针对基于SM3的HMAC的互信息能量分析攻击

doi:10.11959/j.issn.1000-436x.2016248

通信学报 ›› 2016, Vol. 37 ›› Issue (Z1): 57-62.doi: 10.11959/j.issn.1000-436x.2016248

针对基于SM3的HMAC的互信息能量分析攻击

吴震¹,王敏¹,饶金涛¹,杜之波¹,王胜²,张凌浩²

¹ 成都信息工程大学信息安全工程学院，四川成都 610225
² 国网四川省电力公司电力科学研究院，四川成都 610072

出版日期:2016-10-25 发布日期:2017-01-17
基金资助:
国家重大科技专项基金资助项目;国家高技术研究发展计划（“863”计划）基金资助项目;四川省科技支撑计划基金资助项目;四川省教育厅重点科研基金资助项目

Mutual information power analysis attack of HMAC based on SM3

Zhen WU¹,Min WANG¹,Jin-tao RAO¹,Zhi-bo DU¹,Sheng WANG²,Ling-hao ZHANG²

¹ College of Information Security Engineering,Chengdu University of Information Technology,Chengdu 610225,China
² State Grid Sichuan Electric Power Research Institute,Chengdu 610072,China

Online:2016-10-25 Published:2017-01-17
Supported by:
TheNationalScienceandTechnologyMajorProject;The National High Technology Research and Development Program of China (863 Program);Sichuan Science and Technology Support Program;Sichuan Provincial Education Department Key Scientific Research Projects

摘要/Abstract

摘要：

提出了对应的互信息能量分析攻击，该方法结合了能量分析的基本原理和信息论的基础，利用能量泄露的中间值和能量迹计算两者的互信息大小，从而达到提取密钥的目的。利用该方法针对基于SM3的HMAC算法进行了实测攻击，实验表明，该方法可以成功恢复出SM3算法初始状态从而提取出正确的密钥，扩展了侧信道攻击的方法。

关键词: HAMC算法, SM3算法, 能量分析攻击, 互信息能量分析攻击, 初始状态

Abstract:

A novel method of mutual information power analysis attack was proposed.The method was built on the basis of the basic principle of power analysis and the basic theory of information.For the purpose of attacking the key,the mutual in-formation values was computed using two values between the mediate variable with the power traces.An experiment was im-plemented on the algorithm of HMAC based on SM3 using this method.The experimental results show the proposed attack method is effective because the initial value of state variable can be successfully retrieved to compute the real true key.

Key words: HAMC algorithm, SM3 algorithm, power analysis attack, mutual information power analysis attack, initial state

吴震,王敏,饶金涛,杜之波,王胜,张凌浩. 针对基于SM3的HMAC的互信息能量分析攻击[J]. 通信学报, 2016, 37(Z1): 57-62.

Zhen WU,Min WANG,Jin-tao RAO,Zhi-bo DU,Sheng WANG,Ling-hao ZHANG. Mutual information power analysis attack of HMAC based on SM3[J]. Journal on Communications, 2016, 37(Z1): 57-62.

图/表 4

图1

图2

表1

表2

参考文献 12

[1]	KOCHER P . Timing attacks on implementAtions of diffie-hellmAn,RSA,DSS,and other systems[C]//CRYPTO 1996. 1996:104-113.
[2]	KOCHER P , JAFFE J , JUN B A . Differential power analysis[C]//Proceedings of the 19th AnnuAl InternAtionAl Cryptology Conference on AdvAnces in Cryptology Lecture Notes In Computer Science. 1999:388-397.
[3]	BRIER E , CLAVIER C , OLIVIER F . Correlation power analysis with a leakage model[C]//CryptogrAphic HArdwAre And Embedded Sys-tems. 2004:16-29.
[4]	SURESH C , JOSYULA R R , PANKAJ R . Template attacks[C]// Cryp-togrAphic Hardware and Embedded Systems - CHES 2002. 2003:13-28.
[5]	GIERLICHS B , BATINA L , TUYLS P , et al. Mutual information analysis[J]. In CHES 2008,LNCS, 2008:426-442.
[6]	BELLARE M , CANETTI R , KRAWCZYK H . Keying hash functions for message authentication[C]//CRYPTO. 1996:1-15.
[7]	China's office of security commercial code administration:sepecifica-tion of sm3 cryptographic hash function (2010)[EB/OL]. .
[8]	MCEVOY R , TUNSTALL M , COLIN C , et al. Differential power analysis of HMAC based on SHA-2,and countermeasures[J]. Infor-mation Security ApplicAtions, 2007:317-332.
[9]	GUO L M , LI Q , WANG L H , et al. A differential power analysis attack on dynamic password token based on SM3 algorithm[C]//First International Conference on Information Science and Electronic Technology (ISET 2015). 2015:107-110.
[10]	GUO L M , LI Q , WANG L H , et al. A first-order differential power analysis attack on HMAC-SM3[C]//First International Conference on Information Science and Electronic Technology (ISET 2015). 2015:94-97.
[11]	吴震，陈运，陈俊，等. 真实硬件环境下幂剩余功耗轨迹指数信息提取[J]. 通信学报， 2010,31(2):17-21. WU Z , CHEN Y , CHEN J , et al. Exponential information's extraction from power traces of modulo exponentiation implemented on FPGA[J]. Journal on Communications, 2010,31(2):17-21.
[12]	王敏，杜之波，吴震，等. 针对 SMS4轮输出的选择明文能量分析攻击[J]. 通信学报， 2015,36(1):2015016. WANG M , DU Z B , WU Z , et al. Chosen-plaintext power analysis at-tack against SMS4 with the round-output as the intermediate data[J]. Journal on Communications, 2015,36(1):2015016.

X₀字节数	候选	猜测密钥	互信息
	1	171(0xAB)	0.149 700 88
	2	175(0xAF)	0.091 114 76
1
	3	179(0xB3)	0.083 942 41
	4	173(0xAD)	0.080 647 47
	1	93(0x5D)	0.057 168 96
	2	221(0xDD)	0.036 893 606
2
	3	97(0x61)	0.028 832 912
	4	29(0x1D)	0.028 556 347
	1	139(0x8b)	0.045 111 18
	2	11(0xb)	0.032 523 155
3
	3	155(0x9b)	0.019 926 000
	4	171(0xab)	0.019 926 071
	1	88(0x58)	0.039 939 165
	2	216(0xd8)	0.028 746 128
4
	3	232(0xe8)	0.026 728 153
	4		0.023 374 557

Y₀字节数	候选	猜测密钥	互信息
	1	59(0x3b)	0.059 343 815
	2	27(0x1b)	0.051 928 997
1
	3	43(0x2b)	0.047 966 957
	4	51(0x33)	0.039 445 877
	1	123(0x7b)	0.054 609 776
	2	124(0x7c)	0.028 824 568
2
	3	125(0x7d)	0.027 479 887
	4	139(0x8b)	0.027 244 806
	1	5(0x5)	0.035 793 543
	2	7(0x7)	0.019 990 921
3
	3	21(0x15)	0.017 910 957
	4	9(0x9)	0.017 578 125
	1	95(0x5f)	0.058 778 763
	2	159(0x9f)	0.035 902 26
4
	3	223(0xdf)	0.035 723 21
	4	96(0x60)	0.033 185 96

针对基于SM3的HMAC的互信息能量分析攻击

Mutual information power analysis attack of HMAC based on SM3

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 12

相关文章 8

Metrics

推荐阅读 0

[1]	徐明,史量. 基于伪四维投射坐标的多基链标量乘法[J]. 通信学报, 2018, 39(5): 74-84.
[2]	杜之波,吴震,王敏,饶金涛. 基于SM3的动态令牌的能量分析攻击方法[J]. 通信学报, 2017, 38(3): 65-72.
[3]	杜之波,孙元华,王燚. 针对AES密码算法的多点联合能量分析攻击[J]. 通信学报, 2016, 37(Z1): 78-84.
[4]	杜之波,吴震,王敏,饶金涛. 针对基于SM3的HMAC的能量分析攻击方法[J]. 通信学报, 2016, 37(5): 38-43.
[5]	杜之波,吴震,王敏,饶金涛. 针对SM4轮输出的改进型选择明文功耗分析攻击[J]. 通信学报, 2015, 36(10): 85-91.
[6]	王敏,杜之波,吴震,饶金涛. 针对SMS4轮输出的选择明文能量分析攻击[J]. 通信学报, 2015, 36(1): 142-148.
[7]	甘刚，王敏，杜之波，吴震. 基于Montgomery算法安全漏洞的SPA攻击算法[J]. 通信学报, 2013, 34(Z1): 20-161.
[8]	甘刚,王敏,杜之波,吴震. 基于Montgomery算法安全漏洞的SPA攻击算法[J]. 通信学报, 2013, 34(Z1): 156-161.