WO2019047062A1 - Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur - Google Patents

Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur Download PDF

Info

Publication number
WO2019047062A1
WO2019047062A1 PCT/CN2017/100715 CN2017100715W WO2019047062A1 WO 2019047062 A1 WO2019047062 A1 WO 2019047062A1 CN 2017100715 W CN2017100715 W CN 2017100715W WO 2019047062 A1 WO2019047062 A1 WO 2019047062A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
real
fake
ciphertext corresponding
keys
Prior art date
Application number
PCT/CN2017/100715
Other languages
English (en)
Chinese (zh)
Inventor
王磊
林岑
柴威荣
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Priority to PCT/CN2017/100715 priority Critical patent/WO2019047062A1/fr
Priority to CN201780001940.4A priority patent/CN107980212A/zh
Publication of WO2019047062A1 publication Critical patent/WO2019047062A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use

Definitions

  • the present invention relates to the field of information security technologies, and in particular, to an encryption method for preventing DPA attacks and a computer readable storage medium.
  • the POS machine uses the AES algorithm to encrypt the plaintext.
  • AES Analog tosssion
  • different energy consumption changes occur due to the operation of calculating data or reading and writing registers.
  • DPA Direct Energy Attack
  • the bypass information of the collected signal can be analyzed.
  • the probability distribution of the energy consumption of the encryption device will be different from the characteristic of the average probability distribution, and the statistical method can be used to analyze the energy consumption information, and the correctness can be identified. Key.
  • the current defense against DPA attacks uses a method of adding a mask.
  • the random value mask can defend against DPA attacks, it must calculate the random mask RM and the masked intermediate variables at the same time. In this case, each round of calculation must generate a new mask and re-mask it. Calculate the values of the S-box lookup tables, which not only increase the amount of credit between operations, but also add additional processor load and storage requirements.
  • the technical problem to be solved by the present invention is to provide an encryption method for preventing DPA attacks and a computer readable storage medium, which can improve the security of encrypted data.
  • an encryption method for preventing DPA attacks including:
  • the present invention also relates to a computer readable storage medium having stored thereon a computer program, the program being executed by a processor, implementing the following steps:
  • the ciphertext corresponding to the real key is sent to the receiving end.
  • the beneficial effects of the present invention are: by generating a plurality of fake keys, and engaging these fake keys with the real key in the encryption operation, due to the inter-day, energy consumption and electromagnetic of the fake key and the real key operation
  • the radiation is basically the same, so that the differential energy analysis method can not analyze the length of the key and the inter-order sequence of the real key participating in the operation.
  • the generated energy analysis curve is not fixed, and the real key cannot be cracked.
  • the encryption method proposed by the present invention cannot distinguish the true and false keys by extracting features through the DPA attack, thereby effectively ensuring the security of the encrypted data.
  • FIG. 1 is a flowchart of an encryption method for preventing DPA attacks according to the present invention
  • the most critical idea of the present invention is to add a fake key to participate in the encryption operation, so that the differential energy analysis method cannot crack the real key.
  • AES The Advanced Encryption Standard, Advanced Encryption Stardand, is the Rijndael algorithm defined by the National Institute of Standards and Technology and serves as an advanced data encryption standard to replace the original Data Encryption Standard (DES);
  • DPA Differential Energy Attack
  • DPA is a statistical method for analyzing a large number of energy consumption curves generated by encrypting different plaintexts by the same key, and revealing the density by averaging the curves of different sets. Key value and encryption device.
  • an encryption method for preventing DPA attacks including:
  • the ciphertext corresponding to the real key is sent to the receiving end.
  • the real key is stored in a first register, and the plurality of fake keys are stored in other registers;
  • the ciphertext in the second register is sent to the receiving end.
  • the real key includes multiple true subkeys
  • each fake key includes multiple fake subkeys respectively.
  • the obtaining a key from the set of keys as an encryption key encrypting the plaintext to obtain a ciphertext corresponding to the one key; and obtaining the key in the key set After the completion, the ciphertext corresponding to the real key is sent to the receiving end.
  • the encryption algorithm is AES, 3DES, RSA, National Secret SMI, National Secret SM2 or National Secret SM4.
  • the method of the present invention is applicable to a variety of encryption algorithms.
  • the present invention also provides a computer readable storage medium having stored thereon a computer program, the program being executed by a processor, implementing the following steps:
  • the ciphertext corresponding to the real key is sent to the receiving end.
  • the real key is stored in a first register, and the plurality of fake keys are stored in other registers;
  • the ciphertext in the second register is sent to the receiving end.
  • the real key includes a plurality of true subkeys
  • each of the fake keys includes a plurality of fake subkeys
  • the obtaining a key from the set of keys as an encryption key encrypting the plaintext to obtain a ciphertext corresponding to the one key; and obtaining the key in the key set After the completion, the ciphertext corresponding to the real key is sent to the receiving end.
  • the encryption algorithm is AES, 3DES, RSA, National Secret SMI, National Secret SM2 or National Secret SM4.
  • Embodiment 1 of the present invention is: An encryption method for preventing DPA attacks, which can be applied to a PO S machine, and includes the following steps:
  • S1 generating a plurality of fake keys; wherein, 3-5 fake keys may be generated according to the real key, and the 3-5 fake keys are fixed keys generated by each downtime, and the remaining fakes
  • the key is a random password generated each time the encryption is started.
  • S2 obtaining a key set according to the true key and the multiple false keys; that is, the real key and the fake key are mixed together, and the true key is randomly distributed in the fake key, and the position is randomized Distribution, location is not fixed; but in order to enable the system to quickly and accurately distinguish between the real key and the fake key, the real key can be stored in the first register, and the multiple fake keys can be stored in other registers.
  • S3 Acquiring a key from the key set as an encryption key, and encrypting the plaintext to obtain a ciphertext corresponding to the one key.
  • step S4 determining whether the key is taken out from the first register, and if yes, performing step S5. Since only the true key is stored in the first register and the fake key is not stored, if a key is retrieved from the first register, it indicates that the key is a true key.
  • S5 storing the ciphertext corresponding to the one key into the second register.
  • the fake key needs to encrypt the plaintext, but the obtained ciphertext is not sent to the receiving end, but only participates in the process of encryption calculation, and generates energy consumption information. Therefore, in order to quickly and easily distinguish the ciphertext corresponding to the ciphertext and the fake key corresponding to the real key, the ciphertext corresponding to the ciphertext corresponding to the real key is stored and distributed, that is, the real key is correspondingly The ciphertext is stored separately.
  • the real key includes multiple true subkeys, and each fake key includes multiple fake subkeys respectively.
  • AES's encryption key is 128 bits and can be divided into 16 subkeys, each of which is 8 bits. Therefore, the true subkey can be randomly distributed among the fake subkeys.
  • the real subkey is stored in the first register, and the fake subkey is stored in other registers.
  • step S3 a real subkey or a fake subkey is obtained as an encryption key from the key set, and the plaintext is encrypted to obtain a ciphertext corresponding to the subkey. Then storing the ciphertext corresponding to the real subkey in the second register, and finally, after the subkey in the key set is obtained, sending the ciphertext corresponding to the real subkey to the receiving end, that is, the secret in the second register The text is sent to the receiving end.
  • the method in this embodiment can be applied to encryption algorithms such as AES, 3DES, RSA, national secret SMI, national secret SM2, and national secret SM4.
  • This embodiment generates a plurality of fake keys, and causes these fake keys to participate in the encryption operation together with the true key, since the daytime, energy consumption, and electromagnetic radiation of the fake key and the real key operation are basically the same. Therefore, the differential energy analysis method cannot analyze the length of the key and the inter-order sequence of the real key participating in the operation, and the generated energy analysis curve is not fixed, and the real key cannot be cracked. The security of encrypted data is effectively guaranteed.
  • This embodiment is a computer readable storage medium corresponding to the above embodiment, on which a computer program is stored, and the program is executed by the processor to implement the following steps:
  • the ciphertext corresponding to the real key is sent to the receiving end.
  • the real key is stored in a first register, and the plurality of fake keys are stored in other registers;
  • the ciphertext in the second register is sent to the receiving end.
  • the true key includes a plurality of true subkeys
  • each of the fake keys includes a plurality of fake subkeys
  • the encryption algorithm is AES, 3DES, RSA, National Secret SMI, National Secret SM2 or National Secret SM4.
  • the present invention provides an anti-DPA attack encryption method and a computer readable storage medium, by generating a plurality of fake keys, and participating in the encryption operation together with the real keys. Since the inter-day, energy consumption and electromagnetic radiation of the fake key and the real key operation are basically the same, the differential energy analysis method cannot analyze the length of the key and the inter-order of the real key participating in the operation, and the generated energy analysis The curve is not fixed and the real key cannot be cracked.
  • the encryption method proposed by the invention cannot distinguish the true and false keys by extracting features through the DPA attack, thereby effectively ensuring the security of the encrypted data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de chiffrement anti-attaque par analyse différentielle de la consommation de puissance (DPA) et un support de stockage lisible par ordinateur. Le procédé consiste : à générer une pluralité de clés factices; à obtenir un ensemble de clés sur la base d'une clé réelle et de la pluralité de clés factices; à acquérir séquentiellement une clé parmi l'ensemble de clés en tant que clé de chiffrement, et chiffrer un texte en clair pour obtenir un texte chiffré correspondant à la clé; à envoyer à un terminal de réception un texte chiffré correspondant à la clé réelle après acquisition de la clé parmi l'ensemble de clés. Puisque le temps de fonctionnement, la consommation d'énergie et le rayonnement électromagnétique de la clé factice et de la clé réelle sont essentiellement identiques, un procédé d'analyse d'énergie différentielle ne peut analyser clairement la longueur de la clé et une séquence temporelle de la clé réelle impliquée dans l'opération, et la courbe d'analyse de l'énergie générée n'est pas fixe, tandis que la clé réelle ne peut pas être craquée, ce qui garantit efficacement la sécurité des données chiffrées.
PCT/CN2017/100715 2017-09-06 2017-09-06 Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur WO2019047062A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/100715 WO2019047062A1 (fr) 2017-09-06 2017-09-06 Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur
CN201780001940.4A CN107980212A (zh) 2017-09-06 2017-09-06 防dpa攻击的加密方法及计算机可读存储介质

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/100715 WO2019047062A1 (fr) 2017-09-06 2017-09-06 Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur

Publications (1)

Publication Number Publication Date
WO2019047062A1 true WO2019047062A1 (fr) 2019-03-14

Family

ID=62006181

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/100715 WO2019047062A1 (fr) 2017-09-06 2017-09-06 Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur

Country Status (2)

Country Link
CN (1) CN107980212A (fr)
WO (1) WO2019047062A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113468585A (zh) * 2021-09-02 2021-10-01 国网浙江省电力有限公司营销服务中心 基于能源密匙表的加密方法、装置及存储介质

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3078463A1 (fr) 2018-02-26 2019-08-30 Stmicroelectronics (Rousset) Sas Procede et dispositif de realisation d'operations en table de substitution
US11218291B2 (en) 2018-02-26 2022-01-04 Stmicroelectronics (Rousset) Sas Method and circuit for performing a substitution operation
FR3078464A1 (fr) * 2018-02-26 2019-08-30 Stmicroelectronics (Rousset) Sas Procede et circuit de mise en oeuvre d'une table de substitution
TWI675578B (zh) * 2018-12-06 2019-10-21 新唐科技股份有限公司 加解密系統、加密裝置、解密裝置和加解密方法
CN110321737B (zh) * 2019-06-28 2020-12-11 兆讯恒达科技股份有限公司 一种数据加密标准协处理器防注入式攻击的方法
CN114531239B (zh) * 2022-04-20 2022-08-12 广州万协通信息技术有限公司 多加密密钥的数据传输方法及系统
CN115622821B (zh) * 2022-12-20 2023-04-28 北京佳芯信息科技有限公司 一种加密通信方法及加密通信系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104734842A (zh) * 2015-03-13 2015-06-24 上海交通大学 基于伪操作的电路旁路攻击抵御方法
CN104734845A (zh) * 2015-03-25 2015-06-24 上海交通大学 基于全加密算法伪操作的旁路攻击防护方法
US9430188B2 (en) * 2008-12-31 2016-08-30 Stmicroelectronics International N.V. Method for protecting a cryptographic device against SPA, DPA and time attacks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9430188B2 (en) * 2008-12-31 2016-08-30 Stmicroelectronics International N.V. Method for protecting a cryptographic device against SPA, DPA and time attacks
CN104734842A (zh) * 2015-03-13 2015-06-24 上海交通大学 基于伪操作的电路旁路攻击抵御方法
CN104734845A (zh) * 2015-03-25 2015-06-24 上海交通大学 基于全加密算法伪操作的旁路攻击防护方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113468585A (zh) * 2021-09-02 2021-10-01 国网浙江省电力有限公司营销服务中心 基于能源密匙表的加密方法、装置及存储介质
CN113468585B (zh) * 2021-09-02 2021-11-19 国网浙江省电力有限公司营销服务中心 基于能源密匙表的加密方法、装置及存储介质

Also Published As

Publication number Publication date
CN107980212A (zh) 2018-05-01

Similar Documents

Publication Publication Date Title
WO2019047062A1 (fr) Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur
US12081648B2 (en) Block cryptographic method for encrypting/decrypting messages and cryptographic devices for implementing this method
CN110235409B (zh) 使用同态加密被保护的rsa签名或解密的方法
US10740497B2 (en) System and method for cryptographic processing in a time window
Tanveer et al. LAKE-6SH: Lightweight user authenticated key exchange for 6LoWPAN-based smart homes
US9455833B2 (en) Behavioral fingerprint in a white-box implementation
KR102397579B1 (ko) 부채널 분석 방지를 위한 화이트박스 암호 방법 및 장치
US9544132B2 (en) Cryptographic method for protecting a key hardware register against fault attacks
US10630462B2 (en) Using white-box in a leakage-resilient primitive
Hsu et al. Efficient identity authentication and encryption technique for high throughput RFID system
Rani et al. Technical Review on Symmetric and Asymmetric Cryptography Algorithms.
US8958556B2 (en) Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component
EP3832945B1 (fr) Système et procédé de protection de cryptage de mémoire contre les attaques par templates
EP2940917B1 (fr) Empreinte comportementale dans une implémentation de boîte blanche
Xu et al. Differential power analysis of 8-bit datapath AES for IoT applications
Jain et al. Honey2fish-a hybrid encryption approach for improved password and message security
Shi et al. A Secure Implementation of a Symmetric Encryption Algorithm in White‐Box Attack Contexts
Savitha et al. Implementation of AES algorithm to overt fake keys against counter attacks
Tang et al. Power analysis attacks against FPGA implementation of KLEIN
Banerjee et al. Performance analysis of multilingual encryption for enhancing data security using cellular automata based state transition mapping: a linear approach
Rivain On the physical security of cryptographic implementations
US20240064002A1 (en) Method for securing an execution of a cryptographic process
Serpa et al. A Secure White Box Implementation of AES Against First Order DCA
Van Der Merwe et al. Security in banking
Lumbiarres-López et al. Implementation on MicroBlaze of AES algorithm to reveal fake keys against side-channel attacks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17924427

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17924427

Country of ref document: EP

Kind code of ref document: A1