KR20160114252A - Method for processing side channel analysis - Google Patents
Method for processing side channel analysis Download PDFInfo
- Publication number
- KR20160114252A KR20160114252A KR1020150040316A KR20150040316A KR20160114252A KR 20160114252 A KR20160114252 A KR 20160114252A KR 1020150040316 A KR1020150040316 A KR 1020150040316A KR 20150040316 A KR20150040316 A KR 20150040316A KR 20160114252 A KR20160114252 A KR 20160114252A
- Authority
- KR
- South Korea
- Prior art keywords
- analysis
- memory capacity
- waveform data
- subchannel
- present
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
Embodiments of the present invention relate to a subchannel analysis computation method for stability analysis of an encryption algorithm, and a subchannel analysis computation method according to an embodiment of the present invention includes: Collecting waveform data; Calculating a memory capacity necessary for storing an intermediate data variable value based on the number of points included in one waveform data, the number of cipher key bytes to be analyzed, and the number of guess keys; Comparing the calculated memory capacity with an available memory capacity; And starting analysis of the collected waveform data if the available memory capacity is greater than the calculated memory capacity. According to the embodiments of the present invention, it is possible to prevent occurrence of an error in advance by checking whether or not a memory capacity required in advance is secured before performing a subchannel analysis operation.
Description
Embodiments of the present invention relate to a subchannel analysis computation method for stability analysis of an encryption algorithm.
A cryptanalysis method has been developed that measures secret information such as a secret key by measuring the power consumption generated in the operation of the cryptographic algorithm or measuring the execution time of the operation. Leakage of secret information about the encryption algorithm is called a side channel.
A subchannel analysis technique that finds important data such as cryptographic keys using timing information, power consumption, and electromagnetic signals leaked during the algorithm process is recognized as the most powerful analysis technique of cryptographic algorithm stability analysis.
In general, the subchannel analysis collects a plurality of waveform data in a repeated cryptographic calculation process, processes the collected waveform data to enable subchannel analysis, and performs subchannel analysis using the processed data to generate secret information .
Differential power analysis is a sub-channel analysis method that utilizes the fact that the power consumed during encryption operation in electronic equipment is correlated with the encryption key. The differential power analysis statistically analyzes the amount of power consumed in the process of encrypting arbitrary plaintext with the same encryption key to estimate the encryption key. Specifically, the power consumption waveform is collected in a plurality of cryptographic operation processes, and then the correlation between the amount of power consumed by each time and the estimated power consumption by all possible cryptographic partial keys is calculated. These calculations are performed on a large amount of data, and a memory capacity in the computer for storing the variable data generated in the calculation process is sufficiently required. If there is not enough memory storage space in a computing device such as a computer, errors may occur in the analysis over a long period of time.
Embodiments of the present invention provide a method for preventing an error from occurring due to insufficient memory capacity in a sub-channel analysis calculation process.
A subchannel analysis operation method according to an embodiment of the present invention includes collecting waveform data generated in a cryptographic operation process of a subchannel analysis target device; Calculating a memory capacity necessary for storing an intermediate data variable value based on the number of points included in one waveform data, the number of cipher key bytes to be analyzed, and the number of guess keys; Comparing the calculated memory capacity with an available memory capacity; And starting analysis of the collected waveform data if the available memory capacity is greater than the calculated memory capacity.
According to the embodiments of the present invention, it is possible to prevent occurrence of an error in advance by checking whether or not a memory capacity required in advance is secured before performing a subchannel analysis operation.
According to the embodiments of the present invention, it is not necessary for the system user to continuously check whether an error has occurred, and it is possible to prevent a delay from occurring in the entire process for the subchannel analysis.
FIG. 1 is a block diagram for explaining a subchannel analyzer according to an embodiment of the present invention. FIG.
FIG. 2 is a flowchart illustrating a sub-channel analysis computation method according to an embodiment of the present invention; FIG.
In the following description of the embodiments of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.
The data used for the differential power analysis is waveform data, which is subchannel information generated in the cryptographic computation process of the analysis object apparatus, in which one waveform data composed of L points is generated in one cryptographic computation process. Also, the differential power analysis process includes a process of obtaining correlation values for a plurality of waveform data for L points, K analyzed cipher key byte counts, and GK guessed key counts, respectively.
The intermediate data variable values stored and used in the memory during the differential power analysis process can be defined as follows.
s [L]: Sum at each point of waveform data consisting of L points.
s 2 [L]: Sum of squares at each point in waveform data consisting of L points.
d [K, GK]: Sum of power dissipation theoretical values for each K, GK value.
d 2 [K, GK]: Sum of squares of the power consumption theoretical values for each K, GK value.
sd [L, K, GK]: The product of the waveform data value and the power consumption theoretical value at each point and K, GK values.
Therefore, in order to store the intermediate data variable value, the memory must be able to store (2 · L + 2 · K · GK + L · K · GK) variables. On the other hand, in general, L is sufficiently larger than 2 · K · GK, and K · GK is sufficiently larger than 2. Therefore, the number of intermediate data variables required in general is close to the value of L · K · GK.
1 is a block diagram illustrating a subchannel analyzer according to an embodiment of the present invention.
1, the sub-channel analysis and operation apparatus according to an embodiment of the present invention includes an
The
The
The waveform
The
2 is a flowchart illustrating a sub-channel analysis computation method according to an embodiment of the present invention. Depending on the embodiment, at least one of the steps shown in Fig. 2 may be omitted.
In
In
In
In
In
In
The embodiments of the invention described above may be implemented in any of a variety of ways. For example, embodiments of the present invention may be implemented using hardware, software, or a combination thereof. When implemented in software, it may be implemented as software running on one or more processors using various operating systems or platforms. Additionally, such software may be written using any of a number of suitable programming languages, and may also be compiled into machine code or intermediate code executable in a framework or virtual machine.
Also, when embodiments of the present invention are implemented on one or more processors, one or more programs for carrying out the methods of implementing the various embodiments of the invention discussed above may be stored on a processor readable medium (e.g., memory, A floppy disk, a hard disk, a compact disk, an optical disk, a magnetic tape, or the like).
Claims (1)
Calculating a memory capacity necessary for storing an intermediate data variable value based on the number of points included in one waveform data, the number of cipher key bytes to be analyzed, and the number of guess keys;
Comparing the calculated memory capacity with an available memory capacity; And
If the available memory capacity is greater than the calculated memory capacity, starting analysis of the collected waveform data
/ RTI >
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150040316A KR20160114252A (en) | 2015-03-23 | 2015-03-23 | Method for processing side channel analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150040316A KR20160114252A (en) | 2015-03-23 | 2015-03-23 | Method for processing side channel analysis |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20160114252A true KR20160114252A (en) | 2016-10-05 |
Family
ID=57153831
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150040316A KR20160114252A (en) | 2015-03-23 | 2015-03-23 | Method for processing side channel analysis |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20160114252A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101876498B1 (en) * | 2018-01-24 | 2018-08-09 | 국민대학교산학협력단 | Codebreaking apparatus of disabling masking coutermeasure and method of the same, storage media storing the same |
KR101879809B1 (en) | 2017-09-19 | 2018-08-16 | 국민대학교산학협력단 | Apparatus and Method of Secure Operation for Side-Channel Attacks |
KR101941886B1 (en) * | 2018-05-04 | 2019-01-24 | 국민대학교산학협력단 | Apparatus and method of verifying the security of block cipher algorithm |
CN109993195A (en) * | 2017-12-31 | 2019-07-09 | 国民技术股份有限公司 | A kind of side information processing method and device, terminal and computer readable storage medium |
-
2015
- 2015-03-23 KR KR1020150040316A patent/KR20160114252A/en unknown
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101879809B1 (en) | 2017-09-19 | 2018-08-16 | 국민대학교산학협력단 | Apparatus and Method of Secure Operation for Side-Channel Attacks |
CN109993195A (en) * | 2017-12-31 | 2019-07-09 | 国民技术股份有限公司 | A kind of side information processing method and device, terminal and computer readable storage medium |
CN109993195B (en) * | 2017-12-31 | 2024-04-12 | 国民技术股份有限公司 | Side information processing method and device, terminal and computer readable storage medium |
KR101876498B1 (en) * | 2018-01-24 | 2018-08-09 | 국민대학교산학협력단 | Codebreaking apparatus of disabling masking coutermeasure and method of the same, storage media storing the same |
WO2019146885A1 (en) * | 2018-01-24 | 2019-08-01 | 국민대학교산학협력단 | Device and method for cipher decryption, and recording medium for recording same |
CN111656425A (en) * | 2018-01-24 | 2020-09-11 | 国民大学校产学协力团 | Cryptographic decoding apparatus and method, and recording medium for recording the same |
KR101941886B1 (en) * | 2018-05-04 | 2019-01-24 | 국민대학교산학협력단 | Apparatus and method of verifying the security of block cipher algorithm |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3220305B1 (en) | Method of testing the resistance of a circuit to a side channel analysis of second order or more | |
Yarom et al. | Recovering OpenSSL ECDSA nonces using the FLUSH+ RELOAD cache side-channel attack | |
Alam et al. | {One&Done}: A {Single-Decryption}{EM-Based} Attack on {OpenSSL’s}{Constant-Time} Blinded {RSA} | |
CN108604981B (en) | Method and apparatus for estimating secret value | |
US20180018147A1 (en) | Random number expanding device, random number expanding method, and non-transitory computer readable recording medium storing random number expanding program | |
US20100246808A1 (en) | Side channel attack tolerance evaluation apparatus, method and program | |
US10628592B2 (en) | Methods for recovering secret data of a cryptographic device and for evaluating the security of such a device | |
KR20160114252A (en) | Method for processing side channel analysis | |
CN107577452B (en) | Randomness detection method and device | |
D'Anvers et al. | Higher-order masked ciphertext comparison for lattice-based cryptography | |
EP3040901A1 (en) | System and method for aligning time-series data over a large range of time indices | |
KR101623493B1 (en) | Appropriate Countermeasure against Side Channel Analysis on Cryptogram Generating Process of Financial IC Cards | |
KR101792650B1 (en) | Process for testing the resistance of an integrated circuit to a side channel analysis | |
Steffen et al. | In-depth analysis of side-channel countermeasures for crystals-kyber message encoding on arm cortex-m4 | |
Varchola et al. | Side channel attack on multiprecision multiplier used in protected ECDSA implementation | |
US20180157846A1 (en) | Information processing method, electronic device and computer storage medium | |
Zhou et al. | Analysis on the parameter selection method for FLUSH+ RELOAD based cache timing attack on RSA | |
Zhang et al. | Statistical analysis for access-driven cache attacks against AES | |
WO2011071063A1 (en) | Side channel attack resistance assessment device, side channel attack resistance assessment method, and program thereof | |
Ahmed et al. | Design of Lightweight Cryptography based Deep Learning Model for Side Channel Attacks | |
US9239926B2 (en) | Static analysis for discovery of timing attack vulnerabilities in a computer software application | |
KR101367174B1 (en) | Method and apparatus for providing data arrangement for side channel analysis | |
Ghimire et al. | Data integrity verification algorithms and performance evaluation for vehicle accident data recording system | |
KR20130022475A (en) | Method of arranging data automatically for side channel analysis and side channel analysis apparatus performing the same | |
Bache et al. | Multivariate TVLA-efficient side-channel evaluation using confidence intervals |