CN110401627A - A kind of resisting differential fault attacks security assessment method and system suitable for block cipher protection against infection - Google Patents

A kind of resisting differential fault attacks security assessment method and system suitable for block cipher protection against infection Download PDF

Info

Publication number
CN110401627A
CN110401627A CN201910194486.XA CN201910194486A CN110401627A CN 110401627 A CN110401627 A CN 110401627A CN 201910194486 A CN201910194486 A CN 201910194486A CN 110401627 A CN110401627 A CN 110401627A
Authority
CN
China
Prior art keywords
infection
protection against
comentropy
against infection
difference
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910194486.XA
Other languages
Chinese (zh)
Other versions
CN110401627B (en
Inventor
冯婧怡
陈华
焦志鹏
匡晓云
习伟
范丽敏
张立武
于杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Software of CAS
CSG Electric Power Research Institute
Research Institute of Southern Power Grid Co Ltd
Original Assignee
Institute of Software of CAS
Research Institute of Southern Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Software of CAS, Research Institute of Southern Power Grid Co Ltd filed Critical Institute of Software of CAS
Publication of CN110401627A publication Critical patent/CN110401627A/en
Application granted granted Critical
Publication of CN110401627B publication Critical patent/CN110401627B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of resisting differential fault attacks security assessment methods and system suitable for block cipher protection against infection.The method include the steps that 1) calculate the prior information of original cipher text difference according to block cipher, direct fault location target median and fault model;2) numerical value of the comentropy in protection against infection to be assessed is calculated;3) according to block cipher, direct fault location target median and fault model, the numerical value lower bound of the comentropy in safe protection against infection is calculated;4) by comparing the numerical value of comentropy in protection against infection to be assessed and the relationship of the numerical value lower bound, determine the safety of protection against infection to be assessed.This method is made evaluation process independently of specific key recovery strategy, is kept assessment result more accurate with the safety of comentropy measurement protection against infection.This method will infect function and separate from the realization of the block cipher of protection against infection simultaneously, so that assessment is common to a variety of different protection against infection, and improve assessment efficiency.

Description

A kind of resisting differential fault attacks safety suitable for block cipher protection against infection Appraisal procedure and system
Technical field
The present invention relates to information security cryptanalysis and protection field, in particular to a kind of assessment block ciphers The method and system of the resisting differential fault attacks safety of protection against infection.
Background technique
Symmetric cryptography is the cipher system that communicating pair shares the same privacy key.Wherein block cipher is a kind of Widely used symmetric cryptography.The common structure of block cipher has Feistel structure, SP structure etc., and password becomes in algorithm The design of exchange the letters number usually follows the principle of sound accounting obscured and spread, and by take turns more iterative operation can resist it is existing All theoretical analysis methods, such as difference analysis, linear analysis, integral attack and interpolation attack etc..Wherein, S box is grouping Widely used Nonlinear aliasling module in cryptographic algorithm.Block cipher has that the speed of service is fast, is easy to standardize and just In software and hardware realize the characteristics of, be suitable for various embedded system application scenarios.Currently, for the theory point of block cipher It is very rich to analyse achievement.
Fault attacks are that a kind of common password realizes analysis method.Its feasibility is crypto chip, embedded close The normal operation that the passwords such as code module are realized is dependent on environmental factors such as stable and suitable power supply, clock, temperature.Work as attacker Can change environmental factor makes it be more than certain threshold value, can cause encryption failure.The additional information leaked in failure ciphering process It can be used for key recovery.Due to generating the mode multiplicity of failure, fault type is abundant, and key recovery method is flexible and complexity is bright Aobvious to be lower than conventional cipher analysis method, fault attacks cause very big threat to the application that password is realized.Experiment shows Suo Youwei The password of addition safeguard procedures realizes the risk being all destroyed in the presence of normal operation.Fault-resistant attack protection has become password system One of the important content for security evaluation of uniting.Such as the crypto module safety post in American National Standard technical research institute NIST publication In quasi- FIPS 140-3, physical security part is required comprising the safeguard procedures for fault attacks.In the GM/ of China's publication In T0008-2012 " safety chip password detection criteria ", the crypto chip for being also distinctly claimed in high safety grade, which should have, to be resisted The ability of fault attacks.
Differential fault attack (Differential Fault Analysis, DFA) for block cipher is 1997 What year was put forward for the first time by Biham and Shamir.The precondition of differential fault attack is that identical key can be used in attacker Phase isolog is encrypted twice respectively, it is primary for correct encryption, correct ciphertext is exported, is injected in ciphering process for another time Failure encrypts for failure, exports failure ciphertext.Attacker is right in the case where understanding direct fault location target and direct fault location model The combination of correct and failure ciphertext carries out difference analysis, restores key involved in fault propagation process, therefore referred to as difference event Barrier analysis.Because of its versatility, validity, differential fault attack has been successfully applied on nearly all block cipher, until It is currently still most common fault attacks method.
Direct fault location used in differential fault attack includes two classes: changing the failure of encryption flow and changes among encryption The failure of value.In the direct fault location for changing encryption median, direct fault location model e reflects failure median and correct intermediate The numerical value of position and failure of the relationship, failure bit width, failure of value in median.The scattering nature of block cipher Determine the failure expansion in the propagation path and original cipher text difference in block cipher of the direct fault location model e for median Dissipate bit width.
Optimal DFA is a kind of differential fault attack method based on information theory, suitable for changing encryption median Direct fault location.Based on this method, attacker can estimate needed for the whole keys of recovery without designing specific key recovery strategy Direct fault location number lower bound.The principle of Optimal DFA be according to direct fault location target median, direct fault location model e with And the key information entropy that the difference profile feature calculation primary fault injection of non-linear S box leaks in block cipher.
Fig. 1 provides a block cipher encryption frame using n-bit S box.Median X handles to obtain by S box Y, then output Z is obtained with key K exclusive or.The input injection failure of S box is equivalent to and uses two different input X to it1, X2 =Cryptographic calculation twice is carried out using identical key K, wherein Δ X is Differential Input, it corresponds to the event of injection The numerical value of barrier.And attacker can only observe corresponding encryption output Z1,Wherein Δ Y indicates Z1And Z2's Difference value, Δ Y be also equivalent to encrypt twice in S box processing result Y1And Y2Difference value.If x1, x2, Δ x and k be respectively certain two X in secondary actual encrypted1, X2, the specific value of Δ X and K.If y1, y2, z1, z2It is Y during this is encrypted twice with Δ y1, Y2, Z1, Z2With The corresponding specific value of Δ Y.Because of (x1, x2, k) and (z1, z2, k) between there are one-to-one relationships, so H (K, X1, X2) =H (K, Z1, Z2), wherein H () indicates comentropy, represents the uncertainty of variable.And then it can deduce and be exported in known encryption Z1, Z2When, the conditional entropy about key:
H(K|Z1, Z2)=H (X1, X2| Δ Y) and=H (Δ X | Δ Y)+H (X1| Δ X, Δ Y)
The calculation formula of conditional entropy H (A | B) is as follows.Wherein B is known variables, and A is known variables to be asked, P () is probability.B is a specific value of B, and the probability of B=b is P (b).A is a specific value of A, in known B=b Under conditions of, the probability of A=a is P (a | b).
H (K | Z1, Z2) in, H (X1| Δ X, Δ Y) it can be calculated by the difference profile meter of S box.Given (Δ X, Δ Y) one A specific value (Δ x, Δ y), it is assumed that it is p that they, which are the probability of legal differential input and output,.Each legal (Δ x, Δ y) approximation Occur with equal probabilities.So for each is legal (Δ x, Δ y) there are aboutA possible input value, it is corresponding each defeated Enter value x1Probability P (the x of appearance1| Δ x, Δ y) ≈ p.Therefore H (X1| Δ X, Δ Y) ≈-log p bit.In addition, H (Δ X | Δ Y)=H (Δ X, Δ Y)-H (Δ Y).Assuming that the input X of S box1It is evenly distributed on set { 0,1 }nIn, and the Differential Input Δ X of S box It is evenly distributed on setIn, then difference output Δ Y is evenly distributed on set { 0,1 }nIn, H (Δ Y) ≈ n-bit. Because of the specific value of each of (Δ X, Δ Y) (Δ x, Δ y) are that the probability of legal differential input and output is p, so H (Δ X, ΔY)≈log(|χ|×2n× p) bit, wherein | χ | indicate the size of set χ.In conclusion H (K | Z1, Z2) ≈ log | χ | ratio The lower bound that spy, i.e. primary fault inject the key information entropy of leakage is about I (K, Z1, Z2)=H (K)-H (K | Z1, Z2)≈n-log| χ | bit.For entire block cipher, the size of the set χ where Δ X is determined by the uncertainty of direct fault location model e Fixed, n is equal to the uncertainty of key K involved in fault propagation process.Therefore key K involved in fault propagation process, just The mutual information of true ciphertext C and original cipher text difference delta C are as follows:
Protection against infection is a kind of general fault attacks safeguard procedures, and block cipher resistance Differential fault can be improved and attack The ability hit.Its preventing principle is the obfuscated manner for being randomized failure in ciphering process, expands the coverage of failure, from And failure invariant is eliminated, increase the difficulty for restoring key from failure ciphertext.Block cipher protection against infection is realized such as Fig. 2 institute Show.
Block cipher protection against infection, which is realized, needs to introduce additional redundancy encrypting module and infection function.Redundancy encrypting module Construction it is identical with original encryption module.It is defeated to original encryption module and redundancy encrypting module first in protection encryption Enter identical plaintext, is encrypted twice using identical key;Then exclusive or is carried out to original encryption and redundancy encrypted result, Obtain original cipher text difference delta C;Next Δ C is inputted into infection function, obtains output I (Δ C);It finally will infection function output I (Δ C) exclusive or is into original encryption ciphertext, as infection ciphertext CfFinal output.
The construction of infection function needs to meet two conditions.Firstly, to guarantee that infection ciphertext is equal to when fault-free is injected Correct ciphertext, it is desirable that infection function meets the mapping relations that input is 0 for 0 output.Secondly, it is desirable that infected in faulty injection Ciphertext and primary fault ciphertext are as unrelated as possible, so can usually introduce random number R in infection function.Infect the mathematics of function Expression formula is as follows:
Wherein F indicates to take random number R as the function for inputting parameter.Due to resource constraint, the construction for infecting function usually compares It is relatively simple.As shown in figure 3, existing infection most of function can make to input using the operation of certain certainty first it is non-in Δ C Zero bit is spread apart, finally defeated in infection function then using a series of random operation ambiguity function inputs for introducing random number Carrying out a certainty operation before out again spreads the operation result of random operation further.
It infects in function, certainty operation is not required operation.And random operation is necessary in infection function, and most Part and parcel is that they ensure that the safety for infecting function.In the infection function that one is made of N number of random operation, The input of different random operation and the random number bit used are independently of each other without intersection.The input of i-th of random operation, Output, random bit can be denoted as: ini, outiAnd ri.In existing infection function, the building method of random operation includes: random 2 Status switch, random number bit and operation, in GF (28) on random number multiplying, the random difference S box operation of input etc. Deng.
Under the conditions of differential fault attack, identical plaintext may be reused in attacker and key is repeatedly encrypted, Obtain the infection ciphertext C under the correct ciphertext C and faulty situation in the case of fault-free is injectedf.In the feelings of single failure injection Under condition, one in the encryption of original or redundancy can be only influenced for the direct fault location of operation median.Remember block cipher infection Protection the infection ciphertext of final output and difference of correct ciphertext in faulty injection areIt is called sense Contaminate ciphertext difference.When failure only influences original encryption, ciphertext difference is infectedWhen failure only influences redundancy When encryption, infect ciphertext difference delta F=I (Δ C).
Currently, having a small amount of work, these works in terms of the safety for how assessing protection against infection resisting differential fault attacks Work can be divided into two major classes.One kind restores original cipher text difference delta C and key to protection against infection design differential fault attack method K measures safety by calculating attack complexity.The assessment result of such methods depends on specific key recovery strategy, attacks The individualized selection for hitting strategy leads to the accuracy existing defects of assessment, and the proposition of novel attack method is overthrown again and again previous Assessment result.The another kind of mutual information I (K by computation key K and infection ciphertext difference delta F;Δ F) measurement protection against infection peace Quan Xing, as I (K;Δ F)=0 when think protection safety.After block cipher and infection function in given protection against infection, K and The calculation formula of the mutual information of Δ F is as follows,
Assessment result based on mutual information is independently of key recovery strategy.I (K is obtained based on above-mentioned formula;Δ F) numerical value and Assessment result is very accurate.But probability value P (k | in terms of Δ f) calculating, except through it is exhaustive in plain text, key and injection failure Numerical value counts Δ f and (k, the frequency of occurrence of Δ f) comes outside prediction probability value, and there is no general calculation methods at present.Due to poor The complexity of act can usually exceed current Computing ability, therefore the formula can not be actually used in the sense for assessing certain complexity Dye protection.In addition, this method assesses block cipher and infection function as a whole.Do not change block cipher and In the case where direct fault location scene, if you need to assess multiple protection against infection using different infection functions, then require every time from the beginning Start primary completely new assessment, therefore it is lower to assess efficiency.
Summary of the invention
The invention proposes a kind of methods of resisting differential fault attacks safety for assessing block cipher protection against infection. This method is for the direct fault location for changing block cipher median.This method is made with the safety of comentropy measurement protection against infection Evaluation process provides the accuracy of high assessment result independently of specific key recovery strategy.This method will infect function simultaneously It is separated from the realization of block cipher protection against infection, assessment is made to be common to a variety of protection against infection using different infection functions, And improve assessment efficiency.
In order to achieve the above objectives, the present invention is to give original cipher text difference prior information Δ CpWith infection ciphertext difference delta F Under the conditions of original cipher text difference delta C comentropy H (Δ C | Δ Cp, Δ F) and security metrics as protection against infection.Entire assessment Method includes four parts:
1) according to block cipher, direct fault location target median and fault model e, original cipher text difference delta C is calculated Prior information Δ Cp
2) calculate in protection against infection to be assessed comentropy H (Δ C | Δ Cp, Δ F) numerical value;
3) it according to block cipher, direct fault location target median and fault model e, calculates in safe protection against infection Comentropy H (Δ C | Δ Cp, Δ F) numerical value lower bound Le
4) by comparing comentropy H in protection against infection to be assessed (Δ C | Δ Cp, Δ F) numerical value and LeRelationship, determine to Assess the safety of protection against infection.
Preferably, each step in the above method is realized in the following ways:
1) it for the direct fault location for block cipher median, is analyzed according to direct fault location target median and model e Propagation condition of the failure in block cipher calculates the lower bound of 0 number of bits in original cipher text difference delta C, poor as original cipher text The prior information Δ C dividedp:
The failure relatively narrow close to the failure or model width of ciphertext for certain injection target medians, when fault propagation arrives It is not spread completely when original cipher text difference delta C, then partial bit is 0 in Δ C.The block cipher for being D for grouping width, The lower bound of 0 number of bits is equal to the difference of fault pervasion bit width in D and Δ C in original cipher text difference delta C;
For certain injection failure or model width wider failures of the target median far from ciphertext, when fault propagation arrives It is spread completely when original cipher text difference delta C, then the lower bound of 0 number of bits is 0 in Δ C.
It is the prior art of this field about the lower bound for calculating 0 number of bits in original cipher text difference delta C, herein not superfluous It states.
2) calculate in protection against infection to be assessed comentropy H (Δ C | Δ Cp, Δ F) numerical value:
It infects ciphertext difference delta F to be equal to correct ciphertext C and infect the exclusive or value of ciphertext C ', there are two types of possible construction shapes Formula: when direct fault location is when redundancy encrypts, infection ciphertext difference delta F is equal to the output I (Δ C) of infection function;Work as direct fault location In original encryption, infection ciphertext difference delta F is equal to original cipher text difference and infects the exclusive or value of ciphertext difference
2.1) as Δ F=I (Δ C),
It is the identical random operation of N number of structure by the infection function decomposition in protection against infection to be assessed.It is required that any two Random number bit used in random operation is without intersection, input bit without intersection;It is required that the input in of all random operationsiWith sense Contaminating between input, that is, original cipher text difference delta C of function is known certainty linear mapping relation;It is required that all random operations Output outiIt is known certainty mapping relations between the output I (Δ C) of infection function;Wherein i=1 to N;
For i-th of random operation, according to the input in of random operationiWith the Linear Mapping of the input Δ C of infection function Relationship, by Δ C prior information Δ CpIt is mapped as iniPrior informationAccording to the output out of random operationiWith infection function Output I (Δ C) mapping relations, I (Δ C) is mapped as outiPrior informationWherein i=1 to N;
For i-th of random operation, based on prior informationRange exhaustionT kind it is possible Numerical value.According to the randomness of block cipher and infection function, each numerical value is calculatedProbability of occurrence Ps; It is calculated based on each numerical value and inputs in about random operationiComentropyTo calculateWherein i=1 to N, s=1 to t;
It calculates
2.2) whenWhen,
It is the identical random operation of M structure by the infection function decomposition in protection against infection to be assessed.It is required that any two Random number bit used in random operation is without intersection, input bit without intersection;It is required that the input of all random operationsWith sense Contaminating between input, that is, original cipher text difference delta C of function is known certainty mapping relations;It is required that all random operations is defeated OutIt is known certainty linear mapping relation between the output I (Δ C) of infection function;Wherein j=1 to M;
According to the prior information Δ C of the input Δ C of infection functionpWith infection ciphertext difference delta F, the defeated of infection function is calculated The prior information I (Δ C) of I (Δ C) outp, i.e. numerical value in I (Δ C) with the bit of 0 bit exclusive or in Δ C, they are equal to Δ F Numerical value on corresponding bits position.
For j-th of random operation, according to the input of random operationWith infection function input Δ C mapping relations, By the prior information Δ C of Δ CpIt is mapped asPrior informationAccording to the output of random operationWith infection function it is defeated Out, prior information I (Δ C) p of I (Δ C) is mapped as by the linear mapping relation of (Δ C)Prior informationWherein J=1 to M;
For j-th of random operation, based on prior informationRange exhaustionV kind it is possible Numerical value.According to the randomness of block cipher and infection function, each numerical value is calculatedProbability of occurrence Pw; It is calculated based on each numerical value and is exported about j-th of random operationComentropyTo count It calculatesWherein j=1 to M, w=1 to v;
It calculates
The comentropy of original cipher text difference delta C in protection against infection are as follows:
3) it according to block cipher, direct fault location target median and fault model e, is analyzed using optimal DFA Method calculate in safe protection against infection comentropy H (Δ C | Δ Cp, Δ F) numerical value lower bound Le=I (K, Δ C, C) ≈ n-H (e), Wherein n is equal to the uncertainty of key K involved in fault propagation process, and H (e) indicates the uncertainty of fault model.
4) judgment step 2) obtain comentropy H (Δ C | Δ Cp, Δ F) whether it is less than Le, if so, block cipher is close Key information can leak, and determine that protection against infection is dangerous under direct fault location target median and fault model e;If it is not, then Determine that protection against infection may safety under direct fault location target median and fault model e.
Accordingly with above method, the present invention also provides a kind of resisting differential events suitable for block cipher protection against infection Barrier attack safety evaluation system, the differential fault attack include at least direct fault location target median and fault model, institute The system of stating includes:
Prior information computing module is responsible for according to the block cipher, the direct fault location target median and institute Fault model is stated, the prior information of original cipher text difference is calculated;
Comentropy computing module, the priori for being responsible for the original cipher text difference obtained using the prior information computing module are believed Breath, and infection ciphertext difference, calculate the comentropy of original cipher text difference in protection against infection to be assessed;
Comentropy lower bound computing module, be responsible for according to the block cipher, the direct fault location target median and The fault model calculates the comentropy lower bound of original cipher text difference in the safe protection against infection for not revealing key information;
Safety determination module, be responsible for the numerical value of the comentropy obtained by comparing the comentropy computing module with it is described The relationship for the comentropy lower bound that comentropy lower bound computing module obtains, determines the safety of protection against infection to be assessed.
Compared to the prior art, the present invention has the advantage that
1. the present invention is directed to block cipher protection against infection, a kind of assessment side of resisting differential fault attacks safety is proposed Method, using this method can it is more acurrate, more efficiently assess protection against infection;
2. it is different from the existing appraisal procedure that the safety of protection against infection is measured with differential fault attack complexity, this The appraisal procedure of invention makes evaluation process independently of specific attack method and key with the safety of comentropy measurement protection against infection Recovery policy keeps assessment result more accurate;
3. being different from the existing mutual information I (K with key K and infection ciphertext difference delta F;Δ F) measurement protection against infection The appraisal procedure of safety, appraisal procedure of the invention will infect function and separate from the realization of block cipher protection against infection, To give original cipher text difference prior information Δ CpWith the comentropy H of original cipher text difference delta C under the conditions of infection ciphertext difference delta F (ΔC|ΔCp, Δ F) and security metrics as protection against infection, it calculates by existing optimal DFA analysis method in safety Comentropy H in protection against infection (Δ C | Δ Cp, Δ F) numerical value lower bound Le, improve assessment efficiency;
4. comentropy H that the present invention uses (Δ C | Δ Cp, Δ F) and calculation method considers two kinds of different configurations of Δ F, makes Assessment result is more comprehensively;
5. comentropy H that the present invention uses (Δ C | Δ Cp, Δ F) calculation method infection function is split into it is multiple simple Random operation, improve comentropy H (Δ C | Δ Cp, Δ F) computability, improve appraisal procedure to using different infection letters The versatility of several protection against infection.
Detailed description of the invention
Fig. 1 is to encrypt schematic diagram using the block cipher of n-bit S box;
Fig. 2 is block cipher protection against infection realization figure;
Fig. 3 is infection construction of function figure;
Fig. 4 is the infection functional arrangement based on random 2 status switch construction;
Fig. 5 is the flow chart of the method for the present invention.
Specific embodiment
The present invention will be further described in detail with an example with reference to the accompanying drawing, but does not limit this in any way The range of invention.
In embodiment, it using AES-128 as block cipher, is inputted using wheel second from the bottom as among direct fault location target Value overturns failure as fault model e using position and all random unknown single byte of numerical value, is used by assessment as shown in Figure 4 The protection against infection of infection function illustrate effectiveness of the invention.
Infection function in Fig. 4 mainly includes four parts: the input of 128 bit output qualitative non-linear is grasped really Make A, the certainty linear bit replacement operator B of a 128 bits input output, random 2 shape of 64 2 bits input output State switch operation (C1, C2..., C64), the certainty linear bit replacement operator D of a 128 bits input output.As Δ C When=0, certainty nonlinear operation A exports (0000...00);As Δ C ≠ 0, A exports (1010 ... 10), Hamming weight 64, And the Hamming weight for eventually leading to infection function output I (Δ C) is 64.Certainty linear bit replacement operator B and D only change not With the position of bit, substitute mode is random but it is known that the Hamming weight of operation input value and the Hamming weight of output valve are consistent.The I random 2 status switches operate CiThe ith bit r by random number RiControl, its 2 bits output haveProbability is directly equal to it 2 bits input, haveProbability intersects the 2 bits input for being equal to it, and operation input value is consistent with the Hamming weight of output valve.
Evaluation process is as shown in Figure 5, comprising the following steps:
1) according to the propagation characteristic for being infused in AES-128 wheel input single byte failure second from the bottom, fault pervasion is obtained to original 4 bytes in beginning ciphertext difference delta C.It is 128 bits that AES-128, which is grouped width, therefore the lower bound of 0 number of bits is in Δ C 128-8 × 4=96, as original cipher text difference prior information Δ Cp
2) calculate in protection against infection to be assessed comentropy H (Δ C | Δ Cp, Δ F) numerical value:
2.1) when direct fault location redundancy encrypt when, infect ciphertext difference delta F=I (Δ C).It is non-thread with certainty in Fig. 4 Property operation A, certainty linear bit replacement operator B and the input of 64 2 bits random 2 status switch of output operate (C1, C2..., C64) collectively as the random operation of infection function.At this point, only including N=1 random operation in infection function, meet Condition: being that known certainty is linearly reflected between the input of random operation and input, that is, original cipher text difference delta C of infection function Relationship is penetrated, is known certainty mapping relations between the output of random operation and the output I (Δ C) of infection function.
The input in of random operation1Prior informationFor Δ C ≠ 0, and 96 0 bits are included at least in Δ C;Random behaviour The output out of work1Prior informationFor out1Numerical value, can be derived by the output I (Δ C) of infection function, value range Belong to { 0,1 }128, and out1Hamming weight be 64.
Therefore prior information has t=C (128,64) to plant different values, every kind of valueThe probability of appearance is approximate It is equal,
Because certainty nonlinear operation A always exports (1010 ... 10) in Δ C ≠ 0, for appointing for prior information What valueS=1 to t.Therefore
It can obtain
2.2) when direct fault location is in original encryption, ciphertext difference is infectedIt is defeated with 2 bits in Fig. 4 Enter output random 2 status switch operation CjAs the random operation of infection function, j=1 to 64.At this point, in infection function only Comprising M=64 random operation, meet condition: the random number bit that any two random operation uses is without intersection, input bit It is that known certainty maps without intersection, between the input of random operation and input, that is, original cipher text difference delta C of infection function Relationship is known certainty linear mapping relation between the output of random operation and the output I (Δ C) of infection function.
Because including at least 96 0 bits in Δ C, then the number in I (Δ C) with the bit of this 96 0 bit exclusive or in Δ C Value is equal to numerical value of the Δ F on corresponding bits position, i.e. prior information I (Δ C)pTo there is 96 known bits in I (Δ C).
Because of Δ C ≠ 0, and certainty nonlinear operation A always exports (1010 ... 10) in Δ C ≠ 0, thus j-th with The input of machine operationPrior informationFor known 2 bit and value is evenly distributed;The output of random operation's Prior informationFor known 2 bit and value is evenly distributed or known 1 bit and value are evenly distributed, or without priori Information.
WhenFor known 2 bit,When for known 2 bit, prior information has the possible value of v=6 kind.W= When 1 to 6, the value of prior informationFor (00,00), (01,01), (01,10), (10,10), (10,01) and (11,11), probability of occurrence PwRespectivelyWithFor any valueW=1 to 6.Therefore
WhenFor known 2 bit,When for known 1 bit, prior information has the possible value of v=6 kind.W= When 1 to 6, the value of prior informationFor (00,0), (01,0), (01,1), (10,0), (10,1) and (11,1), Probability of occurrence PwRespectivelyWithFor any valueW=1 to 6.Therefore
WhenFor known 2 bit, nothingWhen information, prior information has the possible value of v=4 kind.When w=1 to 4, The value of prior informationFor (00), (01), (10) and (11), probability of occurrence PwRespectivelyWithFor value (00),For value (01),It is right In value (10),For value (11), Therefore
According to prior information I (Δ C)p: there are 96 known bits in I (Δ C), the priori of j-th of random operation can be calculated Information meetsFor known 2 bit,Probability for the random operation of known 2 bit isMeetFor Known 2 bit,Probability for the random operation of known 1 bit isMeetFor known 2 bit, nothingThe probability of the random operation of information isTherefore, in M=64 random operation, the number of above three generic operation For above-mentioned probability and 64 product.
It can obtain
The comentropy of original cipher text difference delta C in protection against infection to be assessed are as follows:
3) according to the propagation characteristic for being infused in AES-128 wheel input single byte failure second from the bottom, fault propagation process is obtained Involved in key K uncertainty be n=32 bit.Because of the width of fault model e in the failure median of 128 bit widths Degree is 8 bits, and position and numerical value are unknown at random, so the uncertainty of failure is Using optimal DFA analysis method calculate in safe protection against infection comentropy H (Δ C | Δ Cp, Δ F) numerical value lower bound be Le =I (K, Δ C, C) ≈ n-H (e)=32-12=20 bit.
4) because of 1.95 < 20, i.e. H (Δ C | Δ Cp, Δ F) and < Le, so anti-using the infection of infection function shown in Fig. 4 Shield, it is dangerous for the abort situation and the random unknown single byte failure of numerical value that are infused in AES-128 wheel input second from the bottom.
Another embodiment of the present invention provides a kind of resisting differential fault attacks peaces suitable for block cipher protection against infection Full property assessment system, the differential fault attack include at least direct fault location target median and fault model, the system packet It includes:
Prior information computing module is responsible for according to the block cipher, the direct fault location target median and institute Fault model is stated, the prior information of original cipher text difference is calculated;
Comentropy computing module, the priori for being responsible for the original cipher text difference obtained using the prior information computing module are believed Breath, and infection ciphertext difference, calculate the comentropy of original cipher text difference in protection against infection to be assessed;
Comentropy lower bound computing module, be responsible for according to the block cipher, the direct fault location target median and The fault model calculates the comentropy lower bound of original cipher text difference in the safe protection against infection for not revealing key information;
Safety determination module, be responsible for the numerical value of the comentropy obtained by comparing the comentropy computing module with it is described The relationship for the comentropy lower bound that comentropy lower bound computing module obtains, determines the safety of protection against infection to be assessed.
The specific embodiment of detailed description above has been used for the purpose of to understand what the present invention used more preferable, and the present invention is not It is confined to this, persons skilled in the art can be with disclosure according to the present invention, using other numerous embodiments come real The present invention is applied, for example can be implemented in form of a computer software product, which is stored in a storage In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, server etc.) execute method of the invention;It is all using design structure and thinking of the invention, it is wanted not departing from right The transformation and substitution for seeking range, belong to protection scope of the present invention.

Claims (10)

1. a kind of resisting differential fault attacks security assessment method suitable for block cipher protection against infection, the difference event Barrier attack includes at least direct fault location target median and fault model, which is characterized in that the described method comprises the following steps:
1) according to the block cipher, the direct fault location target median and the fault model, original cipher text is calculated The prior information of difference;
2) prior information of the original cipher text difference obtained using step 1), and infection ciphertext difference, calculate infection to be assessed The comentropy of original cipher text difference in protection;
3) according to the block cipher, the direct fault location target median and the fault model, calculating is not being revealed In the safe protection against infection of key information, the comentropy lower bound of original cipher text difference;
4) relationship for the comentropy lower bound that the numerical value of the comentropy obtained by comparing step 2) and step 3) obtain determines to be evaluated Estimate the safety of protection against infection.
2. the method as described in claim 1, which is characterized in that the method for the prior information of the calculating original cipher text difference Are as follows: according to the direct fault location target median and fault model, analyze propagation road of the failure in the block cipher Diameter calculates the lower bound of 0 number of bits in original cipher text difference.
3. the method as described in claim 1, which is characterized in that the infection ciphertext difference is equal to correct ciphertext and infection ciphertext Exclusive or value.
4. the method as described in claim 1, which is characterized in that according to the composition difference of the infection ciphertext difference, the meter The comentropy for calculating original cipher text difference in protection against infection is divided into two methods.
5. method as claimed in claim 4, which is characterized in that prevent when the infection ciphertext difference is equal to the infection to be assessed When the output of the infection function in shield, the method for calculating the comentropy of original cipher text difference in protection against infection are as follows:
It 1) is the identical random operation of N number of structure by the infection function decomposition in the protection against infection to be assessed, it is desirable that any two Random number bit used in a random operation is without intersection, input bit without intersection, it is desirable that the input and sense of all random operations Contaminating between input, that is, original cipher text difference delta C of function is known certainty linear mapping relation, it is desirable that all random operations Output and the output I (Δ C) of infection function between be known to certainty mapping relations;
2) the prior information Δ C of the input Δ C of function will be infectedpIt is mapped as the input in of i-th of random operationiPrior informationThe output I (Δ C) for infecting function is mapped as to the output out of i-th of random operationiPrior informationWherein i=1 To N;
3) it calculates i-th of random operation and inputs iniComentropy
4) comentropy of original cipher text difference delta C in protection against infection is calculated
6. method as claimed in claim 5, which is characterized in that prevent when the infection ciphertext difference is equal to the infection to be assessed When the exclusive or value of original cipher text difference and infection function output in shield, the letter for calculating original cipher text difference in protection against infection Cease the method for entropy are as follows:
It 1) is the identical random operation of M structure by the infection function decomposition in the protection against infection, it is desirable that any two are random Random number bit used in operation is without intersection, input bit without intersection, it is desirable that the input of all random operations and infection function Input, that is, original cipher text difference delta C between be known certainty mapping relations, it is desirable that the output and sense of all random operations Contaminating between the output I (Δ C) of function is known certainty linear mapping relation;
2) according to the prior information Δ C of the input Δ C of infection functionpWith infection ciphertext difference delta F, the output I of infection function is calculated The prior information I (Δ C) of (Δ C)p
3) the prior information Δ C of the input Δ C of function will be infectedpIt is mapped as the input of j-th of random operationPrior informationThe prior information I (Δ C) of the output I (Δ C) of function will be infectedp, it is mapped as the output of j-th of random operationElder generation Test informationWherein j=1 to M;
4) comentropy of the output of j-th of random operation is calculated
5) comentropy of original cipher text difference delta C in protection against infection is calculated
7. method as claimed in claim 6, which is characterized in that the comentropy of original cipher text difference delta C in the protection against infection Are as follows: H (Δ C | Δ Cp, Δ F) and=min { H (Δ C | Δ Cp,I(ΔC)),H(ΔC|ΔCp,ΔC⊕I(ΔC)}。
8. the method as described in claim 1, which is characterized in that the method for calculating the comentropy lower bound of the original cipher text difference Are as follows: according to the block cipher, the direct fault location target median and the fault model, utilize optimal DFA Analysis method calculates the mutual information L of key K, original cipher text difference delta C and correct ciphertext C involved in fault propagation processe= I (K, Δ C, C), i.e. comentropy lower bound.
9. the method as described in claim 1, which is characterized in that step 4) judgment step 2) whether obtained comentropy be less than step The rapid comentropy lower bound 3) obtained determines the protection against infection if so, the key information of the block cipher can leak It is dangerous under the direct fault location target median and the fault model;If it is not, then determining protection against infection in the failure Injecting under target median and the fault model may safety.
10. a kind of resisting differential fault attacks safety evaluation system suitable for block cipher protection against infection, the difference Fault attacks include at least direct fault location target median and fault model, which is characterized in that the system comprises:
Prior information computing module is responsible for according to the block cipher, the direct fault location target median and the event Hinder model, calculates the prior information of original cipher text difference;
Comentropy computing module is responsible for the prior information of the original cipher text difference obtained using the prior information computing module, And infection ciphertext difference, calculate the comentropy of original cipher text difference in protection against infection to be assessed;
Comentropy lower bound computing module is responsible for according to the block cipher, the direct fault location target median and described Fault model calculates the comentropy lower bound of original cipher text difference in the safe protection against infection for not revealing key information;
Safety determination module, the numerical value of the responsible comentropy obtained by comparing the comentropy computing module and the information The relationship for the comentropy lower bound that entropy lower bound computing module obtains, determines the safety of protection against infection to be assessed.
CN201910194486.XA 2019-01-31 2019-03-14 Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection Active CN110401627B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2019101009792 2019-01-31
CN201910100979 2019-01-31

Publications (2)

Publication Number Publication Date
CN110401627A true CN110401627A (en) 2019-11-01
CN110401627B CN110401627B (en) 2020-07-10

Family

ID=68322426

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910194486.XA Active CN110401627B (en) 2019-01-31 2019-03-14 Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection

Country Status (1)

Country Link
CN (1) CN110401627B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111224770A (en) * 2019-12-25 2020-06-02 中国科学院软件研究所 Comprehensive protection method for resisting side channel and fault attack based on threshold technology
CN113014377A (en) * 2021-02-01 2021-06-22 中国科学院软件研究所 Persistent fault attack protection method and device by utilizing bijective characteristic of block cipher S box
CN113206734A (en) * 2021-04-30 2021-08-03 桂林电子科技大学 Method for detecting and resisting differential fault attack
CN113434332A (en) * 2021-05-27 2021-09-24 国家信息技术安全研究中心 Fault propagation-based key recovery method for DES/3DES middle wheel attack
CN114070560A (en) * 2022-01-13 2022-02-18 浙江大学 Algebraic persistent fault analysis method and device for block cipher
CN114095395A (en) * 2021-11-04 2022-02-25 中金金融认证中心有限公司 Method and computer product for analyzing error data generated by fault injection
WO2024092838A1 (en) * 2022-11-04 2024-05-10 华为技术有限公司 Data transmission method and apparatus

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070106896A1 (en) * 2005-11-08 2007-05-10 Sandberg Melanie J Method and system for generating ciphertext and message authentication codes utilizing shared hardware
CN101013938A (en) * 2007-01-12 2007-08-08 广州市诚毅科技软件开发有限公司 Encryption method of block cipher
CN102404108A (en) * 2011-10-25 2012-04-04 宁波大学 Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm
CN103607276A (en) * 2013-12-05 2014-02-26 桂林电子科技大学 Grouping encryption method based on random functions and resisting to known plaintext cipher attacks
CN104158796A (en) * 2014-07-11 2014-11-19 中国科学院信息工程研究所 Method for evaluating block cipher linear attack resistant safety
CN105610568A (en) * 2014-11-21 2016-05-25 南方电网科学研究院有限责任公司 Fault detection method and fault detection device for block cipher algorithm
CN106130712A (en) * 2016-06-14 2016-11-16 刘雷波 A kind of opportunistic infections fault-resistant attack method based on INS network
CN107204841A (en) * 2017-03-14 2017-09-26 中国人民武装警察部队工程大学 A kind of method that many S boxes of the block cipher for resisting differential power attack are realized
US20180198603A1 (en) * 2017-01-11 2018-07-12 Qualcomm Incorporated Lightweight mitigation against first-order probing side-channel attacks on block ciphers

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070106896A1 (en) * 2005-11-08 2007-05-10 Sandberg Melanie J Method and system for generating ciphertext and message authentication codes utilizing shared hardware
CN101013938A (en) * 2007-01-12 2007-08-08 广州市诚毅科技软件开发有限公司 Encryption method of block cipher
CN102404108A (en) * 2011-10-25 2012-04-04 宁波大学 Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm
CN103607276A (en) * 2013-12-05 2014-02-26 桂林电子科技大学 Grouping encryption method based on random functions and resisting to known plaintext cipher attacks
CN104158796A (en) * 2014-07-11 2014-11-19 中国科学院信息工程研究所 Method for evaluating block cipher linear attack resistant safety
CN105610568A (en) * 2014-11-21 2016-05-25 南方电网科学研究院有限责任公司 Fault detection method and fault detection device for block cipher algorithm
CN106130712A (en) * 2016-06-14 2016-11-16 刘雷波 A kind of opportunistic infections fault-resistant attack method based on INS network
US20180198603A1 (en) * 2017-01-11 2018-07-12 Qualcomm Incorporated Lightweight mitigation against first-order probing side-channel attacks on block ciphers
CN107204841A (en) * 2017-03-14 2017-09-26 中国人民武装警察部队工程大学 A kind of method that many S boxes of the block cipher for resisting differential power attack are realized

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG BO ETC.: "Exploration of Benes Network in Cryptographic Processors:A Random Infection Countermeasure for Block Ciphers Against Fault Attacks", 《IEEE》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111224770A (en) * 2019-12-25 2020-06-02 中国科学院软件研究所 Comprehensive protection method for resisting side channel and fault attack based on threshold technology
CN111224770B (en) * 2019-12-25 2021-03-30 中国科学院软件研究所 Comprehensive protection method for resisting side channel and fault attack based on threshold technology
CN113014377A (en) * 2021-02-01 2021-06-22 中国科学院软件研究所 Persistent fault attack protection method and device by utilizing bijective characteristic of block cipher S box
CN113206734A (en) * 2021-04-30 2021-08-03 桂林电子科技大学 Method for detecting and resisting differential fault attack
CN113206734B (en) * 2021-04-30 2022-04-29 桂林电子科技大学 Method for detecting and resisting differential fault attack
CN113434332A (en) * 2021-05-27 2021-09-24 国家信息技术安全研究中心 Fault propagation-based key recovery method for DES/3DES middle wheel attack
CN114095395A (en) * 2021-11-04 2022-02-25 中金金融认证中心有限公司 Method and computer product for analyzing error data generated by fault injection
CN114070560A (en) * 2022-01-13 2022-02-18 浙江大学 Algebraic persistent fault analysis method and device for block cipher
CN114070560B (en) * 2022-01-13 2022-06-24 浙江大学 Algebraic persistent fault analysis method and device for block cipher
WO2024092838A1 (en) * 2022-11-04 2024-05-10 华为技术有限公司 Data transmission method and apparatus

Also Published As

Publication number Publication date
CN110401627B (en) 2020-07-10

Similar Documents

Publication Publication Date Title
CN110401627A (en) A kind of resisting differential fault attacks security assessment method and system suitable for block cipher protection against infection
Malkin et al. A comparative cost/security analysis of fault attack countermeasures
Gierlichs et al. Infective computation and dummy rounds: Fault protection for block ciphers without check-before-output
Saha et al. RK-AES: an improved version of AES using a new key generation process with random keys
CN109417466B (en) Secret key estimation method and device
Shen et al. SAT-based bit-flipping attack on logic encryptions
CN108055120B (en) Method for detecting AES-OTR algorithm to resist differential fault attack
Buriachok et al. Invasion detection model using two-stage criterion of detection of network anomalies
CN103404073B (en) Protection for passive monitoring
Simion The relevance of statistical tests in cryptography
US9544132B2 (en) Cryptographic method for protecting a key hardware register against fault attacks
Baksi et al. Fault attacks in symmetric key cryptosystems
CN111224770B (en) Comprehensive protection method for resisting side channel and fault attack based on threshold technology
EP3188401B1 (en) Method and system for protecting a cryptographic operation
Salam et al. Random differential fault attacks on the lightweight authenticated encryption stream cipher grain-128AEAD
Joshi et al. SSFA: Subset fault analysis of ASCON-128 authenticated cipher
US8958556B2 (en) Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component
Jana et al. Differential Fault Attack on PHOTON-Beetle
Biryukov et al. Two new techniques of side-channel cryptanalysis
Karl et al. A survey on the application of fault analysis on lightweight cryptography
Ziener et al. Configuration tampering of BRAM-based AES implementations on FPGAs
CN106656473B (en) MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm
Karri et al. Parity-based concurrent error detection in symmetric block ciphers
Yu et al. One-sided countermeasures for side-channel attacks can backfire
CN110601818A (en) Method for detecting SMS4 cryptographic algorithm to resist statistical fault attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant