区块链的椭圆曲线密码算法侧信道安全分析
|
摘要
区块链是一种全新的去中心化的分布式计算技术,它利用密码技术保障区块链数据的完整性、匿名性、隐私和不可篡改性,而区块链共识机制的计算效率成为阻碍其发展瓶颈之一,因此区块链硬件化成为趋势.然而,侧信道攻击已成为密码硬件设备主要攻击手段之一,区块链硬件设备将存在侧信道攻击安全威胁.该文针对区块链技术中采用的椭圆曲线密码算法,探讨椭圆曲线标量乘中倍点和倍加运算原子级实现算法,提出了标量乘原子操作运算的功耗特征模型;通过功耗特征模型提出了一种实用的SPA攻击方法,采集一条标量乘功耗曲线可破解密钥;然后从原子级运算操作入手,分析倍点和倍加产生功耗差异本质原因,通过对倍点和倍加运算增加空操作,给出了原子操作级的等功耗防御方案,为区块链硬件设备提供抗侧信道攻击的安全密码技术;最后对未来研究进行了展望.
Blockchain is an emerging distributed computing technology of de-centralization that uses cryptography to ensure integrity, anonymity, privacy and immutability, and the computational effciency of consensus mechanism has become one of the bottlenecks of hindering its development, so the hardware devices of the blockchain have emerged. However,the side channel attack has become one of the main attack means of cryptographic hardware devices, and the hardware devices of the blockchain will face side channel attacks.The power feature model of atomic operations is proposed by exploring the implementation of point doubling and addition operations at atomic level in scalar multiplication.The practical SPA method is presented with the power feature model and the private key can be cracked with a power trace. Next, the paper analyzes the major cause of power difference between point doubling and addition operations from atomic operations, and the countermeasure of equivalent power consumption at atomic level is given by adding empty operations in point doubling and addition operations. This is given to secure cryptography technology against side channel attacks for hardware devices of blockchain. Finally, the research results are summarized and a perspective of the future work in this research area is discussed in this paper.
Blockchain is an emerging distributed computing technology of de-centralization that uses cryptography to ensure integrity, anonymity, privacy and immutability, and the computational effciency of consensus mechanism has become one of the bottlenecks of hindering its development, so the hardware devices of the blockchain have emerged. However,the side channel attack has become one of the main attack means of cryptographic hardware devices, and the hardware devices of the blockchain will face side channel attacks.The power feature model of atomic operations is proposed by exploring the implementation of point doubling and addition operations at atomic level in scalar multiplication.The practical SPA method is presented with the power feature model and the private key can be cracked with a power trace. Next, the paper analyzes the major cause of power difference between point doubling and addition operations from atomic operations, and the countermeasure of equivalent power consumption at atomic level is given by adding empty operations in point doubling and addition operations. This is given to secure cryptography technology against side channel attacks for hardware devices of blockchain. Finally, the research results are summarized and a perspective of the future work in this research area is discussed in this paper.
引文
[1]Nakamoto S.Bitcoin:a peer-to-peer electronic cash system[EB/OL].[2018-11-24].http://bitcoin.org/bitcoin.pdf.
[2]周平.中国区块链技术和应用发展白皮书[M].北京:工业和信息化部,2016.
[3]刘敖迪,杜学绘,王娜,李少卓.区块链技术及其在信息安全领域的研究进展[J].软件学报,2018,29(7):2092-2115.Liu A D, Du X H, Wang N, Li S Z. Research progress of blockchain technology and its application in information security[J]. Journal of Software, 2018, 29(7):2092-2115.(in Chinese)
[4]房卫东,张武雄,潘涛,陈伟,杨旸.区块链的网络安全:威胁与对策[J].信息安全学报,2018, 3(2):87-104.Fang W D, Zhang W X, Pan T, Chen W, Yang Y. Cyber security in blockchain:threats and countermeasures[J]. Journal of Cyber Security, 2018, 3(2):87-104.(in Chinese)
[5]袁勇,王飞跃.区块链技术发展与展望[J].自动化学报,2016, 42(4):481-494.Yuan Y, Wang F Y. Blockchain:the state of the art and future trends[J]. Acta Automatica Sinica, 2016, 42(4):481-494.(in Chinese)
[6]李鹏.比特币系统分析及FPGA矿机控制软件设计与实现[D].北京:北京邮电大学,2013.
[7] Kocher P, Jaffe J, Jun B. Differential power analysis[C]//Proceeding of Advances in Cryptology, California, USA:Springer, 1999:789-789.
[8] Yen S M, Lien W C, Moon S J, Ha J C. Power analysis by exploiting chosen message and internal collisions-vulnerability of checking mechanism for RSA decryption[C]//Proceeding of Mycrypt’05, 2005:183-195.
[9] Messerges T S, Dabbish E A, Sloan R H. Investigations of power analysis attacks on smartcards[C]//Proceeding USENIX Workshop Smartcard Technology, Chicago, Illinois, USA:IEEE, 1999:151-161.
[10] Coron J S. Resistance against differential power analysis for elliptic curve cryptosystems[C]//Proceeding of International Workshop on Cryptography Hardware and Embedded Systems, Springer, Heidelberg, 2003:292-302.
[11] Homma N, Miyamoto A, Aoki T, Satoh A. Comparative power analysis of modular exponentiation algorithms[J]. IEEE Transactions on Computer, 2010, 59(6):795-807.
[12] Gobin L. A refined power analysis attack on elliptic curve cryptosystems[C]//Proceeding of Public Key Cryptography, Springer-Verlag, 2003:199-211.
[13]王化群,吴涛.区块链中的密码学技术[J].南京邮电大学学报(自然科学版),2017, 37(6):61-67.Wang H Q, Wu T. Cryptography on the blockchain[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition), 2017, 37(6):61-67.(in Chinese)
[14] Medwed M, Oswald E. Template attacks on ECDSA[M]//Information Security Applications.Springer-Verlag, 2009.
[15] Pang S C, Tong S Y, Cong F Z, Qiu H Y. A efficient elliptic curve scalar multiplication algorithm against side channel attacks[C]//International Conference on Computer, Mechatronics,Control and Electronic Engineering(CMCE2010)Berlin:Springer-Verlag, 2010:361-364.
[16] Fan J F, Guo X, De Mulder E, Schaumont P. State-of-the-art of secure ECC implementations:a survey on known side-channel attacks and countermeasures[C]//Hardware-Oriented Security and Trust(HOST). IEEE, 2010:76-87.
[17] Fan J, Gierlichs B, Vercauteren F. To infinity and beyond:combined attack on ECC using points of low order[C]//Proceeding of International Workshop on Cryptographic Hardware and Embedded Systems-CHES, Heidelberg:Springer, 2011:292-302.
[18] Zhang L, Wu L, Mu Z, Zhang X. A novel template attack on wNAF algorithm of ECC[C]//International Conference on Computational Intelligence and Security(CIS). IEEE, 2014:671-675.
[19]罗鹏,李慧云,王鲲鹏,王亚伟.对ECC算法实现的选择明文攻击[J].通信学报,2014, 35(5):79-86.Luo P, Li H Y, Wang K P, Wang Y W. Chosen message attacks method against ECC implementations[J]. Journal on Communications, 2014, 35(5):79-86.(in Chinese)
[20] Bauer A, Jaulmes E, Prouff E, Wild J. Horizontal collision correlation attack on elliptic curves[J]. Cryptography&Communications, 2015, 7(1):91-119.
[21] Chen T. Li H. Wu K. YU F Countermeasure of ECC against side channel attacks:balanced point addition and point doubling operation procedure[C]//Asia Pacitic Conference on Information Processing, 2009:465-469.
[2]周平.中国区块链技术和应用发展白皮书[M].北京:工业和信息化部,2016.
[3]刘敖迪,杜学绘,王娜,李少卓.区块链技术及其在信息安全领域的研究进展[J].软件学报,2018,29(7):2092-2115.Liu A D, Du X H, Wang N, Li S Z. Research progress of blockchain technology and its application in information security[J]. Journal of Software, 2018, 29(7):2092-2115.(in Chinese)
[4]房卫东,张武雄,潘涛,陈伟,杨旸.区块链的网络安全:威胁与对策[J].信息安全学报,2018, 3(2):87-104.Fang W D, Zhang W X, Pan T, Chen W, Yang Y. Cyber security in blockchain:threats and countermeasures[J]. Journal of Cyber Security, 2018, 3(2):87-104.(in Chinese)
[5]袁勇,王飞跃.区块链技术发展与展望[J].自动化学报,2016, 42(4):481-494.Yuan Y, Wang F Y. Blockchain:the state of the art and future trends[J]. Acta Automatica Sinica, 2016, 42(4):481-494.(in Chinese)
[6]李鹏.比特币系统分析及FPGA矿机控制软件设计与实现[D].北京:北京邮电大学,2013.
[7] Kocher P, Jaffe J, Jun B. Differential power analysis[C]//Proceeding of Advances in Cryptology, California, USA:Springer, 1999:789-789.
[8] Yen S M, Lien W C, Moon S J, Ha J C. Power analysis by exploiting chosen message and internal collisions-vulnerability of checking mechanism for RSA decryption[C]//Proceeding of Mycrypt’05, 2005:183-195.
[9] Messerges T S, Dabbish E A, Sloan R H. Investigations of power analysis attacks on smartcards[C]//Proceeding USENIX Workshop Smartcard Technology, Chicago, Illinois, USA:IEEE, 1999:151-161.
[10] Coron J S. Resistance against differential power analysis for elliptic curve cryptosystems[C]//Proceeding of International Workshop on Cryptography Hardware and Embedded Systems, Springer, Heidelberg, 2003:292-302.
[11] Homma N, Miyamoto A, Aoki T, Satoh A. Comparative power analysis of modular exponentiation algorithms[J]. IEEE Transactions on Computer, 2010, 59(6):795-807.
[12] Gobin L. A refined power analysis attack on elliptic curve cryptosystems[C]//Proceeding of Public Key Cryptography, Springer-Verlag, 2003:199-211.
[13]王化群,吴涛.区块链中的密码学技术[J].南京邮电大学学报(自然科学版),2017, 37(6):61-67.Wang H Q, Wu T. Cryptography on the blockchain[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition), 2017, 37(6):61-67.(in Chinese)
[14] Medwed M, Oswald E. Template attacks on ECDSA[M]//Information Security Applications.Springer-Verlag, 2009.
[15] Pang S C, Tong S Y, Cong F Z, Qiu H Y. A efficient elliptic curve scalar multiplication algorithm against side channel attacks[C]//International Conference on Computer, Mechatronics,Control and Electronic Engineering(CMCE2010)Berlin:Springer-Verlag, 2010:361-364.
[16] Fan J F, Guo X, De Mulder E, Schaumont P. State-of-the-art of secure ECC implementations:a survey on known side-channel attacks and countermeasures[C]//Hardware-Oriented Security and Trust(HOST). IEEE, 2010:76-87.
[17] Fan J, Gierlichs B, Vercauteren F. To infinity and beyond:combined attack on ECC using points of low order[C]//Proceeding of International Workshop on Cryptographic Hardware and Embedded Systems-CHES, Heidelberg:Springer, 2011:292-302.
[18] Zhang L, Wu L, Mu Z, Zhang X. A novel template attack on wNAF algorithm of ECC[C]//International Conference on Computational Intelligence and Security(CIS). IEEE, 2014:671-675.
[19]罗鹏,李慧云,王鲲鹏,王亚伟.对ECC算法实现的选择明文攻击[J].通信学报,2014, 35(5):79-86.Luo P, Li H Y, Wang K P, Wang Y W. Chosen message attacks method against ECC implementations[J]. Journal on Communications, 2014, 35(5):79-86.(in Chinese)
[20] Bauer A, Jaulmes E, Prouff E, Wild J. Horizontal collision correlation attack on elliptic curves[J]. Cryptography&Communications, 2015, 7(1):91-119.
[21] Chen T. Li H. Wu K. YU F Countermeasure of ECC against side channel attacks:balanced point addition and point doubling operation procedure[C]//Asia Pacitic Conference on Information Processing, 2009:465-469.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |