CN110401627A - A kind of resisting differential fault attacks security assessment method and system suitable for block cipher protection against infection - Google Patents
A kind of resisting differential fault attacks security assessment method and system suitable for block cipher protection against infection Download PDFInfo
- Publication number
- CN110401627A CN110401627A CN201910194486.XA CN201910194486A CN110401627A CN 110401627 A CN110401627 A CN 110401627A CN 201910194486 A CN201910194486 A CN 201910194486A CN 110401627 A CN110401627 A CN 110401627A
- Authority
- CN
- China
- Prior art keywords
- infection
- protection against
- comentropy
- against infection
- difference
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of resisting differential fault attacks security assessment methods and system suitable for block cipher protection against infection.The method include the steps that 1) calculate the prior information of original cipher text difference according to block cipher, direct fault location target median and fault model;2) numerical value of the comentropy in protection against infection to be assessed is calculated;3) according to block cipher, direct fault location target median and fault model, the numerical value lower bound of the comentropy in safe protection against infection is calculated;4) by comparing the numerical value of comentropy in protection against infection to be assessed and the relationship of the numerical value lower bound, determine the safety of protection against infection to be assessed.This method is made evaluation process independently of specific key recovery strategy, is kept assessment result more accurate with the safety of comentropy measurement protection against infection.This method will infect function and separate from the realization of the block cipher of protection against infection simultaneously, so that assessment is common to a variety of different protection against infection, and improve assessment efficiency.
Description
Technical field
The present invention relates to information security cryptanalysis and protection field, in particular to a kind of assessment block ciphers
The method and system of the resisting differential fault attacks safety of protection against infection.
Background technique
Symmetric cryptography is the cipher system that communicating pair shares the same privacy key.Wherein block cipher is a kind of
Widely used symmetric cryptography.The common structure of block cipher has Feistel structure, SP structure etc., and password becomes in algorithm
The design of exchange the letters number usually follows the principle of sound accounting obscured and spread, and by take turns more iterative operation can resist it is existing
All theoretical analysis methods, such as difference analysis, linear analysis, integral attack and interpolation attack etc..Wherein, S box is grouping
Widely used Nonlinear aliasling module in cryptographic algorithm.Block cipher has that the speed of service is fast, is easy to standardize and just
In software and hardware realize the characteristics of, be suitable for various embedded system application scenarios.Currently, for the theory point of block cipher
It is very rich to analyse achievement.
Fault attacks are that a kind of common password realizes analysis method.Its feasibility is crypto chip, embedded close
The normal operation that the passwords such as code module are realized is dependent on environmental factors such as stable and suitable power supply, clock, temperature.Work as attacker
Can change environmental factor makes it be more than certain threshold value, can cause encryption failure.The additional information leaked in failure ciphering process
It can be used for key recovery.Due to generating the mode multiplicity of failure, fault type is abundant, and key recovery method is flexible and complexity is bright
Aobvious to be lower than conventional cipher analysis method, fault attacks cause very big threat to the application that password is realized.Experiment shows Suo Youwei
The password of addition safeguard procedures realizes the risk being all destroyed in the presence of normal operation.Fault-resistant attack protection has become password system
One of the important content for security evaluation of uniting.Such as the crypto module safety post in American National Standard technical research institute NIST publication
In quasi- FIPS 140-3, physical security part is required comprising the safeguard procedures for fault attacks.In the GM/ of China's publication
In T0008-2012 " safety chip password detection criteria ", the crypto chip for being also distinctly claimed in high safety grade, which should have, to be resisted
The ability of fault attacks.
Differential fault attack (Differential Fault Analysis, DFA) for block cipher is 1997
What year was put forward for the first time by Biham and Shamir.The precondition of differential fault attack is that identical key can be used in attacker
Phase isolog is encrypted twice respectively, it is primary for correct encryption, correct ciphertext is exported, is injected in ciphering process for another time
Failure encrypts for failure, exports failure ciphertext.Attacker is right in the case where understanding direct fault location target and direct fault location model
The combination of correct and failure ciphertext carries out difference analysis, restores key involved in fault propagation process, therefore referred to as difference event
Barrier analysis.Because of its versatility, validity, differential fault attack has been successfully applied on nearly all block cipher, until
It is currently still most common fault attacks method.
Direct fault location used in differential fault attack includes two classes: changing the failure of encryption flow and changes among encryption
The failure of value.In the direct fault location for changing encryption median, direct fault location model e reflects failure median and correct intermediate
The numerical value of position and failure of the relationship, failure bit width, failure of value in median.The scattering nature of block cipher
Determine the failure expansion in the propagation path and original cipher text difference in block cipher of the direct fault location model e for median
Dissipate bit width.
Optimal DFA is a kind of differential fault attack method based on information theory, suitable for changing encryption median
Direct fault location.Based on this method, attacker can estimate needed for the whole keys of recovery without designing specific key recovery strategy
Direct fault location number lower bound.The principle of Optimal DFA be according to direct fault location target median, direct fault location model e with
And the key information entropy that the difference profile feature calculation primary fault injection of non-linear S box leaks in block cipher.
Fig. 1 provides a block cipher encryption frame using n-bit S box.Median X handles to obtain by S box
Y, then output Z is obtained with key K exclusive or.The input injection failure of S box is equivalent to and uses two different input X to it1, X2
=Cryptographic calculation twice is carried out using identical key K, wherein Δ X is Differential Input, it corresponds to the event of injection
The numerical value of barrier.And attacker can only observe corresponding encryption output Z1,Wherein Δ Y indicates Z1And Z2's
Difference value, Δ Y be also equivalent to encrypt twice in S box processing result Y1And Y2Difference value.If x1, x2, Δ x and k be respectively certain two
X in secondary actual encrypted1, X2, the specific value of Δ X and K.If y1, y2, z1, z2It is Y during this is encrypted twice with Δ y1, Y2, Z1, Z2With
The corresponding specific value of Δ Y.Because of (x1, x2, k) and (z1, z2, k) between there are one-to-one relationships, so H (K, X1, X2)
=H (K, Z1, Z2), wherein H () indicates comentropy, represents the uncertainty of variable.And then it can deduce and be exported in known encryption
Z1, Z2When, the conditional entropy about key:
H(K|Z1, Z2)=H (X1, X2| Δ Y) and=H (Δ X | Δ Y)+H (X1| Δ X, Δ Y)
The calculation formula of conditional entropy H (A | B) is as follows.Wherein B is known variables, and A is known variables to be asked, P
() is probability.B is a specific value of B, and the probability of B=b is P (b).A is a specific value of A, in known B=b
Under conditions of, the probability of A=a is P (a | b).
H (K | Z1, Z2) in, H (X1| Δ X, Δ Y) it can be calculated by the difference profile meter of S box.Given (Δ X, Δ Y) one
A specific value (Δ x, Δ y), it is assumed that it is p that they, which are the probability of legal differential input and output,.Each legal (Δ x, Δ y) approximation
Occur with equal probabilities.So for each is legal (Δ x, Δ y) there are aboutA possible input value, it is corresponding each defeated
Enter value x1Probability P (the x of appearance1| Δ x, Δ y) ≈ p.Therefore H (X1| Δ X, Δ Y) ≈-log p bit.In addition, H (Δ X | Δ
Y)=H (Δ X, Δ Y)-H (Δ Y).Assuming that the input X of S box1It is evenly distributed on set { 0,1 }nIn, and the Differential Input Δ X of S box
It is evenly distributed on setIn, then difference output Δ Y is evenly distributed on set { 0,1 }nIn, H (Δ Y) ≈ n-bit.
Because of the specific value of each of (Δ X, Δ Y) (Δ x, Δ y) are that the probability of legal differential input and output is p, so H (Δ X,
ΔY)≈log(|χ|×2n× p) bit, wherein | χ | indicate the size of set χ.In conclusion H (K | Z1, Z2) ≈ log | χ | ratio
The lower bound that spy, i.e. primary fault inject the key information entropy of leakage is about I (K, Z1, Z2)=H (K)-H (K | Z1, Z2)≈n-log|
χ | bit.For entire block cipher, the size of the set χ where Δ X is determined by the uncertainty of direct fault location model e
Fixed, n is equal to the uncertainty of key K involved in fault propagation process.Therefore key K involved in fault propagation process, just
The mutual information of true ciphertext C and original cipher text difference delta C are as follows:
Protection against infection is a kind of general fault attacks safeguard procedures, and block cipher resistance Differential fault can be improved and attack
The ability hit.Its preventing principle is the obfuscated manner for being randomized failure in ciphering process, expands the coverage of failure, from
And failure invariant is eliminated, increase the difficulty for restoring key from failure ciphertext.Block cipher protection against infection is realized such as Fig. 2 institute
Show.
Block cipher protection against infection, which is realized, needs to introduce additional redundancy encrypting module and infection function.Redundancy encrypting module
Construction it is identical with original encryption module.It is defeated to original encryption module and redundancy encrypting module first in protection encryption
Enter identical plaintext, is encrypted twice using identical key;Then exclusive or is carried out to original encryption and redundancy encrypted result,
Obtain original cipher text difference delta C;Next Δ C is inputted into infection function, obtains output I (Δ C);It finally will infection function output
I (Δ C) exclusive or is into original encryption ciphertext, as infection ciphertext CfFinal output.
The construction of infection function needs to meet two conditions.Firstly, to guarantee that infection ciphertext is equal to when fault-free is injected
Correct ciphertext, it is desirable that infection function meets the mapping relations that input is 0 for 0 output.Secondly, it is desirable that infected in faulty injection
Ciphertext and primary fault ciphertext are as unrelated as possible, so can usually introduce random number R in infection function.Infect the mathematics of function
Expression formula is as follows:
Wherein F indicates to take random number R as the function for inputting parameter.Due to resource constraint, the construction for infecting function usually compares
It is relatively simple.As shown in figure 3, existing infection most of function can make to input using the operation of certain certainty first it is non-in Δ C
Zero bit is spread apart, finally defeated in infection function then using a series of random operation ambiguity function inputs for introducing random number
Carrying out a certainty operation before out again spreads the operation result of random operation further.
It infects in function, certainty operation is not required operation.And random operation is necessary in infection function, and most
Part and parcel is that they ensure that the safety for infecting function.In the infection function that one is made of N number of random operation,
The input of different random operation and the random number bit used are independently of each other without intersection.The input of i-th of random operation,
Output, random bit can be denoted as: ini, outiAnd ri.In existing infection function, the building method of random operation includes: random 2
Status switch, random number bit and operation, in GF (28) on random number multiplying, the random difference S box operation of input etc.
Deng.
Under the conditions of differential fault attack, identical plaintext may be reused in attacker and key is repeatedly encrypted,
Obtain the infection ciphertext C under the correct ciphertext C and faulty situation in the case of fault-free is injectedf.In the feelings of single failure injection
Under condition, one in the encryption of original or redundancy can be only influenced for the direct fault location of operation median.Remember block cipher infection
Protection the infection ciphertext of final output and difference of correct ciphertext in faulty injection areIt is called sense
Contaminate ciphertext difference.When failure only influences original encryption, ciphertext difference is infectedWhen failure only influences redundancy
When encryption, infect ciphertext difference delta F=I (Δ C).
Currently, having a small amount of work, these works in terms of the safety for how assessing protection against infection resisting differential fault attacks
Work can be divided into two major classes.One kind restores original cipher text difference delta C and key to protection against infection design differential fault attack method
K measures safety by calculating attack complexity.The assessment result of such methods depends on specific key recovery strategy, attacks
The individualized selection for hitting strategy leads to the accuracy existing defects of assessment, and the proposition of novel attack method is overthrown again and again previous
Assessment result.The another kind of mutual information I (K by computation key K and infection ciphertext difference delta F;Δ F) measurement protection against infection peace
Quan Xing, as I (K;Δ F)=0 when think protection safety.After block cipher and infection function in given protection against infection, K and
The calculation formula of the mutual information of Δ F is as follows,
Assessment result based on mutual information is independently of key recovery strategy.I (K is obtained based on above-mentioned formula;Δ F) numerical value and
Assessment result is very accurate.But probability value P (k | in terms of Δ f) calculating, except through it is exhaustive in plain text, key and injection failure
Numerical value counts Δ f and (k, the frequency of occurrence of Δ f) comes outside prediction probability value, and there is no general calculation methods at present.Due to poor
The complexity of act can usually exceed current Computing ability, therefore the formula can not be actually used in the sense for assessing certain complexity
Dye protection.In addition, this method assesses block cipher and infection function as a whole.Do not change block cipher and
In the case where direct fault location scene, if you need to assess multiple protection against infection using different infection functions, then require every time from the beginning
Start primary completely new assessment, therefore it is lower to assess efficiency.
Summary of the invention
The invention proposes a kind of methods of resisting differential fault attacks safety for assessing block cipher protection against infection.
This method is for the direct fault location for changing block cipher median.This method is made with the safety of comentropy measurement protection against infection
Evaluation process provides the accuracy of high assessment result independently of specific key recovery strategy.This method will infect function simultaneously
It is separated from the realization of block cipher protection against infection, assessment is made to be common to a variety of protection against infection using different infection functions,
And improve assessment efficiency.
In order to achieve the above objectives, the present invention is to give original cipher text difference prior information Δ CpWith infection ciphertext difference delta F
Under the conditions of original cipher text difference delta C comentropy H (Δ C | Δ Cp, Δ F) and security metrics as protection against infection.Entire assessment
Method includes four parts:
1) according to block cipher, direct fault location target median and fault model e, original cipher text difference delta C is calculated
Prior information Δ Cp;
2) calculate in protection against infection to be assessed comentropy H (Δ C | Δ Cp, Δ F) numerical value;
3) it according to block cipher, direct fault location target median and fault model e, calculates in safe protection against infection
Comentropy H (Δ C | Δ Cp, Δ F) numerical value lower bound Le;
4) by comparing comentropy H in protection against infection to be assessed (Δ C | Δ Cp, Δ F) numerical value and LeRelationship, determine to
Assess the safety of protection against infection.
Preferably, each step in the above method is realized in the following ways:
1) it for the direct fault location for block cipher median, is analyzed according to direct fault location target median and model e
Propagation condition of the failure in block cipher calculates the lower bound of 0 number of bits in original cipher text difference delta C, poor as original cipher text
The prior information Δ C dividedp:
The failure relatively narrow close to the failure or model width of ciphertext for certain injection target medians, when fault propagation arrives
It is not spread completely when original cipher text difference delta C, then partial bit is 0 in Δ C.The block cipher for being D for grouping width,
The lower bound of 0 number of bits is equal to the difference of fault pervasion bit width in D and Δ C in original cipher text difference delta C;
For certain injection failure or model width wider failures of the target median far from ciphertext, when fault propagation arrives
It is spread completely when original cipher text difference delta C, then the lower bound of 0 number of bits is 0 in Δ C.
It is the prior art of this field about the lower bound for calculating 0 number of bits in original cipher text difference delta C, herein not superfluous
It states.
2) calculate in protection against infection to be assessed comentropy H (Δ C | Δ Cp, Δ F) numerical value:
It infects ciphertext difference delta F to be equal to correct ciphertext C and infect the exclusive or value of ciphertext C ', there are two types of possible construction shapes
Formula: when direct fault location is when redundancy encrypts, infection ciphertext difference delta F is equal to the output I (Δ C) of infection function;Work as direct fault location
In original encryption, infection ciphertext difference delta F is equal to original cipher text difference and infects the exclusive or value of ciphertext difference
2.1) as Δ F=I (Δ C),
It is the identical random operation of N number of structure by the infection function decomposition in protection against infection to be assessed.It is required that any two
Random number bit used in random operation is without intersection, input bit without intersection;It is required that the input in of all random operationsiWith sense
Contaminating between input, that is, original cipher text difference delta C of function is known certainty linear mapping relation;It is required that all random operations
Output outiIt is known certainty mapping relations between the output I (Δ C) of infection function;Wherein i=1 to N;
For i-th of random operation, according to the input in of random operationiWith the Linear Mapping of the input Δ C of infection function
Relationship, by Δ C prior information Δ CpIt is mapped as iniPrior informationAccording to the output out of random operationiWith infection function
Output I (Δ C) mapping relations, I (Δ C) is mapped as outiPrior informationWherein i=1 to N;
For i-th of random operation, based on prior informationRange exhaustionT kind it is possible
Numerical value.According to the randomness of block cipher and infection function, each numerical value is calculatedProbability of occurrence Ps;
It is calculated based on each numerical value and inputs in about random operationiComentropyTo calculateWherein i=1 to N, s=1 to t;
It calculates
2.2) whenWhen,
It is the identical random operation of M structure by the infection function decomposition in protection against infection to be assessed.It is required that any two
Random number bit used in random operation is without intersection, input bit without intersection;It is required that the input of all random operationsWith sense
Contaminating between input, that is, original cipher text difference delta C of function is known certainty mapping relations;It is required that all random operations is defeated
OutIt is known certainty linear mapping relation between the output I (Δ C) of infection function;Wherein j=1 to M;
According to the prior information Δ C of the input Δ C of infection functionpWith infection ciphertext difference delta F, the defeated of infection function is calculated
The prior information I (Δ C) of I (Δ C) outp, i.e. numerical value in I (Δ C) with the bit of 0 bit exclusive or in Δ C, they are equal to Δ F
Numerical value on corresponding bits position.
For j-th of random operation, according to the input of random operationWith infection function input Δ C mapping relations,
By the prior information Δ C of Δ CpIt is mapped asPrior informationAccording to the output of random operationWith infection function it is defeated
Out, prior information I (Δ C) p of I (Δ C) is mapped as by the linear mapping relation of (Δ C)Prior informationWherein
J=1 to M;
For j-th of random operation, based on prior informationRange exhaustionV kind it is possible
Numerical value.According to the randomness of block cipher and infection function, each numerical value is calculatedProbability of occurrence Pw;
It is calculated based on each numerical value and is exported about j-th of random operationComentropyTo count
It calculatesWherein j=1 to M, w=1 to v;
It calculates
The comentropy of original cipher text difference delta C in protection against infection are as follows:
3) it according to block cipher, direct fault location target median and fault model e, is analyzed using optimal DFA
Method calculate in safe protection against infection comentropy H (Δ C | Δ Cp, Δ F) numerical value lower bound Le=I (K, Δ C, C) ≈ n-H (e),
Wherein n is equal to the uncertainty of key K involved in fault propagation process, and H (e) indicates the uncertainty of fault model.
4) judgment step 2) obtain comentropy H (Δ C | Δ Cp, Δ F) whether it is less than Le, if so, block cipher is close
Key information can leak, and determine that protection against infection is dangerous under direct fault location target median and fault model e;If it is not, then
Determine that protection against infection may safety under direct fault location target median and fault model e.
Accordingly with above method, the present invention also provides a kind of resisting differential events suitable for block cipher protection against infection
Barrier attack safety evaluation system, the differential fault attack include at least direct fault location target median and fault model, institute
The system of stating includes:
Prior information computing module is responsible for according to the block cipher, the direct fault location target median and institute
Fault model is stated, the prior information of original cipher text difference is calculated;
Comentropy computing module, the priori for being responsible for the original cipher text difference obtained using the prior information computing module are believed
Breath, and infection ciphertext difference, calculate the comentropy of original cipher text difference in protection against infection to be assessed;
Comentropy lower bound computing module, be responsible for according to the block cipher, the direct fault location target median and
The fault model calculates the comentropy lower bound of original cipher text difference in the safe protection against infection for not revealing key information;
Safety determination module, be responsible for the numerical value of the comentropy obtained by comparing the comentropy computing module with it is described
The relationship for the comentropy lower bound that comentropy lower bound computing module obtains, determines the safety of protection against infection to be assessed.
Compared to the prior art, the present invention has the advantage that
1. the present invention is directed to block cipher protection against infection, a kind of assessment side of resisting differential fault attacks safety is proposed
Method, using this method can it is more acurrate, more efficiently assess protection against infection;
2. it is different from the existing appraisal procedure that the safety of protection against infection is measured with differential fault attack complexity, this
The appraisal procedure of invention makes evaluation process independently of specific attack method and key with the safety of comentropy measurement protection against infection
Recovery policy keeps assessment result more accurate;
3. being different from the existing mutual information I (K with key K and infection ciphertext difference delta F;Δ F) measurement protection against infection
The appraisal procedure of safety, appraisal procedure of the invention will infect function and separate from the realization of block cipher protection against infection,
To give original cipher text difference prior information Δ CpWith the comentropy H of original cipher text difference delta C under the conditions of infection ciphertext difference delta F
(ΔC|ΔCp, Δ F) and security metrics as protection against infection, it calculates by existing optimal DFA analysis method in safety
Comentropy H in protection against infection (Δ C | Δ Cp, Δ F) numerical value lower bound Le, improve assessment efficiency;
4. comentropy H that the present invention uses (Δ C | Δ Cp, Δ F) and calculation method considers two kinds of different configurations of Δ F, makes
Assessment result is more comprehensively;
5. comentropy H that the present invention uses (Δ C | Δ Cp, Δ F) calculation method infection function is split into it is multiple simple
Random operation, improve comentropy H (Δ C | Δ Cp, Δ F) computability, improve appraisal procedure to using different infection letters
The versatility of several protection against infection.
Detailed description of the invention
Fig. 1 is to encrypt schematic diagram using the block cipher of n-bit S box;
Fig. 2 is block cipher protection against infection realization figure;
Fig. 3 is infection construction of function figure;
Fig. 4 is the infection functional arrangement based on random 2 status switch construction;
Fig. 5 is the flow chart of the method for the present invention.
Specific embodiment
The present invention will be further described in detail with an example with reference to the accompanying drawing, but does not limit this in any way
The range of invention.
In embodiment, it using AES-128 as block cipher, is inputted using wheel second from the bottom as among direct fault location target
Value overturns failure as fault model e using position and all random unknown single byte of numerical value, is used by assessment as shown in Figure 4
The protection against infection of infection function illustrate effectiveness of the invention.
Infection function in Fig. 4 mainly includes four parts: the input of 128 bit output qualitative non-linear is grasped really
Make A, the certainty linear bit replacement operator B of a 128 bits input output, random 2 shape of 64 2 bits input output
State switch operation (C1, C2..., C64), the certainty linear bit replacement operator D of a 128 bits input output.As Δ C
When=0, certainty nonlinear operation A exports (0000...00);As Δ C ≠ 0, A exports (1010 ... 10), Hamming weight 64,
And the Hamming weight for eventually leading to infection function output I (Δ C) is 64.Certainty linear bit replacement operator B and D only change not
With the position of bit, substitute mode is random but it is known that the Hamming weight of operation input value and the Hamming weight of output valve are consistent.The
I random 2 status switches operate CiThe ith bit r by random number RiControl, its 2 bits output haveProbability is directly equal to it
2 bits input, haveProbability intersects the 2 bits input for being equal to it, and operation input value is consistent with the Hamming weight of output valve.
Evaluation process is as shown in Figure 5, comprising the following steps:
1) according to the propagation characteristic for being infused in AES-128 wheel input single byte failure second from the bottom, fault pervasion is obtained to original
4 bytes in beginning ciphertext difference delta C.It is 128 bits that AES-128, which is grouped width, therefore the lower bound of 0 number of bits is in Δ C
128-8 × 4=96, as original cipher text difference prior information Δ Cp。
2) calculate in protection against infection to be assessed comentropy H (Δ C | Δ Cp, Δ F) numerical value:
2.1) when direct fault location redundancy encrypt when, infect ciphertext difference delta F=I (Δ C).It is non-thread with certainty in Fig. 4
Property operation A, certainty linear bit replacement operator B and the input of 64 2 bits random 2 status switch of output operate (C1,
C2..., C64) collectively as the random operation of infection function.At this point, only including N=1 random operation in infection function, meet
Condition: being that known certainty is linearly reflected between the input of random operation and input, that is, original cipher text difference delta C of infection function
Relationship is penetrated, is known certainty mapping relations between the output of random operation and the output I (Δ C) of infection function.
The input in of random operation1Prior informationFor Δ C ≠ 0, and 96 0 bits are included at least in Δ C;Random behaviour
The output out of work1Prior informationFor out1Numerical value, can be derived by the output I (Δ C) of infection function, value range
Belong to { 0,1 }128, and out1Hamming weight be 64.
Therefore prior information has t=C (128,64) to plant different values, every kind of valueThe probability of appearance is approximate
It is equal,
Because certainty nonlinear operation A always exports (1010 ... 10) in Δ C ≠ 0, for appointing for prior information
What valueS=1 to t.Therefore
It can obtain
2.2) when direct fault location is in original encryption, ciphertext difference is infectedIt is defeated with 2 bits in Fig. 4
Enter output random 2 status switch operation CjAs the random operation of infection function, j=1 to 64.At this point, in infection function only
Comprising M=64 random operation, meet condition: the random number bit that any two random operation uses is without intersection, input bit
It is that known certainty maps without intersection, between the input of random operation and input, that is, original cipher text difference delta C of infection function
Relationship is known certainty linear mapping relation between the output of random operation and the output I (Δ C) of infection function.
Because including at least 96 0 bits in Δ C, then the number in I (Δ C) with the bit of this 96 0 bit exclusive or in Δ C
Value is equal to numerical value of the Δ F on corresponding bits position, i.e. prior information I (Δ C)pTo there is 96 known bits in I (Δ C).
Because of Δ C ≠ 0, and certainty nonlinear operation A always exports (1010 ... 10) in Δ C ≠ 0, thus j-th with
The input of machine operationPrior informationFor known 2 bit and value is evenly distributed;The output of random operation's
Prior informationFor known 2 bit and value is evenly distributed or known 1 bit and value are evenly distributed, or without priori
Information.
WhenFor known 2 bit,When for known 2 bit, prior information has the possible value of v=6 kind.W=
When 1 to 6, the value of prior informationFor (00,00), (01,01), (01,10), (10,10), (10,01) and
(11,11), probability of occurrence PwRespectivelyWithFor any valueW=1 to 6.Therefore
WhenFor known 2 bit,When for known 1 bit, prior information has the possible value of v=6 kind.W=
When 1 to 6, the value of prior informationFor (00,0), (01,0), (01,1), (10,0), (10,1) and (11,1),
Probability of occurrence PwRespectivelyWithFor any valueW=1 to 6.Therefore
WhenFor known 2 bit, nothingWhen information, prior information has the possible value of v=4 kind.When w=1 to 4,
The value of prior informationFor (00), (01), (10) and (11), probability of occurrence PwRespectivelyWithFor value (00),For value (01),It is right
In value (10),For value (11),
Therefore
According to prior information I (Δ C)p: there are 96 known bits in I (Δ C), the priori of j-th of random operation can be calculated
Information meetsFor known 2 bit,Probability for the random operation of known 2 bit isMeetFor
Known 2 bit,Probability for the random operation of known 1 bit isMeetFor known 2 bit, nothingThe probability of the random operation of information isTherefore, in M=64 random operation, the number of above three generic operation
For above-mentioned probability and 64 product.
It can obtain
The comentropy of original cipher text difference delta C in protection against infection to be assessed are as follows:
3) according to the propagation characteristic for being infused in AES-128 wheel input single byte failure second from the bottom, fault propagation process is obtained
Involved in key K uncertainty be n=32 bit.Because of the width of fault model e in the failure median of 128 bit widths
Degree is 8 bits, and position and numerical value are unknown at random, so the uncertainty of failure is
Using optimal DFA analysis method calculate in safe protection against infection comentropy H (Δ C | Δ Cp, Δ F) numerical value lower bound be Le
=I (K, Δ C, C) ≈ n-H (e)=32-12=20 bit.
4) because of 1.95 < 20, i.e. H (Δ C | Δ Cp, Δ F) and < Le, so anti-using the infection of infection function shown in Fig. 4
Shield, it is dangerous for the abort situation and the random unknown single byte failure of numerical value that are infused in AES-128 wheel input second from the bottom.
Another embodiment of the present invention provides a kind of resisting differential fault attacks peaces suitable for block cipher protection against infection
Full property assessment system, the differential fault attack include at least direct fault location target median and fault model, the system packet
It includes:
Prior information computing module is responsible for according to the block cipher, the direct fault location target median and institute
Fault model is stated, the prior information of original cipher text difference is calculated;
Comentropy computing module, the priori for being responsible for the original cipher text difference obtained using the prior information computing module are believed
Breath, and infection ciphertext difference, calculate the comentropy of original cipher text difference in protection against infection to be assessed;
Comentropy lower bound computing module, be responsible for according to the block cipher, the direct fault location target median and
The fault model calculates the comentropy lower bound of original cipher text difference in the safe protection against infection for not revealing key information;
Safety determination module, be responsible for the numerical value of the comentropy obtained by comparing the comentropy computing module with it is described
The relationship for the comentropy lower bound that comentropy lower bound computing module obtains, determines the safety of protection against infection to be assessed.
The specific embodiment of detailed description above has been used for the purpose of to understand what the present invention used more preferable, and the present invention is not
It is confined to this, persons skilled in the art can be with disclosure according to the present invention, using other numerous embodiments come real
The present invention is applied, for example can be implemented in form of a computer software product, which is stored in a storage
In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate
Machine, server etc.) execute method of the invention;It is all using design structure and thinking of the invention, it is wanted not departing from right
The transformation and substitution for seeking range, belong to protection scope of the present invention.
Claims (10)
1. a kind of resisting differential fault attacks security assessment method suitable for block cipher protection against infection, the difference event
Barrier attack includes at least direct fault location target median and fault model, which is characterized in that the described method comprises the following steps:
1) according to the block cipher, the direct fault location target median and the fault model, original cipher text is calculated
The prior information of difference;
2) prior information of the original cipher text difference obtained using step 1), and infection ciphertext difference, calculate infection to be assessed
The comentropy of original cipher text difference in protection;
3) according to the block cipher, the direct fault location target median and the fault model, calculating is not being revealed
In the safe protection against infection of key information, the comentropy lower bound of original cipher text difference;
4) relationship for the comentropy lower bound that the numerical value of the comentropy obtained by comparing step 2) and step 3) obtain determines to be evaluated
Estimate the safety of protection against infection.
2. the method as described in claim 1, which is characterized in that the method for the prior information of the calculating original cipher text difference
Are as follows: according to the direct fault location target median and fault model, analyze propagation road of the failure in the block cipher
Diameter calculates the lower bound of 0 number of bits in original cipher text difference.
3. the method as described in claim 1, which is characterized in that the infection ciphertext difference is equal to correct ciphertext and infection ciphertext
Exclusive or value.
4. the method as described in claim 1, which is characterized in that according to the composition difference of the infection ciphertext difference, the meter
The comentropy for calculating original cipher text difference in protection against infection is divided into two methods.
5. method as claimed in claim 4, which is characterized in that prevent when the infection ciphertext difference is equal to the infection to be assessed
When the output of the infection function in shield, the method for calculating the comentropy of original cipher text difference in protection against infection are as follows:
It 1) is the identical random operation of N number of structure by the infection function decomposition in the protection against infection to be assessed, it is desirable that any two
Random number bit used in a random operation is without intersection, input bit without intersection, it is desirable that the input and sense of all random operations
Contaminating between input, that is, original cipher text difference delta C of function is known certainty linear mapping relation, it is desirable that all random operations
Output and the output I (Δ C) of infection function between be known to certainty mapping relations;
2) the prior information Δ C of the input Δ C of function will be infectedpIt is mapped as the input in of i-th of random operationiPrior informationThe output I (Δ C) for infecting function is mapped as to the output out of i-th of random operationiPrior informationWherein i=1
To N;
3) it calculates i-th of random operation and inputs iniComentropy
4) comentropy of original cipher text difference delta C in protection against infection is calculated
6. method as claimed in claim 5, which is characterized in that prevent when the infection ciphertext difference is equal to the infection to be assessed
When the exclusive or value of original cipher text difference and infection function output in shield, the letter for calculating original cipher text difference in protection against infection
Cease the method for entropy are as follows:
It 1) is the identical random operation of M structure by the infection function decomposition in the protection against infection, it is desirable that any two are random
Random number bit used in operation is without intersection, input bit without intersection, it is desirable that the input of all random operations and infection function
Input, that is, original cipher text difference delta C between be known certainty mapping relations, it is desirable that the output and sense of all random operations
Contaminating between the output I (Δ C) of function is known certainty linear mapping relation;
2) according to the prior information Δ C of the input Δ C of infection functionpWith infection ciphertext difference delta F, the output I of infection function is calculated
The prior information I (Δ C) of (Δ C)p;
3) the prior information Δ C of the input Δ C of function will be infectedpIt is mapped as the input of j-th of random operationPrior informationThe prior information I (Δ C) of the output I (Δ C) of function will be infectedp, it is mapped as the output of j-th of random operationElder generation
Test informationWherein j=1 to M;
4) comentropy of the output of j-th of random operation is calculated
5) comentropy of original cipher text difference delta C in protection against infection is calculated
7. method as claimed in claim 6, which is characterized in that the comentropy of original cipher text difference delta C in the protection against infection
Are as follows: H (Δ C | Δ Cp, Δ F) and=min { H (Δ C | Δ Cp,I(ΔC)),H(ΔC|ΔCp,ΔC⊕I(ΔC)}。
8. the method as described in claim 1, which is characterized in that the method for calculating the comentropy lower bound of the original cipher text difference
Are as follows: according to the block cipher, the direct fault location target median and the fault model, utilize optimal DFA
Analysis method calculates the mutual information L of key K, original cipher text difference delta C and correct ciphertext C involved in fault propagation processe=
I (K, Δ C, C), i.e. comentropy lower bound.
9. the method as described in claim 1, which is characterized in that step 4) judgment step 2) whether obtained comentropy be less than step
The rapid comentropy lower bound 3) obtained determines the protection against infection if so, the key information of the block cipher can leak
It is dangerous under the direct fault location target median and the fault model;If it is not, then determining protection against infection in the failure
Injecting under target median and the fault model may safety.
10. a kind of resisting differential fault attacks safety evaluation system suitable for block cipher protection against infection, the difference
Fault attacks include at least direct fault location target median and fault model, which is characterized in that the system comprises:
Prior information computing module is responsible for according to the block cipher, the direct fault location target median and the event
Hinder model, calculates the prior information of original cipher text difference;
Comentropy computing module is responsible for the prior information of the original cipher text difference obtained using the prior information computing module,
And infection ciphertext difference, calculate the comentropy of original cipher text difference in protection against infection to be assessed;
Comentropy lower bound computing module is responsible for according to the block cipher, the direct fault location target median and described
Fault model calculates the comentropy lower bound of original cipher text difference in the safe protection against infection for not revealing key information;
Safety determination module, the numerical value of the responsible comentropy obtained by comparing the comentropy computing module and the information
The relationship for the comentropy lower bound that entropy lower bound computing module obtains, determines the safety of protection against infection to be assessed.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2019101009792 | 2019-01-31 | ||
CN201910100979 | 2019-01-31 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110401627A true CN110401627A (en) | 2019-11-01 |
CN110401627B CN110401627B (en) | 2020-07-10 |
Family
ID=68322426
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910194486.XA Active CN110401627B (en) | 2019-01-31 | 2019-03-14 | Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110401627B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111224770A (en) * | 2019-12-25 | 2020-06-02 | 中国科学院软件研究所 | Comprehensive protection method for resisting side channel and fault attack based on threshold technology |
CN113014377A (en) * | 2021-02-01 | 2021-06-22 | 中国科学院软件研究所 | Persistent fault attack protection method and device by utilizing bijective characteristic of block cipher S box |
CN113206734A (en) * | 2021-04-30 | 2021-08-03 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
CN113434332A (en) * | 2021-05-27 | 2021-09-24 | 国家信息技术安全研究中心 | Fault propagation-based key recovery method for DES/3DES middle wheel attack |
CN114070560A (en) * | 2022-01-13 | 2022-02-18 | 浙江大学 | Algebraic persistent fault analysis method and device for block cipher |
CN114095395A (en) * | 2021-11-04 | 2022-02-25 | 中金金融认证中心有限公司 | Method and computer product for analyzing error data generated by fault injection |
WO2024092838A1 (en) * | 2022-11-04 | 2024-05-10 | 华为技术有限公司 | Data transmission method and apparatus |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070106896A1 (en) * | 2005-11-08 | 2007-05-10 | Sandberg Melanie J | Method and system for generating ciphertext and message authentication codes utilizing shared hardware |
CN101013938A (en) * | 2007-01-12 | 2007-08-08 | 广州市诚毅科技软件开发有限公司 | Encryption method of block cipher |
CN102404108A (en) * | 2011-10-25 | 2012-04-04 | 宁波大学 | Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm |
CN103607276A (en) * | 2013-12-05 | 2014-02-26 | 桂林电子科技大学 | Grouping encryption method based on random functions and resisting to known plaintext cipher attacks |
CN104158796A (en) * | 2014-07-11 | 2014-11-19 | 中国科学院信息工程研究所 | Method for evaluating block cipher linear attack resistant safety |
CN105610568A (en) * | 2014-11-21 | 2016-05-25 | 南方电网科学研究院有限责任公司 | Fault detection method and fault detection device for block cipher algorithm |
CN106130712A (en) * | 2016-06-14 | 2016-11-16 | 刘雷波 | A kind of opportunistic infections fault-resistant attack method based on INS network |
CN107204841A (en) * | 2017-03-14 | 2017-09-26 | 中国人民武装警察部队工程大学 | A kind of method that many S boxes of the block cipher for resisting differential power attack are realized |
US20180198603A1 (en) * | 2017-01-11 | 2018-07-12 | Qualcomm Incorporated | Lightweight mitigation against first-order probing side-channel attacks on block ciphers |
-
2019
- 2019-03-14 CN CN201910194486.XA patent/CN110401627B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070106896A1 (en) * | 2005-11-08 | 2007-05-10 | Sandberg Melanie J | Method and system for generating ciphertext and message authentication codes utilizing shared hardware |
CN101013938A (en) * | 2007-01-12 | 2007-08-08 | 广州市诚毅科技软件开发有限公司 | Encryption method of block cipher |
CN102404108A (en) * | 2011-10-25 | 2012-04-04 | 宁波大学 | Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm |
CN103607276A (en) * | 2013-12-05 | 2014-02-26 | 桂林电子科技大学 | Grouping encryption method based on random functions and resisting to known plaintext cipher attacks |
CN104158796A (en) * | 2014-07-11 | 2014-11-19 | 中国科学院信息工程研究所 | Method for evaluating block cipher linear attack resistant safety |
CN105610568A (en) * | 2014-11-21 | 2016-05-25 | 南方电网科学研究院有限责任公司 | Fault detection method and fault detection device for block cipher algorithm |
CN106130712A (en) * | 2016-06-14 | 2016-11-16 | 刘雷波 | A kind of opportunistic infections fault-resistant attack method based on INS network |
US20180198603A1 (en) * | 2017-01-11 | 2018-07-12 | Qualcomm Incorporated | Lightweight mitigation against first-order probing side-channel attacks on block ciphers |
CN107204841A (en) * | 2017-03-14 | 2017-09-26 | 中国人民武装警察部队工程大学 | A kind of method that many S boxes of the block cipher for resisting differential power attack are realized |
Non-Patent Citations (1)
Title |
---|
WANG BO ETC.: "Exploration of Benes Network in Cryptographic Processors:A Random Infection Countermeasure for Block Ciphers Against Fault Attacks", 《IEEE》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111224770A (en) * | 2019-12-25 | 2020-06-02 | 中国科学院软件研究所 | Comprehensive protection method for resisting side channel and fault attack based on threshold technology |
CN111224770B (en) * | 2019-12-25 | 2021-03-30 | 中国科学院软件研究所 | Comprehensive protection method for resisting side channel and fault attack based on threshold technology |
CN113014377A (en) * | 2021-02-01 | 2021-06-22 | 中国科学院软件研究所 | Persistent fault attack protection method and device by utilizing bijective characteristic of block cipher S box |
CN113206734A (en) * | 2021-04-30 | 2021-08-03 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
CN113206734B (en) * | 2021-04-30 | 2022-04-29 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
CN113434332A (en) * | 2021-05-27 | 2021-09-24 | 国家信息技术安全研究中心 | Fault propagation-based key recovery method for DES/3DES middle wheel attack |
CN114095395A (en) * | 2021-11-04 | 2022-02-25 | 中金金融认证中心有限公司 | Method and computer product for analyzing error data generated by fault injection |
CN114070560A (en) * | 2022-01-13 | 2022-02-18 | 浙江大学 | Algebraic persistent fault analysis method and device for block cipher |
CN114070560B (en) * | 2022-01-13 | 2022-06-24 | 浙江大学 | Algebraic persistent fault analysis method and device for block cipher |
WO2024092838A1 (en) * | 2022-11-04 | 2024-05-10 | 华为技术有限公司 | Data transmission method and apparatus |
Also Published As
Publication number | Publication date |
---|---|
CN110401627B (en) | 2020-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110401627A (en) | A kind of resisting differential fault attacks security assessment method and system suitable for block cipher protection against infection | |
Malkin et al. | A comparative cost/security analysis of fault attack countermeasures | |
Gierlichs et al. | Infective computation and dummy rounds: Fault protection for block ciphers without check-before-output | |
Saha et al. | RK-AES: an improved version of AES using a new key generation process with random keys | |
CN109417466B (en) | Secret key estimation method and device | |
Shen et al. | SAT-based bit-flipping attack on logic encryptions | |
CN108055120B (en) | Method for detecting AES-OTR algorithm to resist differential fault attack | |
Buriachok et al. | Invasion detection model using two-stage criterion of detection of network anomalies | |
CN103404073B (en) | Protection for passive monitoring | |
Simion | The relevance of statistical tests in cryptography | |
US9544132B2 (en) | Cryptographic method for protecting a key hardware register against fault attacks | |
Baksi et al. | Fault attacks in symmetric key cryptosystems | |
CN111224770B (en) | Comprehensive protection method for resisting side channel and fault attack based on threshold technology | |
EP3188401B1 (en) | Method and system for protecting a cryptographic operation | |
Salam et al. | Random differential fault attacks on the lightweight authenticated encryption stream cipher grain-128AEAD | |
Joshi et al. | SSFA: Subset fault analysis of ASCON-128 authenticated cipher | |
US8958556B2 (en) | Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component | |
Jana et al. | Differential Fault Attack on PHOTON-Beetle | |
Biryukov et al. | Two new techniques of side-channel cryptanalysis | |
Karl et al. | A survey on the application of fault analysis on lightweight cryptography | |
Ziener et al. | Configuration tampering of BRAM-based AES implementations on FPGAs | |
CN106656473B (en) | MAC (media Access control) calculation method and system of safe DES (data encryption Standard) algorithm | |
Karri et al. | Parity-based concurrent error detection in symmetric block ciphers | |
Yu et al. | One-sided countermeasures for side-channel attacks can backfire | |
CN110601818A (en) | Method for detecting SMS4 cryptographic algorithm to resist statistical fault attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |