针对SM4轮输出的改进型选择明文功耗分析攻击

doi:10.11959/j.issn.1000-436x.2015270

通信学报 ›› 2015, Vol. 36 ›› Issue (10): 85-91.doi: 10.11959/j.issn.1000-436x.2015270

针对SM4轮输出的改进型选择明文功耗分析攻击

杜之波,吴震,王敏,饶金涛

成都信息工程大学信息安全工程学院，四川成都 610225

出版日期:2015-10-25 发布日期:2015-10-27
基金资助:
国家重大科技专项基金资助项目;国家高技术研究发展计划(“863”计划)基金资助项目;“十二五”国家密码发展基金资助项目;四川省科技支撑计划基金资助项目;四川省教育厅重点科研基金资助项目;成都信息工程学院科研基金资助项目

Improved chosen-plaintext power analysis attack against SM4 at the round-output

Zhi-bo DU,Zhen WU,Min WANG,Jin-tao RAO

College of Information Security Engineering,Chengdu University of Information Technology,Chengdu 610225,China

Online:2015-10-25 Published:2015-10-27
Supported by:
The National Science and Technology Major Project;The National High Technology Research and Development Program of China(863 Program);“The 12th FIVE-YEARS”National Cryptogram Development Fund;Sichuan Science and Technology Support Programmer;The Education De-partment Key Scientific Research Projects of Sichuan Province;Project Supported by the Scientific Research Founda-tion of CUIT

摘要/Abstract

摘要：

Wang等通过攻击时引入固定数据，在2013年的CIS上提出了针对SM4密码算法选择明文功耗分析攻击，但该方法存在选择明文次数、采集功耗信号曲线次数和条数多的问题，攻击过程复杂。分析发现该固定数据和轮子密钥之间的相关性可用于恢复轮子密钥，为此提出针对 SM4 密码算法轮输出的改进型选择明文功耗分析攻击。攻击时选择特殊的明文采集功耗信号曲线，将固定数据作为攻击目标，利用攻击出的固定数据来破解轮子密钥，实验验证了该方法的有效性。使用此方法进行攻击，不仅可以降低选择明文次数、采集功耗信号曲线次数和条数，提高攻击效率，而且还可应用于针对SM4密码算法线性变换的选择明文攻击。

关键词: SM4算法, 能量分析攻击, 选择明文, 轮输出, 固定数据

Abstract:

The power analysis attack on SM4 using the chosen-plaintext method was proposed by Wang et al in 2013 CIS.The fixed data was introduced in the method when attacking the round key.However,the attack process was complex.There were many problems in the process,such as more power traces,more numbers of the chosen-plaintext and acquisition power traces.The correlation between the fixed data and the round key were presented,which could be used to decode the round key.Based on the correlation,the improved chosen-plaintext power analysis attack against SM4 at the round-output was proposed.The proposed method attacked the fixed data by analyzing the power traces of the special plaintext.And the round key was derived based on the correlation.The results show that the proposed attack algorithm is effective.The proposed method not only improves the efficiency of the attack by reducing number of power traces,number of the chosen-plaintext and number of acquisition power traces,but also can be applied to a chosen-plaintext power analysis attack against SM4 at the shift operation.

Key words: SM4 algorithm, power analysis attack, chosen-plaintext, round output, fixed data

杜之波,吴震,王敏,饶金涛. 针对SM4轮输出的改进型选择明文功耗分析攻击[J]. 通信学报, 2015, 36(10): 85-91.

Zhi-bo DU,Zhen WU,Min WANG,Jin-tao RAO. Improved chosen-plaintext power analysis attack against SM4 at the round-output[J]. Journal on Communications, 2015, 36(10): 85-91.

图/表 8

图1

图2

图3

图4

图5

图6

图7

表1

参考文献 13

[1]	PAUL K , JOSHUA J , BENJAMIN J . Differential power analysis[A]. Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology[C]. 1999. 388-397.
[2]	ERIC B , CHRISTOPHE C , FRANCIS O . Correlation power analysis with a leakage model[A]. Proceeding of 6th International Workshop Cambridge[C]. MA,USA, 2004. 16-29.
[3]	CHEN A D , XU S , CHEN Y ,et al. Collision-based chosen-message simple power clustering attack algorithm[J]. China Communications, 2013,10(5): 114-119.
[4]	吴震, 陈运, 陈俊 ,等. 真实硬件环境下幂剩余功耗轨迹指数信息提取[J]. 通信学报, 2010,31(2): 17-21. WU Z , CHEN Y , CHEN J ,et al. Exponential information’s extraction from power traces of modulo exponentiation implemented on FPGA[J]. Journal on Communications, 2010,31(2): 17-21.
[5]	国家商用密码管理办公室. 无线局域网产品使用的 SMS4 密码算法[EB/OL]. , 2006.Office of State Commercial Cipher Administration. Block cipher for WLAN products-SMS4[EB/OL]. , 2006.
[6]	沈薇 . SMS4 算法的能量分析攻击及其防御研究[D]. 西安:西安电子科技大学, 2009. SHEN W . Investigation of Power Analysis Attacks and Its CounterMeasures on SMS4 Cipher Algorithm[D]. Xi’an:Xidian University, 2009.
[7]	BAI X F , XU Y H , GUO L . Securing SMS4 cipher against differential power analysis and its VLSI implementation[A]. Proceedings of 11th IEEE International Conference on Communication Systems[C]. 2008. 167-172.
[8]	徐艳华 . 抗攻击的 SMS4 密码算法集成电路设计研究[D]. 合肥:中国科技大学, 2009. XU Y H . Research on Attacks Resistant SMS4 Cipher VLSI Design Technology[D]. Hefei:University of Science and Technology of China, 2009.
[9]	赵新杰, 王韬, 郑媛媛 . 针对SMS4密码算法的Cache计时攻击[J]. 通信学报, 2010,31(6): 89-97. ZHAO X J , WANG T , ZHENG Y Y . Cache timing attack on SMS4[J]. Journal on Communications, 2010,31(6): 89-97.
[10]	WANG S T , GU D W , LIU J R ,et al. A power analysis on SMS4 using the chosen plaintext method[A]. 2013 Ninth International Conference on Computational Intelligence and Security[C]. Springer, 2013. 748-752.
[11]	SURESH C , JOSYULA R R , PANKAJ R . Template attacks[A]. Proceedings of 4th International Workshop Redwood Shores[C]. CA,USA, 2003. 13-28.
[12]	王敏, 杜之波, 吴震 ,等. 针对 SMS4 轮输出的选择明文能量分析攻击[J]. 通信学报, 2015,36(1):2015016. WANG M , DU Z B , WU Z ,et al. Chosen-plaintext power analysis attack against SMS4 with the round-output as the intermediate data[J]. Journal on Communications, 2015,36(1):2015016.
[13]	BRIER E , CLAVIER C , OLIVIER F . Correlation power analysis with a leakage module[A]. Proceedings of 6th International Workshop Cambridge[C]. MA,USA, 2004. 125-134.

攻击方法	选择明文次数	采集曲线次数	单轮攻击曲线条数
针对SM4选择明文功耗分析攻击	16	16	4N
针对SM4轮输出的改进型选择明文功耗分析攻击	4	4	N

[1]	冯朝胜,罗王平,秦志光,袁丁,邹莉萍. 支持多种特性的基于属性代理重加密方案[J]. 通信学报, 2019, 40(6): 177-189.
[2]	徐明,史量. 基于伪四维投射坐标的多基链标量乘法[J]. 通信学报, 2018, 39(5): 74-84.
[3]	杜之波,吴震,王敏,饶金涛. 基于SM3的动态令牌的能量分析攻击方法[J]. 通信学报, 2017, 38(3): 65-72.
[4]	吴震,王敏,饶金涛,杜之波,王胜,张凌浩. 针对基于SM3的HMAC的互信息能量分析攻击[J]. 通信学报, 2016, 37(Z1): 57-62.
[5]	杜之波,孙元华,王燚. 针对AES密码算法的多点联合能量分析攻击[J]. 通信学报, 2016, 37(Z1): 78-84.
[6]	王敏,吴震,饶金涛,凌杭. 针对SM4算法的约减轮故障攻击[J]. 通信学报, 2016, 37(Z1): 98-103.
[7]	杜之波,吴震,王敏,饶金涛. 针对基于SM3的HMAC的能量分析攻击方法[J]. 通信学报, 2016, 37(5): 38-43.
[8]	应作斌,马建峰,崔江涛. 支持动态策略更新的半策略隐藏属性加密方案[J]. 通信学报, 2015, 36(12): 1-221.
[9]	王敏,杜之波,吴震,饶金涛. 针对SMS4轮输出的选择明文能量分析攻击[J]. 通信学报, 2015, 36(1): 142-148.
[10]	罗文俊，刘冠丽. 基于单粒子的量子公钥加密协议[J]. 通信学报, 2014, 35(Z2): 2-13.
[11]	罗文俊,刘冠丽. 基于单粒子的量子公钥加密协议[J]. 通信学报, 2014, 35(Z2): 9-13.
[12]	罗鹏,李慧云,王鲲鹏,王亚伟. 对ECC算法实现的选择明文攻击方法[J]. 通信学报, 2014, 35(5): 79-87.
[13]	罗鹏1,2，李慧云3，王鲲鹏4，王亚伟5. 对ECC算法实现的选择明文攻击方法[J]. 通信学报, 2014, 35(5): 11-87.
[14]	甘刚，王敏，杜之波，吴震. 基于Montgomery算法安全漏洞的SPA攻击算法[J]. 通信学报, 2013, 34(Z1): 20-161.
[15]	甘刚,王敏,杜之波,吴震. 基于Montgomery算法安全漏洞的SPA攻击算法[J]. 通信学报, 2013, 34(Z1): 156-161.

针对SM4轮输出的改进型选择明文功耗分析攻击

Improved chosen-plaintext power analysis attack against SM4 at the round-output

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 13

相关文章 15

Metrics

推荐阅读 0