CN114124353B - Key leakage detection method for authentication encryption algorithm SILC - Google Patents
Key leakage detection method for authentication encryption algorithm SILC Download PDFInfo
- Publication number
- CN114124353B CN114124353B CN202111391683.4A CN202111391683A CN114124353B CN 114124353 B CN114124353 B CN 114124353B CN 202111391683 A CN202111391683 A CN 202111391683A CN 114124353 B CN114124353 B CN 114124353B
- Authority
- CN
- China
- Prior art keywords
- fault
- ciphertext
- silc
- encryption algorithm
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 38
- 238000001514 detection method Methods 0.000 title claims abstract description 10
- 238000000034 method Methods 0.000 claims abstract description 28
- 230000008569 process Effects 0.000 claims abstract description 17
- 238000004458 analytical method Methods 0.000 claims description 8
- 238000006467 substitution reaction Methods 0.000 claims description 2
- 238000004806 packaging method and process Methods 0.000 abstract description 3
- 238000012545 processing Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000006073 displacement reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 239000004575 stone Substances 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/36—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with means for detecting characters not meant for transmission
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to a key leakage detection method for an authentication encryption algorithm SILC, which comprises the following steps: randomly generating a message to be processed; taking the hash value of the authentication information and the message to be processed as the input of an authentication encryption algorithm SILC, and outputting a correct ciphertext and an error ciphertext; calculating a difference value delta Y of the correct ciphertext and the error ciphertext, and determining whether the fault is an effective fault or not according to the difference value delta Y; deducing the intermediate state value C of the first-1 round through the correct ciphertext and the error ciphertext corresponding to the effective fault l‑1 Andcalculating an intermediate state value C l‑1 Andis a difference value deltac of (a) l‑1 By delta C l‑1 And obtaining a set of impossible differential relation equation sets with the ratio not equal to 0, further compressing a key search space, and repeatedly importing faults and analyzing processes to obtain a correct key K. The invention can be used for evaluating the packaging security of the authentication encryption algorithm SILC.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a key leakage detection method for an authentication encryption algorithm SILC.
Background
With the continuous development of computer information security technology, information security problems are also becoming more important. Cryptography is used as a basic stone for information security, and can provide functions such as authentication, encryption and the like. Wherein authentication is intended to provide the integrity of the information, i.e. to verify whether the information has been tampered with; encryption may ensure confidentiality of information, i.e., to make the information unknown to unauthorized entities. The authentication encryption algorithm SILC was proposed in 2014, and can ensure the integrity and confidentiality of information at the same time.
The fault analysis refers to that an attacker introduces faults in the running process of the password system, so that the password system performs error calculation, and then the output result and the normal output result obtained after the faults are introduced are used for analysis, so that important information such as related keys and the like is obtained.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a key leakage detection method of an authentication encryption algorithm SILC, which can be used for evaluating the packaging security of the authentication encryption algorithm SILC.
The technical scheme adopted for solving the technical problems is as follows: the key leakage detection method for authenticating an encryption algorithm SILC comprises the following steps:
randomly generating a message X to be processed;
taking the hash value of the authentication information and the message X to be processed as the input of an authentication encryption algorithm SILC, and outputting a correct ciphertext Y;
taking the hash value of the authentication information and the message X to be processed as the input of an authentication encryption algorithm SILC, and outputting an error ciphertext Y after the fault is imported * ;
Calculating correct ciphertext Y and incorrect ciphertext Y * And determining whether the fault is a valid fault according to the differential value deltay;
by correct ciphertext Y and error ciphertext Y corresponding to effective fault * Deriving intermediate state value C of the first-1 round l-1 Andwherein (1)>MC -1 (. Cndot.) represents a column-mix inverse operation, AC -1 (. Cndot.) represents a constant addition operation, SC -1 (. Cndot.) denotes the cell substitution inverse operation, SR -1 (. Cndot.) represents a line shift inverse operation, K represents a key;
calculating an intermediate state value C l-1 Andis a difference value deltac of (a) l-1 By delta C l-1 And obtaining a set of impossible differential relation equation sets with the ratio not equal to 0, further compressing a key search space, and repeatedly importing faults and analyzing processes to obtain a correct key K.
The determining whether the fault is a valid fault according to the differential value deltay specifically comprises: when the differential value Δy=0, the fault is an invalid fault, and when the differential value Δy++0, the fault is a valid fault.
The system of impossible differential relation equations is:
wherein,Y 5k +1 、Y *5k+1 and K 5k+1 Respectively represent correct ciphertext Y and incorrect ciphertext Y * And 5k+1th nibble of key KK represents the kth column of state values, and k is more than or equal to 0 and less than or equal to 3.
The fault employs a random nibble fault model.
The fault is introduced by means of software simulation, laser, electromagnetic and/or voltage disturbance.
Advantageous effects
Due to the adoption of the technical scheme, compared with the prior art, the invention has the following advantages and positive effects: the invention takes the hash value of the authentication information and the message to be processed as the input of the authentication encryption algorithm SILC to obtain a correct ciphertext and an incorrect ciphertext, deduces an intermediate state value through the correct ciphertext and the incorrect ciphertext, calculates the difference value of the intermediate state value, thus obtaining a group of impossible difference relation equations, further compresses a key search space, repeatedly leads in faults and analysis processes, and finally deduces a correct key. The method provided by the invention is easy to realize, has high speed and high accuracy, and has important significance for the security research of the authentication encryption algorithm SILC.
Drawings
FIG. 1 is a flow chart of an embodiment of the present invention;
FIG. 2 is a fault propagation diagram of an impossible differential fault analysis in the authentication encryption algorithm SILC encryption process;
FIG. 3 is a schematic view of an experimental environment in an embodiment of the present invention;
fig. 4 is a SILC analysis chart of the authentication encryption algorithm.
Detailed Description
The invention will be further illustrated with reference to specific examples. It is to be understood that these examples are illustrative of the present invention and are not intended to limit the scope of the present invention. Further, it is understood that various changes and modifications may be made by those skilled in the art after reading the teachings of the present invention, and such equivalents are intended to fall within the scope of the claims appended hereto.
The symbols used in the embodiments of the present invention are described below:
x: message, X ε {0,1} 4 } 16 ;
V: hash value of authentication information;
k: key, K.epsilon. { {0,1} 4 } 16 ;
Y: the correct ciphertext is output, Y E { { {0,1}, and 4 } 16 ;
Y * : output error ciphertext, Y * ∈{{0,1} 4 } 16 ;
Exclusive-or operation;
l: the number of wheels;
AC -1 (. Cndot.): performing constant addition operation;
SC -1 (. Cndot.): the cells replace the inverse operation;
SR -1 (. Cndot.): performing inverse operation on the line displacement;
MC -1 (. Cndot.): column confusion inverse operation;
fix (X): definition fix (X) =xu 10 X-1 The |x| represents the length of the message X;
E K : inputting a secret key K, and performing a round of encryption transformation;
msb τ : the data is taken with the first τ bits valid.
The embodiment of the invention relates to a key leakage detection method for an authentication encryption algorithm SILC, which comprises the following steps as shown in figure 1:
step 1: randomly generating a message to be processed, denoted X, X ε {0,1} 4 } 16 ;
Step 2: taking the hash value V of the authentication information and the message X as the input of an authentication encryption algorithm SILC, outputting a correct ciphertext Y, Y E {0,1} 4 } 16 The method comprises the steps of carrying out a first treatment on the surface of the The process of authenticating the encryption algorithm SILC is shown in fig. 4.
Step 3: taking the hash value V of the authentication information and the message X as the input of an authentication encryption algorithm SILC, and outputting an error ciphertext Y after the fault is imported * ,Y * ∈{{0,1} 4 } 16 The method comprises the steps of carrying out a first treatment on the surface of the The fault imported in this step adopts a random nibble fault model, soThe barrier size is half byte, which can be realized by a software simulation method, and can also be realized by processing real hardware by technical means such as laser, electromagnetism, voltage interference and the like.
In the processing process of the hash value V and the message X of the authentication information by using the authentication encryption algorithm SILC in the step 2 and the step 3, in order to ensure the accuracy of the experimental result, the experimental environment needs to be strictly controlled, so that corresponding output is obtained.
As shown in fig. 3, in which a computer is used to generate an input message X, and output results of the input message X after passing through an authentication encryption algorithm SILC are processed and analyzed, a device for packaging the authentication encryption algorithm SILC is used to process the input message and obtain corresponding output results; the fault-importing device is used for executing the fault-importing action, and the fault-importing action is executed in the SILC running process of the authentication encryption algorithm, so that the output of the error ciphertext is obtained. The specific operation method is as follows:
experimental environment 1: the hash value V and the message X of the authentication information are input, the interference of irrelevant things outside is avoided in the experimental process is strictly controlled, and the correct ciphertext Y can be accurately output in the SILC operation process of the authentication encryption algorithm;
experimental environment 2: the hash value V and the message X of the authentication information are input, faults are led in the operation process of the authentication encryption algorithm SILC, and then the error ciphertext Y is obtained * 。
Step 4: calculating correct ciphertext Y and incorrect ciphertext Y * And determining whether the fault is a valid fault according to the differential value deltay, wherein when the differential value deltay=0, the fault is considered to be an invalid fault, and when the differential value deltay is not equal to 0, the fault is considered to be a valid fault;
step 5: by correct ciphertext Y and error ciphertext Y corresponding to effective fault * Deriving intermediate state value C of the first-1 round l-1 And
the above-described derivation process is based on a fault propagation diagram of impossible differential fault analysis in the authenticated encryption algorithm SILC encryption process shown in fig. 2.
Step 6: calculating an intermediate state value C l-1 Andis recorded as delta C l-1 By delta C l-1 Not equal to 0, i.eWherein i is more than or equal to 1 and less than or equal to 16, a set of impossible differential relation equation sets is obtained, the key search space is further compressed, and the fault introduction and analysis processes are repeated, so that a correct key K is obtained.
Wherein, the impossible differential relation equation set is:
wherein,Y 5k +1 、Y *5k+1 and K 5k+1 Respectively represent correct ciphertext Y and incorrect ciphertext Y * And the 5k+1th nibble of the key K, K represents the kth column of the state value, satisfying 0.ltoreq.k.ltoreq.3. And traversing all possible sub-key candidate values by using the impossible differential relation equation set as a limiting condition, screening out sub-keys meeting the requirements, and finally obtaining an original key K according to a key arrangement algorithm.
By using the method, on a computer with internal memory of Intel (R) Core (TM) i5-7200U CPU@2.50GHz 2.70GHz 8GB, an IDEA development tool is used for simulating the fault introduction and SILC processing process of an authentication encryption algorithm, the method is repeatedly executed for 1000 times, and an experimental result shows that the detection method is accurate.
It is not difficult to find that the method of the embodiment of the invention can detect the key leakage of the authentication encryption algorithm SILC, can be used for evaluating the safety of the product packaged by the authentication encryption algorithm SILC, has the characteristics of easy realization, high speed and high accuracy, and has important significance for the safety research of the authentication encryption algorithm SILC.
Claims (4)
1. The key leakage detection method for authenticating an encryption algorithm SILC is characterized by comprising the following steps:
randomly generating a message X to be processed;
taking the hash value of the authentication information and the message X to be processed as the input of an authentication encryption algorithm SILC, and outputting a correct ciphertext Y;
taking the hash value of the authentication information and the message X to be processed as the input of an authentication encryption algorithm SILC, and outputting an error ciphertext Y after the fault is imported * ;
Calculating correct ciphertext Y and incorrect ciphertext Y * And determining whether the fault is a valid fault according to the differential value deltay;
by correct ciphertext Y and error ciphertext Y corresponding to effective fault * Deriving intermediate state value C of the first-1 round l-1 Andwherein (1)>MC -1 (. Cndot.) represents a column-mix inverse operation, AC -1 (. Cndot.) represents a constant addition operation, SC -1 (. Cndot.) denotes the cell substitution inverse operation, SR -1 (. Cndot.) represents a line shift inverse operation, K represents a key;
calculating an intermediate state value C l-1 Andis a difference value deltac of (a) l-1 By delta C l-1 Not equal to 0, obtaining a set of impossible differential relation equation sets, further compressing the key search space, and repeatedly importing faultsAnd an analysis process to obtain a correct key K; wherein the set of impossible differential relation equations is:
wherein,Y 5k+1 、Y *5k+1 and K 5k+1 Respectively represent correct ciphertext Y and incorrect ciphertext Y * And the 5k+1th nibble of the key K, K represents the kth column of the state value, satisfying 0.ltoreq.k.ltoreq.3.
2. The method for detecting key leakage of the authentication encryption algorithm SILC according to claim 1, wherein said determining whether said fault is a valid fault according to said differential value Δy is specifically: when the differential value Δy=0, the fault is an invalid fault, and when the differential value Δy++0, the fault is a valid fault.
3. The method for key leakage detection of an authentication encryption algorithm SILC according to claim 1, characterized in that said failure employs a random nibble failure model.
4. The method for detecting the leakage of the key of the authentication and encryption algorithm SILC according to claim 1, characterized in that said fault is introduced by means of software simulation, laser, electromagnetic and/or voltage disturbances.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111391683.4A CN114124353B (en) | 2021-11-19 | 2021-11-19 | Key leakage detection method for authentication encryption algorithm SILC |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111391683.4A CN114124353B (en) | 2021-11-19 | 2021-11-19 | Key leakage detection method for authentication encryption algorithm SILC |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114124353A CN114124353A (en) | 2022-03-01 |
CN114124353B true CN114124353B (en) | 2024-03-29 |
Family
ID=80440019
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111391683.4A Active CN114124353B (en) | 2021-11-19 | 2021-11-19 | Key leakage detection method for authentication encryption algorithm SILC |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114124353B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103227717A (en) * | 2013-01-25 | 2013-07-31 | 国家密码管理局商用密码检测中心 | Application of selecting round key XOR input to perform side-channel power analysis of SM4 cryptographic algorithm |
CN105227295A (en) * | 2015-10-10 | 2016-01-06 | 成都芯安尤里卡信息科技有限公司 | A kind of Differential fault injection attacks for SMS4 cryptographic algorithm |
CN105933108A (en) * | 2016-05-30 | 2016-09-07 | 清华大学 | Implementation method for breaking SM4 algorithm |
WO2018154623A1 (en) * | 2017-02-21 | 2018-08-30 | 三菱電機株式会社 | Encryption device and decoding device |
CN112532374A (en) * | 2020-11-25 | 2021-03-19 | 东华大学 | Method for detecting SILC authentication encryption algorithm to resist differential fault attack |
-
2021
- 2021-11-19 CN CN202111391683.4A patent/CN114124353B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103227717A (en) * | 2013-01-25 | 2013-07-31 | 国家密码管理局商用密码检测中心 | Application of selecting round key XOR input to perform side-channel power analysis of SM4 cryptographic algorithm |
CN105227295A (en) * | 2015-10-10 | 2016-01-06 | 成都芯安尤里卡信息科技有限公司 | A kind of Differential fault injection attacks for SMS4 cryptographic algorithm |
CN105933108A (en) * | 2016-05-30 | 2016-09-07 | 清华大学 | Implementation method for breaking SM4 algorithm |
WO2018154623A1 (en) * | 2017-02-21 | 2018-08-30 | 三菱電機株式会社 | Encryption device and decoding device |
CN112532374A (en) * | 2020-11-25 | 2021-03-19 | 东华大学 | Method for detecting SILC authentication encryption algorithm to resist differential fault attack |
Non-Patent Citations (1)
Title |
---|
AES差分故障攻击的建模与分析;刘上力;赵劲强;聂勤务;;计算机工程;20100105(第01期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN114124353A (en) | 2022-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108604981B (en) | Method and apparatus for estimating secret value | |
CN108055120B (en) | Method for detecting AES-OTR algorithm to resist differential fault attack | |
CN109417466B (en) | Secret key estimation method and device | |
CN108199832B (en) | Detection method for CLOC authentication encryption algorithm to resist differential fault attack | |
CN110460425B (en) | Attack method and system for side channel password energy leakage signal | |
CN105052070A (en) | Method for authenticating encryption and system for authenticating biometric data | |
CN104639310B (en) | A kind of method that detection algorithms of SHA 1 resist differential fault attack | |
Mewada et al. | Classification of efficient symmetric key cryptography algorithms | |
CN111447059B (en) | Ciphertext equivalent test method, ciphertext equivalent test device, electronic equipment, storage medium and ciphertext equivalent test system | |
CN113141247A (en) | Homomorphic encryption method, device and system and readable storage medium | |
CN110912672A (en) | Method for detecting resistance of COLM authentication encryption algorithm to differential fault attack | |
JP5578754B2 (en) | Encryption conversion method and apparatus, and program | |
CN112532374A (en) | Method for detecting SILC authentication encryption algorithm to resist differential fault attack | |
Le et al. | Improved fault analysis on SIMECK ciphers | |
CN114124353B (en) | Key leakage detection method for authentication encryption algorithm SILC | |
CN115714641A (en) | Method for detecting SATURNIN cryptographic algorithm to resist impossible differential fault attack | |
Heuser et al. | How a symmetry metric assists side-channel evaluation-a novel model verification method for power analysis | |
CN113434332B (en) | Fault propagation-based key recovery method for DES/3DES middle wheel attack | |
CN101872294A (en) | Signal conditioning package, operation verifying method and program | |
Oussama et al. | Secure image encryption scheme based on polar decomposition and chaotic map | |
CN115714642A (en) | Key leakage detection method for authentication encryption algorithm GIFT-COFB | |
CN115714643A (en) | Key leakage detection method for Pyjamask authentication encryption algorithm | |
CN110601818B (en) | Method for detecting SMS4 cryptographic algorithm to resist statistical fault attack | |
CN114205144A (en) | Data transmission method, device, equipment, storage medium and program product | |
De Cherisey et al. | Confused yet successful: Theoretical comparison of distinguishers for monobit leakages in terms of confusion coefficient and SNR |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |