CN112468283A - Method for detecting iFeed [ AES ] algorithm to resist differential fault attack - Google Patents
Method for detecting iFeed [ AES ] algorithm to resist differential fault attack Download PDFInfo
- Publication number
- CN112468283A CN112468283A CN202011337427.2A CN202011337427A CN112468283A CN 112468283 A CN112468283 A CN 112468283A CN 202011337427 A CN202011337427 A CN 202011337427A CN 112468283 A CN112468283 A CN 112468283A
- Authority
- CN
- China
- Prior art keywords
- fault
- algorithm
- aes
- ifeed
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
Abstract
The invention provides a method for detecting an iFeed [ AES ] algorithm to resist differential fault attack. Firstly, ensuring that an iFeed [ AES ] algorithm is used for encrypting a plaintext under the environment that an experimental environment is not interfered at all, and outputting correct results which are recorded as C and T; then changing the experimental environment by physical means, interfering in the encryption process, inducing the encryption process to generate faults, and obtaining wrong output results which are marked as C 'and T'; the capability of the iFeed [ AES ] algorithm for resisting differential fault attacks is evaluated by calculating the differential value of C and C 'and the differential value of T and T'. If the fault is detected, the specific position of the fault can be deduced, and the effectiveness of the fault position is further judged. The method is simple to operate, quick to implement and high in accuracy, and provides good analysis basis for the capability of the evaluation iFeed [ AES ] algorithm in resisting differential fault attacks.
Description
Technical Field
The invention relates to a method for detecting an iFeed [ AES ] algorithm to resist differential fault attack, and belongs to the technical field of information security.
Background
With the rapid development of modern computer technology, information security problems are gradually highlighted, and problems of network attack, illegal invasion and the like are gradually serious, so that huge potential safety hazards are brought to people in the use process of the internet. The safety and reliability encryption algorithm can ensure the integrity and confidentiality of the message, so the safety problem of the encryption algorithm is always the key point of the research of scholars at home and abroad.
The iFeed AES algorithm was proposed 3 months in 2014 and is a new authentication encryption algorithm, which includes two parts of encryption and authentication, so that the confidentiality and integrity of data can be ensured. ifed AES belongs to symmetric cipher algorithms and faces a significant threat of differential fault attack.
The attack method aims at the structure of a symmetric password and the characteristics of round functions, combines differential analysis, introduces faults during algorithm execution, analyzes the influence of the faults on a ciphertext, and finally obtains key information related to a key so as to recover the key. There is no report published to evaluate the capability of iFeed AES algorithm to resist differential fault attacks, leaving a potential safety hazard for products being packaged using iFeed AES algorithm.
Disclosure of Invention
The purpose of the invention is: a method of assessing the capability of an iFeed [ AES ] algorithm to withstand differential fault analysis is provided.
In order to achieve the above object, the technical solution of the present invention is to provide a method for detecting an iFeed [ AES ] algorithm against a differential fault attack, which is characterized by comprising the following steps:
step 1: randomly generating a message to be processed, and recording the message as M;
step 2: processing the message M to obtain correct output, and recording the output as C and T; processing the message M again and introducing a fault to obtain error output which is marked as C 'and T';
and step 3: calculating the difference between the correct ciphertext and the error ciphertext, recording as delta C and delta T, analyzing the delta C and the delta T, judging whether the algorithm is influenced by differential fault attack, deducing a specific position of a lead-in fault, and analyzing the effectiveness of the lead-in fault, wherein the method comprises the following steps:
calculating a difference
Wherein
Represents exclusive-or operation, Δ C is 128 bits, Δ T is 128 bits, and represents the difference between the two output results of the ninth round, Δ CiIs the ith byte of Δ C, where i ∈ {0,1, …,15}, in accordance with Δ CiJudging whether the introduced fault is effective or not according to the ratio of the fault to the fault, wherein the specific method comprises the following steps:
and (3) effective failure:
when Δ C0To Δ C15All the faults are not 0, and the proportion meets any one of the following conditions, the introduced fault is a valid fault:
case 1) if one of the following equations is satisfied, it can be concluded that the fault was introduced at locations 0, 5, 10, 15; 2 Delta C0=ΔC1=ΔC2=3ΔC3,
ΔC4=ΔC5=3ΔC6=2ΔC7,
ΔC8=3ΔC9=2ΔC10=ΔC11,
3ΔC12=2ΔC13=ΔC14=ΔC15.
Case 2) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 3, 4, 9, 14; 3 Delta C0=2ΔC1=ΔC2=ΔC3,
2ΔC4=ΔC5=ΔC6=3ΔC7,
ΔC8=ΔC9=3ΔC10=2ΔC11,
ΔC12=3ΔC13=2ΔC14=ΔC15.
Case 3) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 2, 7, 8, 13;
ΔC0=3ΔC1=2ΔC2=ΔC3,
3ΔC4=2ΔC5=ΔC6=ΔC7,
2ΔC8=ΔC9=ΔC10=3ΔC11,
ΔC12=ΔC13=3ΔC14=2ΔC15.
case 4) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 1, 6, 11, 12;
ΔC0=ΔC1=3ΔC2=2ΔC3,
ΔC4=3ΔC5=2ΔC6=ΔC7,
3ΔC8=2ΔC9=ΔC10=ΔC11,
2ΔC12=ΔC13=ΔC14=3ΔC15.
invalid failure: a fault satisfying one of the following conditions is an invalid fault
Condition 1) when Δ C is 0, it means that the value after the fault is introduced is equal to the original correct value, the difference value is 0, and the fault is an invalid fault;
condition 2) when Δ C ≠ 0, the obtained ciphertext cannot recover the key, or the finally obtained key is not unique, so that the fault is an invalid fault;
condition 3) invalid failure when the failure is introduced before the 8 th round
Judging whether the fault of the delta T is effective or not and a method for leading in the position are the same as a method for judging the delta C;
and 4, step 4: and (3) after the search space of the key is reduced according to the differential value obtained in the step (3), guessing the key by using an exhaustion method and finally cracking the key.
Preferably, in the process of processing the message M by using the iFeed [ AES ] algorithm in the step 2, two experimental environments are controlled, and the specific steps are as follows:
1) inputting a message M, controlling the experimental environment not to be interfered by any other irrelevant objects, and enabling the iFeed [ AES ] algorithm to be correctly carried out, so that a correct output result is obtained and is marked as C and T;
2) and re-inputting the message, processing the message by using the iFeed [ AES ] algorithm again, changing the operating environment by means of other physical equipment, inducing to generate faults to interfere the processing process of the iFed [ AES ] algorithm, and recording the output result as C 'and T'.
Preferably, the method for changing the operating environment to induce the fault comprises the following steps: changing clock, voltage, humidity, radiation, pressure, light and eddy currents.
The method provided by the invention can be used for evaluating the capability of the iFeed [ AES ] algorithm for resisting differential fault attacks. The invention is mainly applied to the evaluation of the safety of the products packaged by the algorithm.
The invention provides a method for detecting that an iFeed [ AES ] algorithm resists differential fault attack, which comprises the steps of firstly processing a certain input message through the iFed [ AES ] algorithm; in the message processing stage, two controls are implemented on the execution environment, one is to ensure that the experimental environment is not interfered, the control processing process runs accurately and records the output results as C and T, and the other is to artificially introduce faults by using some physical means in the process of processing the plaintext message by the algorithm, induce the faults to output wrong results and record the wrong results as C 'and T'. The capability of the iFeed AES algorithm for resisting differential fault attacks is evaluated by calculating differential values delta C and delta T obtained by a correct result and an incorrect result. If the fault is detected, the position of the fault can be deduced, and the effectiveness of the fault position is further judged. The method provided by the invention has the characteristics of simplicity, rapidness, accuracy, easiness in implementation and the like, and provides a good analysis basis for detecting the capability of the iFeed [ AES ] algorithm for resisting differential fault attacks.
Drawings
FIG. 1 is a flow chart of a method for an iFeed [ AES ] algorithm to resist differential fault attacks;
FIG. 2 is a diagram of a differential fault analysis of the iFeed [ AES ] algorithm;
FIG. 3 is a graph of an authentication analysis of the iFeed [ AES ] algorithm;
fig. 4 is a schematic diagram of an experimental environment of the present scheme.
Detailed Description
The invention will be further illustrated with reference to the following specific examples. It should be understood that these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention may be made by those skilled in the art after reading the teaching of the present invention, and such equivalents may fall within the scope of the present invention as defined in the appended claims.
The symbols used in this example are illustrated below:
m: plaintext;
Ni: fault value at the beginning of the ninth round;
c: processing a correct message ciphertext output after the plaintext message M is processed by using iFeed [ AES ];
c': encrypting a plaintext message M and importing an error message ciphertext output after a fault;
Δ C: the difference of C and C';
t: processing the plaintext message M by using iFeed [ AES ] to obtain a correct verification tag;
t': processing a plaintext message M by using an iFeed [ AES ] and introducing a fault to obtain an error verification label;
Δ T: the difference value of T and T';
SB: a byte substitution layer;
SR: performing line shift transformation;
MC: a column obfuscation transformation;
ARK: a key addition layer;
l: importing a set of key candidate values derived after the first failure;
Ki: the ith byte of the key K;
Pad (A): if the length of A is less than n, then take A |10n-1-|A|modnAnd if the length of A is n, taking A.
When the same key is used for processing the same message by using the iFeed [ AES ] algorithm, if experimental environments (such as clock, voltage, humidity, radiation, pressure, light, eddy current and the like) are different, an attacker can respectively obtain a correct output and an error output, and respectively calculate the difference values delta C and delta T of the correct output and the error output, so that key information can be deduced. An attacker can induce a fault to occur during the execution of the iFeed AES algorithm, but does not clear the specific location and specific error value of the fault lead-in. Therefore, the specific location of the fault introduction is important, and if important information is to be acquired from the differential value, it is necessary to ensure that the location of the introduced fault is valid, otherwise an attacker cannot acquire the key information from the Δ C.
Fig. 1 is a flowchart of a method for detecting that an iFeed [ AES ] algorithm resists differential fault attack, which is provided by the present invention, and the method for detecting that the iFeed [ AES ] algorithm resists differential fault attack includes the following steps:
step 1: randomly generating a message to be processed, and recording the message as M;
step 2: processing the message M to obtain correct output, recording the correct output as C and T, processing the message M again, introducing a fault, and obtaining error output, recording the error output as C 'and T';
and step 3: calculating the difference between the correct ciphertext and the error ciphertext, and respectively recording the result as delta C and delta T;
and 4, step 4: analyzing the delta C and the delta T, judging whether the algorithm is influenced by differential fault attack, deducing a specific position for leading in the fault, and analyzing the effectiveness of leading in the fault;
and 5: after the search space of the key is reduced through the difference proportion, the key is guessed by using an exhaustion method and is finally cracked.
Aiming at the step 2, an iFeed [ AES ] algorithm is used for processing M, and in the experimental process, two different controls are implemented on the operation environment, namely:
1) inputting a message M, controlling the experimental environment not to be interfered by any other irrelevant matters, and enabling the iFeed [ AES ] algorithm to be correctly carried out, so that a correct ciphertext and a correct verification tag are obtained and are marked as C and T;
2) and re-inputting the message, processing the message by using the iFeed [ AES ] algorithm again, changing the operating environment by virtue of other physical equipment, inducing to generate a fault to interfere the processing process of the iFed [ AES ] algorithm, and generating an erroneous output result which is recorded as C 'and T'.
The method for inducing the fault generation in the step 2) comprises the following steps: changing clock, voltage, humidity, radiation, pressure, light and eddy currents, etc.
For step 3, calculate the difference
Wherein
And representing an exclusive-or operation, wherein Δ C is 128 bits, and Δ T is 128 bits, and respectively represent difference values of the two output results of the ninth round.
For step 4, the principle of differential analysis of Δ C and determination of fault location is as follows:
ifed AES is a block cipher that incorporates both encryption and authentication. The design aim is to ensure the low requirement of the algorithm on resources, can process the short message effectively and with low consumption, and can be applied to an embedded system. The packet length of the ifed [ AES ] is 128 bits, ten iterations are required in the encryption and decryption processes, and each iteration except the last iteration is in sequence, and the method comprises four steps: byte substitution, row shifting, column obfuscation, round key addition, the tenth round is similar to the previous nine rounds but without the column obfuscation step.
The key K is derived by fault-importing the algorithm. As shown in fig. 2, after a fault is introduced in the eighth round, a corresponding differential ratio is generated in the ninth round, column aliasing can diffuse a single-byte fault to the whole column, row displacement can diffuse a fault to different columns, and after two rounds of encryption, a fault can be diffused to the whole ciphertext. The method can be used for deriving a fault diffusion diagram and corresponding differential proportion after faults are introduced at other positions. Because the intermediate state output after the ninth round of encryption is equal to the state after the tenth round of decryption, the specific position of fault introduction is deduced by the proportional relation between the correct ciphertext and the error ciphertext output in the tenth round of backward motion and the specific position of fault introduction, so that the candidate value of the key is determined, and finally the key is determined by an exhaustive search method.
The obtained difference results have the following four difference results by analysis, wherein N is1、N2、N3、N4The difference result in the table is the difference result output after the ninth round of encryption, and is also the state after the tenth round of decryption is finished.
1) If the difference ratios are shown in table 1, for example, it can be inferred that the fault is introduced at positions 0, 5, 10, and 15;
| 2N1 | N4 | N3 | 3N2 |
| N1 | N4 | 3N3 | 2N2 |
| N1 | 3N4 | 2N3 | N2 |
| 3N1 | 2N4 | N3 | N2 |
TABLE 1 first Difference attack
2) If the difference ratios are shown in table 2, for example, it can be inferred that the fault is introduced at positions 3, 4, 9, and 14;
| 3N2 | 2N1 | N4 | N3 |
| 2N2 | N1 | N4 | 3N3 |
| N2 | N1 | 3N4 | 2N3 |
| N2 | 3N1 | 2N4 | N3 |
TABLE 2 second Difference attack
3) If the difference ratios are shown in table 3, for example, it can be inferred that the failure is introduced at positions 2, 7, 8, and 13;
| N3 | 3N2 | 2N1 | N4 |
| 3N3 | 2N2 | N1 | N4 |
| 2N3 | N2 | N1 | 3N4 |
| N3 | N2 | 3N1 | 2N4 |
TABLE 3 third differential attack
4) If the difference ratio table 4 shows that the fault is introduced to the positions 1, 6, 11 and 12;
| N4 | N3 | 3N1 | 2N1 |
| N4 | 3N3 | 2N2 | N1 |
| 3N4 | 2N3 | N2 | N1 |
| 2N4 | N3 | N2 | 3N1 |
TABLE 4 fourth differential attack
Taking the first differential case as an example, the following differential equation follows the lead-in of the first fault:
when a fault is introduced, the input difference of the S-box in the ninth round can be obtained by using the correct ciphertext and the error ciphertext obtained in the tenth round according to the encryption algorithm and the propagation path of the fault, and the sub-key in the ninth round is replaced by using the sub-key presumed in the tenth round, so as to reduce the search space of the sub-key. The relationship between the ninth round key and the tenth round key is as follows:
from the ninth and tenth round key relationships and the differential ratio, one can derive the ninth round S-box input as follows:
where C and C' are known, we can find the K value satisfying the above equation by exhaustive method, and put all candidate values into L. If not by a proportional relationship, a possible result of obtaining the value of K by exhaustion is 2128Now, according to the differential relation, each time a fault is introduced, a key satisfying an equation has 28As a possible result, there are four equations in total, so there is 2 in total10And (4) carrying out the following steps. The guessing space of the tenth round key can be further reduced by changing the plaintext and repeating the above-mentioned processes of introducing faults and analyzing, and finally the correct sub-key is obtained. Then according to iFeed [ AES ]]And (4) a key arrangement scheme of the algorithm, and deriving an original key.
The effectiveness of the fault analysis is specifically analyzed as follows:
and (3) effective failure:
when Δ C0To Δ C15All the faults are not 0, and the proportion meets any one of the following conditions, the introduced fault is effective.
Case 1) if one of the following equations is satisfied, it can be concluded that the fault was introduced at locations 0, 5, 10, 15;
2ΔC0=ΔC1=ΔC2=3ΔC3,
ΔC4=ΔC5=3ΔC6=2ΔC7,
ΔC8=3ΔC9=2ΔC10=ΔC11,
3ΔC12=2ΔC13=ΔC14=ΔC15.
case 2) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 3, 4, 9, 14;
3ΔC0=2ΔC1=ΔC2=ΔC3,
2ΔC4=ΔC5=ΔC6=3ΔC7,
ΔC8=ΔC9=3ΔC10=2ΔC11,
ΔC12=3ΔC13=2ΔC14=ΔC15.
case 3) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 2, 7, 8, 13;
ΔC0=3ΔC1=2ΔC2=ΔC3,
3ΔC4=2ΔC5=ΔC6=ΔC7,
2ΔC8=ΔC9=ΔC10=3ΔC11,
ΔC12=ΔC13=3ΔC14=2ΔC15.
case 4) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 1, 6, 11, 12;
ΔC0=ΔC1=3ΔC2=2ΔC3,
ΔC4=3ΔC5=2ΔC6=ΔC7,
3ΔC8=2ΔC9=ΔC10=ΔC11,
2ΔC12=ΔC13=ΔC14=3ΔC15.
invalid failure, which is an invalid failure when one of the following conditions is satisfied
Condition 1) when Δ C is 0, it means that the value after the fault is introduced is equal to the original correct value, the difference value is 0, and the fault is an invalid fault.
Condition 2) when Δ C ≠ 0, the obtained ciphertext cannot recover the key, or the finally obtained key is not unique, so that the fault is an invalid fault.
Condition 3) is an invalid fault when the fault lead-in precedes the eighth round.
For the above execution steps, selecting an experimental environment as shown in fig. 4, where the computer is used to generate an input message M of iFeed [ AES ] and analyze the output result; the device encapsulated with the iFeed [ AES ] algorithm is used for processing input messages; the equipment generating the fault is used for changing the experiment execution environment, and aims to interfere the processing process of the input message, so that the function of introducing the fault is realized, and an error output result is generated.
By using the analysis method, the invention adopts Java language programming to simulate the fault import and message processing processes under an Eclipse development tool on a computer with an AMD R74800U CPU 1.8GHz 16GB memory, and the fault import and message processing processes are repeatedly executed for 2000 times, and the experimental result shows that the detection method is accurate. The method provides a sufficient theoretical basis for evaluating the safety of the iFeed [ AES ] algorithm, and the method is simple to operate and accurate in calculation result.
Claims (3)
1. A method for detecting the resistance of an iFeed [ AES ] algorithm to differential fault attacks is characterized by comprising the following steps:
step 1: randomly generating a message to be processed, and recording the message as M;
step 2: processing the message M to obtain correct output, and recording the output as C and T; processing the message M again and introducing a fault to obtain error output which is marked as C 'and T';
and step 3: calculating the difference between the correct ciphertext and the error ciphertext, recording as delta C and delta T, analyzing the delta C and the delta T, judging whether the algorithm is influenced by differential fault attack, deducing a specific position of a lead-in fault, and analyzing the effectiveness of the lead-in fault, wherein the method comprises the following steps:
calculating differences Δ C ═ C ≦ C ', Δ T ≦ T', where ≦ represents an exclusive or operation, Δ C is 128 bits, Δ T is 128 bits, and each of the differences represents a difference between the results of the ninth round of two outputs, and Δ C represents a difference between the results of the ninth round of two outputsiIs the ith byte of Δ C, where i ∈ {0,1, …,15}, in accordance with Δ CiJudging whether the introduced fault is effective or not according to the ratio of the fault to the fault, wherein the specific method comprises the following steps:
and (3) effective failure:
when Δ C0To Δ C15All the faults are not 0, and the proportion meets any one of the following conditions, the introduced fault is a valid fault:
case 1) if one of the following equations is satisfied, it can be concluded that the fault was introduced at locations 0, 5, 10, 15;
2ΔC0=ΔC1=ΔC2=3ΔC3,
ΔC4=ΔC5=3ΔC6=2ΔC7,
ΔC8=3ΔC9=2ΔC10=ΔC11,
3ΔC12=2ΔC13=ΔC14=ΔC15.
case 2) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 3, 4, 9, 14;
3ΔC0=2ΔC1=ΔC2=ΔC3,
2ΔC4=ΔC5=ΔC6=3ΔC7,
ΔC8=ΔC9=3ΔC10=2ΔC11,
ΔC12=3ΔC13=2ΔC14=ΔC15.
case 3) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 2, 7, 8, 13;
ΔC0=3ΔC1=2ΔC2=ΔC3,
3ΔC4=2ΔC5=ΔC6=ΔC7,
2ΔC8=ΔC9=ΔC10=3ΔC11,
ΔC12=ΔC13=3ΔC14=2ΔC15.
case 4) if one of the following equations is satisfied, it can be concluded that the fault is directed to location 1, 6, 11, 12;
ΔC0=ΔC1=3ΔC2=2ΔC3,
ΔC4=3ΔC5=2ΔC6=ΔC7,
3ΔC8=2ΔC9=ΔC10=ΔC11,
2ΔC12=ΔC13=ΔC14=3ΔC15.
invalid failure: a fault satisfying one of the following conditions is an invalid fault
Condition 1) when Δ C is 0, it means that the value after the fault is introduced is equal to the original correct value, the difference value is 0, and the fault is an invalid fault;
condition 2) when Δ C ≠ 0, the obtained ciphertext cannot recover the key, or the finally obtained key is not unique, so that the fault is an invalid fault;
condition 3) invalid failure when the failure is introduced before the 8 th round
Judging whether the fault of the delta T is effective or not and a method for leading in the position are the same as a method for judging the delta C;
and 4, step 4: and (3) after the search space of the key is reduced according to the differential value obtained in the step (3), guessing the key by using an exhaustion method and finally cracking the key.
2. The method for detecting the defense of the iFeed [ AES ] algorithm function against the differential fault attack as claimed in claim 1, wherein in the process of processing the message M by using the iFed [ AES ] algorithm in the step 2, two experimental environments are controlled, and the specific steps are as follows:
1) inputting a message M, controlling the experimental environment not to be interfered by any other irrelevant objects, and enabling the iFeed [ AES ] algorithm to be correctly carried out, so that a correct output result is obtained and is marked as C and T;
2) and re-inputting the message, processing the message by using the iFeed [ AES ] algorithm again, changing the operating environment by means of other physical equipment, inducing to generate faults to interfere the processing process of the iFed [ AES ] algorithm, and recording the output result as C 'and T'.
3. The method of claim 2, wherein the method of detecting the ifed [ AES ] algorithm function against differential fault attacks comprises changing the surrounding physical environment by a physical device such that the ifed [ AES ] algorithm is disturbed, the method of changing the operating environment to induce a fault comprising: changing clock, voltage, humidity, radiation, pressure, light and eddy currents.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011337427.2A CN112468283A (en) | 2020-11-25 | 2020-11-25 | Method for detecting iFeed [ AES ] algorithm to resist differential fault attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011337427.2A CN112468283A (en) | 2020-11-25 | 2020-11-25 | Method for detecting iFeed [ AES ] algorithm to resist differential fault attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112468283A true CN112468283A (en) | 2021-03-09 |
Family
ID=74798846
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011337427.2A Pending CN112468283A (en) | 2020-11-25 | 2020-11-25 | Method for detecting iFeed [ AES ] algorithm to resist differential fault attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112468283A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113206734A (en) * | 2021-04-30 | 2021-08-03 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108055120A (en) * | 2017-12-27 | 2018-05-18 | 东华大学 | A kind of method for detecting AES-OTR algorithms and resisting differential fault attack |
| CN108199832A (en) * | 2017-12-28 | 2018-06-22 | 东华大学 | A kind of CLOC authentication encryption algorithms resist the detection method of differential fault attack |
| CN109842483A (en) * | 2019-03-18 | 2019-06-04 | 东华大学 | A method of detection AES-JAMBU resists differential fault attack |
-
2020
- 2020-11-25 CN CN202011337427.2A patent/CN112468283A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108055120A (en) * | 2017-12-27 | 2018-05-18 | 东华大学 | A kind of method for detecting AES-OTR algorithms and resisting differential fault attack |
| CN108199832A (en) * | 2017-12-28 | 2018-06-22 | 东华大学 | A kind of CLOC authentication encryption algorithms resist the detection method of differential fault attack |
| CN109842483A (en) * | 2019-03-18 | 2019-06-04 | 东华大学 | A method of detection AES-JAMBU resists differential fault attack |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113206734A (en) * | 2021-04-30 | 2021-08-03 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
| CN113206734B (en) * | 2021-04-30 | 2022-04-29 | 桂林电子科技大学 | Method for detecting and resisting differential fault attack |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108199832B (en) | Detection method for CLOC authentication encryption algorithm to resist differential fault attack | |
| CN108055120B (en) | Method for detecting AES-OTR algorithm to resist differential fault attack | |
| CN108604981B (en) | Method and apparatus for estimating secret value | |
| Ding et al. | A statistical model for higher order DPA on masked devices | |
| CN109417466B (en) | Secret key estimation method and device | |
| Dabosville et al. | A new second-order side channel attack based on linear regression | |
| CN104639310B (en) | A kind of method that detection algorithms of SHA 1 resist differential fault attack | |
| CN110912672A (en) | Method for detecting resistance of COLM authentication encryption algorithm to differential fault attack | |
| CN105703896A (en) | Method for detecting resistance of HAS-160 algorithm to differential fault attack | |
| CN112532374A (en) | Method for detecting SILC authentication encryption algorithm to resist differential fault attack | |
| Steffen et al. | In-depth analysis of side-channel countermeasures for crystals-kyber message encoding on arm cortex-m4 | |
| CN112468283A (en) | Method for detecting iFeed [ AES ] algorithm to resist differential fault attack | |
| CN110601818B (en) | Method for detecting SMS4 cryptographic algorithm to resist statistical fault attack | |
| CN106411496A (en) | Method for detecting capability of RIPEMD-160 algorithm in defending differential fault attacks | |
| CN112511291A (en) | Method for detecting OCB authentication encryption algorithm to resist differential fault attack | |
| Luo et al. | Comprehensive side-channel power analysis of XTS-AES | |
| CN106850186A (en) | The hashing algorithms of SHA 256 resist the detection method of differential fault attack | |
| CN112134685B (en) | DPA attack-preventing circuit to be tested safety simulation analysis method and device | |
| Ngo et al. | A side-channel attack on a masked and shuffled software implementation of Saber | |
| KR101941886B1 (en) | Apparatus and method of verifying the security of block cipher algorithm | |
| Ye et al. | Non-linear collision analysis | |
| Benjamin et al. | Deep Learning Based Side Channel Attacks on Lightweight Cryptography (Student Abstract) | |
| CN110768800A (en) | Method for detecting OMD algorithm to resist differential fault attack | |
| Kim et al. | New Type of Collision Attack on First‐Order Masked AESs | |
| Tu et al. | MACM: How to Reduce the Multi-Round SCA to the Single-Round Attack on the Feistel-SP Networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210309 |