针对基于SM3的HMAC的能量分析攻击方法

doi:0.11959/j.issn.1000-436x.2016090

通信学报 ›› 2016, Vol. 37 ›› Issue (5): 38-43.doi: 0.11959/j.issn.1000-436x.2016090

针对基于SM3的HMAC的能量分析攻击方法

杜之波,吴震,王敏,饶金涛

成都信息工程大学信息安全工程学院，四川成都610225

出版日期:2016-05-25 发布日期:2016-06-01
基金资助:
国家重大科技专项基金资助项目;国家高技术研究发展计划（“863”计划）;“十二五”国家密码发展基金资助项目;四川省科技支撑计划基金资助项目;四川省教育厅重点科研基金资助项目;成都信息工程学院科研基金资助项目

Power analysis attack of HMAC based on SM3

Zhi-bo DU,Zhen WU,Min WANG,Jin-tao RAO

College of Information Security Engineering,Chengdu University of Information Technology,Chengdu 610225,China

Online:2016-05-25 Published:2016-06-01
Supported by:
The National Science and Technology Major Project;The National High Technology Re-search and Development Program of China(863 Program);“The 12th Five-Years”National Cryptogram Devel-opment Fund;Sichuan Science and Technology Support Programmer;Sichuan Provincial Education Department Key Scientific Research Projects;The Scientific Research Foundation of CUIT

摘要/Abstract

摘要：

现有基于SM3的HMAC的能量攻击方法，仅适用于同时存在汉明重量和汉明距离信息泄露的攻击对象，如果被攻击对象存在单一模型的信息泄露，则这些方法均不适用。针对该局限性，提出了一种针对SM3的HMAC的能量分析新型攻击方法，该新型攻击方法每次攻击时选择不同的攻击目标和其相关的中间变量，根据该中间变量的汉明距离模型或者汉明重量模型实施能量分析攻击，经过对SM3密码算法的前4轮多次实施能量分析攻击，将攻击出的所有结果联立方程组，对该方程组求解，即可推出最终的攻击目标。通过实验验证了该攻击方法的有效性。由于所提方法不仅可以对同时存在汉明重量和汉明距离信息泄露的对象进行攻击，而且还可以对仅存在单一信息泄露模型的对象进行攻击，所以该方法应用的攻击对象比现有的攻击方法应用更广。

关键词: HAMC算法, SM3算法, ；能量分析攻击, 相关性能量分析攻击, 始状态

Abstract:

The current power analysis attack of HMAC based on SM3 applies only to the object,on which there is the Hamming weight and Hamming distance information leakage at the same time.there is only a single information leakage mode on the attack object,then the attack methods don't work.To solve the limitations of the current attack methods,a novel method of the power analysis attack of HMAC based on SM3 was proposed.The different attack object and their related va-riables were selected in each power analysis attack.The attacks were implemented according to the Hamming distance mod-el or Hamming weight model of the intermediate variables.After several power analysis attacked on the first four rounds of SM3,the equations that consists of the results proposed of all the power analysis attacks were obtained.The ultimate attack object is derived by getting the solution of the equations.The experimental results show that the oposed attack method was effective.The method can be used universally because its being available for both the situation of co-exist of hamming weight with Hamming distance,and that of either the Hamming weight or choosing the Hamming distance model existence.

Key words: HAMC algorithm, SM3 algorithm, power analysis attack, correlation power analysis attack, initial state

杜之波,吴震,王敏,饶金涛. 针对基于SM3的HMAC的能量分析攻击方法[J]. 通信学报, 2016, 37(5): 38-43.

Zhi-bo DU,Zhen WU,Min WANG,Jin-tao RAO. Power analysis attack of HMAC based on SM3[J]. Journal on Communications, 2016, 37(5): 38-43.

图/表 7

图1

图2

图3

图4

图5

图6

表1

参考文献 12

[1]	PAUL K . Timing attacks on implementations of diffie-hellman,RSA,DSS,and other systems[C]// CRYPTO 1996, Berlin c1996: 104-113.
[2]	PAUL K , JOSHUA J , BENJAMIN J . Differential power analysis[C]// The 19th Annual International Cryptology Conference on Advances in Cryptology. c1999: 388-397.
[3]	ERIC B , CHRISTOPHE C , FRANCIS O . Correlation power analysis with a leakage model[C]// Cryptographic Hardware and Embedded Systems–CHES 2004, c2004: 16-29.
[4]	SURESH C , JOSYULA R R , PANKAJ R . Template attacks[C]// Cryptographic Hardware and Embedded Systems-CHES 2002. c2003: 13-28.
[5]	MIHIR B , RAN C , HUGO K . Keying hash functions for message authentication[C]// Neal Koblitz,CRYPTO. c1996: 1-15.
[6]	China's Office of security commercial code administration:sepecifi-cation of SM3 cryptographic hash function[EB/OL]. . 2010.
[7]	KATSUYUKI O . Side channel attacks against HMACs based on lock-cipher based hash functions[C]// Information Security and Privacy(ACISP 2006). c2006: 432-443.
[8]	ROBERT M , MICHAEL T , COLIN C M , et al. Differential power analysis of HMAC based on SHA-2,and countermeasures[J]. Infor-mation Security Applications, 2007,4867: 317-332.
[9]	GUO L M , LI Q , WANG L H , et al. A differential power analysis attack on dynamic password token based on SM3 algorithm[C]// First International Conference on Information Science and El nic Technology(ISET 2015). c2015: 107-110.
[10]	GUO L M , LI Q , WANG L H , et al. A first-order differential power analysis attack on HMAC-SM3[C]// First International Conference on Information Science and Electronic Technology(ISET 2015). c2015: 94-97.
[11]	吴震, 陈运, 陈俊，等. 真实硬件环境下幂剩余功耗轨迹指数信息提取[J]．通信学报, 2010,31(2): 17-21. WU Z , CHEN Y , CHEN J , et al. Exponential information's extraction from power traces of modulo exponentiation implemented on FPGA[J]. Journal on Communications, 2010,31(2): 17-21.
[12]	王敏, 杜之波, 吴震，等. 针对SMS4轮输出的选择明文能量分析攻击[J]．通信学报, 2015,36(1): 2015016. WANG M , DU Z B , WU Z , et al. Chosen-plaintext power analysis at-tack against SMS4 with the round-output as the intermediate data[J]. Journal on Communications, 2015,36(1): 2015016.

针对基于SM3的HMAC的能量分析攻击方法

Power analysis attack of HMAC based on SM3

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 12

相关文章 3

Metrics

推荐阅读 0

攻击方法	汉明重量模型	汉明距离模型	二者混合模型
本文攻击方法	适用	适用	适用
文献[10]攻击方法	不适用	不适用	适用

[1]	杜之波,吴震,王敏,饶金涛. 基于SM3的动态令牌的能量分析攻击方法[J]. 通信学报, 2017, 38(3): 65-72.
[2]	吴震,王敏,饶金涛,杜之波,王胜,张凌浩. 针对基于SM3的HMAC的互信息能量分析攻击[J]. 通信学报, 2016, 37(Z1): 57-62.
[3]	杜之波,孙元华,王燚. 针对AES密码算法的多点联合能量分析攻击[J]. 通信学报, 2016, 37(Z1): 78-84.