CN113128133B - Genetic algorithm-based power consumption attack efficient screening method - Google Patents

Abstract

The invention discloses a power consumption attack efficient screening method based on a genetic algorithm. The method comprises the following steps: collecting power consumption; determining parameters and a fitness function; initializing a population; calculating individual fitness; calculating byte fitness; selecting excellent individual stage; a crossing stage; and (4) a mutation stage. The method combines the power consumption attack technology in the side channel analysis technology, combines the traditional power consumption attack with the improved genetic algorithm, not only reduces the calculation complexity of the traditional power consumption attack, but also improves the attack efficiency and success rate, and simultaneously solves the problems of individual 'degeneration' and slow evolution speed in the method combining the traditional genetic algorithm and the power consumption attack.

Description

Genetic algorithm-based power consumption attack efficient screening method

Technical Field

The invention belongs to the field of side channel analysis, and particularly relates to a power consumption attack efficient screening method based on a genetic algorithm, which can improve attack efficiency and reduce resource complexity such as calculation.

Background

In the side channel attack, a side channel attack based on power consumption is the most common attack method, and as the name suggests, the power consumption attack is a side channel attack method for performing a cryptographic attack according to power consumption information generated by a cryptographic chip, a cryptographic device or a cryptographic module during a cryptographic algorithm. Likewise, power consumption attacks can also be divided into a number of different analysis methods: in 2002, Simple Power Attack, SPA, proposed by Joong et al, Differential Power Attack, DPA, proposed by Kocher et al in 1999, and related Power Attack, CPA, proposed by Brier et al in 2004. Subsequently, side channel attacks continue to develop, and concepts such as Electromagnetic Analysis (EMA) based side channel, and template attacks based on power consumption in CHES2002(Cryptographic Hardware and Embedded Systems 2002) conference appear successively. In 2006, for an algorithm with first-order mask protection, Oswald et al proposed a second-order DPA attack method, and extended the side channel attack from a low order to a high order. In 2008, Gierlichs et al proposed a Mutual Information energy attack Method (MIA) on CHES 2008. Next, Renauld proposes the concept of Algebraic Side Channel Attack (ASCA) on the basis of the work of predecessors, wherein the algebraic side channel attack skillfully applies the idea of algebraic attack to side channel attack, so that the complexity of side channel attack is reduced, and the efficiency of side channel attack is further improved. In 2011, Renauld et al discussed side-channel attacks on nanoscale devices. In 2012, Oren et al further improved the fault-Tolerant Algebraic Side Channel Attack (TASCA) method based on the research of Renauld. Meanwhile, in China, research aiming at side channel attack also achieves a plurality of research results: such as penchangyo et al, have extended algebraic side channel attacks.

In 1975, Holland proposed an intelligent algorithm, a genetic algorithm, to solve the optimization problem. Genetic algorithms construct models by mimicking the competitive elimination process of the win-win or loss-in-nature. The genetic algorithm has the characteristics of robustness, high parallelism, randomness, adaptability and the like. The essence of genetic algorithms is to exploit the evolution of populations to implement an optimal solution search process.

The basic idea of genetic algorithms is to first encode the solution of the problem to be solved into a string. After encoding, each potential solution to the problem is referred to as an individual in the population. Each generation in the population is made up of a certain number of individuals. All individuals of the initial population are randomly generated. Then, all individuals compete and are eliminated according to the natural rule of 'competitive selection for things and survival for the fittest', individuals with excellent characters can be reserved, and finally the optimal solution of the problem is left. The rule of competitive elimination is to reasonably select a fitness function according to the problem to be solved to evaluate the quality degree of individuals in each generation of population and select excellent individuals according to the fitness. During each generation of evolution, individuals rely on cross-variation to derive new individuals. Through continuous iteration, excellent individuals in the final population can be used as an approximately optimal solution of the problem.

In recent years, various side-channel attack methods have been proposed in combination with Artificial Intelligence (AI) techniques. Hospodar et al first classified the median bit values of the side-channel attack in 2011 using a least squares support vector machine. Later, random forests, Support Vector Machines (SVMs) and self-organizing maps were employed to perform performance analysis attacks on 3 DES. Martinase et al also propose a method to handle multi-bit values in conjunction with a multi-class support vector machine. In 2015, Zhang et al proposed a non-analytic method based on genetic algorithms, which represents a powerful function of artificial intelligence. And converting the key search problem into a correlation coefficient optimization problem, and solving by using a simple genetic algorithm. Et al indicate the imperfection of this approach and propose an improved approach to solve the problem of local search insufficiency. However, the methods combining genetic algorithm and power consumption attack and the following improved methods still have shortcomings, so that the project can be researched for overcoming the shortcomings and achieving better effects.

Disclosure of Invention

The invention provides a power consumption attack efficient screening method based on a genetic algorithm, which aims to overcome the defects of the existing method and the power consumption attack, aims at the characteristics of power consumption and the structure of the genetic algorithm and improves the original genetic algorithm structure, firstly, the variation process is improved, the variation process does not perform variation on a correct result, secondly, the process of judging correct bytes is added on the original structure, and the correct bytes are copied to other individuals, so that the relevance of key individuals can be obviously improved. Experiments prove that the attack can effectively improve the attack efficiency and reduce the resource complexity of calculation and the like.

In order to achieve the technical purpose, the technical scheme of the invention is that a power consumption attack efficient screening method based on a genetic algorithm comprises the following steps:

step 1: collecting power consumption leakage information from the password equipment to form original data; the power consumption leakage information comprises: the sum of the power consumptions of all S boxes in the first round and the power consumption of each S box in the encryption process;

step 2: determining parameters of a genetic algorithm and a fitness function; the method comprises the following steps: cross parameter Pc, variation parameter Pm and the number of individual secret key N contained in a population; the fitness function is a correlation coefficient formula;

and step 3: initializing N random keys as a first generation group, inputting the N random keys and a plaintext into a cryptographic algorithm, and calculating to obtain an intermediate value;

and 4, step 4: calculating the fitness of individuals in the population by using a fitness function; calculating the individual fitness of the N individuals, if 1 individual with the fitness equal to the N individuals exists, namely the correct key, ending the whole method, and if the correct key does not exist, entering the step 5;

and 5: calculating the fitness of the byte of each individual by using a fitness function, if the fitness of the byte is equal to 1, indicating that the byte is a correct byte, and replacing the byte at the position of the byte with the byte at the same position of other individuals; after traversing all individuals, if all individuals with byte fitness of 1 are obtained, the right secret key is obtained, and the whole method is ended, otherwise, the step 6 is carried out; if all individuals do not have correct key bytes, directly entering step 6;

step 6: selecting excellent individuals by adopting a competition selection method; randomly selecting a plurality of key individuals with the number less than that of the individuals in the original population to compare the fitness, finally selecting the corresponding individual with the highest fitness as the individual in the next generation population, repeatedly executing until a new population with the number equal to that of the individuals in the original population is formed, and entering step 7;

and 7: performing cross exchange; randomly selecting two individuals, randomly selecting the bit at the same position on the two individuals, judging whether the bit is in the correct byte or not, and if so, reselecting the two individuals which are not selected; if not, generating a random number, judging whether the random number is smaller than the set cross parameter, if so, exchanging the two bits, otherwise, not exchanging; then, continuously selecting two unselected individuals to execute the operation until all the individuals are traversed, and entering the step 8;

and 8: carrying out a variation stage; each byte of all individuals is mutated, when one byte of one key individual is selected, whether the byte is the correct byte is judged firstly, and if the byte is the correct byte, the next byte is skipped and judged; if the byte is not correct, sequentially mutating the bits contained in the byte, namely giving a random number to the current bit, and if the random number is smaller than the mutation parameter, performing binary negation on the bit; otherwise, the current bit is not changed and the next bit is given a random number; until all individuals are traversed; and then repeating the steps 4-8 based on the current population until a correct key is obtained or a jump-out circulation condition is reached and then outputting.

The method for efficiently screening the power consumption attack based on the genetic algorithm comprises the following steps of:

step 101: randomly generating preset 1-bit binary random numbers to form a plaintext, generating a plurality of plaintext and numbering, simultaneously operating an encryption algorithm on a designated secret key and the plaintext to obtain a ciphertext, and acquiring required power consumption information; the collected information comprises two kinds of power consumption, one is that the output of the S box is subjected to integral statistics, and the power consumption which is described by using a Hamming weight model is taken as a power consumption sample and used for judging whether a correct key is recovered or not; the other is to carry out independent statistics on the output of each S box, and power consumption depicted by a Hamming weight model is also used as another power consumption sample for judging whether the byte is the correct byte; the numbers of the two kinds of power consumption are consistent with the corresponding plaintext;

step 102: and repeating the step 101 until a preset number of power consumption leakage information is obtained, and respectively storing the power consumption leakage information into two files to be regarded as two matrixes.

The method for efficiently screening the power consumption attack based on the genetic algorithm comprises the following steps of:

step 201: determining a cross parameter Pc, a variation parameter Pm and the number N of individual keys contained in the population; respectively assigning values to Pc, Pm and N in advance, calculating a known key based on the method, and selecting a combination of Pc, Pm and N with the fastest operation process as a selected parameter;

step 202: the fitness function is the correlation coefficient:

wherein r is_i,jRepresents an element of the r matrix, containing the column h_iAnd t_jThe comparison result of (1); h is a median matrix obtained by describing a Hamming weight model, and h and t are two power consumption sample matrices, namely a median matrix and a power consumption matrix,

and

represents the average value of the ith and jth columns of the two matrices, h_d,iAnd t_d,jThe ith and jth elements of the d-th row of the h and t matrices are represented.

The power consumption attack efficient screening method based on the genetic algorithm comprises the following steps of:

randomly generating 48 1-bit binary random numbers as a key individual, generating N numbers in total, numbering and storing as a first generation population;

encrypting the N secret keys and 500 random plaintext based on an encryption algorithm to obtain intermediate values, wherein the intermediate values comprise two types, and one type is that the output of all S boxes is used as an intermediate value matrix h_q，wWherein q is more than or equal to 0 and less than N, w is more than or equal to 0 and less than 500:

wherein, S and E respectively represent an S box and an E expansion in an encryption algorithm; r_wRepresents the right half of the plaintext after the algorithm, and w represents the second plaintext; k_qRepresents a key, q represents a few keys;

the other isThe output of a single S-box being used as a median matrix h ″_q，w，pWherein q is more than or equal to 0 and less than N, w is more than or equal to 0 and less than 500, p is more than or equal to 0 and less than 8:

wherein S is_pP in (a) represents the S box.

The method for efficiently screening the power consumption attack based on the genetic algorithm comprises the following steps of:

calculating by adopting a fitness function to finally obtain an r matrix, wherein each element r in the r matrix_i,jComprises a column h_iAnd t_jIs a key if r_i,jIf the value is equal to 1, the key corresponding to the value is determined to be the correct key, and the key is taken as a result and output.

The power consumption attack efficient screening method based on the genetic algorithm, wherein the step 5 of calculating the key byte correlation comprises the following steps: calculating according to the fitness function to obtain an r 'matrix, wherein each element r' is_x，yComprises a row h_xAnd t_yIs a key, where 0 ≦ x < N, 0 ≦ y < 8, where t ≦_yRepresenting the elements, h 'in a power consumption sample set t' matrix obtained by collecting the output of a single S-box_xThe intermediate value of each S box after the collection key individual and 500 plaintext execution algorithm operations is shown.

The power consumption attack efficient screening method based on the genetic algorithm comprises the following steps of:

randomly selecting key individuals with the number not more than that of the population from the population of the number of the key individuals contained in the population, comparing the fitness, obtaining the fitness of each key individual by calculating a correlation coefficient through a fitness function, selecting the key individual corresponding to the maximum fitness as an individual in the next generation of the population, repeating the times the same as the number of the population individuals until a new population is generated, and allowing the same individual to exist in the new population.

The power consumption attack efficient screening method based on the genetic algorithm comprises the following steps of:

and carrying out switching at the selected position according to the cross probability Pc: randomly selecting two key individuals and bits to be exchanged, judging whether the bits to be exchanged exist in correct bytes or not, if so, randomly generating the bits to be exchanged again and judging, otherwise, performing cross exchange on the bits, then randomly generating a number, if the number is less than the cross probability Pc, performing cross exchange to generate two new individuals to replace the original two individuals, if the number is greater than the cross probability Pc, not performing cross exchange on the two bits, then reselecting the two key individuals and the bits to perform a cross step, and repeating the number of times which is the same as the number of the population individuals.

In the method for efficiently screening power consumption attacks based on the genetic algorithm, the step 8 of performing the variation stage includes the following steps:

when in variation, whether the byte to be varied is the correct byte is judged firstly, if the byte is the correct byte, the variation of the byte is skipped, and the judgment is directly carried out on the next byte, otherwise, each bit of the byte is judged once, if the random generation number is smaller than the variation parameter Pm, the bit is inverted, otherwise, the bit is not changed.

The invention has the technical effects that:

1. in the aspect of the speed of recovering the key, the invention can recover the whole key more quickly, and solves the problems of slow evolution speed and long period time of recovering the key in the original method (basic genetic algorithm) and other optimization methods.

2. The original method and the improved method have the problem of individual degeneration, but the invention optimizes the original genetic algorithm structure, overcomes the problem and can ensure that the degeneration phenomenon does not occur in the process.

3. From the aspects of complexity of calculation and the like, the complexity of the method is lower than that of other improved methods.

Drawings

FIG. 1 is a flow chart of the present invention.

Fig. 2 is a schematic process diagram of the present invention.

FIG. 3 is a graph of the results of the present invention.

Detailed Description

The method for efficiently screening power consumption attacks based on the genetic algorithm, as shown in fig. 1, includes the following steps:

a1: and collecting power consumption leakage information from the password equipment to form original data.

Randomly generating 64 1-bit binary random numbers as a plaintext, generating 500 random plaintext in total, numbering, running an encryption algorithm on a designated key and the plaintext to obtain a ciphertext, and acquiring required power consumption information; the collected information comprises two kinds of power consumption, one is that the output of the S box is subjected to integral statistics, and the power consumption which is described by using a Hamming weight model is taken as a power consumption sample and used for judging whether a correct key is recovered or not; and the other is to perform independent statistics on the output of each S box, and also to use a Hamming weight model to depict power consumption, which is regarded as another power consumption sample to judge whether the byte is the correct byte. The numbers of the two kinds of power consumption are consistent with the corresponding plaintext, namely the two kinds of power consumption numbers collected when the plaintext with the number of 1 are also 1.

The collecting of the power consumption leakage information specifically includes: 1. acquisition power consumption t_i，j(i is 0, j is more than or equal to 0 and less than 500), and is the sum of the power consumptions obtained by depicting the output of the S box by a Hamming weight model in the first round of the DES algorithm encryption process; 2. acquisition power consumption t_i，j(i is more than or equal to 0 and less than 8, and j is more than or equal to 0 and less than 500) is the power consumption information obtained by depicting the output of each S box by a Hamming weight model in the first round of the DES algorithm encryption process, and the total number of the S boxes is 8.

A2: parameters and fitness functions are determined before power consumption attacks are performed by using a genetic algorithm.

The function of the parameter and the function to be determined comprises: a cross parameter Pc; a variation parameter Pm; the number N of secret key individuals contained in a group; meanwhile, in the embodiment, a correlation coefficient formula is selected as a fitness function.

Step C1: the parameters to be determined include a cross parameter Pc, a variation parameter Pm, and the number of individual keys N included in the population. In general, Pc ∈ [0.25,0.75], Pm ∈ [0.01,0.2], which are respectively tested, where Pc [ {0.25+0.05 · i | i ═ 0,1 … 10}, Pm {0.01+0.01 · i | i ═ 0,1 … 19}, and Pc and Pm are respectively combined two by two, resulting in 220 combinations. Meanwhile, N ═ {30+5 · i | i ═ 0,1 … 24}, since the selection of N can also affect the effect of attack, if N is too small, it is difficult to find a global optimal solution, and it is easy to fall into local optimal; if N is too large, convergence time is increased, and too many resources are consumed. Therefore, in this embodiment, each N value is combined with the 220 combination parameters again to find the combination parameter that can achieve the best attack effect, and the key can be recovered with the best advantage. The present embodiment first defines the number of cycles of the genetic algorithm as 100 in advance, and the best combination is selected according to which combination can recover the correct result with the least number of cycles. Finally Pc is 0.6, Pm is 0.02, N is 60;

step C2: the fitness function in this embodiment selects a correlation coefficient formula as the fitness function, where the formula is as follows:

wherein h is an intermediate value matrix obtained by describing a Hamming weight model, h and t are two power consumption sample matrices, namely an intermediate value matrix and a power consumption matrix,

and

represents the average value of the ith and jth columns of the two matrices, h_d,iAnd t_d,jThe ith and jth elements of the d-th row representing the h matrix (median matrix) and the t matrix (power consumption matrix). First, the h matrix and the t matrix are respectively taken outThe first column of the array calculates the product of the element at each corresponding position in the two columns and the covariance of the column, and sums the product to be used as a numerator; then calculating the product of the standard deviations of the two columns as a denominator; the first value of the first row of the r matrix (correlation coefficient matrix) is obtained by dividing, the second value of the first row of the r matrix is obtained by performing the above calculation operation on the first column of the h matrix and the second column of the t matrix, and then the result obtained by performing the calculation on the first column of the h matrix and each column of the t matrix is used as the first row of the r matrix. And then, carrying out the same calculation process on the rest columns in the h matrix to finally obtain an r matrix. Each element r in the r matrix_i,jComprises a column h_iAnd t_jIf r is a comparison result of_i,jThe larger the value, the column h_iAnd t_jThe higher the degree of matching, the more likely it is a correct result. It is possible to determine whether the result is correct or not by this determination

A3: randomly generating 48 1-bit binary random digits and a secret key individual, generating N in total, numbering, storing the N in a text as a first generation population, and then obtaining an intermediate value;

executing encryption algorithm by using N keys and 500 random plaintext to obtain an intermediate value h_q，wWherein, the method for obtaining the intermediate value is the same as the method for obtaining the power consumption, two intermediate values are also collected, one is that the output of all S boxes is used as an intermediate value matrix h_q，w(q is more than or equal to 0 and less than N, w is more than or equal to 0 and less than 500), and the specific calculation formula of the intermediate value is as follows:

wherein, S and E represent S box and E expansion in DES algorithm respectively; r_wRepresents the right half of the plaintext after the algorithm, and w represents the second plaintext; k_qRepresenting the key and q the second key.

The other is that the output of a single S-box is used as a median matrix h ″_q，w，p(0≤q＜N，0≤w＜500，0≤p＜8)。

The specific calculation formula of the intermediate value is as follows:

wherein the symbol definitions in the formula are all as shown above, but S_pP in (a) represents the S box.

A4: calculating the individual fitness by using a fitness function formula, and finally obtaining an r_i，jMatrix (i is more than or equal to 0 and less than N, and j is more than or equal to 0 and less than 500). The individual quality is judged by the fitness, the higher the fitness is, the higher the possibility that the individual key is the correct key is, and the lower the fitness is, the lower the possibility is. If r is_i，jAnd (4) the ith individual is indicated as a correct key, and the correct key is taken as a final result and output, otherwise, the correct key is an incorrect key. And calculating the fitness of the individuals of the N individuals, outputting a correct result if a correct key exists, and entering A5 if the correct key does not exist.

A5: calculating byte fitness for each key individual one by one to finally obtain r ″_x，yMatrix (x is more than or equal to 0 and less than N, y is more than or equal to 0 and less than 8), if r ″_x，yIf the correct key byte does not exist in all individuals, the process goes directly to a 6.

The copy process for the correct byte in step a5 is as follows:

if r' exists_x，yAnd determining the y value, storing and recording the y value, and copying the byte corresponding to y on the x-th key to the y-th byte of other key individuals to ensure that the y bytes of all key individuals are the correct key byte. After this step is performed for all correct bytes, the process proceeds to a 6.

The process after determining that all individuals do not contain the correct byte in step a5 is as follows:

if no r' exists_x，yIf 1, the process proceeds directly to a 6.

A6: at this stage, the present embodiment employs a race selection method to select good individuals. Because each key individual corresponds to a value r, a plurality of key individuals are selected for fitness comparison, the individual with the maximum r is selected as the individual in the next generation population, and the steps are repeated until a new population is formed. In this embodiment, 48 key individuals are randomly selected from a population of N-60 (the number of key individuals included in the population), r values are compared (the r value of each key individual is obtained by calculating a correlation coefficient from a 4), the key individual corresponding to the largest r is selected as an individual in the next generation of the population, and then the process is repeated 60 times for the population of N-60 to generate a new population, which may include the same individual.

The detailed process of randomly selecting 48 key individuals is as follows: in case n is [0,60), n is randomly selected_i(0. ltoreq. i.ltoreq.48), and find n_iThe corresponding key is numbered.

A7: this embodiment improves on existing cross-swapping to ensure that the bits within the correct byte are not cross-swapped. In this step, the present embodiment will randomly cross-exchange the bits of 60 key individuals in the population. Firstly randomly selecting two key individuals and bits to be exchanged, judging whether the bits to be exchanged exist in correct bytes or not, if so, randomly generating the bits to be exchanged again and judging, and otherwise, determining that the bits can be subjected to cross exchange. Then randomly generating a number, if the number is less than 0.6 selected in the embodiment, performing cross exchange to generate two new individuals to replace the original two individuals, if the randomly generated number is greater than 0.6, not performing cross exchange to the two bits, then reselecting two key individuals and bits to perform the cross step, and repeating the process for 60 times.

The detailed process of selecting two key individuals and the bits to be exchanged is as follows: in n ∈ [0,60), n is randomly selected₁And n₂Encoding corresponding keys as two key individuals, selecting a q from q epsilon [0,48) as a bit to be exchanged, and taking n₁And n₂Bit q ofAnd exchanging to generate two new key individuals to replace the original two keys.

The detailed process of judging whether the correct byte exists is as follows: after selecting the bit, finding out the j-th byte of the bit, and finding out whether the array storing the correct byte contains j value, if it contains, the bit is in the correct byte, otherwise it does not exist

A8: the present invention improves on this step, which does not mutate the correct byte. At this stage, the bytes in each key are mutated, and before mutation, it is determined whether the bytes to be mutated are correct bytes, as described in a 7. If the byte is correct, skipping the variation of the byte, and directly judging the next byte, otherwise, judging each bit of the byte once, if the random generation number is less than 0.02, negating the bit, otherwise, keeping unchanged.

A new population is then generated and a4, a5, a6, a7, A8 are repeated until a result is found or the condition of the jump-out cycle is exceeded. The condition of the jump-out cycle in this embodiment is 500 cycles, and the number of cycles may be adjusted accordingly according to actual needs.

Claims (9)

1. A power consumption attack efficient screening method based on a genetic algorithm is characterized by comprising the following steps:

step 1: collecting power consumption leakage information from the password equipment to form original data; the power consumption leakage information comprises: the sum of the power consumptions of all S boxes in the first round and the power consumption of each S box in the encryption process;

step 2: determining parameters of a genetic algorithm and a fitness function; the method comprises the following steps: cross parameter Pc, variation parameter Pm and the number of individual secret key N contained in a population; the fitness function is a correlation coefficient formula;

and step 3: initializing N random keys as a first generation group, inputting the N random keys and a plaintext into a cryptographic algorithm, and calculating to obtain an intermediate value;

and 4, step 4: calculating the fitness of individuals in the population by using a fitness function; calculating the individual fitness of the N individuals, if 1 individual with the fitness equal to the N individuals exists, namely the correct key, ending the whole method, and if the correct key does not exist, entering the step 5;

and 5: calculating the fitness of the byte of each individual by using a fitness function, if the fitness of the byte is equal to 1, indicating that the byte is a correct byte, and replacing the byte at the position of the byte with the byte at the same position of other individuals; after traversing all individuals, if all individuals with byte fitness of 1 are obtained, the right secret key is obtained, and the whole method is ended, otherwise, the step 6 is carried out; if all individuals do not have correct key bytes, directly entering step 6;

step 6: selecting excellent individuals by adopting a competition selection method; randomly selecting a plurality of key individuals with the number less than that of the individuals in the original population to compare the fitness, finally selecting the corresponding individual with the highest fitness as the individual in the next generation population, repeatedly executing until a new population with the number equal to that of the individuals in the original population is formed, and entering step 7;

and 7: performing cross exchange; randomly selecting two individuals, randomly selecting the bit at the same position on the two individuals, judging whether the bit is in the correct byte or not, and if so, reselecting the two individuals which are not selected; if not, generating a random number, judging whether the random number is smaller than the set cross parameter, if so, exchanging the two bits, otherwise, not exchanging; then, continuously selecting two unselected individuals to execute the operation until all the individuals are traversed, and entering the step 8;

and 8: carrying out a variation stage; each byte of all individuals is mutated, when one byte of one key individual is selected, whether the byte is the correct byte is judged firstly, and if the byte is the correct byte, the next byte is skipped and judged; if the byte is not correct, sequentially mutating the bits contained in the byte, namely giving a random number to the current bit, and if the random number is smaller than the mutation parameter, performing binary negation on the bit; otherwise, the current bit is not changed and the next bit is given a random number; until all individuals are traversed; and then repeating the steps 4-8 based on the current population until a correct key is obtained or a jump-out circulation condition is reached and then outputting.

2. The method for efficiently screening power consumption attacks based on the genetic algorithm as claimed in claim 1, wherein the step 1 of collecting the power consumption information comprises the following steps:

step 101: randomly generating preset 1-bit binary random numbers to form a plaintext, generating a plurality of plaintext and numbering, simultaneously operating an encryption algorithm on a designated secret key and the plaintext to obtain a ciphertext, and acquiring required power consumption information; the collected information comprises two kinds of power consumption, one is that the output of the S box is subjected to integral statistics, and the power consumption which is described by using a Hamming weight model is taken as a power consumption sample and used for judging whether a correct key is recovered or not; the other is to carry out independent statistics on the output of each S box, and power consumption depicted by a Hamming weight model is also used as another power consumption sample for judging whether the byte is the correct byte; the numbers of the two kinds of power consumption are consistent with the corresponding plaintext;

step 102: and repeating the step 101 until a preset number of power consumption leakage information is obtained and respectively stored in two files to be regarded as two matrixes.

3. The power consumption attack efficient screening method based on the genetic algorithm as claimed in claim 1, wherein the step 2 of determining the parameters and the fitness function comprises the following steps:

step 201: determining a cross parameter Pc, a variation parameter Pm and the number N of individual keys contained in the population; respectively assigning values to Pc, Pm and N in advance, calculating a known key based on the method, and selecting a combination of Pc, Pm and N with the fastest operation process as a selected parameter;

step 202: the fitness function is the correlation coefficient:

wherein r is_i,jRepresents an element of the r matrix, containing the column h_iAnd t_jThe comparison result of (1); h is a median matrix obtained by describing a Hamming weight model, and h and t are two power consumption sample matrices, namely a median matrix and a power consumption matrix,

and

represents the average value of the ith and jth columns of the two matrices, h_d,iAnd t_d,jThe ith and jth elements of the d-th row of the h and t matrices are represented.

4. The power consumption attack efficient screening method based on genetic algorithm according to claim 1, wherein the initializing population in step 3 comprises the following steps:

randomly generating 48 1-bit binary random numbers as a key individual, generating N numbers in total, numbering and storing as a first generation population;

encrypting the N keys and 500 random plaintext based on an encryption algorithm to obtain intermediate values, wherein the intermediate values comprise two types, and one type is that the output of all S boxes is used as an intermediate value matrix h_q，wWherein q is more than or equal to 0 and less than N, w is more than or equal to 0 and less than 500:

wherein, S and E respectively represent an S box and an E expansion in an encryption algorithm; r_wRepresents the right half of the plaintext after the algorithm, and w represents the second plaintext; k_qRepresents a key, q represents a few keys;

the other is that the output of a single S-box is used as a median matrix h ″_q，w，pWherein q is more than or equal to 0 and less than N, w is more than or equal to 0 and less than 500,0≤p＜8：

wherein S is_pP in (a) represents the S box.

5. The power consumption attack efficient screening method based on genetic algorithm as claimed in claim 3, wherein the calculating of individual fitness in step 4 comprises the following steps:

calculating by adopting a fitness function to finally obtain an r matrix, wherein each element r in the r matrix_i，jComprises a column h_iAnd t_jIs a key if r_i，jIf the value is equal to 1, the key corresponding to the value is determined to be the correct key, and the key is taken as a result and output.

6. The method for efficiently screening power consumption attacks based on genetic algorithm as claimed in claim 3, wherein the step 5 of calculating the key byte correlation comprises the following steps: calculating according to the fitness function to obtain an r 'matrix, wherein each element r' is_x，yComprises a row h_xAnd t' is_yIs a key, where x is greater than or equal to 0 and less than N, y is greater than or equal to 0 and less than 8, where t ″_yRepresenting the elements, h 'in a power consumption sample set t' matrix obtained by collecting the output of a single S-box_xThe intermediate value of each S box after the collection key individual and 500 plaintext execution algorithm operations is shown.

7. The method for efficiently screening power consumption attacks based on genetic algorithms as claimed in claim 1, wherein the step 6 of selecting the good individuals comprises the following steps:

randomly selecting key individuals with the number not more than the number of the population from the population of the number of the key individuals contained in the population, comparing the fitness, obtaining the fitness of each key individual by calculating a correlation coefficient through a fitness function, selecting the key individual corresponding to the maximum fitness as the individual in the next generation population, repeating the key individuals for the same number of times as the number of the population individuals until a new population is generated, and allowing the same individual to exist in the new population.

8. The power consumption attack efficient screening method based on genetic algorithm as claimed in claim 1, wherein the step 7 of performing cross-over interchange comprises the following steps:

and carrying out switching at the selected position according to the cross probability Pc: randomly selecting two key individuals and bits to be exchanged, judging whether the bits to be exchanged exist in correct bytes or not, if so, randomly generating the bits to be exchanged again and judging, otherwise, performing cross exchange on the bits, then randomly generating a number, if the number is less than the cross probability Pc, performing cross exchange to generate two new individuals to replace the original two individuals, if the number is greater than the cross probability Pc, not performing cross exchange on the two bits, then reselecting the two key individuals and the bits to perform a cross step, and repeating the number of times which is the same as the number of the population individuals.

9. The method for efficiently screening power consumption attacks based on genetic algorithm as claimed in claim 1, wherein the mutation stage in step 8 comprises the following steps:

when in variation, whether the byte to be varied is the correct byte is judged firstly, if the byte is the correct byte, the variation of the byte is skipped, and the judgment is directly carried out on the next byte, otherwise, each bit of the byte is judged once, if the random generation number is smaller than the variation parameter Pm, the bit is inverted, otherwise, the bit is not changed.

Images