CN109600232A - For attack verifying, means of defence and the device of SM2 signature algorithm - Google Patents

For attack verifying, means of defence and the device of SM2 signature algorithm Download PDF

Info

Publication number
CN109600232A
CN109600232A CN201811484013.5A CN201811484013A CN109600232A CN 109600232 A CN109600232 A CN 109600232A CN 201811484013 A CN201811484013 A CN 201811484013A CN 109600232 A CN109600232 A CN 109600232A
Authority
CN
China
Prior art keywords
signature
attack
random number
addition
signature algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811484013.5A
Other languages
Chinese (zh)
Other versions
CN109600232B (en
Inventor
李增局
王彭彭
赵鹏辉
董晓婕
刘志刚
李文宝
史汝辉
尚现峰
李士通
王晓磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Wisdom Cloud Measurement Information Technology Co Ltd
Beijing Wisdom Cloud Measuring Technology Co Ltd
Original Assignee
Shandong Wisdom Cloud Measurement Information Technology Co Ltd
Beijing Wisdom Cloud Measuring Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Wisdom Cloud Measurement Information Technology Co Ltd, Beijing Wisdom Cloud Measuring Technology Co Ltd filed Critical Shandong Wisdom Cloud Measurement Information Technology Co Ltd
Priority to CN201811484013.5A priority Critical patent/CN109600232B/en
Publication of CN109600232A publication Critical patent/CN109600232A/en
Application granted granted Critical
Publication of CN109600232B publication Critical patent/CN109600232B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/004Countermeasures against attacks on cryptographic mechanisms for fault attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention discloses attack verifying, means of defence and the device for SM2 signature algorithm.The attack verification method carries out error injection attack in the addition position of SM2 signature algorithm, which protects the addition and subtraction process that random number k participates in.Attack verifying device for SM2 signature algorithm includes attack module, and the protective device for SM2 signature algorithm includes protection module.Present invention discover that safeguard procedures in the prior art have ignored the protection when calculating s to random number k; either original formula k-r*dA; or deformed formula r+k; all there is the addition and subtraction for thering is random number k to participate in; and existing guard technology does not all protect this place; so that current SM2 Encryption Algorithm, there are certain risk loophole, means of defence proposed by the present invention can effectively antagonize corresponding attack means, prevent information leakage.

Description

For attack verifying, means of defence and the device of SM2 signature algorithm
Technical field
The present invention relates to computer encryption technology fields, and in particular to a kind of attack verifying for SM2 signature algorithm, anti- Maintaining method and device.
Background technique
1985, Neal Koblitz and Victor Miller, which are separately proposed, designed public affairs using elliptic curve The problem of key cipher system.After nineteen ninety, elliptic curve cipher (Elliptic Curve Cryptography abbreviation ECC) Start to obtain the approval of business circles, it is recognized that standardization body formulated elliptic curve crypto-protocol.ECC and RSA is to rely on In the dyscalculia (abbreviation DLP problem) of discrete logarithm, if G is a limited ABEL module, it is assumed that some member that g is G, A is arbitrary integer, if it is known that how g and ag, find out the problem that integer a comes and be mathematically known as discrete logarithm problem.From Discrete logarithm problem can be subdivided into two classes again, and one kind is the discrete logarithm problem (RSA Algorithm) in some finite field;One kind is ellipse Discrete logarithm problem (ECC algorithm) on curve.The two compares, and latter class problem solving is more more difficult.
The close SM2 ellipse curve public key cipher algorithm of state is asymmetric cryptographic algorithm, is the asymmetric calculation based on ECC algorithm Method.It is issued by national Password Management office on December 17th, 2010.Currently, all trades and professions are all wideling popularize commercial national secret algorithm Use, the industry especially to involve the interests of the state and the people in finance, social security etc., thus SM2 algorithm whether there is assailable loophole And how security protection is carried out, it is the emphasis of those skilled in the art's research.
Currently, main attack method includes power analysis, fault injection attacks and attacks for block cipher failure It hits.Wherein the basic thought of power analysis is to obtain its key by analyzing the energy consumption of encryption device.Substantially, Two class energy consumption dependences: data dependency and operation dependency, the i.e. instantaneous energy of encryption device are utilized in this attack The operation that consumption is carried out dependent on data and equipment handled by equipment.Power analysis is divided into simple energy analysis (SPA) and differential power analysis (DPA).SPA is that one kind can be to the collected energy consumption of institute in cryptographic algorithm implementation procedure The technology that information is directly analyzed, each of encryption device algorithm, which has, certain executes sequence.The behaviour that algorithm defines It is translated into the instruction that equipment is supported.If attacker is detailed to being had by the specific implementation of cryptographic algorithm in attack equipment Understanding, then the corresponding power consumption profile of each operational order can be distinguished from energy mark.That is SPA is attacked mainly along the time Axis carrys out the energy consumption of analytical equipment.Attacker attempts to find certain mode in single energy mark or match with template. If only executing some specific instruction when a certain bit of key is 1, while only being held when a certain bit of key is 0 Another instruction of row, then by checking instruction sequence embodied in energy mark, so that it may be inferred to key.
Fault injection attacks are that a few thing condition for changing crypto chip in the suitable time makes in chip operation Between state change, and then cause output error or bypass leakage, attacker using these information implement analyze so that attacks Hit key.Differential fault analysis DFA, security error analysis SEA and collision event are broadly divided into for block cipher fault attacks Barrier analysis CFA and its invalid failures of extension analyze IFA.
In current SM2 signature algorithm, the calculating process of s are as follows: s=((1+dA) -1 (k-rdA)) modn;It realizes The pseudocode for calculating s is as follows:
Temp1=r*dA;
Temp1=k-temp1;
Temp2=(1+dA) -1;
S=temp1*temp2.
As it can be seen that only having used private key dA when calculating s in SM2 signature algorithm, calculates and there was only two in the equation of s A unknown number, k and dA.When putting for k times of calculating, if do not protected k, SPA attacks the value of available k, then Private key dA can be computed.Therefore, corresponding protection in the prior art are as follows: the k times of algorithm put is changed (such as by design Dressing algorithm, calculated under Jacobi Coordinate system etc.), or mask protection is carried out to k, so that during putting for K times of calculating Can not carry out SPA attack to k also can not just obtain private key to can not obtain the value of k when calculating s.Because k is a random Number can not determine median so the value of k is all different when SM2 signs every time, so that DPA attack can not be carried out to k;
It can be seen that one multiplication is r*dA, and which results in typical DPA risks when calculating s.This process is same There are the risks of error injection for sample.The last byte of dA is changed when signature, becomes dA ', then signs, The r generated at this time is pair that s becomes s ', s '=(1+dA)-1* (k-r*dA '), when sign test, s ' G+t ' PA ≠ kG, s ' G+t ' PA =(x1 ', y1 ')
S ' G+t ' PA=s ' G+ (r+s ') dA*G
=s ' (1+dA) G+r*dA*G
=(1+dA)-1*(k-r*dA’)*(1+dA)*G+r*dA*G
=kG+r* (dA-dA ') * G
=(x1 ', y1 ')
The gap of only one byte of dA and dA ', it is assumed that the last byte of dA is d1d0, then poor value range Be the back section [0, d1d0] U [d1d0-ff, -1] be negative value, [p+d1d0-ff, p-1] is changed to, so the meeting on power consumption profile There are two apparent sections, so as to obtain the value of interval border, traverse a byte and need 256 times, can find out correct Difference, then repeatedly signed, statistical difference occur range, obtain boundary value, so that it may find out the last byte of dA. To cope with prime formula s=(1+dA)-1The formula, is deformed by * typical DPA risk present in (k-r*dA) in the prior art S=(1+dA)-1* (r+k)-r defends this attack, calculates s formula equivalent variations process as follows:
S=(1+dA)-1*(k-r*dA)mod N
=(1+dA)-1*k-(1+dA)-r*dA*(1+dA)-1mod N
=(1+dA)-1*k-r*(dA+1-1)*(1+dA)-1mod N
=(1+dA)-1*k-r+r*(1+dA)-1mod N
=(1+dA)-1*(k+r)-r mod N
At this point, k+r is random number, attacker does not know, so dA can not be deduced.For prevent attacker obtain it is any with The relevant data of private key, manufacturer import private key dA when calculating s again, recalculate to the dA median for participating in calculating, Whether identical compare two times result, is verified.As a result, in the prior art in SM2 signature s realization (band protection) process are as follows:
Temp1=r+k;
Temp2=(1+dA)-1
Temp3=temp1*temp2;
S1=temp3-r;
Again dA is imported, dA2 is denoted as;
Temp4=(1+dA2)-1
Temp5=temp1*temp4;
S2=temp5-r;
Do you compare s1?=s2, equal, output;It differs, returns to mistake.
Whether the SM2 algorithm after taking above-mentioned safeguard procedures to protect still has security breaches, and to that may be present How loophole protects to promote cryptographic security, needs to continue the technical issues of solving for those skilled in the art.
Summary of the invention
In view of this, the purpose of the embodiment of the present invention is, propose that a kind of attack for SM2 signature algorithm is verified, is anti- Maintaining method and device, further to promote the cryptographic security of SM2 algorithm.
Based on above-mentioned purpose, the first aspect of the embodiment of the present invention provides the attack verifying for SM2 signature algorithm Method, comprising steps of
Error injection attack is carried out in the addition position of SM2 signature algorithm.
Optionally, SM2 signature algorithm addition position carry out error injection attack comprising steps of
Measurement obtains the energy mark of SM2 signature, i.e. power consumption waveform;
It is analyzed by SPA, finds position of the additive process for calculating temp1 on the power consumption waveform, record the position Corresponding time point is as trigger time;
Laser injection is carried out in the trigger time, interferes the additive process;
Repeat laser injection in the trigger time, obtains the data of mistake.
Optionally, after the data for obtaining mistake, comprising steps of
The data of the mistake are analyzed, r will appear certain value in obtained wrong data, and the definite value is SM2 The cryptographic Hash e, i.e. r=e of plaintext needed for signature.
The second aspect of the embodiment of the present invention proposes that device is verified in a kind of attack for SM2 signature algorithm, comprising:
Module is attacked, for carrying out error injection attack in the addition position of SM2 signature algorithm.
Optionally, module is attacked, comprising:
Measuring unit obtains the energy mark of SM2 signature, i.e. power consumption waveform for measuring;
Analytical unit finds position of the additive process for calculating temp1 on the power consumption waveform for analyzing by SPA It sets, records the position corresponding time point as trigger time;
Unit is interfered, for carrying out laser injection in the trigger time, interferes the additive process;And in the touching Hair time point repeats laser injection, obtains the data of mistake.
In terms of the third of the embodiment of the present invention, it is also proposed that a kind of means of defence for SM2 signature algorithm, including step It is rapid:
The addition and subtraction process participated in random number k is protected.
It is optional:
The addition and subtraction process participated in random number k is protected, comprising steps of after signature result s has been calculated, from interior Again random number k and private key dA are imported in depositing, and are carried out second of the calculating of signature result s, calculated result will be compared twice Verification;
And/or the addition and subtraction process participated in random number k is protected, comprising steps of directly being carried out after having signed Sign test verification, is leaked private key dA not;
And/or to random number k participate in addition and subtraction process protect, comprising steps of for register value not by The case where covering, makes the register for storing addition and subtraction result store random number before calculating addition and subtraction.
Optionally, after signature result s has been calculated, random number k and private key dA is imported again from memory, is signed As a result second of the calculating of s, calculated result will compare verification twice, specifically include:
(1) M=ZA//M is set;
(2) e=Hv (M) is calculated;
(3) random number k ∈ [1, n-1] is generated with randomizer;
(4) elliptic curve point (x1, y1)=[k] G is calculated;
(5) r=(e+x1) modn is calculated, (3) are returned if r=0 or r+k=n;
(6) s=(1+dA) is calculated-1(k+r)-r modn returns to (3) if s=0;
(7) k and dA is imported from memory again, is denoted as k ' and dA ', it calculates again
S '=(1+dA ')-1·(k’+r)-r modn
(8) compare whether s is equal to s ':
If s=s ', sign successfully, output<r, s>;
If s ≠ s ', signature failure returns to mistake.
Optionally, sign test verification is directly carried out after having signed, and is leaked private key dA not, is specifically included:
SM2 signature is carried out, signature result r ', s ' are obtained;
T=(r '+s ') mod n is calculated to verify and do not pass through if t=0;
Calculate elliptic curve point (x '1, y '1)=[s '] G+ [t] PA
Calculate R=(e '+x1') modn, whether checking R=r ' is true, is verified if setting up;Otherwise it verifies obstructed It crosses.
4th aspect of the embodiment of the present invention, it is also proposed that a kind of protective device for SM2 signature algorithm, including protection Module, the addition and subtraction process for participating in random number k are protected.
From the above it can be seen that the embodiment of the present invention proposes a kind of attack verifying, protection for SM2 signature algorithm Method and device.Present invention discover that safeguard procedures in the prior art have ignored the protection when calculating s to random number k, no matter It is original formula k-r*dA or deformed formula r+k, all there is the addition and subtraction for having random number k to participate in, and it is existing Guard technology all this place is not protected, when using attack method proposed by the present invention attacked when, that is, exist Additional calculation position carries out error injection attack, and addition is easy to be skipped, and the value of the register of corresponding storage addition results is not It can change, be still the last value, and this mistake will not be found, it can by verification, thus demonstrate SM2 algorithm after prior art protection still has loophole;For the loophole, the invention also provides corresponding means of defence, Further improve the cryptographic security of SM2 algorithm.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, the attached drawing to embodiment is simply situated between below It continues, it should be apparent that, the accompanying drawings in the following description merely relates to some embodiments of the present invention, rather than limitation of the present invention.
Fig. 1 is a kind of flow diagram of one embodiment of the attack verification method for SM2 signature algorithm of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention Attached drawing, the technical solution of the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is this hair Bright a part of the embodiment, instead of all the embodiments.Based on described the embodiment of the present invention, ordinary skill Personnel's every other embodiment obtained under the premise of being not necessarily to creative work, shall fall within the protection scope of the present invention.
Embodiment 1
The embodiment of the present invention 1 provides a kind of attack verification method for SM2 signature algorithm, comprising steps of signing in SM2 The addition position of name algorithm carries out error injection attack.
Error injection attack is carried out in additional calculation position, addition is easy to be skipped, and corresponding storage addition results are posted The value of storage will not change, and be still the last value.And this mistake will not be found, it can pass through verification. This illustrates the SM2 Encryption Algorithm after protecting in the prior art, and there are security risks.
Embodiment 2
The embodiment of the present invention 2 provides a preferred embodiment of the attack verification method for SM2 signature algorithm.Referring to figure Shown in 1, in this embodiment, attack verification method comprising steps of
S201, measurement obtain the energy mark of SM2 signature, i.e. power consumption waveform;
S202 is analyzed by SPA, finds the time location for calculating temp1=k+r on power consumption waveform;
S203 carries out the error injection of laser in this time location;
S204 is repeatedly injected in the same time, obtains the data of mistake.
Preliminary analysis is carried out to the data of mistake, r will appear special definite value in obtained wrong data, and the definite value is The cryptographic Hash e, i.e. r=e of plaintext needed for SM2 signature.The formula that SM2 calculates r is r=x1+e, shows attack so that this adds Method is bypassed, and the value for storing this register of r does not change after addition has been calculated, and is still the value of last storage e.It repeats to test, obtains the discovery of mass data post analysis, this addition of temp1=k+r can be equally skipped, and be occurred same Error model.
Error injection attack is carried out to the addition for having k to participate in, it is possible to when calculating s, so that the value of k+r becomes " special Value ", i.e., the result of addition may and be not preserved or without carry out add operation (addition is skipped), should store The value of the register of sum is still the value of last storage, and k is not engaged in the process for calculating s.If what the register was deposited originally Value be algorithm parameter or in plain text etc. known to numerical value, and and nonrandom unknowable number, to SM2 in the prior art signature in For the implementation of s, temp1 is exactly a known number, due to s=(1+dA)-1* temp1-r, temp1 it is known that r it is known that s It is known that private key dA can be found out, there are security risks.
For attacker, in this case it is not apparent that the numerical value of median does not know the storage situation of register yet.But it attacks The person of hitting possesses data r and s, and knows the process for calculating s, such as the realization stream of s in the SM2 signature in the prior art with protection Journey, s=(1+dA)-1* temp1-r (indicates r+k's as a result, i.e. "and" with temp1 here, wherein temp1=r+k, for indicate should The variable of addition results, value, that is, r+k value of temp1;For prime formula s=(1+dA)-1* (k-r*dA), temp1 also can be used Indicate the subtraction result of k-r*dA, i.e. " poor ", temp1 is the variable for indicating addition results or subtraction result).Attack Person carries out multiple error injection attack for the above new error model, that is, is directed to the addition results or subtraction result temp1 It is attacked, obtains the value of multiple groups s and r, following attacker can guess the value of temp1, it is assumed that the value of temp1 is Elliptic curve parameter a, b, p, xG, yG are perhaps worth known to montgomery multiplication parameter or plaintext r etc..Attacker is to institute Possible situation carries out traversal calculating, if designer is when designing program, the last time for storing the register of temp1 is put Value be exactly one of them in conjecture value, then attacker, which guesses, calculates dA, if there is two identical dA values, then this A dA value is exactly correct private key.
In SM2 signature algorithm, why the algorithm security risk of the above analysis exists, and why attacker can attack Success is because random number k is as a unpredictable number, is for protecting private key, because not knowing in the algorithm of script The value of road random number k, to be unable to get private key relevant information.But the addition and subtraction by participating in random number k is calculated and is carried out Attack, so that during calculating s, the not participation of random number k, even if can also be attacked then do not know the value of k, Obtain key.That is, prime formula s=(1+dA) in the prior art-1* (k-r*dA) and deformed formula s=(1+ dA)-1* the signed magnitude arithmetic(al) that (r+k)-r has random number k to participate in can not protect on proposed by the present invention formula deformation State attack option.
Embodiment 3
The embodiment of the present invention 3 provides a kind of attack verifying device for SM2 signature algorithm, including attack module, is used for Error injection attack is carried out in the addition position of SM2 signature algorithm.
As a preferred embodiment, the attack module, comprising:
Measuring unit obtains the energy mark of SM2 signature, i.e. power consumption waveform for measuring;
Analytical unit finds position of the additive process for calculating temp1 on the power consumption waveform for analyzing by SPA It sets, records the position corresponding time point as trigger time;
Unit is interfered, for carrying out laser injection in trigger time, interferes additive process;And it is repeated in trigger time Laser injection is carried out, the data of mistake are obtained.
Embodiment 4
The embodiment of the present invention 4 provides the means of defence for being directed to SM2 signature algorithm, for avoiding 1-3 of embodiment of the present invention institute It was found that security risk, the means of defence comprising steps of to random number k participate in addition and subtraction process protect.
The key for solving prior art SM2 signature algorithm security breaches is the process for the addition and subtraction to participate in random number k It is protected, and existing technological means does not all carry out protection verification to k during participating in random number k and calculating s.
Embodiment 5
The embodiment of the present invention 5 provides a preferred embodiment of the means of defence for SM2 signature algorithm.
In the preferred embodiment, repetition is taken to import the safeguard procedures calculated: after s has been calculated, the weight from memory It is new to import random number k and private key dA, second of the calculating of s is carried out, calculated result verification will be compared twice, and prevent dA and k It goes wrong.
Specifically, which includes:
If message to be signed is M, in order to obtain the digital signature (r, s) of message M, the user A as signer should be real Existing following calculation step:
(1): setting M=ZA//M;
(2): calculating e=Hv (M);
(3): generating random number k ∈ [1, n-1] with randomizer;
(4): calculating elliptic curve point (x1, y1)=[k] G;
(5): calculating r=(e+x1) mod n, return step (3) if r=0 or r+k=n;
(6): calculating s=(1+dA)-1(k+r)-r mod n returns to (3) if s=0;
(7): importing k and dA from memory again, be denoted as k ' and dA ', s '=(1+dA ')-is calculated again1·(k’+r)-r modn
(8): compare whether s is equal to s ':
If s=s ', sign successfully, output<r, s>;
If s ≠ s ', signature failure returns to mistake.
Wherein, M is message to be signed, ZAFor the Hash Value of user A, e is the cryptographic Hash of M, and Hv (M) is hash function, G For the basic point of elliptic curve, [k] G is to calculate more times of points of elliptic curve, and (x1, y1) is the coordinate of calculated elliptic curve point, r It is one of signature result, s is another signature result, and dA is private key, and mod, that is, MOD function, n refer to the rank of elliptic curve basic point G.
It should be noted that using this kind of protectiving scheme generation during calculating s can be chosen after r has been calculated Median carries out second and calculates, it is not necessary to have to be verified after s has been calculated, those skilled in the art can be according to the actual situation It is protected.
If there is above-mentioned error model during calculating r+k, calculated then importing random number k again, just It can find that calculated result twice is different, thus calculated two s differences, then can not be by verification, attacker must not To valid data.As it can be seen that corresponding risk can be effectively reduced using the present embodiment safeguard procedures, the peace of SM2 signature algorithm is promoted Quan Xing.
Embodiment 6
The embodiment of the present invention 6 provides another embodiment of the means of defence for SM2 signature algorithm.
When to algorithm performance requirement is not very high, the present invention proposes that a kind of relatively safer safeguard procedures are to sign Sign test verification is directly carried out after complete, to guarantee that private key is not leaked.
Specifically, check part carries out the safeguard procedures of SM2 sign test:
SM2 signature is carried out according to the process of script, obtains signature result r ", s ";Here the process of script is either mark Quasi- specification original process, be also possible to for reply DPA risk to calculate s (in the present embodiment for s ") formula equivalent variations after Process.
T=(r "+s ") mod n is calculated to verify and do not pass through if t=0;
Calculate elliptic curve point (x1', y1')=[s "] G+ [t] PA;The formula calculates more times of points of two elliptic curves, then The point for carrying out an elliptic curve again adds, some point in obtained result or elliptic curve, (x1', y1') it is exactly this point Coordinate value;
Calculate R=(e '+x1') modn, whether checking R=r " is true, is verified if setting up;Otherwise it verifies obstructed It crosses.
Wherein, (x1', y1') be calculated elliptic curve point coordinate, [s "] G and [t] PAIt is more times of elliptic curve The calculating of point, wherein a G point of [s "] G, that is, s " is added, [t] PAThat is t PAPoint is added, and G is the basic point on elliptic curve, PAFor public affairs Key, mod, that is, MOD function, n refer to the rank of elliptic curve basic point G.
Protection effect: if there is above-mentioned error model during calculating r+k, then obtained s " is exactly mistake , and then x1' value mistake, so the value of R is not equal to the r " of signature result, verification can not just pass through, attacker It just cannot get valid data.
Embodiment 7
The embodiment of the present invention 7 provides the further embodiment of the means of defence for SM2 signature algorithm.
In this embodiment, the safeguard procedures for being directed to register: the case where being not covered with for the value of register are proposed, The register for storing addition and subtraction result can be subjected to " special storage ", it can store random number before calculating addition and subtraction.
Specifically, random number can be stored before the computation in the register of storage temp1, there is random digital-to-analogue in chip Block moves random number in register after generating random number.After can so calculating process being prevented to be skipped, register be obtained Value.
Embodiment 8
The embodiment of the present invention 8 provides a kind of protective device for SM2 signature algorithm, which includes protection mould Block, the addition and subtraction process for participating in random number k are protected.
As a preferred embodiment, which includes repeating import unit, sign test verification unit and register protection Unit.
Import unit is repeated, for importing random number k and private key again from memory after signature result s has been calculated DA carries out second of the calculating of signature result s, calculated result will compare verification twice.
Sign test verification unit is leaked private key dA not for directly carrying out sign test verification after having signed.
Register protective unit the case where being not covered with for the value for register, makes to store addition and subtraction result Register stores random number before calculating addition and subtraction.
To sum up, the present invention analyzes the safety that SM2 signature is realized, if there are the risk of Key Exposure and provides protection and arranges It applies, first proposed a kind of attack method, the SM2 after taking safeguard procedures in the prior art is demonstrated by the attack method and is calculated Method still has loophole;Next proposes the safeguard procedures for the loophole, improves SM2 signature by corresponding safeguard procedures The safety of algorithm guarantees people's property safety.
In addition, typically, device described in the disclosure, equipment etc. can be various electric terminal equipments, such as mobile phone, individual Digital assistants (PDA), tablet computer (PAD), smart television etc. are also possible to large-scale terminal device, such as server, therefore this Disclosed protection scope should not limit as certain certain types of device, equipment.Client described in the disclosure can be with electricity The combining form of sub- hardware, computer software or both is applied in any one of the above electric terminal equipment.
In addition, being also implemented as the computer program executed by CPU, the computer program according to disclosed method It may be stored in a computer readable storage medium.When the computer program is executed by CPU, executes and limited in disclosed method Fixed above-mentioned function.
In addition, above method step and system unit also can use controller and for storing so that controller is real The computer readable storage medium of the computer program of existing above-mentioned steps or Elementary Function is realized.
In addition, it should be appreciated that computer readable storage medium (for example, memory) as described herein can be it is volatile Property memory or nonvolatile memory, or may include both volatile memory and nonvolatile memory.As example And not restrictive, nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable to son ROM (EPROM), electrically erasable programmable ROM (EEPROM) or flash memory.Volatile memory may include arbitrary access Memory (RAM), the RAM can serve as external cache.As an example and not restrictive, RAM can be with more Kind form obtains, such as synchronous random access memory (DRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate SDRAM (DDR SDRAM), enhancing SDRAM (ESDRAM), synchronization link DRAM (SLDRAM) and directly RambusRAM (DRRAM).Institute The storage equipment of disclosed aspect is intended to the memory of including but not limited to these and other suitable type.
Those skilled in the art will also understand is that, various illustrative logical blocks, mould in conjunction with described in disclosure herein Block, circuit and algorithm steps may be implemented as the combination of electronic hardware, computer software or both.It is hard in order to clearly demonstrate This interchangeability of part and software, with regard to various exemplary components, square, module, circuit and step function to its into General description is gone.This function is implemented as software and is also implemented as hardware depending on concrete application and application To the design constraint of whole system.Those skilled in the art can realize described in various ways for every kind of concrete application Function, but this realization decision should not be interpreted as causing a departure from the scope of the present disclosure.
Various illustrative logical blocks, module and circuit, which can use, in conjunction with described in disclosure herein is designed to The following component of function described here is executed to realize or execute: general processor, digital signal processor (DSP), dedicated collection At circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, divide Any combination of vertical hardware component or these components.General processor can be microprocessor, but alternatively, processing Device can be any conventional processors, controller, microcontroller or state machine.Processor also may be implemented as calculating equipment Combination, for example, the combination of DSP and microprocessor, multi-microprocessor, one or more microprocessors combination DSP core or any Other this configurations.
The step of method in conjunction with described in disclosure herein or algorithm, can be directly contained in hardware, be held by processor In capable software module or in combination of the two.Software module may reside within RAM memory, flash memory, ROM storage Device, eprom memory, eeprom memory, register, hard disk, removable disk, CD-ROM or known in the art it is any its In the storage medium of its form.Illustrative storage medium is coupled to processor, enables a processor to from the storage medium Information is written to the storage medium in middle reading information.In an alternative, the storage medium can be with processor collection At together.Pocessor and storage media may reside in ASIC.ASIC may reside in user terminal.It is replaced at one In scheme, it is resident in the user terminal that pocessor and storage media can be used as discrete assembly.
In one or more exemplary designs, the function can be real in hardware, software, firmware or any combination thereof It is existing.If realized in software, can be stored in using the function as one or more instruction or code computer-readable It is transmitted on medium or by computer-readable medium.Computer-readable medium includes computer storage media and communication media, The communication media includes any medium for helping for computer program to be transmitted to another position from a position.Storage medium It can be any usable medium that can be accessed by a general purpose or special purpose computer.As an example and not restrictive, the computer Readable medium may include RAM, ROM, EEPROM, CD-ROM or other optical disc memory apparatus, disk storage equipment or other magnetic Property storage equipment, or can be used for carry or storage form be instruct or data structure required program code and can Any other medium accessed by general or specialized computer or general or specialized processor.In addition, any connection is ok It is properly termed as computer-readable medium.For example, if using coaxial cable, optical fiber cable, twisted pair, digital subscriber line (DSL) or such as wireless technology of infrared ray, radio and microwave to send software from website, server or other remote sources, Then the wireless technology of above-mentioned coaxial cable, optical fiber cable, twisted pair, DSL or such as infrared elder generation, radio and microwave is included in The definition of medium.As used herein, disk and CD include compact disk (CD), laser disk, CD, digital versatile disc (DVD), floppy disk, Blu-ray disc, wherein disk usually magnetically reproduce data, and CD using laser optics reproduce data.On The combination for stating content should also be as being included in the range of computer-readable medium.
Disclosed exemplary embodiment, but disclosed exemplary embodiment should be infused, it should be noted that without departing substantially from Under the premise of the scope of the present disclosure that claim limits, it may be many modifications and modify.According to disclosure described herein Function, step and/or the movement of the claim to a method of embodiment are not required to the execution of any particular order.In addition, although this public affairs The element opened can be described or be required in the form of individual, it is also contemplated that it is multiple, it is unless explicitly limited odd number.
It should be understood that it is used in the present context, unless the context clearly supports exceptions, singular " one It is a " it is intended to also include plural form.It is to be further understood that "and/or" used herein refers to including one or one Any and all possible combinations of a above project listed in association.
Above-mentioned embodiment of the present disclosure serial number is for illustration only, does not represent the advantages or disadvantages of the embodiments.
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
It should be understood by those ordinary skilled in the art that: the discussion of any of the above embodiment is exemplary only, not It is intended to imply that the scope of the present disclosure (including claim) is limited to these examples;It is above under the thinking of the embodiment of the present invention It can also be combined between technical characteristic in embodiment or different embodiments, and exist and implement present invention as described above Many other variations of the different aspect of example, for simplicity, they are not provided in details.Therefore, all in the embodiment of the present invention Spirit and principle within, any omission, modification, equivalent replacement, improvement for being made etc. should be included in the embodiment of the present invention Within protection scope.

Claims (10)

1. being directed to the attack verification method of SM2 signature algorithm, which is characterized in that comprising steps of
Error injection attack is carried out in the addition position of SM2 signature algorithm.
2. the attack verification method according to claim 1 for SM2 signature algorithm, which is characterized in that sign and calculate in SM2 The addition position of method carry out error injection attack comprising steps of
Measurement obtains the energy mark of SM2 signature, i.e. power consumption waveform;
It is analyzed by SPA, finds position of the additive process for calculating temp1 on the power consumption waveform, it is corresponding to record the position Time point as trigger time;
Laser injection is carried out in the trigger time, interferes the additive process;
Repeat laser injection in the trigger time, obtains the data of mistake.
3. the attack verification method according to claim 2 for SM2 signature algorithm, which is characterized in that obtain mistake After data, comprising steps of
The data of the mistake are analyzed, r will appear certain value in obtained wrong data, and the definite value is SM2 signature The cryptographic Hash e of required plaintext, i.e. r=e.
4. device is verified in the attack for SM2 signature algorithm characterized by comprising
Module is attacked, for carrying out error injection attack in the addition position of SM2 signature algorithm.
5. device is verified in attack according to claim 4, which is characterized in that the attack module, comprising:
Measuring unit obtains the energy mark of SM2 signature, i.e. power consumption waveform for measuring;
Analytical unit finds position of the additive process for calculating temp1 on the power consumption waveform, note for analyzing by SPA The position corresponding time point is recorded as trigger time;
Unit is interfered, for carrying out laser injection in the trigger time, interferes the additive process;And in the triggering Between point repeat laser injection, obtain mistake data.
6. being directed to the means of defence of SM2 signature algorithm, which is characterized in that comprising steps of
The addition and subtraction process participated in random number k is protected.
7. the means of defence according to claim 4 for SM2 signature algorithm, it is characterised in that:
The addition and subtraction process participated in random number k is protected, comprising steps of after signature result s has been calculated, from memory Again random number k and private key dA are imported, second of the calculating of signature result s is carried out, calculated result will compare verification twice;
And/or the addition and subtraction process participated in random number k is protected, comprising steps of directly carrying out sign test after having signed Verification, is leaked private key dA not;
And/or the addition and subtraction process participated in random number k is protected, comprising steps of the value for register is not covered with The case where, so that the register for storing addition and subtraction result is stored random number before calculating addition and subtraction.
8. the means of defence according to claim 5 for SM2 signature algorithm, which is characterized in that the step is calculating After complete signature result s, random number k and private key dA are imported again from memory, carry out second of the calculating of signature result s, it will Calculated result compares verification twice, specifically includes:
(1) M=Z is setA//M;
(2) e=Hv (M) is calculated;
(3) random number k ∈ [1, n-1] is generated with randomizer;
(4) elliptic curve point (x1, y1)=[k] G is calculated;
(5) r=(e+x1) modn is calculated, (3) are returned if r=0 or r+k=n;
(6) s=(1+dA) is calculated-1(k+r)-rmodn returns to (3) if s=0;
(7) k and dA is imported from memory again, is denoted as k ' and dA ', it calculates again
S '=(1+dA ')-1·(k’+r)-r modn
(8) compare whether s is equal to s ':
If s=s ', sign successfully, output<r, s>;
If s ≠ s ', signature failure returns to mistake;
Wherein, M is message to be signed, and (r, s) is the digital signature of message M, ZAFor the Hash Value of user A, e is the Hash of M Value, Hv (M) are hash function, and G is the basic point of elliptic curve, and [k] G is to calculate more times of points of elliptic curve, and (x1, y1) is to calculate Elliptic curve point coordinate, r is one of signature result, dA is private key, and mod, that is, MOD function, n are elliptic curve basic point G Rank.
9. the means of defence according to claim 5 for SM2 signature algorithm, which is characterized in that the step is being signed Sign test verification is directly carried out after complete, is leaked private key dA not, is specifically included:
SM2 signature is carried out, signature result r ", s " are obtained;
T=(r "+s ") modn is calculated to verify and do not pass through if t=0;
Calculate elliptic curve point (x1', y1')=[s "] G+ [t] PA
Calculate R=(e '+x1') modn, whether checking R=r " is true, is verified if setting up;Otherwise it verifies and does not pass through;
Wherein, (x1', y1') be calculated elliptic curve point coordinate, G is the basic point on elliptic curve, PAFor public key.
10. being directed to the protective device of SM2 signature algorithm, which is characterized in that including protection module, for what is participated in random number k Addition and subtraction process is protected.
CN201811484013.5A 2018-12-05 2018-12-05 Attack verification and protection method and device for SM2 signature algorithm Active CN109600232B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811484013.5A CN109600232B (en) 2018-12-05 2018-12-05 Attack verification and protection method and device for SM2 signature algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811484013.5A CN109600232B (en) 2018-12-05 2018-12-05 Attack verification and protection method and device for SM2 signature algorithm

Publications (2)

Publication Number Publication Date
CN109600232A true CN109600232A (en) 2019-04-09
CN109600232B CN109600232B (en) 2021-08-06

Family

ID=65962094

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811484013.5A Active CN109600232B (en) 2018-12-05 2018-12-05 Attack verification and protection method and device for SM2 signature algorithm

Country Status (1)

Country Link
CN (1) CN109600232B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111211886A (en) * 2020-04-20 2020-05-29 成都信息工程大学 Energy analysis detection method for SM2 decryption algorithm
CN111835518A (en) * 2020-07-10 2020-10-27 中金金融认证中心有限公司 Error injection method and system in security evaluation of elliptic curve public key cryptographic algorithm
CN112532373A (en) * 2020-11-24 2021-03-19 中国电力科学研究院有限公司 Differential fault analysis method, system and storage medium for stream cipher algorithm
WO2023151171A1 (en) * 2022-02-10 2023-08-17 中国科学院信息工程研究所 Elliptic curve digital signature calculation method resistant to memory information leakage attacks, and apparatus

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104836670A (en) * 2015-05-12 2015-08-12 中国科学院软件研究所 SM2 signature algorithm security verification method based on random number unknown
CN104852805A (en) * 2015-05-11 2015-08-19 中国科学院软件研究所 SM2 signature algorithm protection method for resisting error attack based on lattice
CN104917608A (en) * 2015-05-19 2015-09-16 清华大学 Key anti-power attack method
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN108039947A (en) * 2017-12-05 2018-05-15 飞天诚信科技股份有限公司 A kind of SM2 endorsement methods using coprocessor attack resistance
CN108667626A (en) * 2018-07-20 2018-10-16 陕西师范大学 The two sides cooperation SM2 endorsement methods of safety

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852805A (en) * 2015-05-11 2015-08-19 中国科学院软件研究所 SM2 signature algorithm protection method for resisting error attack based on lattice
CN104836670A (en) * 2015-05-12 2015-08-12 中国科学院软件研究所 SM2 signature algorithm security verification method based on random number unknown
CN104917608A (en) * 2015-05-19 2015-09-16 清华大学 Key anti-power attack method
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN108039947A (en) * 2017-12-05 2018-05-15 飞天诚信科技股份有限公司 A kind of SM2 endorsement methods using coprocessor attack resistance
CN108667626A (en) * 2018-07-20 2018-10-16 陕西师范大学 The two sides cooperation SM2 endorsement methods of safety

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
XIAOWEI HAN: "Algorithm-Based Countermeasures against Power Analysis Attacks for Public-Key Cryptography SM2", 《 2014 TENTH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111211886A (en) * 2020-04-20 2020-05-29 成都信息工程大学 Energy analysis detection method for SM2 decryption algorithm
CN111211886B (en) * 2020-04-20 2020-07-14 成都信息工程大学 Energy analysis detection method for SM2 decryption algorithm
CN111835518A (en) * 2020-07-10 2020-10-27 中金金融认证中心有限公司 Error injection method and system in security evaluation of elliptic curve public key cryptographic algorithm
CN111835518B (en) * 2020-07-10 2024-02-23 中金金融认证中心有限公司 Error injection method and system in elliptic curve public key cryptographic algorithm security assessment
CN112532373A (en) * 2020-11-24 2021-03-19 中国电力科学研究院有限公司 Differential fault analysis method, system and storage medium for stream cipher algorithm
CN112532373B (en) * 2020-11-24 2023-08-25 中国电力科学研究院有限公司 Differential fault analysis method, system and storage medium for stream cipher algorithm
WO2023151171A1 (en) * 2022-02-10 2023-08-17 中国科学院信息工程研究所 Elliptic curve digital signature calculation method resistant to memory information leakage attacks, and apparatus

Also Published As

Publication number Publication date
CN109600232B (en) 2021-08-06

Similar Documents

Publication Publication Date Title
CN109600232A (en) For attack verifying, means of defence and the device of SM2 signature algorithm
Al-Zubaidie et al. Efficient and secure ECDSA algorithm and its applications: A survey
CN110457898B (en) Operation record storage method, device and equipment based on trusted execution environment
JP6366595B2 (en) Method and system for anti-glitch cryptographic discrete log-based signature
CN109818730B (en) Blind signature acquisition method and device and server
EP3457619B1 (en) Nonce to message binding in digital signature generation
US10805090B1 (en) Address whitelisting using public/private keys and ring signature
JP2012129993A (en) Cryptographic device protection method and protection system
Yuchuan et al. Enable data dynamics for algebraic signatures based remote data possession checking in the cloud storage
US20200119918A1 (en) Elliptic curve point multiplication device and method in a white-box context
CN111835518B (en) Error injection method and system in elliptic curve public key cryptographic algorithm security assessment
US20160149708A1 (en) Electronic signature system
JP2011530093A (en) Solutions to protect power-based encryption
BR112013012216B1 (en) protection against passive eavesdropping
US20220237287A1 (en) Method for Securing Against Fault Attacks a Verification Algorithm of a Digital Signature of a Message
Diaz et al. A formal methodology for integral security design and verification of network protocols
Luo et al. Differential fault analysis of SHA-3 under relaxed fault models
WO2024036833A1 (en) Method and apparatus for attacking elliptic curve digital signature algorithm, and device and storage medium
CN117195306A (en) Malicious participation behavior detection method based on multiparty energy data privacy calculation
EP3814963B1 (en) Method and apparatus for attestation
Zhang et al. Side‐Channel Attacks and Countermeasures for Identity‐Based Cryptographic Algorithm SM9
Fal’ Standardization in information technology security
US10354065B2 (en) Method for protecting data and data processing device
EP2940917A1 (en) Behavioral fingerprint in a white-box implementation
US10305678B2 (en) Imbalanced montgomery ladder

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant