CN114124353B - Key leakage detection method for authentication encryption algorithm SILC - Google Patents

Key leakage detection method for authentication encryption algorithm SILC Download PDF

Info

Publication number
CN114124353B
CN114124353B CN202111391683.4A CN202111391683A CN114124353B CN 114124353 B CN114124353 B CN 114124353B CN 202111391683 A CN202111391683 A CN 202111391683A CN 114124353 B CN114124353 B CN 114124353B
Authority
CN
China
Prior art keywords
fault
ciphertext
silc
encryption algorithm
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111391683.4A
Other languages
Chinese (zh)
Other versions
CN114124353A (en
Inventor
李玮
刘春�
李嘉耀
匡云
李昊宸
张雨希
朱晓铭
张金煜
蔡天培
李继红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhixun Password Shanghai Testing Technology Co ltd
Donghua University
Original Assignee
Zhixun Password Shanghai Testing Technology Co ltd
Donghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhixun Password Shanghai Testing Technology Co ltd, Donghua University filed Critical Zhixun Password Shanghai Testing Technology Co ltd
Priority to CN202111391683.4A priority Critical patent/CN114124353B/en
Publication of CN114124353A publication Critical patent/CN114124353A/en
Application granted granted Critical
Publication of CN114124353B publication Critical patent/CN114124353B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/36Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with means for detecting characters not meant for transmission
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to a key leakage detection method for an authentication encryption algorithm SILC, which comprises the following steps: randomly generating a message to be processed; taking the hash value of the authentication information and the message to be processed as the input of an authentication encryption algorithm SILC, and outputting a correct ciphertext and an error ciphertext; calculating a difference value delta Y of the correct ciphertext and the error ciphertext, and determining whether the fault is an effective fault or not according to the difference value delta Y; deducing the intermediate state value C of the first-1 round through the correct ciphertext and the error ciphertext corresponding to the effective fault l‑1 Andcalculating an intermediate state value C l‑1 Andis a difference value deltac of (a) l‑1 By delta C l‑1 And obtaining a set of impossible differential relation equation sets with the ratio not equal to 0, further compressing a key search space, and repeatedly importing faults and analyzing processes to obtain a correct key K. The invention can be used for evaluating the packaging security of the authentication encryption algorithm SILC.

Description

Key leakage detection method for authentication encryption algorithm SILC
Technical Field
The invention relates to the technical field of information security, in particular to a key leakage detection method for an authentication encryption algorithm SILC.
Background
With the continuous development of computer information security technology, information security problems are also becoming more important. Cryptography is used as a basic stone for information security, and can provide functions such as authentication, encryption and the like. Wherein authentication is intended to provide the integrity of the information, i.e. to verify whether the information has been tampered with; encryption may ensure confidentiality of information, i.e., to make the information unknown to unauthorized entities. The authentication encryption algorithm SILC was proposed in 2014, and can ensure the integrity and confidentiality of information at the same time.
The fault analysis refers to that an attacker introduces faults in the running process of the password system, so that the password system performs error calculation, and then the output result and the normal output result obtained after the faults are introduced are used for analysis, so that important information such as related keys and the like is obtained.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a key leakage detection method of an authentication encryption algorithm SILC, which can be used for evaluating the packaging security of the authentication encryption algorithm SILC.
The technical scheme adopted for solving the technical problems is as follows: the key leakage detection method for authenticating an encryption algorithm SILC comprises the following steps:
randomly generating a message X to be processed;
taking the hash value of the authentication information and the message X to be processed as the input of an authentication encryption algorithm SILC, and outputting a correct ciphertext Y;
taking the hash value of the authentication information and the message X to be processed as the input of an authentication encryption algorithm SILC, and outputting an error ciphertext Y after the fault is imported *
Calculating correct ciphertext Y and incorrect ciphertext Y * And determining whether the fault is a valid fault according to the differential value deltay;
by correct ciphertext Y and error ciphertext Y corresponding to effective fault * Deriving intermediate state value C of the first-1 round l-1 Andwherein (1)>MC -1 (. Cndot.) represents a column-mix inverse operation, AC -1 (. Cndot.) represents a constant addition operation, SC -1 (. Cndot.) denotes the cell substitution inverse operation, SR -1 (. Cndot.) represents a line shift inverse operation, K represents a key;
calculating an intermediate state value C l-1 Andis a difference value deltac of (a) l-1 By delta C l-1 And obtaining a set of impossible differential relation equation sets with the ratio not equal to 0, further compressing a key search space, and repeatedly importing faults and analyzing processes to obtain a correct key K.
The determining whether the fault is a valid fault according to the differential value deltay specifically comprises: when the differential value Δy=0, the fault is an invalid fault, and when the differential value Δy++0, the fault is a valid fault.
The system of impossible differential relation equations is:
wherein,Y 5k +1 、Y *5k+1 and K 5k+1 Respectively represent correct ciphertext Y and incorrect ciphertext Y * And 5k+1th nibble of key KK represents the kth column of state values, and k is more than or equal to 0 and less than or equal to 3.
The fault employs a random nibble fault model.
The fault is introduced by means of software simulation, laser, electromagnetic and/or voltage disturbance.
Advantageous effects
Due to the adoption of the technical scheme, compared with the prior art, the invention has the following advantages and positive effects: the invention takes the hash value of the authentication information and the message to be processed as the input of the authentication encryption algorithm SILC to obtain a correct ciphertext and an incorrect ciphertext, deduces an intermediate state value through the correct ciphertext and the incorrect ciphertext, calculates the difference value of the intermediate state value, thus obtaining a group of impossible difference relation equations, further compresses a key search space, repeatedly leads in faults and analysis processes, and finally deduces a correct key. The method provided by the invention is easy to realize, has high speed and high accuracy, and has important significance for the security research of the authentication encryption algorithm SILC.
Drawings
FIG. 1 is a flow chart of an embodiment of the present invention;
FIG. 2 is a fault propagation diagram of an impossible differential fault analysis in the authentication encryption algorithm SILC encryption process;
FIG. 3 is a schematic view of an experimental environment in an embodiment of the present invention;
fig. 4 is a SILC analysis chart of the authentication encryption algorithm.
Detailed Description
The invention will be further illustrated with reference to specific examples. It is to be understood that these examples are illustrative of the present invention and are not intended to limit the scope of the present invention. Further, it is understood that various changes and modifications may be made by those skilled in the art after reading the teachings of the present invention, and such equivalents are intended to fall within the scope of the claims appended hereto.
The symbols used in the embodiments of the present invention are described below:
x: message, X ε {0,1} 4 } 16
V: hash value of authentication information;
k: key, K.epsilon. { {0,1} 4 } 16
Y: the correct ciphertext is output, Y E { { {0,1}, and 4 } 16
Y * : output error ciphertext, Y * ∈{{0,1} 4 } 16
Exclusive-or operation;
l: the number of wheels;
AC -1 (. Cndot.): performing constant addition operation;
SC -1 (. Cndot.): the cells replace the inverse operation;
SR -1 (. Cndot.): performing inverse operation on the line displacement;
MC -1 (. Cndot.): column confusion inverse operation;
fix (X): definition fix (X) =xu 10 X-1 The |x| represents the length of the message X;
E K : inputting a secret key K, and performing a round of encryption transformation;
msb τ : the data is taken with the first τ bits valid.
The embodiment of the invention relates to a key leakage detection method for an authentication encryption algorithm SILC, which comprises the following steps as shown in figure 1:
step 1: randomly generating a message to be processed, denoted X, X ε {0,1} 4 } 16
Step 2: taking the hash value V of the authentication information and the message X as the input of an authentication encryption algorithm SILC, outputting a correct ciphertext Y, Y E {0,1} 4 } 16 The method comprises the steps of carrying out a first treatment on the surface of the The process of authenticating the encryption algorithm SILC is shown in fig. 4.
Step 3: taking the hash value V of the authentication information and the message X as the input of an authentication encryption algorithm SILC, and outputting an error ciphertext Y after the fault is imported * ,Y * ∈{{0,1} 4 } 16 The method comprises the steps of carrying out a first treatment on the surface of the The fault imported in this step adopts a random nibble fault model, soThe barrier size is half byte, which can be realized by a software simulation method, and can also be realized by processing real hardware by technical means such as laser, electromagnetism, voltage interference and the like.
In the processing process of the hash value V and the message X of the authentication information by using the authentication encryption algorithm SILC in the step 2 and the step 3, in order to ensure the accuracy of the experimental result, the experimental environment needs to be strictly controlled, so that corresponding output is obtained.
As shown in fig. 3, in which a computer is used to generate an input message X, and output results of the input message X after passing through an authentication encryption algorithm SILC are processed and analyzed, a device for packaging the authentication encryption algorithm SILC is used to process the input message and obtain corresponding output results; the fault-importing device is used for executing the fault-importing action, and the fault-importing action is executed in the SILC running process of the authentication encryption algorithm, so that the output of the error ciphertext is obtained. The specific operation method is as follows:
experimental environment 1: the hash value V and the message X of the authentication information are input, the interference of irrelevant things outside is avoided in the experimental process is strictly controlled, and the correct ciphertext Y can be accurately output in the SILC operation process of the authentication encryption algorithm;
experimental environment 2: the hash value V and the message X of the authentication information are input, faults are led in the operation process of the authentication encryption algorithm SILC, and then the error ciphertext Y is obtained *
Step 4: calculating correct ciphertext Y and incorrect ciphertext Y * And determining whether the fault is a valid fault according to the differential value deltay, wherein when the differential value deltay=0, the fault is considered to be an invalid fault, and when the differential value deltay is not equal to 0, the fault is considered to be a valid fault;
step 5: by correct ciphertext Y and error ciphertext Y corresponding to effective fault * Deriving intermediate state value C of the first-1 round l-1 And
the above-described derivation process is based on a fault propagation diagram of impossible differential fault analysis in the authenticated encryption algorithm SILC encryption process shown in fig. 2.
Step 6: calculating an intermediate state value C l-1 Andis recorded as delta C l-1 By delta C l-1 Not equal to 0, i.eWherein i is more than or equal to 1 and less than or equal to 16, a set of impossible differential relation equation sets is obtained, the key search space is further compressed, and the fault introduction and analysis processes are repeated, so that a correct key K is obtained.
Wherein, the impossible differential relation equation set is:
wherein,Y 5k +1 、Y *5k+1 and K 5k+1 Respectively represent correct ciphertext Y and incorrect ciphertext Y * And the 5k+1th nibble of the key K, K represents the kth column of the state value, satisfying 0.ltoreq.k.ltoreq.3. And traversing all possible sub-key candidate values by using the impossible differential relation equation set as a limiting condition, screening out sub-keys meeting the requirements, and finally obtaining an original key K according to a key arrangement algorithm.
By using the method, on a computer with internal memory of Intel (R) Core (TM) i5-7200U CPU@2.50GHz 2.70GHz 8GB, an IDEA development tool is used for simulating the fault introduction and SILC processing process of an authentication encryption algorithm, the method is repeatedly executed for 1000 times, and an experimental result shows that the detection method is accurate.
It is not difficult to find that the method of the embodiment of the invention can detect the key leakage of the authentication encryption algorithm SILC, can be used for evaluating the safety of the product packaged by the authentication encryption algorithm SILC, has the characteristics of easy realization, high speed and high accuracy, and has important significance for the safety research of the authentication encryption algorithm SILC.

Claims (4)

1. The key leakage detection method for authenticating an encryption algorithm SILC is characterized by comprising the following steps:
randomly generating a message X to be processed;
taking the hash value of the authentication information and the message X to be processed as the input of an authentication encryption algorithm SILC, and outputting a correct ciphertext Y;
taking the hash value of the authentication information and the message X to be processed as the input of an authentication encryption algorithm SILC, and outputting an error ciphertext Y after the fault is imported *
Calculating correct ciphertext Y and incorrect ciphertext Y * And determining whether the fault is a valid fault according to the differential value deltay;
by correct ciphertext Y and error ciphertext Y corresponding to effective fault * Deriving intermediate state value C of the first-1 round l-1 Andwherein (1)>MC -1 (. Cndot.) represents a column-mix inverse operation, AC -1 (. Cndot.) represents a constant addition operation, SC -1 (. Cndot.) denotes the cell substitution inverse operation, SR -1 (. Cndot.) represents a line shift inverse operation, K represents a key;
calculating an intermediate state value C l-1 Andis a difference value deltac of (a) l-1 By delta C l-1 Not equal to 0, obtaining a set of impossible differential relation equation sets, further compressing the key search space, and repeatedly importing faultsAnd an analysis process to obtain a correct key K; wherein the set of impossible differential relation equations is:
wherein,Y 5k+1 、Y *5k+1 and K 5k+1 Respectively represent correct ciphertext Y and incorrect ciphertext Y * And the 5k+1th nibble of the key K, K represents the kth column of the state value, satisfying 0.ltoreq.k.ltoreq.3.
2. The method for detecting key leakage of the authentication encryption algorithm SILC according to claim 1, wherein said determining whether said fault is a valid fault according to said differential value Δy is specifically: when the differential value Δy=0, the fault is an invalid fault, and when the differential value Δy++0, the fault is a valid fault.
3. The method for key leakage detection of an authentication encryption algorithm SILC according to claim 1, characterized in that said failure employs a random nibble failure model.
4. The method for detecting the leakage of the key of the authentication and encryption algorithm SILC according to claim 1, characterized in that said fault is introduced by means of software simulation, laser, electromagnetic and/or voltage disturbances.
CN202111391683.4A 2021-11-19 2021-11-19 Key leakage detection method for authentication encryption algorithm SILC Active CN114124353B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111391683.4A CN114124353B (en) 2021-11-19 2021-11-19 Key leakage detection method for authentication encryption algorithm SILC

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111391683.4A CN114124353B (en) 2021-11-19 2021-11-19 Key leakage detection method for authentication encryption algorithm SILC

Publications (2)

Publication Number Publication Date
CN114124353A CN114124353A (en) 2022-03-01
CN114124353B true CN114124353B (en) 2024-03-29

Family

ID=80440019

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111391683.4A Active CN114124353B (en) 2021-11-19 2021-11-19 Key leakage detection method for authentication encryption algorithm SILC

Country Status (1)

Country Link
CN (1) CN114124353B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103227717A (en) * 2013-01-25 2013-07-31 国家密码管理局商用密码检测中心 Application of selecting round key XOR input to perform side-channel power analysis of SM4 cryptographic algorithm
CN105227295A (en) * 2015-10-10 2016-01-06 成都芯安尤里卡信息科技有限公司 A kind of Differential fault injection attacks for SMS4 cryptographic algorithm
CN105933108A (en) * 2016-05-30 2016-09-07 清华大学 Implementation method for breaking SM4 algorithm
WO2018154623A1 (en) * 2017-02-21 2018-08-30 三菱電機株式会社 Encryption device and decoding device
CN112532374A (en) * 2020-11-25 2021-03-19 东华大学 Method for detecting SILC authentication encryption algorithm to resist differential fault attack

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103227717A (en) * 2013-01-25 2013-07-31 国家密码管理局商用密码检测中心 Application of selecting round key XOR input to perform side-channel power analysis of SM4 cryptographic algorithm
CN105227295A (en) * 2015-10-10 2016-01-06 成都芯安尤里卡信息科技有限公司 A kind of Differential fault injection attacks for SMS4 cryptographic algorithm
CN105933108A (en) * 2016-05-30 2016-09-07 清华大学 Implementation method for breaking SM4 algorithm
WO2018154623A1 (en) * 2017-02-21 2018-08-30 三菱電機株式会社 Encryption device and decoding device
CN112532374A (en) * 2020-11-25 2021-03-19 东华大学 Method for detecting SILC authentication encryption algorithm to resist differential fault attack

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
AES差分故障攻击的建模与分析;刘上力;赵劲强;聂勤务;;计算机工程;20100105(第01期);全文 *

Also Published As

Publication number Publication date
CN114124353A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
CN108604981B (en) Method and apparatus for estimating secret value
CN108055120B (en) Method for detecting AES-OTR algorithm to resist differential fault attack
CN109417466B (en) Secret key estimation method and device
CN108199832B (en) Detection method for CLOC authentication encryption algorithm to resist differential fault attack
CN110460425B (en) Attack method and system for side channel password energy leakage signal
CN105052070A (en) Method for authenticating encryption and system for authenticating biometric data
CN104639310B (en) A kind of method that detection algorithms of SHA 1 resist differential fault attack
Mewada et al. Classification of efficient symmetric key cryptography algorithms
CN111447059B (en) Ciphertext equivalent test method, ciphertext equivalent test device, electronic equipment, storage medium and ciphertext equivalent test system
CN113141247A (en) Homomorphic encryption method, device and system and readable storage medium
CN110912672A (en) Method for detecting resistance of COLM authentication encryption algorithm to differential fault attack
JP5578754B2 (en) Encryption conversion method and apparatus, and program
CN112532374A (en) Method for detecting SILC authentication encryption algorithm to resist differential fault attack
Le et al. Improved fault analysis on SIMECK ciphers
CN114124353B (en) Key leakage detection method for authentication encryption algorithm SILC
CN115714641A (en) Method for detecting SATURNIN cryptographic algorithm to resist impossible differential fault attack
Heuser et al. How a symmetry metric assists side-channel evaluation-a novel model verification method for power analysis
CN113434332B (en) Fault propagation-based key recovery method for DES/3DES middle wheel attack
CN101872294A (en) Signal conditioning package, operation verifying method and program
Oussama et al. Secure image encryption scheme based on polar decomposition and chaotic map
CN115714642A (en) Key leakage detection method for authentication encryption algorithm GIFT-COFB
CN115714643A (en) Key leakage detection method for Pyjamask authentication encryption algorithm
CN110601818B (en) Method for detecting SMS4 cryptographic algorithm to resist statistical fault attack
CN114205144A (en) Data transmission method, device, equipment, storage medium and program product
De Cherisey et al. Confused yet successful: Theoretical comparison of distinguishers for monobit leakages in terms of confusion coefficient and SNR

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant