WO2019047062A1 - Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur - Google Patents
Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur Download PDFInfo
- Publication number
- WO2019047062A1 WO2019047062A1 PCT/CN2017/100715 CN2017100715W WO2019047062A1 WO 2019047062 A1 WO2019047062 A1 WO 2019047062A1 CN 2017100715 W CN2017100715 W CN 2017100715W WO 2019047062 A1 WO2019047062 A1 WO 2019047062A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- real
- fake
- ciphertext corresponding
- keys
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
Definitions
- the present invention relates to the field of information security technologies, and in particular, to an encryption method for preventing DPA attacks and a computer readable storage medium.
- the POS machine uses the AES algorithm to encrypt the plaintext.
- AES Analog tosssion
- different energy consumption changes occur due to the operation of calculating data or reading and writing registers.
- DPA Direct Energy Attack
- the bypass information of the collected signal can be analyzed.
- the probability distribution of the energy consumption of the encryption device will be different from the characteristic of the average probability distribution, and the statistical method can be used to analyze the energy consumption information, and the correctness can be identified. Key.
- the current defense against DPA attacks uses a method of adding a mask.
- the random value mask can defend against DPA attacks, it must calculate the random mask RM and the masked intermediate variables at the same time. In this case, each round of calculation must generate a new mask and re-mask it. Calculate the values of the S-box lookup tables, which not only increase the amount of credit between operations, but also add additional processor load and storage requirements.
- the technical problem to be solved by the present invention is to provide an encryption method for preventing DPA attacks and a computer readable storage medium, which can improve the security of encrypted data.
- an encryption method for preventing DPA attacks including:
- the present invention also relates to a computer readable storage medium having stored thereon a computer program, the program being executed by a processor, implementing the following steps:
- the ciphertext corresponding to the real key is sent to the receiving end.
- the beneficial effects of the present invention are: by generating a plurality of fake keys, and engaging these fake keys with the real key in the encryption operation, due to the inter-day, energy consumption and electromagnetic of the fake key and the real key operation
- the radiation is basically the same, so that the differential energy analysis method can not analyze the length of the key and the inter-order sequence of the real key participating in the operation.
- the generated energy analysis curve is not fixed, and the real key cannot be cracked.
- the encryption method proposed by the present invention cannot distinguish the true and false keys by extracting features through the DPA attack, thereby effectively ensuring the security of the encrypted data.
- FIG. 1 is a flowchart of an encryption method for preventing DPA attacks according to the present invention
- the most critical idea of the present invention is to add a fake key to participate in the encryption operation, so that the differential energy analysis method cannot crack the real key.
- AES The Advanced Encryption Standard, Advanced Encryption Stardand, is the Rijndael algorithm defined by the National Institute of Standards and Technology and serves as an advanced data encryption standard to replace the original Data Encryption Standard (DES);
- DPA Differential Energy Attack
- DPA is a statistical method for analyzing a large number of energy consumption curves generated by encrypting different plaintexts by the same key, and revealing the density by averaging the curves of different sets. Key value and encryption device.
- an encryption method for preventing DPA attacks including:
- the ciphertext corresponding to the real key is sent to the receiving end.
- the real key is stored in a first register, and the plurality of fake keys are stored in other registers;
- the ciphertext in the second register is sent to the receiving end.
- the real key includes multiple true subkeys
- each fake key includes multiple fake subkeys respectively.
- the obtaining a key from the set of keys as an encryption key encrypting the plaintext to obtain a ciphertext corresponding to the one key; and obtaining the key in the key set After the completion, the ciphertext corresponding to the real key is sent to the receiving end.
- the encryption algorithm is AES, 3DES, RSA, National Secret SMI, National Secret SM2 or National Secret SM4.
- the method of the present invention is applicable to a variety of encryption algorithms.
- the present invention also provides a computer readable storage medium having stored thereon a computer program, the program being executed by a processor, implementing the following steps:
- the ciphertext corresponding to the real key is sent to the receiving end.
- the real key is stored in a first register, and the plurality of fake keys are stored in other registers;
- the ciphertext in the second register is sent to the receiving end.
- the real key includes a plurality of true subkeys
- each of the fake keys includes a plurality of fake subkeys
- the obtaining a key from the set of keys as an encryption key encrypting the plaintext to obtain a ciphertext corresponding to the one key; and obtaining the key in the key set After the completion, the ciphertext corresponding to the real key is sent to the receiving end.
- the encryption algorithm is AES, 3DES, RSA, National Secret SMI, National Secret SM2 or National Secret SM4.
- Embodiment 1 of the present invention is: An encryption method for preventing DPA attacks, which can be applied to a PO S machine, and includes the following steps:
- S1 generating a plurality of fake keys; wherein, 3-5 fake keys may be generated according to the real key, and the 3-5 fake keys are fixed keys generated by each downtime, and the remaining fakes
- the key is a random password generated each time the encryption is started.
- S2 obtaining a key set according to the true key and the multiple false keys; that is, the real key and the fake key are mixed together, and the true key is randomly distributed in the fake key, and the position is randomized Distribution, location is not fixed; but in order to enable the system to quickly and accurately distinguish between the real key and the fake key, the real key can be stored in the first register, and the multiple fake keys can be stored in other registers.
- S3 Acquiring a key from the key set as an encryption key, and encrypting the plaintext to obtain a ciphertext corresponding to the one key.
- step S4 determining whether the key is taken out from the first register, and if yes, performing step S5. Since only the true key is stored in the first register and the fake key is not stored, if a key is retrieved from the first register, it indicates that the key is a true key.
- S5 storing the ciphertext corresponding to the one key into the second register.
- the fake key needs to encrypt the plaintext, but the obtained ciphertext is not sent to the receiving end, but only participates in the process of encryption calculation, and generates energy consumption information. Therefore, in order to quickly and easily distinguish the ciphertext corresponding to the ciphertext and the fake key corresponding to the real key, the ciphertext corresponding to the ciphertext corresponding to the real key is stored and distributed, that is, the real key is correspondingly The ciphertext is stored separately.
- the real key includes multiple true subkeys, and each fake key includes multiple fake subkeys respectively.
- AES's encryption key is 128 bits and can be divided into 16 subkeys, each of which is 8 bits. Therefore, the true subkey can be randomly distributed among the fake subkeys.
- the real subkey is stored in the first register, and the fake subkey is stored in other registers.
- step S3 a real subkey or a fake subkey is obtained as an encryption key from the key set, and the plaintext is encrypted to obtain a ciphertext corresponding to the subkey. Then storing the ciphertext corresponding to the real subkey in the second register, and finally, after the subkey in the key set is obtained, sending the ciphertext corresponding to the real subkey to the receiving end, that is, the secret in the second register The text is sent to the receiving end.
- the method in this embodiment can be applied to encryption algorithms such as AES, 3DES, RSA, national secret SMI, national secret SM2, and national secret SM4.
- This embodiment generates a plurality of fake keys, and causes these fake keys to participate in the encryption operation together with the true key, since the daytime, energy consumption, and electromagnetic radiation of the fake key and the real key operation are basically the same. Therefore, the differential energy analysis method cannot analyze the length of the key and the inter-order sequence of the real key participating in the operation, and the generated energy analysis curve is not fixed, and the real key cannot be cracked. The security of encrypted data is effectively guaranteed.
- This embodiment is a computer readable storage medium corresponding to the above embodiment, on which a computer program is stored, and the program is executed by the processor to implement the following steps:
- the ciphertext corresponding to the real key is sent to the receiving end.
- the real key is stored in a first register, and the plurality of fake keys are stored in other registers;
- the ciphertext in the second register is sent to the receiving end.
- the true key includes a plurality of true subkeys
- each of the fake keys includes a plurality of fake subkeys
- the encryption algorithm is AES, 3DES, RSA, National Secret SMI, National Secret SM2 or National Secret SM4.
- the present invention provides an anti-DPA attack encryption method and a computer readable storage medium, by generating a plurality of fake keys, and participating in the encryption operation together with the real keys. Since the inter-day, energy consumption and electromagnetic radiation of the fake key and the real key operation are basically the same, the differential energy analysis method cannot analyze the length of the key and the inter-order of the real key participating in the operation, and the generated energy analysis The curve is not fixed and the real key cannot be cracked.
- the encryption method proposed by the invention cannot distinguish the true and false keys by extracting features through the DPA attack, thereby effectively ensuring the security of the encrypted data.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé de chiffrement anti-attaque par analyse différentielle de la consommation de puissance (DPA) et un support de stockage lisible par ordinateur. Le procédé consiste : à générer une pluralité de clés factices; à obtenir un ensemble de clés sur la base d'une clé réelle et de la pluralité de clés factices; à acquérir séquentiellement une clé parmi l'ensemble de clés en tant que clé de chiffrement, et chiffrer un texte en clair pour obtenir un texte chiffré correspondant à la clé; à envoyer à un terminal de réception un texte chiffré correspondant à la clé réelle après acquisition de la clé parmi l'ensemble de clés. Puisque le temps de fonctionnement, la consommation d'énergie et le rayonnement électromagnétique de la clé factice et de la clé réelle sont essentiellement identiques, un procédé d'analyse d'énergie différentielle ne peut analyser clairement la longueur de la clé et une séquence temporelle de la clé réelle impliquée dans l'opération, et la courbe d'analyse de l'énergie générée n'est pas fixe, tandis que la clé réelle ne peut pas être craquée, ce qui garantit efficacement la sécurité des données chiffrées.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2017/100715 WO2019047062A1 (fr) | 2017-09-06 | 2017-09-06 | Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur |
CN201780001940.4A CN107980212A (zh) | 2017-09-06 | 2017-09-06 | 防dpa攻击的加密方法及计算机可读存储介质 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2017/100715 WO2019047062A1 (fr) | 2017-09-06 | 2017-09-06 | Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019047062A1 true WO2019047062A1 (fr) | 2019-03-14 |
Family
ID=62006181
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/100715 WO2019047062A1 (fr) | 2017-09-06 | 2017-09-06 | Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107980212A (fr) |
WO (1) | WO2019047062A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113468585A (zh) * | 2021-09-02 | 2021-10-01 | 国网浙江省电力有限公司营销服务中心 | 基于能源密匙表的加密方法、装置及存储介质 |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3078463A1 (fr) | 2018-02-26 | 2019-08-30 | Stmicroelectronics (Rousset) Sas | Procede et dispositif de realisation d'operations en table de substitution |
US11218291B2 (en) | 2018-02-26 | 2022-01-04 | Stmicroelectronics (Rousset) Sas | Method and circuit for performing a substitution operation |
FR3078464A1 (fr) * | 2018-02-26 | 2019-08-30 | Stmicroelectronics (Rousset) Sas | Procede et circuit de mise en oeuvre d'une table de substitution |
TWI675578B (zh) * | 2018-12-06 | 2019-10-21 | 新唐科技股份有限公司 | 加解密系統、加密裝置、解密裝置和加解密方法 |
CN110321737B (zh) * | 2019-06-28 | 2020-12-11 | 兆讯恒达科技股份有限公司 | 一种数据加密标准协处理器防注入式攻击的方法 |
CN114531239B (zh) * | 2022-04-20 | 2022-08-12 | 广州万协通信息技术有限公司 | 多加密密钥的数据传输方法及系统 |
CN115622821B (zh) * | 2022-12-20 | 2023-04-28 | 北京佳芯信息科技有限公司 | 一种加密通信方法及加密通信系统 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104734842A (zh) * | 2015-03-13 | 2015-06-24 | 上海交通大学 | 基于伪操作的电路旁路攻击抵御方法 |
CN104734845A (zh) * | 2015-03-25 | 2015-06-24 | 上海交通大学 | 基于全加密算法伪操作的旁路攻击防护方法 |
US9430188B2 (en) * | 2008-12-31 | 2016-08-30 | Stmicroelectronics International N.V. | Method for protecting a cryptographic device against SPA, DPA and time attacks |
-
2017
- 2017-09-06 WO PCT/CN2017/100715 patent/WO2019047062A1/fr active Application Filing
- 2017-09-06 CN CN201780001940.4A patent/CN107980212A/zh active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9430188B2 (en) * | 2008-12-31 | 2016-08-30 | Stmicroelectronics International N.V. | Method for protecting a cryptographic device against SPA, DPA and time attacks |
CN104734842A (zh) * | 2015-03-13 | 2015-06-24 | 上海交通大学 | 基于伪操作的电路旁路攻击抵御方法 |
CN104734845A (zh) * | 2015-03-25 | 2015-06-24 | 上海交通大学 | 基于全加密算法伪操作的旁路攻击防护方法 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113468585A (zh) * | 2021-09-02 | 2021-10-01 | 国网浙江省电力有限公司营销服务中心 | 基于能源密匙表的加密方法、装置及存储介质 |
CN113468585B (zh) * | 2021-09-02 | 2021-11-19 | 国网浙江省电力有限公司营销服务中心 | 基于能源密匙表的加密方法、装置及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN107980212A (zh) | 2018-05-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019047062A1 (fr) | Procédé de chiffrement anti-attaque par analyse de puissance différentielle (dpa) et support de stockage lisible par ordinateur | |
US12081648B2 (en) | Block cryptographic method for encrypting/decrypting messages and cryptographic devices for implementing this method | |
CN110235409B (zh) | 使用同态加密被保护的rsa签名或解密的方法 | |
US10740497B2 (en) | System and method for cryptographic processing in a time window | |
Tanveer et al. | LAKE-6SH: Lightweight user authenticated key exchange for 6LoWPAN-based smart homes | |
US9455833B2 (en) | Behavioral fingerprint in a white-box implementation | |
KR102397579B1 (ko) | 부채널 분석 방지를 위한 화이트박스 암호 방법 및 장치 | |
US9544132B2 (en) | Cryptographic method for protecting a key hardware register against fault attacks | |
US10630462B2 (en) | Using white-box in a leakage-resilient primitive | |
Hsu et al. | Efficient identity authentication and encryption technique for high throughput RFID system | |
Rani et al. | Technical Review on Symmetric and Asymmetric Cryptography Algorithms. | |
US8958556B2 (en) | Method of secure cryptographic calculation, in particular, against attacks of the DFA and unidirectional type, and corresponding component | |
EP3832945B1 (fr) | Système et procédé de protection de cryptage de mémoire contre les attaques par templates | |
EP2940917B1 (fr) | Empreinte comportementale dans une implémentation de boîte blanche | |
Xu et al. | Differential power analysis of 8-bit datapath AES for IoT applications | |
Jain et al. | Honey2fish-a hybrid encryption approach for improved password and message security | |
Shi et al. | A Secure Implementation of a Symmetric Encryption Algorithm in White‐Box Attack Contexts | |
Savitha et al. | Implementation of AES algorithm to overt fake keys against counter attacks | |
Tang et al. | Power analysis attacks against FPGA implementation of KLEIN | |
Banerjee et al. | Performance analysis of multilingual encryption for enhancing data security using cellular automata based state transition mapping: a linear approach | |
Rivain | On the physical security of cryptographic implementations | |
US20240064002A1 (en) | Method for securing an execution of a cryptographic process | |
Serpa et al. | A Secure White Box Implementation of AES Against First Order DCA | |
Van Der Merwe et al. | Security in banking | |
Lumbiarres-López et al. | Implementation on MicroBlaze of AES algorithm to reveal fake keys against side-channel attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17924427 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17924427 Country of ref document: EP Kind code of ref document: A1 |