CN110401627B - Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection - Google Patents
Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection Download PDFInfo
- Publication number
- CN110401627B CN110401627B CN201910194486.XA CN201910194486A CN110401627B CN 110401627 B CN110401627 B CN 110401627B CN 201910194486 A CN201910194486 A CN 201910194486A CN 110401627 B CN110401627 B CN 110401627B
- Authority
- CN
- China
- Prior art keywords
- infection
- fault
- information
- difference
- information entropy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 208000015181 infectious disease Diseases 0.000 title claims abstract description 161
- 230000004224 protection Effects 0.000 title claims abstract description 78
- 238000011156 evaluation Methods 0.000 title claims abstract description 28
- 238000002347 injection Methods 0.000 claims abstract description 50
- 239000007924 injection Substances 0.000 claims abstract description 50
- 238000000034 method Methods 0.000 claims abstract description 41
- 238000004364 calculation method Methods 0.000 claims description 24
- 238000013507 mapping Methods 0.000 claims description 19
- 238000004458 analytical method Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 9
- 238000011084 recovery Methods 0.000 abstract description 8
- 238000012854 evaluation process Methods 0.000 abstract description 4
- OIGNJSKKLXVSLS-VWUMJDOOSA-N prednisolone Chemical compound O=C1C=C[C@]2(C)[C@H]3[C@@H](O)C[C@](C)([C@@](CC4)(O)C(=O)CO)[C@@H]4[C@@H]3CCC2=C1 OIGNJSKKLXVSLS-VWUMJDOOSA-N 0.000 description 17
- 238000010276 construction Methods 0.000 description 7
- 230000001524 infective effect Effects 0.000 description 7
- 238000009792 diffusion process Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 230000007123 defense Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 230000007613 environmental effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000002950 deficient Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for evaluating the security of resisting differential fault attack, which are suitable for block cipher algorithm infection protection. The method comprises the following steps: 1) calculating prior information of the original ciphertext difference according to a block cipher algorithm, a fault injection target intermediate value and a fault model; 2) calculating the numerical value of the information entropy in the infection protection to be evaluated; 3) calculating the numerical lower bound of the information entropy in the safety infection protection according to a block cipher algorithm, a fault injection target intermediate value and a fault model; 4) and judging the safety of the infection protection to be evaluated by comparing the numerical value of the information entropy in the infection protection to be evaluated with the numerical value lower bound. The method measures the security of infection protection by using the information entropy, so that the evaluation process is independent of a specific key recovery strategy, and the evaluation result is more accurate. Meanwhile, the method separates the infection function from the implementation of the block cipher of the infection protection, so that the evaluation is universal for various different infection protection, and the evaluation efficiency is improved.
Description
Technical Field
The invention relates to the field of information security block cipher analysis and protection, in particular to a method and a system for evaluating the security of block cipher algorithm infection protection against differential fault attack.
Background
Symmetric cryptography is a cryptosystem in which two communicating parties share the same secret key. Among them is a widely used class of symmetric ciphers. Common structures of block cipher algorithms are Feistel structures, SP structures and the like, and the design of cipher transformation functions in the algorithms generally follows the principle of confusion and diffusion safety, and can resist all existing theoretical analysis methods such as differential analysis, linear analysis, integral attack, interpolation attack and the like through multiple rounds of iterative operations. Wherein, the S-box is a nonlinear obfuscation module widely used in block cipher algorithms. The block cipher algorithm has the characteristics of high running speed, easy standardization and convenient realization of software and hardware, and is suitable for various embedded system application scenes. At present, theoretical analysis results aiming at the block cipher algorithm are very rich.
Fault attacks are a common class of cryptographic implementation analysis methods. The feasibility of the method is that the normal operation of the password realization of the password chip, the embedded password module and the like depends on stable and suitable environmental factors such as power supply, clock, temperature and the like. When an attacker can change environmental factors beyond a certain threshold, a cryptographic failure can be triggered. The extra information leaked during the failed encryption process can be used for key recovery. Due to the fact that the failure modes are various, the failure types are rich, the secret key recovery method is flexible, the complexity is obviously lower than that of a traditional password analysis method, and the failure attack poses great threat to the application of the password implementation. Experiments show that all password implementation without added protection measures have the risk of being damaged in normal operation. Protection against fault attacks has become one of the important elements of cryptographic system security evaluation. For example, in the cryptographic module security standard FIPS 140-3 issued by national institute of standards and technology, NIST, the physical security component is required to include safeguards against fault attacks. In GM/T0008-2012 'safety chip password detection criterion', issued in China, the password chip with high safety level is also definitely required to have the capability of resisting fault attack.
Differential Fault Attacks (DFAs) against block cipher algorithms were first proposed in 1997 by Biham and Shamir. The precondition of the differential fault attack is that an attacker can use the same secret key to encrypt the same plaintext twice respectively, wherein one time is correct encryption and outputs correct ciphertext, and the other time is fault injection in the encryption process and outputs fault ciphertext for fault encryption. An attacker performs differential analysis on correct and fault ciphertext combinations under the condition of knowing a fault injection target and a fault injection model, recovers a key involved in a fault propagation process, and is called differential fault analysis. Because of its versatility and effectiveness, differential fault attacks have been successfully applied to almost all block ciphers, and remain the most common fault attack methods until now.
The fault injection used by differential fault attacks includes two categories: a failure to change the encryption flow and a failure to change the encrypted intermediate value. In fault injection for changing the cryptographic intermediate value, the fault injection model e reflects the relation between the fault intermediate value and the correct intermediate value, the fault bit width, the location of the fault in the intermediate value, and the value of the fault. The diffusion property of the block cipher determines the propagation path of the fault injection model e for the intermediate value in the block cipher and the fault diffusion bit width in the original cipher text difference.
The Optimal DFA is a differential fault attack method based on the information theory, and is suitable for fault injection for changing an encryption intermediate value. Based on the method, an attacker can estimate the lower bound of the fault injection times required by recovering all the keys without designing a specific key recovery strategy. The principle of the Optimal DFA is to calculate the key information entropy leaked by primary fault injection according to the fault injection target intermediate value, the fault injection model e and the differential distribution characteristics of the nonlinear S-box in the block cipher algorithm.
Figure 1 shows a block cipher encryption framework using n-bit S-boxes. And processing the intermediate value X by an S box to obtain Y, and performing XOR on the Y and the key K to obtain an output Z. Input injection failure to the S-box is equivalent to using two different inputs X to it1,X2=
Two encryption operations are performed using the same key K, where Δ X is the differential input, which corresponds to the value of the injected fault. While an attacker can only observe the corresponding encrypted output Z1,
wherein Δ Y represents Z1And Z2Is also equivalent to the S-box processing result Y in the two encryptions1And Y2The differential value of (a). Let x1,x2And Deltax and k are X in some two actual ciphers1,X2Specific values for Δ X and K. Let y1,y2,z1,z2And Δ Y is Y in the two encryptions1,Y2,Z1,Z2And the corresponding specific value of Δ Y. Because (x)1,x2K) and (z)1,z2K) there is a one-to-one correspondence, so H (K, X)1,X2)=H(K,Z1,Z2) And H (-) represents information entropy and represents the uncertainty of the variable. Further, it can be inferred that the output Z is known as the encrypted output Z1,Z2On the condition entropy of the key:
H(K|Z1,Z2)=H(X1,X2|ΔY)=H(ΔX|ΔY)+H(X1|ΔX,ΔY)
the conditional entropy H (a | B) is calculated as follows. Where B is a known variable, A is an unknown variable to be solved for, and P (-) is a probability. B is a specific value of B, and the probability of B ═ B is p (B). a is a specific value of a, and the probability of a ═ a is known as P (a | B) under the condition that B ═ B is known.
In H (K | Z)1,Z2) In (1), H (X)1| Δ X, Δ Y) can be calculated from the differential distribution table of the S-boxes. Given a specific value (Δ X, Δ Y), we assume that they are legal differential inputs and outputs with a probability p. Each legal (Δ x, Δ y) approximation occurs with the same probability. Then for each legal (Δ x, Δ y) there is an agreement
A number of possible input values, each corresponding input value x1Probability of occurrence P (x)1| Δ x, Δ y) ≈ p. Thus H (X)1| Δ X, Δ Y) ≈ log p bits. Further, H (Δ X | Δ Y) ═ H (Δ X, Δ Y) -H (Δ Y). Suppose input X of S-box1Are uniformly distributed in the set {0, 1}nAnd the differential inputs Δ X of the S-boxes are evenly distributed in the set
In (3), the differential output Δ Y is uniformly distributed in the set {0, 1}nBecause the probability that each particular value (Δ X, Δ Y) of (Δ X, Δ Y) is a legal differential input-output is p, H (Δ X, Δ Y) is approximately log (| χ | × 2)n× p) bits where | χ | represents the size of the set χ1,Z2) Log x bit, i.e. the lower bound of the key information entropy leaked by one fault injection is about I (K, Z)1,Z2)=H(K)-H(K|Z1,Z2) N-log χ bits. For the whole block cipherAccording to the algorithm, the size of a set χ where Δ X is located is determined by the uncertainty of a fault injection model e, and n is equal to the uncertainty of a key K involved in a fault propagation process. Therefore, the mutual information of the key K, the correct ciphertext C and the original ciphertext difference Δ C involved in the fault propagation process is as follows:
the infection protection is a general fault attack protection measure, and can improve the capability of a block cipher algorithm for resisting differential fault attack. The protection principle is to randomize the confusion mode of the fault in the encryption process and enlarge the influence range of the fault, thereby eliminating the fault invariant and increasing the difficulty of recovering the key from the fault ciphertext. A block cipher infection prevention implementation is shown in fig. 2.
Block cipher infection prevention implementations require the introduction of additional redundant encryption modules and infection functions. The construction of the redundant cryptographic module is identical to the original cryptographic module. In the protection encryption, the same plaintext is input to an original encryption module and a redundant encryption module, and the same secret key is used for encryption twice; then carrying out XOR on the original encryption result and the redundant encryption result to obtain an original ciphertext difference delta C; inputting the Δ C into an infection function to obtain an output I (Δ C); finally, the I (delta C) output by the infection function is XOR-ed to the original encrypted ciphertext as the infection ciphertext CfAnd finally outputting.
The construction of the infection function requires two conditions to be met. Firstly, in order to ensure that the infected ciphertext is equal to the correct ciphertext when no fault is injected, the infected function is required to satisfy the mapping relation that the input is 0 and the output is 0. Secondly, the infection ciphertext is required to be as independent as possible from the original fault ciphertext when there is a fault injection, so a random number R is often introduced into the infection function. The mathematical expression for the infection function is as follows:
where F represents a function with a random number R as an input parameter. The construction of the infection function is generally simpler due to resource constraints. As shown in fig. 3, most of the existing infective functions firstly spread non-zero bits in the input Δ C by using some deterministic operation, then confuse the function input by using a series of random operations introducing random numbers, and finally perform a deterministic operation again before the output of the infective function to further spread the operation result of the random operations.
Deterministic operations are not necessarily operations in the infective function. Random operations are necessary and the most important part of the infective function, as they ensure the safety of the infective function. In an infection function consisting of N random operations, the inputs of the different random operations and the random number bits used are independent of each other and do not intersect. The input, output, random bits of the ith random operation can be written as: ini,outiAnd ri. In the existing infection function, a construction method of random operation comprises the following steps: random 2 state switch, random number bit AND operation, at GF (2)8) Random number multiplication operations above, input random differential S-box operations, etc.
Under the condition of differential fault attack, an attacker can repeatedly use the same plaintext and key to encrypt for multiple times to obtain a correct ciphertext C under the condition of no fault injection and an infected ciphertext C under the condition of faultf. In the case of a single fault injection, the fault injection for computing the intermediate value may affect only one of the original or redundant encryption. The difference between the infection cipher text and the correct cipher text finally output under the condition of fault injection is
It is called the infection ciphertext difference. Infecting ciphertext differences when a failure affects only the original encryption
When a failure affects only redundant encryption, the ciphertext differential Δ F ═ I (Δ C) is infected.
Currently, there is a small amount of work on how to evaluate the security of infection protection against differential fault attacks, and these work can be divided into two broad categories. A differential fault attack method for infection protection design recovers an original ciphertext difference delta C and a secret key K, and measures security by calculating attack complexity. The evaluation result of the method depends on a specific key recovery strategy, the evaluation accuracy is defective due to the individualized selection of an attack strategy, and the prior evaluation result is overturned by the proposal of a novel attack method. The other type measures the security of infection protection by calculating mutual information I (K; delta F) of a secret key K and an infection ciphertext difference delta F, and the protection is considered to be safe when I (K; delta F) is 0. Given the block cipher algorithm and the infection function in the infection protection, the formula for calculating the mutual information of K and deltaF is as follows,
the mutual information based evaluation results are independent of the key recovery policy. The value of I (K; delta F) is obtained based on the formula and the evaluation result is very accurate. However, in the aspect of calculating the probability value P (k | Δ f), there is no general calculation method at present except that the probability value is calculated by exhaustively counting plaintext, key and the occurrence frequency of the injected fault values, and counting Δ f and (k, Δ f). Since the exhaustive complexity often exceeds the computational power of current computers, this formula cannot be practically used to evaluate some complex infection protections. Furthermore, the method evaluates the block cipher and the infection function as a whole. Under the condition of not changing the block cipher and fault injection scene, if a plurality of infection protections using different infection functions need to be evaluated, a brand new evaluation is needed from the beginning every time, so the evaluation efficiency is low.
Disclosure of Invention
The invention provides a method for evaluating the security of anti-differential fault attack of block cipher algorithm infection protection. The method is directed to fault injection that changes the intermediate value of the block cipher. The method measures the safety of infection protection by using the information entropy, so that the evaluation process is independent of a specific key recovery strategy, and the accuracy of a high evaluation result is provided. Meanwhile, the method separates the infection function from the implementation of block cipher infection protection, so that the evaluation is universal for various infection protection using different infection functions, and the evaluation efficiency is improved.
To achieve the above object, the present invention provides the difference prior information Δ C of the original ciphertextpAnd information entropy H (Delta C | Delta C) of original ciphertext difference Delta C under condition of infection ciphertext difference Delta FpΔ F) as a safety measure for infection protection. The whole evaluation method comprises four parts:
1) calculating prior information delta C of the original ciphertext difference delta C according to the block cipher algorithm, the fault injection target intermediate value and the fault model ep;
2) Computing the entropy of information H (Δ C | Δ C) in the protection against infection to be assessedpΔ F) value;
3) according to a block cipher algorithm, a fault injection target intermediate value and a fault model e, calculating information entropy H (delta C | delta C) in safety infection protectionpΔ F) lower bound Le;
4) By comparing the entropy of information H (Δ C | Δ C) in the infection defense to be evaluatedpΔ F) and LeThe safety of infection protection to be evaluated is determined.
Preferably, the steps in the above method are implemented as follows:
1) for fault injection aiming at the intermediate value of the block cipher, the lower bound of 0 bit number in the original cipher text difference Delta C is calculated according to the propagation condition of the fault injection target intermediate value and the model e in the block cipher, and the lower bound is used as the prior information Delta C of the original cipher text differencep:
For some faults with injected target intermediate values close to the ciphertext or faults with narrow model width, when the faults are not completely diffused when being propagated to the original ciphertext difference deltaC, part of bits in the deltaC are 0. For the block cipher algorithm with the block width of D, the lower bound of 0 bit number in the original cipher text difference delta C is equal to the difference between the D and the fault diffusion bit width in the delta C;
for some faults with injected target intermediate values far away from the ciphertext or faults with wide model width, when the faults are completely diffused when being propagated to the original ciphertext difference deltaC, the lower bound of the number of 0 bits in the deltaC is 0.
The calculation of the lower bound of the number of 0 bits in the original ciphertext difference Δ C is a prior art in the field and is not described herein.
2) Computing the entropy of information H (Δ C | Δ C) in the protection against infection to be assessedpΔ F) value:
the infection ciphertext difference Δ F is equal to the exclusive or of the correct ciphertext C and the infection ciphertext C', there are two possible configurations: when the fault injection is in redundant encryption, the infection ciphertext difference Δ F is equal to the output I (Δ C) of the infection function; when the fault is injected in the original encryption, the difference delta F of the infected ciphertext is equal to the XOR value of the difference of the original ciphertext and the difference of the infected ciphertext
2.1) when Δ F ═ I (Δ C),
the infection function in the infection defense to be evaluated is decomposed into N random operations with the same structure. Requiring no intersection of random number bits and no intersection of input bits used in any two random operations; requiring all randomly operated inputs iniThe difference delta C between the difference delta C and the input of the infection function, namely the original ciphertext is a known deterministic linear mapping relation; all outputs out of random operation are requirediA known deterministic mapping relationship with the output of the infection function, I (ac); wherein i is 1 to N;
for the ith random operation, input in according to the random operationiLinear mapping relation with input Delta C of infection function, and converting Delta C prior information Delta CpIs mapped as iniIs a priori known to
Output out according to random operationiMapping I (Δ C) to out in relation to the output I (Δ C) of the infection functioniIs a priori known to
Wherein i is 1 to N;
for the ith random operation, based on prior information
Is exhaustive of the range
T possible values of (c). Calculating each value according to block cipher algorithm and randomness of infection function
Probability of occurrence Ps(ii) a Calculating input in on random operation based on each numerical valueiInformation entropy of
Thereby calculating out
Wherein i is 1 to N, s is 1 to t;
computing
2.2) when
When the temperature of the water is higher than the set temperature,
the infection function in the infection defense to be evaluated is decomposed into M random operations with the same structure. Requiring no intersection of random number bits and no intersection of input bits used in any two random operations; requiring input of all random operations
The difference delta C between the difference delta C and the input of the infection function, namely the original ciphertext is a known deterministic mapping relation; requiring the output of all random operations
A known deterministic linear mapping relationship with the output of the infection function, I (ac); wherein j is 1 to M;
a priori information Δ C from the input Δ C of the infection functionpAnd the difference delta F of the infection ciphertext to calculate the prior information I (delta C) of the output I (delta C) of the infection functionpI.e. the value of the bit in I (Δ C) xored with the 0 bit in Δ C, which is equal to the value of Δ F at the corresponding bit position.
For the jth random operation, input based on the random operation
Mapping relation with input Delta C of infection function, and converting prior information Delta C of Delta CpIs mapped as
Is a priori known to
Output according to random operation
Linear mapping of the output of the infection function (Δ C) maps the a priori information I (Δ C) p of I (Δ C) to
Is a priori known to
Wherein j is 1 to M;
for the jth random operation, based on prior information
Is exhaustive of the range
V possible values of (c). Calculating each value according to block cipher algorithm and randomness of infection function
Probability of occurrence Pw(ii) a Computing output for jth random operation based on each of the values
Information entropy of
Thereby calculating out
Wherein j is 1 to M, w is 1 to v;
computing
The information entropy of the difference deltaC of the original ciphertext in the infection protection is as follows:
3) according to a block cipher algorithm, a fault injection target intermediate value and a fault model e, calculating information entropy H (delta C | delta C) in safety infection protection by using an optimal DFA analysis methodpΔ F) lower bound LeI (K, Δ C, C) ≈ n-h (e), where n is equal to the uncertainty of the key K involved in the fault propagation process, and h (e) represents the uncertainty of the fault model.
4) Judging the information entropy H (Delta C | Delta C) obtained in the step 2)pΔ F) is less than LeIf so, the key information of the block cipher is leaked, and the infection protection is judged to be unsafe under the fault injection target intermediate value and the fault model e; if not, the infection protection is judged to be possibly safe under the fault injection target intermediate value and the fault model e.
Correspondingly to the above method, the present invention further provides a system for evaluating security against differential fault attack suitable for block cipher algorithm infection protection, where the differential fault attack at least includes a fault injection target median and a fault model, and the system includes:
the prior information calculation module is responsible for calculating prior information of an original ciphertext difference according to the block cipher algorithm, the fault injection target intermediate value and the fault model;
the information entropy calculation module is responsible for calculating the information entropy of the original ciphertext difference in the infection protection to be evaluated by using the prior information of the original ciphertext difference and the infection ciphertext difference obtained by the prior information calculation module;
the information entropy lower bound calculation module is responsible for calculating the information entropy lower bound of the original ciphertext difference in the security infection protection without secret key information leakage according to the block cipher algorithm, the fault injection target intermediate value and the fault model;
and the safety judgment module is responsible for judging the safety of infection protection to be evaluated by comparing the numerical value of the information entropy obtained by the information entropy calculation module with the lower bound of the information entropy obtained by the information entropy lower bound calculation module.
Compared with the prior art, the invention has the following advantages:
1. the invention provides an evaluation method for the security against differential fault attack aiming at block cipher infection protection, and the method can evaluate the infection protection more accurately and more efficiently;
2. different from the existing evaluation method for measuring the security of infection protection by using differential fault attack complexity, the evaluation method measures the security of infection protection by using information entropy, so that the evaluation process is independent of a specific attack method and a key recovery strategy, and the evaluation result is more accurate;
3. different from the existing evaluation method for measuring the safety of infection protection by mutual information I (K; delta F) of a secret key K and an infection ciphertext difference delta F, the evaluation method separates an infection function from the implementation of block cipher infection protection, and gives the difference prior information delta C of an original ciphertext topAnd information entropy H (Delta C | Delta C) of original ciphertext difference Delta C under condition of infection ciphertext difference Delta FpΔ F) as a safety measure for infection protection, the information entropy H (Δ C | Δ C) in the safety infection protection is calculated by means of the existing optimal DFA analysis methodpΔ F), improving the evaluation efficiency;
4. information entropy H (Δ C | Δ C) employed by the inventionpThe delta F) calculation method considers two different structures of the delta F, so that the evaluation result is more comprehensive;
5. information entropy H (Δ C | Δ C) employed by the inventionpDelta F) calculation method divides the infection function into a plurality of simple random operations, and improves the information entropy H (Delta C | Delta C)pΔ F), improves the versatility of the evaluation method for infection protection using different infection functions.
Drawings
FIG. 1 is a schematic diagram of block cipher algorithm encryption using n-bit S-boxes;
FIG. 2 is a block cipher infection prevention implementation diagram;
FIG. 3 is a construction diagram of an infection function;
FIG. 4 is a graph of an infection function based on a random 2-state switch construction;
fig. 5 is a flow chart of the method of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and an example, without in any way limiting the scope of the invention.
In an embodiment, the effectiveness of the present invention is demonstrated by evaluating infection protection using an infection function as shown in FIG. 4 with AES-128 as the block cipher, the penultimate round input as the fault injection target intermediate value, and a single-byte upset fault with randomly unknown location and value as the fault model e.
The infection function in fig. 4 mainly contains four parts: one deterministic nonlinear operation A of 128 bit input/output, one deterministic linear bit permutation operation B of 128 bit input/output, and 64 random 2-state switch operations (C) of 2 bit input/output1,C2,...,C64) And a deterministic linear bit permutation operation D of 128-bit input/output. When Δ C is 0, the deterministic nonlinear operation a outputs (0000.. 00); when Δ C ≠ 0, a outputs (1010 … 10), hamming weight of 64, and eventually results in a hamming weight of 64 for the infection function output I (Δ C). Deterministic linear bit permutation operationB and D only change the position of different bits, the permutation mode is random but known, and the Hamming weight of the operation input value is consistent with the Hamming weight of the output value. Ith random 2-state switching operation CiIs received by the ith bit R of the random number RiControl, its 2-bit output has
With a probability directly equal to its 2-bit input, having
The probability cross is equal to its 2-bit input, the hamming weight of the operational input value and the output value being identical.
The evaluation process is shown in fig. 5 and comprises the following steps:
1) according to the propagation characteristics of single byte fault input in the second last round of AES-128, 4 bytes of fault diffusion in the original ciphertext difference delta C are obtained, the grouping width of AES-128 is 128 bits, therefore, the lower bound of 0 bit number in the delta C is 128-8 × 4 ═ 96, and the lower bound is used as the original ciphertext difference prior information delta Cp。
2) Computing the entropy of information H (Δ C | Δ C) in the protection against infection to be assessedpΔ F) value:
2.1) when fault injection is in redundant encryption, the infected ciphertext difference Δ F ═ I (Δ C). Random 2-state switching with deterministic non-linear operation A, deterministic linear bit permutation operation B and 64 2-bit input \ output in FIG. 4 (C)1,C2,...,C64) Random operations collectively as a function of infection. At this time, the infection function only contains N ═ 1 random operations, and satisfies the condition: the input of the random operation and the input of the infective function, namely the original ciphertext difference deltaC, are in a known deterministic linear mapping relationship, and the output of the random operation and the output I (deltaC) of the infective function are in a known deterministic mapping relationship.
Randomly operated input in1Is a priori known to
Δ C ≠ 0, and Δ C includes at least 96 0 bits; randomOutput of operation out1Is a priori known to
Is out1The value of (C) can be derived from the output of the infection function, I (Δ C), and the range of values falls within {0, 1}128And out1Has a hamming weight of 64.
Therefore, the prior information has t ═ C (128, 64) different values, and each value takes on different values
The probability of occurrence is approximately equal to each other,
since the deterministic non-linear operation a always outputs (1010 … 10) when Δ C ≠ 0, any value for the a priori information
s is 1 to t. Thus, it is possible to provide
Can obtain the product
2.2) when the fault is injected in the original encryption, the ciphertext difference is infected
Random 2-state switching operation C with 2-bit input \ output in FIG. 4jAs a random operation of the infection function, j ═ 1 to 64. At this time, the infection function only contains 64 random operations, and the condition is satisfied: the random number bits used by any two random operations have no intersection and the input bits have no intersection, and the known determination between the input of the random operation and the input of the infection function, namely the original ciphertext difference Delta CThe linear mapping relationship, the output of the random operation and the output of the infection function, I (Δ C), is a known deterministic linear mapping relationship.
Since Δ C contains at least 96 0 bits, the value of the bit XOR of I (Δ C) and the 96 0 bits in Δ C is equal to the value of Δ F at the corresponding bit position, i.e., the a priori information I (Δ C)pIs 96 known bits in I (Δ C).
Since Δ C ≠ 0, and the deterministic non-linear operation A always outputs (1010 … 10) when Δ C ≠ 0, the input of the jth random operation
Is a priori known to
The bit is known 2 bits and the value distribution is uniform; output of random operation
Is a priori known to
The known 2 bits are obtained and the values are distributed uniformly, or the known 1 bits are obtained and the values are distributed uniformly, or no prior information exists.
When in use
For the known 2 bits of the data, the bit is,
for the known 2 bits, there are 6 possible values of the prior information. when w is 1 to 6, the value of the prior information
The occurrence probabilities P are (00, 00), (01, 01), (01, 10), (10, 10), (10, 01) and (11, 11)wAre respectively as
And
for any value
w is 1 to 6. Thus, it is possible to provide
When in use
For the known 2 bits of the data, the bit is,
for 1 bit, the prior information has 6 possible values. when w is 1 to 6, the value of the prior information
The occurrence probabilities P are (00, 0), (01, 0), (01, 1), (10, 0), (10, 1) and (11, 1)wAre respectively as
And
for any value
w is 1 to 6. Thus, it is possible to provide
When in use
Is known as 2 bits, none
When information is available, the prior information has 4 possible values. when w is 1 to 4, a prioriValue of information
The occurrence probability P is (00,), (01,), (10,) and (11,)wAre respectively as
And
for the value (00,),
for the value (01,),
for the value (10,),
for the value (11,),
thus, it is possible to provide
According to prior information I (Delta C)p: there are 96 known bits in I (Delta C), and the prior information of the jth random operation can be calculated to satisfy
For the known 2 bits of the data, the bit is,
the probability of a random operation of 2 bits being known is
Satisfy the requirement of
For the known 2 bits of the data, the bit is,
the probability of a random operation of 1 bit being known is
Satisfy the requirement of
Is known as 2 bits, none
Probability of random operation of information is
Therefore, in the case of M ═ 64 random operations, the number of the above three types of operations is the product of the probability and 64.
Can obtain the product
The information entropy of the original ciphertext difference deltaC in the infection protection to be evaluated is as follows:
3) and according to the propagation characteristics of the single-byte fault input in the second last round of AES-128 input, the uncertainty of the key K involved in the fault propagation process is obtained to be n-32 bits. Since the width of the fault model e is 8 bits and the position and the value are randomly unknown in the fault intermediate value of 128 bits width, the uncertainty of the fault is
Information entropy H (delta C | delta C) in safety infection protection is calculated by utilizing optimal DFA analysis methodpΔ F) is LeI (K, Δ C, C) ≈ n-h (e) 32-12 ═ 20 bits.
4) Since 1.95 < 20, i.e., H (Δ C | Δ C)p,ΔF)<LeTherefore, infection protection using the infection function shown in FIG. 4 is not safe for injecting single byte faults whose location and value are randomly unknown at the penultimate input of AES-128.
Another embodiment of the present invention provides a system for evaluating security against differential fault attack suitable for block cipher algorithm infection protection, where the differential fault attack at least includes a fault injection target median and a fault model, and the system includes:
the prior information calculation module is responsible for calculating prior information of an original ciphertext difference according to the block cipher algorithm, the fault injection target intermediate value and the fault model;
the information entropy calculation module is responsible for calculating the information entropy of the original ciphertext difference in the infection protection to be evaluated by using the prior information of the original ciphertext difference and the infection ciphertext difference obtained by the prior information calculation module;
the information entropy lower bound calculation module is responsible for calculating the information entropy lower bound of the original ciphertext difference in the security infection protection without secret key information leakage according to the block cipher algorithm, the fault injection target intermediate value and the fault model;
and the safety judgment module is responsible for judging the safety of infection protection to be evaluated by comparing the numerical value of the information entropy obtained by the information entropy calculation module with the lower bound of the information entropy obtained by the information entropy lower bound calculation module.
The above detailed description of the specific embodiments is only for better understanding of the present invention, and the present invention is not limited thereto, and those skilled in the art can implement the present invention in other embodiments according to the present disclosure, for example, the present invention can be implemented in the form of a computer software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk), and includes several instructions to make a terminal device (e.g., a mobile phone, a computer, a server, etc.) execute the method of the present invention; all changes and substitutions that adopt the design, construction and concept of the invention without departing from the scope of the claims are intended to be within the scope of the invention.
Claims (4)
1. A safety evaluation method for resisting differential fault attack suitable for block cipher algorithm infection protection, wherein the differential fault attack at least comprises a fault injection target intermediate value and a fault model, and the method comprises the following steps:
1) calculating prior information of an original ciphertext difference according to the block cipher algorithm, the fault injection target intermediate value and the fault model; the method for calculating the prior information of the difference of the original ciphertext comprises the following steps: analyzing a propagation path of the fault in the block cipher algorithm according to the fault injection target intermediate value and the fault model, and calculating a lower bound of 0 bit number in the original ciphertext difference;
2) calculating the information entropy of the original ciphertext difference in the infection protection to be evaluated by using the prior information of the original ciphertext difference obtained in the step 1) and the infection ciphertext difference; calculating the information entropy of the original ciphertext difference in the infection protection to be evaluated according to the difference of the infection ciphertext difference;
when the infection ciphertext difference is equal to the output of the infection function in the infection protection to be evaluated, the method for calculating the information entropy of the original ciphertext difference in the infection protection comprises the following steps:
a1) decomposing the infection function in the infection protection to be evaluated into N random operations with the same structure, requiring that random number bits used in any two random operations have no intersection and input bits have no intersection, requiring that the input of all the random operations and the input of the infection function, namely the original ciphertext difference △ C, are in a known deterministic linear mapping relation, and requiring that the output of all the random operations and the output I (△ C) of the infection function are in a known deterministic mapping relation;
a2) a priori information △ C of input △ C of infection functionpInput in mapped to ith random operationiIs a priori known to
Mapping the output of the infection function I (△ C) to the output of the ith random operation outiIs a priori known to
Wherein i is 1 to N;
a3) calculating the ith random operation input iniInformation entropy of
a4) Information entropy of original ciphertext difference △ C in calculation infection protection
When the infection ciphertext difference is equal to the exclusive or value of the original ciphertext difference and the infection function output in the infection protection to be evaluated, the method for calculating the information entropy of the original ciphertext difference in the infection protection comprises the following steps:
b1) decomposing the infection function in the infection protection into M random operations with the same structure, requiring that random number bits used in any two random operations have no intersection and input bits have no intersection, requiring that the input of all the random operations and the input of the infection function, namely the original ciphertext difference △ C, are in a known deterministic mapping relation, and requiring that the output of all the random operations and the output I (△ C) of the infection function are in a known deterministic linear mapping relation;
b2) priori information △ C from input △ C of infection functionpAnd an infection ciphertext difference △ F, calculating prior information I (△ C) of an output I (△ C) of the infection functionp;
b3) A priori information △ C of input △ C of infection functionpMapping as input to jth random operation
Is a priori known to
Comparing the prior information I (△ C) of the output I (△ C) of the infection functionpMapped as the output of the jth random operation
Is a priori known to
Wherein j is 1 to M;
b4) computing information entropy of output of jth random operation
b5) Information entropy of original ciphertext difference △ C in calculation infection protection
The information entropy of the original ciphertext difference △ C in the infection protection is:
3) and calculating the lower bound of the information entropy of the original ciphertext difference in the security infection protection without key information leakage according to the block cipher algorithm, the fault injection target intermediate value and the fault model, wherein the method for calculating the lower bound of the information entropy of the original ciphertext difference comprises the step of calculating the mutual bound of the key K, the original ciphertext difference △ C and the correct ciphertext C involved in the fault propagation process by using an optimalDFA analysis method according to the block cipher algorithm, the fault injection target intermediate value and the fault modelInformation LeI (K, △ C, C), i.e. the lower entropy bound;
4) and (3) judging the safety of infection protection to be evaluated by comparing the numerical value of the information entropy obtained in the step 2) with the lower bound of the information entropy obtained in the step 3).
2. The method of claim 1, wherein the infection ciphertext difference is equal to an exclusive or of a correct ciphertext and an infection ciphertext.
3. The method according to claim 1, wherein step 4) determines whether the entropy obtained in step 2) is smaller than the lower bound of the entropy obtained in step 3), if so, the key information of the block cipher is leaked, and it is determined that the infection protection is unsafe under the fault injection target intermediate value and the fault model; if not, the infection protection is judged to be possibly safe under the fault injection target intermediate value and the fault model.
4. A system for performing the method for security evaluation against differential fault attacks applicable to infection protection of a block cipher algorithm according to claim 1, wherein the differential fault attack includes at least a fault injection target median value and a fault model, the system comprising:
the prior information calculation module is responsible for calculating prior information of an original ciphertext difference according to the block cipher algorithm, the fault injection target intermediate value and the fault model;
the information entropy calculation module is responsible for calculating the information entropy of the original ciphertext difference in the infection protection to be evaluated by using the prior information of the original ciphertext difference and the infection ciphertext difference obtained by the prior information calculation module;
the information entropy lower bound calculation module is responsible for calculating the information entropy lower bound of the original ciphertext difference in the security infection protection without secret key information leakage according to the block cipher algorithm, the fault injection target intermediate value and the fault model;
and the safety judgment module is responsible for judging the safety of infection protection to be evaluated by comparing the numerical value of the information entropy obtained by the information entropy calculation module with the lower bound of the information entropy obtained by the information entropy lower bound calculation module.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910100979 | 2019-01-31 | ||
| CN2019101009792 | 2019-01-31 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110401627A CN110401627A (en) | 2019-11-01 |
| CN110401627B true CN110401627B (en) | 2020-07-10 |
Family
ID=68322426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910194486.XA Active CN110401627B (en) | 2019-01-31 | 2019-03-14 | Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110401627B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111224770B (en) * | 2019-12-25 | 2021-03-30 | 中国科学院软件研究所 | Comprehensive protection method for resisting side channel and fault attack based on threshold technology |
| CN113014377B (en) * | 2021-02-01 | 2022-07-22 | 中国科学院软件研究所 | Persistent fault attack protection method and device by utilizing bijection characteristic of block cipher S box |
| CN113206734B (en) * | 2021-04-30 | 2022-04-29 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
| CN113434332B (en) * | 2021-05-27 | 2022-02-18 | 国家信息技术安全研究中心 | Fault propagation-based key recovery method for DES/3DES middle wheel attack |
| CN114095395B (en) * | 2021-11-04 | 2023-06-16 | 中金金融认证中心有限公司 | Method, device and medium for analyzing error data generated by fault injection |
| CN114070560B (en) * | 2022-01-13 | 2022-06-24 | 浙江大学 | Algebraic persistent fault analysis method and device for block cipher |
| WO2024092838A1 (en) * | 2022-11-04 | 2024-05-10 | 华为技术有限公司 | Data transmission method and apparatus |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404108A (en) * | 2011-10-25 | 2012-04-04 | 宁波大学 | Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm |
| CN105610568A (en) * | 2014-11-21 | 2016-05-25 | 南方电网科学研究院有限责任公司 | Fault detection method and device for block cipher algorithm |
| CN106130712A (en) * | 2016-06-14 | 2016-11-16 | 刘雷波 | A kind of opportunistic infections fault-resistant attack method based on INS network |
| CN107204841A (en) * | 2017-03-14 | 2017-09-26 | 中国人民武装警察部队工程大学 | A kind of method that many S boxes of the block cipher for resisting differential power attack are realized |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7725719B2 (en) * | 2005-11-08 | 2010-05-25 | International Business Machines Corporation | Method and system for generating ciphertext and message authentication codes utilizing shared hardware |
| CN101013938B (en) * | 2007-01-12 | 2010-04-07 | 广州市诚毅科技软件开发有限公司 | Encryption method of block cipher |
| CN103607276B (en) * | 2013-12-05 | 2017-06-30 | 桂林电子科技大学 | Grouping encryption method of the anti-known-plaintext ciphertext based on random function to attack |
| CN104158796B (en) * | 2014-07-11 | 2017-07-21 | 中国科学院信息工程研究所 | The appraisal procedure of the anti-linear attack security of block cipher |
| US10673616B2 (en) * | 2017-01-11 | 2020-06-02 | Qualcomm Incorporated | Lightweight mitigation against first-order probing side-channel attacks on block ciphers |
-
2019
- 2019-03-14 CN CN201910194486.XA patent/CN110401627B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404108A (en) * | 2011-10-25 | 2012-04-04 | 宁波大学 | Novel fault attack method aiming at Advanced Encryption Standard (AES-128) algorithm |
| CN105610568A (en) * | 2014-11-21 | 2016-05-25 | 南方电网科学研究院有限责任公司 | Fault detection method and device for block cipher algorithm |
| CN106130712A (en) * | 2016-06-14 | 2016-11-16 | 刘雷波 | A kind of opportunistic infections fault-resistant attack method based on INS network |
| CN107204841A (en) * | 2017-03-14 | 2017-09-26 | 中国人民武装警察部队工程大学 | A kind of method that many S boxes of the block cipher for resisting differential power attack are realized |
Non-Patent Citations (1)
| Title |
|---|
| Exploration of Benes Network in Cryptographic Processors:A Random Infection Countermeasure for Block Ciphers Against Fault Attacks;Wang Bo etc.;《IEEE》;20160922;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110401627A (en) | 2019-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110401627B (en) | Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection | |
| Kumar et al. | Development of modified AES algorithm for data security | |
| Malkin et al. | A comparative cost/security analysis of fault attack countermeasures | |
| Wyseur et al. | Cryptanalysis of white-box DES implementations with arbitrary external encodings | |
| Saha et al. | RK‐AES: An Improved Version of AES Using a New Key Generation Process with Random Keys | |
| Pahlevanzadeh et al. | Assessing CPA resistance of AES with different fault tolerance mechanisms | |
| Patranabis et al. | Fault tolerant infective countermeasure for AES | |
| Clavier et al. | Reverse engineering of a secret AES-like cipher by ineffective fault analysis | |
| US9544132B2 (en) | Cryptographic method for protecting a key hardware register against fault attacks | |
| CN109766729B (en) | Integrated circuit for defending hardware trojan and encryption method thereof | |
| Pan et al. | One fault is all it needs: Breaking higher-order masking with persistent fault analysis | |
| Salam et al. | Random differential fault attacks on the lightweight authenticated encryption stream cipher grain-128AEAD | |
| EP3188401B1 (en) | Method and system for protecting a cryptographic operation | |
| CN111224770B (en) | Comprehensive protection method for resisting side channel and fault attack based on threshold technology | |
| Korkikian et al. | Blind fault attack against SPN ciphers | |
| Bertoni et al. | Power analysis of hardware implementations protected with secret sharing | |
| Bringer et al. | Protecting AES against side-channel analysis using wire-tap codes | |
| Khairallah et al. | SoK: on DFA vulnerabilities of substitution-permutation networks | |
| Boscher et al. | Masking does not protect against differential fault attacks | |
| Luo et al. | Differential fault analysis of SHA-3 under relaxed fault models | |
| Lim et al. | Differential fault attack on lightweight block cipher PIPO | |
| Karri et al. | Parity-based concurrent error detection in symmetric block ciphers | |
| Taha et al. | Keymill: Side-channel resilient key generator | |
| Shi et al. | A Secure Implementation of a Symmetric Encryption Algorithm in White‐Box Attack Contexts | |
| Baksi et al. | Feeding three birds with one scone: A generic duplication based countermeasure to fault attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |