acquisition scenario, N sets of plaintext are first randomly presented, which may be block plaintext, for example, presenting a length NX (i.e., a value representing the result of multiplying N by X) of plaintext, where each block of plaintext has the same number of bits corresponding to a key in the block plaintext as is known in the art. Obviously, in this embodiment, the number of bits of the key and each set of plaintext is X.
In another embodiment, each of the N randomly presented plaintext blocks is a complete plaintext block. The application is not limited herein.
And encrypting the provided plaintext by adopting a secret key in the cipher chip, and recording the energy consumption in the encryption operation process. Since the encryption process is performed bit by bit, the energy trace may show the energy consumption value of each bit, for example, a graph may be used to show the energy consumption value, where the abscissa is each bit and the ordinate is the corresponding energy consumption value, so as to obtain the energy trace in the present application.
The hamming weight is the hamming distance of a string relative to a zero string of the same length. In terms of calculation, the hamming weight of a character string is the number of non-zero elements in the character string. For a commonly used binary string, the number of the digits 1 in the string is the same. In the present application, a hamming weight model is a model representing the correspondence between the energy trace of each set of plaintext and the set of plaintext, the key in the cryptographic chip, the quantization coefficient, and the noise.
Expressed by specific examples, the hamming weight model is:
Figure BDA0001891809290000111
in the model, T represents an energy trace, a represents a quantization coefficient, the quantization coefficient corresponds to each bit one by one, and the quantization coefficients of two bits are not necessarily related, namely the quantization coefficients of any two bits can be the same or different. HW represents the weight of the hamming weight,
Figure BDA0001891809290000121
expressing the XOR operator, and the algorithm is as follows:
Figure BDA0001891809290000122
in the above model, c represents the energy consumption of the constant, and the energy consumption generated when the cryptographic device performs the encryption operation is divided into two aspects, one is the energy consumption for performing the encryption operation, the other is the energy consumption of the cryptographic device itself, for example, the energy consumption of the resistor of the internal circuit of the cryptographic device, and the energy consumption of the constant is a fixed value, and the energy consumption of the constant inevitably occurs as long as the device operates.
k is a key, and the key is a binary code, i.e. composed of "0" and "1", for example, taking a certain 4-bit key as an example, the key k is 1010, i.e. the corresponding k [ j ] is [1,0,1,0 ]. σ is noise.
m is the plaintext of the set, and for n bits, m ═ m [ n ]],m[n-1],...,m[1]),T=(T1,T2,…,Tn)
The multiple linear regression formula in this example is Tj=βj0j1m[1]+…+βjnm[n]. I.e. for each bit 1-n on the energy trace, corresponding to T1~Tn. Wherein, betaj=(βj0j1,…,βjn)TThat is, each multiple linear regression formula can be abbreviated as Tj=βjm,βjIs the linear regression coefficient of the multiple linear regression formula with the j th bit. In this embodiment, each energy trace multivariate linear model is: t ═ T (T)0,T1,…,Tn)TThat is, the i-th group of plaintext corresponds to an energy trace multivariate linear model of Ti=(Ti0,Ti1,…,Tin)T
It can be understood from the above description that the linear regression coefficient set in the multivariate linear model corresponding to the ith group of plain texts is βi=(βi1i2,…,βin)T
In one embodiment, the linear regression coefficient β in the linear regression formula corresponding to each bit of the ith group of plaintext is calculated by first calculating a set of linear regression coefficientsij
The overall regression coefficient with the number of samples N (namely N groups of plaintext, wherein each group of plaintext is one sample) can be calculated and obtained in a matrix formed by all energy trace linear regression models
Figure BDA0001891809290000123
Wherein M represents a numerical matrix in the multiple linear regression model,
Figure BDA0001891809290000124
the above-mentioned overall regression coefficient is represented,
Figure BDA0001891809290000125
a matrix formed by the coefficient sets in the energy trace multiple regression model corresponding to each group of plaintext,
Figure BDA0001891809290000126
the matrix of values M is shown below:
Figure BDA0001891809290000131
where N represents N sets of plaintext and N represents a bit of each set of plaintext. I.e., M represents a matrix of plaintext values for each bit of all plaintext. Since all plaintext is a known variable provided. Therefore, M is also known. Thereby can calculate
Figure BDA0001891809290000132
Due to the fact that
Figure BDA0001891809290000133
Is a matrix formed by linear regression coefficient sets corresponding to N groups of plain texts, so that
Figure BDA0001891809290000134
When known, the matrix beta formed by the linear regression coefficient set corresponding to each group of plaintext12,…,βnAre known, whereby each bit corresponds to a linear regression coefficient β in the linear regression formulaijAre all known.
The correlation coefficient is a statistical index reflecting the closeness of correlation between variables, and in general, in practical applications, the correlation coefficient is obtained by calculating a covariance and a standard deviation, for example, the pearson correlation coefficient (Px, Y) of two continuous variables (X, Y) is equal to the product (σ X, σ Y) of the covariance cov (X, Y) between them divided by their respective standard deviations. In the multiple linear regression formula, the correlation coefficient is obtained by the least square method, and the correlation coefficient in this embodiment can be expressed as:
Figure BDA0001891809290000135
where j denotes the jth bit, TjCalculating the energy consumption value on the energy trace corresponding to the jth bit by calculating the R corresponding to each group of plain texts2Obtaining N groups R2I.e. R1 2-RN 2Selecting one R with the largest value2Is denoted as Rb 2. I.e. the corresponding plaintext block is b block.
Then, bySelecting the group of plaintext with the largest correlation coefficient, and combining the linear regression coefficient beta in the linear regression formula corresponding to each bit of the group of plaintext calculated beforeijThe linear regression coefficient beta in the linear regression formula corresponding to each bit in the group of plaintext with the largest correlation coefficient can be foundbj. By judging betabjIf it is positive, determining the assumed key when beta isbjIf the value is greater than 0, the value of the corresponding bit of the key is assumed to be 0, and when the value is betabjAssume that the value of the corresponding bit of the key is 1. For example, in a 4-bit key, βb1Greater than 0, betab2Less than 0, betab3Greater than 0, betab4Less than 0, the hypothetical key thus obtained is 0101.
The key obtained in the above manner (i.e., the assumed key) may or may not be the correct key, but rather the inverse of the assumed key is the correct key. Also taking 0101 as an example of the hypothetical key, the inverse of the hypothetical key, i.e., 1010, needs to be calculated. Then an assumed key 0101 is obtained at this point, as well as a inverse of the assumed key 1010.
In combination with the hamming weight model described above, it can be seen that k [ j ] ═ 0,1, or 1,0,1, 0. These two keys (i.e., 0101 and 1010) are respectively introduced into the hamming weight model, since T is known, k [ j ], m [ j ], σ and c are known, and although a is unknown, a corresponds to each bit, but k [ j ] ═ 0,1, or 1,0,1,0 can be introduced into the hamming weight model for verification, so as to determine the correct key, which is the assumed key or the inverse of the assumed key. This way the key in the cryptographic chip is obtained.
Obviously, the system can calculate the values of the key bytes of all the bits simultaneously, the value of the key byte of each bit does not need to be calculated one by one, the efficiency of key recovery can be effectively improved, no matter how long the key is, a plurality of bits of the key can be recovered simultaneously, the analysis efficiency is improved greatly compared with that of the traditional single bit, the system has the obvious advantages of saving the detection time and improving the detection efficiency. Meanwhile, the invention utilizes the method of multiple linear regression to carry out energy analysis, the correlation between the intermediate value and the energy trace cannot be influenced by the change of round output, and the analysis method is very effective to the cryptographic algorithm using the mask code and can greatly improve the success rate of attack. In addition, the method has strong expandability and is also applicable to cryptographic algorithms with similar algorithm structures.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer device, which may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
In a typical example, the computer device specifically comprises a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method performed by the client as described above when executing the program, or the processor implementing the method performed by the server as described above when executing the program.
Referring now to FIG. 7, shown is a schematic block diagram of a computer device 700 suitable for use in implementing embodiments of the present application.
As shown in fig. 7, the computer device 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate works and processes according to a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM)) 703. In the RAM703, various programs and data necessary for the operation of the system 700 are also stored. The CPU701, the ROM702, and the RAM703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 706 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted as necessary in the storage section 708.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (12)

1. A method for obtaining a key in a cryptographic chip is characterized by comprising the following steps:
providing a plurality of groups of plaintexts to be encrypted, and respectively recording energy traces generated when the cryptographic equipment provided with the cryptographic chip performs encryption operation on each group of plaintexts; wherein each set of plaintext has the same bits as the key;
according to each energy trace, establishing an energy trace multiple linear regression model corresponding to each group of plaintext one by one, and calculating a correlation coefficient of each energy trace multiple linear regression model; each energy trace multi-linear model comprises a multi-linear regression formula corresponding to each bit one to one;
determining the key according to a linear regression coefficient set in an energy trace multiple linear model corresponding to a group of plaintext with the maximum correlation coefficient; and the linear regression coefficient set consists of linear regression coefficients of all multiple linear regression formulas in the corresponding energy trace multiple linear model.
2. The method of claim 1, wherein determining the key according to a linear regression coefficient set in an energy trace multiple linear model corresponding to a set of plaintext with the largest correlation coefficient comprises:
judging whether the value of the linear regression coefficient in each multiple linear regression formula in the energy trace multiple linear model corresponding to the group of plaintext with the maximum correlation coefficient is a positive number;
defining a hypothetical key according to the judgment result;
negating the hypothetical key, verifying the hypothetical key and the negated hypothetical key respectively by using a hamming weight model and an energy trace corresponding to a set of plain texts with the maximum correlation, determining the correct key,
the Hamming weight model is a model representing the corresponding relation between the energy trace of each group of plaintext and the group of plaintext, the key in the cryptographic chip, the quantization coefficient and the noise.
3. The method of claim 1, further comprising:
and selecting a linear regression coefficient set in the energy trace multiple linear model corresponding to the group of the plaintext with the maximum correlation coefficient.
4. The method of claim 3, wherein selecting the set of linear regression coefficients in the set of plaintext corresponding energy trace multivariate linear models with the largest correlation coefficient comprises:
establishing a numerical matrix formed by the plaintext numerical values of each bit of each group of plaintext;
according to the energy trace of each group of plaintext, taking the numerical matrix as a numerical matrix of a multiple linear regression model to obtain a linear regression coefficient set in the energy trace multiple linear model corresponding to each group of plaintext;
and selecting a linear regression coefficient set corresponding to the group of the plaintexts with the maximum correlation coefficient from the linear regression coefficient sets in the energy trace multiple linear models corresponding to each group of the plaintexts.
5. The method of claim 1, wherein the calculating the correlation coefficient for each energy trace multiple linear regression model comprises:
and calculating the correlation coefficient of the multiple linear regression model of each energy trace one by adopting a least square method according to the point on the energy trace corresponding to each bit.
6. A system for obtaining a key in a cryptographic chip, comprising:
the providing module is used for providing a plurality of groups of plaintexts to be encrypted and respectively recording energy traces generated when the cryptographic equipment provided with the cryptographic chip performs encryption operation on each group of plaintexts; wherein each set of plaintext has the same bits as the key;
the model establishing module is used for establishing an energy trace multiple linear regression model which corresponds to each group of plaintext one by one according to each energy trace and calculating a correlation coefficient of each energy trace multiple linear regression model; each energy trace multi-linear model comprises a multi-linear regression formula corresponding to each bit one to one;
the determining module is used for determining the key according to a linear regression coefficient set in the energy trace multi-linear model corresponding to a group of plaintext with the maximum correlation coefficient; and the linear regression coefficient set consists of linear regression coefficients of all multiple linear regression formulas in the corresponding energy trace multiple linear model.
7. The system of claim 6, wherein the determining module comprises:
the judging unit is used for judging whether the value of the linear regression coefficient in each multiple linear regression formula in the energy trace multiple linear model corresponding to the group of plaintext with the maximum correlation coefficient is a positive number or not;
a hypothetical key defining unit that defines a hypothetical key based on the determination result;
the key verification unit is used for negating the assumed key, verifying the assumed key and the negated assumed key respectively by utilizing a Hamming weight model and an energy trail corresponding to a group of plain texts with the maximum correlation, and determining the correct key;
the Hamming weight model is a model representing the corresponding relation between the energy trace of each group of plaintext and the group of plaintext, the key in the cryptographic chip, the quantization coefficient and the noise.
8. The system of claim 6, further comprising:
and the selection module selects a linear regression coefficient set in the energy trace multi-linear model corresponding to the group of the plain texts with the maximum correlation coefficient.
9. The system of claim 8, wherein the selection module comprises:
a numerical matrix establishing unit for establishing a numerical matrix formed by the plaintext numerical values of each bit of each group of the plaintext;
the coefficient set acquisition unit is used for acquiring a linear regression coefficient set in an energy trace multi-linear model corresponding to each group of plaintext according to the numerical matrix and the energy trace of each group of plaintext;
and the coefficient set selecting unit selects a linear regression coefficient set corresponding to a group of plaintexts with the maximum correlation coefficient from the linear regression coefficient sets in the energy trace multi-linear model corresponding to each group of plaintexts.
10. The system according to claim 6, wherein the model building module calculates the correlation coefficient of the multiple linear regression model of each energy trace one by using a least square method according to the point on the energy trace corresponding to each bit.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the key derivation method in the cryptographic chip of any one of claims 1 to 5 when executing the program.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the key obtaining method in the cryptographic chip of any one of claims 1 to 5.
CN201811474308.4A 2018-12-04 2018-12-04 Method and system for obtaining secret key in password chip Active CN109583235B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811474308.4A CN109583235B (en) 2018-12-04 2018-12-04 Method and system for obtaining secret key in password chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811474308.4A CN109583235B (en) 2018-12-04 2018-12-04 Method and system for obtaining secret key in password chip

Publications (2)

Publication Number Publication Date
CN109583235A CN109583235A (en) 2019-04-05
CN109583235B true CN109583235B (en) 2020-12-18

Family

ID=65926915

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811474308.4A Active CN109583235B (en) 2018-12-04 2018-12-04 Method and system for obtaining secret key in password chip

Country Status (1)

Country Link
CN (1) CN109583235B (en)

Also Published As

Publication number Publication date
CN109583235A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
Ma et al. Cryptanalysis of an image block encryption algorithm based on chaotic maps
Zheng et al. Novel image encryption by combining dynamic DNA sequence encryption and the improved 2D logistic sine map
Li et al. Novel image encryption algorithm based on improved logistic map
Liu et al. An image encryption algorithm based on Baker map with varying parameter
Chen et al. An efficient image encryption scheme using lookup table-based confusion and diffusion
Li et al. Cryptanalysis and improvement of a chaotic image encryption by first-order time-delay system
CN104917617B (en) A kind of encryption group ranking obscures method
Zhu et al. Image encryption algorithm with an avalanche effect based on a six-dimensional discrete chaotic system
CN106709854B (en) Image information fusion encryption method based on cat face transformation and chaos
Wang et al. A novel block cryptosystem based on the coupled chaotic map lattice
Duan et al. Differential power analysis attack and efficient countermeasures on PRESENT
CN110225222B (en) Image encryption method based on 3D orthogonal Latin square and chaotic system
Ishimaki et al. Towards privacy-preserving anomaly-based attack detection against data falsification in smart grid
CN109190395B (en) Fully homomorphic encryption method and system based on data transformation
CN114760052A (en) Bank Internet of things platform key generation method and device, electronic equipment and medium
CN113408729A (en) Data processing method for DNA calculation
CN109583235B (en) Method and system for obtaining secret key in password chip
CN116248258A (en) Password detection method, device, equipment and storage medium
KR102067065B1 (en) A matrix-vector multiplication apparatus based on message randomization which is safe for power analysis and electromagnetic analysis, and an encryption apparatus and method using the same
CN108632033B (en) Homomorphic encryption method based on random weighted unitary matrix in outsourcing calculation
KR101026647B1 (en) Communication security system and method of the same with key derivation cryptographic algorithm
Ullagaddi et al. Symmetric synchronous stream encryption using images
Meng et al. A Novel Color Image Encryption Algorithm Based on Fractional-Order Memristive Chaotic Circuit and DNA Coding Technology
CN109347636B (en) Key recovery method, system, computer equipment and readable medium
Rao et al. Secure and practical outsourcing of linear programming in cloud computing: A survey

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant