基于随机加法链的高级加密标准抗侧信道攻击对策
|
摘要
侧信道攻击已经对高级加密标准(AES)的硬件安全造成严重威胁,如何抵御侧信道攻击成为目前亟待解决的问题。字节替换操作作为AES算法中唯一的非线性操作,提高其安全性对整个加密算法有重要意义。该文提出一种基于随机加法链的AES抗侧信道攻击对策,该对策用随机加法链代替之前固定的加法链来实现有限域GF(28)上的乘法求逆操作,在此基础上研究随机加法链对算法安全性和有效性方面的影响。实验表明,所提随机加法链算法比之前固定的加法链算法在抵御侧信道攻击上更加安全、有效。
Side channel attacks have serious threat to the hardware security of Advanced Encryption Standard(AES), how to resist the side channel attack becomes an urgent problem. Byte substitution operation is the only nonlinear operation in AES algorithm, so it is very important for the whole encryption algorithm to improve its security. In this paper, a countermeasure against side-channel attack is proposed based on random addition-chain for AES by replacing the fixed addition-chain with random addition-chain to realize the inverse operation of multiplication in a finite field GF(28). The impact of the random addition-chain on the security and effectiveness of the algorithm is studied. Experimental results show that the proposed random additionchain based algorithm is more secure and effective than the previous fixed addition-chain based algorithms in defending against side channel attacks.
Side channel attacks have serious threat to the hardware security of Advanced Encryption Standard(AES), how to resist the side channel attack becomes an urgent problem. Byte substitution operation is the only nonlinear operation in AES algorithm, so it is very important for the whole encryption algorithm to improve its security. In this paper, a countermeasure against side-channel attack is proposed based on random addition-chain for AES by replacing the fixed addition-chain with random addition-chain to realize the inverse operation of multiplication in a finite field GF(28). The impact of the random addition-chain on the security and effectiveness of the algorithm is studied. Experimental results show that the proposed random additionchain based algorithm is more secure and effective than the previous fixed addition-chain based algorithms in defending against side channel attacks.
引文
[1]STANDAERT F X.Introduction to Side-channel Attacks[M].Secure Integrated Circuits and Systems,Boston:Springer,2010:27-42.doi:10.1007/978-0-387-71829-32.
[2]CORON J S.Higher order masking of look-up tables[C].33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques,Copenhagen,Denmark,2014:441-458.doi:10.1007/978-3-642-55220-5_25.
[3]刘国强,金晨辉.一类动态S盒的构造与差分性质研究[J].电子与信息学报,2014,36(1):74-81.doi:10.3724/SP.J.1146.2013.00416.LIU Guoqiang and JIN Chenhui.Investigation on construction and differential property of a class of dynamic S-box[J].Journal of Electronics&Information Technology,2014,36(1):74-81.doi:10.3724/SP.J.1146.2013.00416.
[4]臧鸿雁,黄慧芳.基于均匀化混沌系统生成S盒的算法研究[J].电子与信息学报,2017,39(3):575-581.doi:10.11999/JEIT160535.ZANG Hongyan and HUANG Huifang.Research on algorithm of generating S-box based on uniform chaotic system[J].Journal of Electronics&Information Technology,2017,39(3):575-581.doi:10.11999/JEIT160535.
[5]钟卫东,孟庆全,张帅伟,等.基于秘密共享的AES的S盒实现与优化[J].工程科学与技术,2017,49(1):191-196.doi:10.15961/j.jsuese.2017.01.025.ZHONG Weidong,MENG Qingquan,ZHANG Shuaiwei,et al.Implementation and optimization of S-box on AES based on secret sharing[J].Advanced Engineering Sciences,2017,49(1):191-196.doi:10.15961/j.jsuese.2017.01.025.
[6]张伟,高俊雄,王耕波,等.一种优化的AES算法及其FPGA实现[J].计算机与数字工程,2017,45(1):502-505.doi:10.3969/j.issn.1672-9722.2017.03.020.ZHANG Wei,GAO Junxiong,WANG Yunbo,et al.Anoptimized AES algorithm and its FPGA implementation[J].Computer&Digital Engineering,2017,45(1):502-505.doi:10.3969/j.issn.1672-9722.2017.03.020.
[7]RIVAIN M and PROUFF E.Provably secure higher-order masking of AES[C].Cryptographic Hardware and Embedded Systems,Santa Barbara,USA,2010:413-427.doi:10.1007/978-3-642-15031-9_28.
[8]CARLET C,GOUBIN L,PROUFF E,et al.Higher-order masking schemes for s-boxes[C].International Conference on FAST Software Encryption,Washington,DC,USA,2012:366-384.doi:10.1007/978-3-642-34047-521.
[9]ROY A and VIVEK S.Analysis and improvement of the generic higher-order masking scheme of FSE 2012[C].Cryptographic Hardware and Embedded Systems-CHES2013,Santa Barbara,USA,2013:417-434.doi:10.1007/978-3-642-40349-1-24.
[10]CORON J S,PROUFF E,RIVAIN M,et al.Higher-order side channel security and mask refreshing[C].International Workshop on Fast Software Encryption 2013,Singapore,2013:410-424.doi:1007/978-3-662-43933-3_21.
[11]王晓东.最短加法链算法[J].小型微型计算机系统,2001,22(10):1250-1253.doi:10.3969/j.issn.1000-1220.2001.10.026.WANG Xiaodong.Shortest addition chain algorithm[J].Mini-Micro System,2001,22(10):1250-1253.doi:10.3969/j.issn.1000-1220.2001.10.026.
[12]刘艳萍,李秋慧.AES算法的研究与其密钥扩展算法改进[J].现代电子技术,2016,39(10):5-8.doi:10.16652/j.issn.1004-373x.2016.10.002.LIU Yanping and LI Qiuhui.Analysis of AES algorithm and its key extension algorithm improvement[J].Modern Electronics Technique,2016,39(10):5-8.doi:10.16652/j.issn.1004-373x.2016.10.002.
[13]OSWALD E,MANGARD S,PRAMSTALLER N,et al.Aside-channel analysis resistant description of the AES S-box[C].International Workshop on Fast Software Encryption 2005,Paris,France,2005:413-423.doi:10.1007/11502760-28.
[14]夏克维,李冰.AES算法中S-box和列混合单元的优化及FPGA实现[J].现代电子技术,2009,32(24):11-14.doi:10.16652/j.issn.1004-373x.2009.24.029.XIA Kewei and LI Bing.Optimization of S-box and Mixcolumn blocks in AES encryption algorithm and FPGAimplementation[J].Modern Electronics Technique,2009,32(24):11-14.doi:10.16652/j.issn.1004-373x.2009.24.029.
[15]崔琦,王思翔,段晓毅,等.一种AES算法的快速模板攻击方法[J].计算机应用研究,2017,34(6):1801-1804.doi:10.3969/j.issn.1001-3695.2017.06.045.CUI Qi,WANG Sixiang,DUAN Xiaoyi,et al.Fast template DPA attack against AES algorithm[J].Application Research of Computers,2017,34(6):1801-1804.doi:10 .3969/j.issn.1001-3695.2017.06.045.
[16]王建新,方华威,段晓毅,等.基于滑动平均的能量分析攻击研究与实现[J].电子与信息学报,2017,39(5):1256-1260.doi:10.11999/JEIT160637.WANG Jianxin,FANG Huawei,DUAN Xiaoyi,et al.Research and implementation of power analysis based on moving average[J].Journal of Electronics&Information Technology,2017,39(5):1256-1260.doi:10.11999/JEIT160637.
[17]段晓毅,王思翔,崔琦,等.一种带掩码AES算法的高阶差分功耗分析攻击方案[J].计算机工程,2017,43(10):120-125.doi:10.3969/j.issn.1000-3428.2017.10.021.DUAN Xiaoyi,WANG Sixiang,CUI Qi,et al.A high-order differential power analysis attack scheme with masked AESalgorithm[J].Computer Engineering,2017,43(10):120-125.doi:10.3969/j.issn.1000-3428.2017.10.021.
[18]ISHAI Y,SAHAI A,and WAGNER D.Private circuits:Securing hardware against probing attacks[C].CRYPTO2003:Advances in Cryptology-CRYPTO,Santa Barbara,USA,2003:463-481.doi:10.1007/978-3-540-45146-4_27.
[19]ZHANG Xinmiao and PARHI K K.High-speed VLSIarchitectures for the AES algorithm[J].IEEE Transactions on Very Large Scale Integration Systems,2004,12(9):957-967.doi:10.1109/TVLSI.2004.832943.
[20]JUNGK B,ST?TTINGER M,GAMPE J,et al.Sidechannel resistant AES architecture utilizing randomized composite field representations[C].International Conference on Field-Programmable Technology,Seoul,Korea,2012:125-128.doi:10.1109/FPT.2012.6412123.
[21]BONNECAZE A,LIARDET P,and VENELLI A.AESside-channel countermeasure using random tower field constructions[J].Designs,Codes and Cryptography,2013,69(3):331-349.doi:10.1007/s10623-012-9670-x.
[2]CORON J S.Higher order masking of look-up tables[C].33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques,Copenhagen,Denmark,2014:441-458.doi:10.1007/978-3-642-55220-5_25.
[3]刘国强,金晨辉.一类动态S盒的构造与差分性质研究[J].电子与信息学报,2014,36(1):74-81.doi:10.3724/SP.J.1146.2013.00416.LIU Guoqiang and JIN Chenhui.Investigation on construction and differential property of a class of dynamic S-box[J].Journal of Electronics&Information Technology,2014,36(1):74-81.doi:10.3724/SP.J.1146.2013.00416.
[4]臧鸿雁,黄慧芳.基于均匀化混沌系统生成S盒的算法研究[J].电子与信息学报,2017,39(3):575-581.doi:10.11999/JEIT160535.ZANG Hongyan and HUANG Huifang.Research on algorithm of generating S-box based on uniform chaotic system[J].Journal of Electronics&Information Technology,2017,39(3):575-581.doi:10.11999/JEIT160535.
[5]钟卫东,孟庆全,张帅伟,等.基于秘密共享的AES的S盒实现与优化[J].工程科学与技术,2017,49(1):191-196.doi:10.15961/j.jsuese.2017.01.025.ZHONG Weidong,MENG Qingquan,ZHANG Shuaiwei,et al.Implementation and optimization of S-box on AES based on secret sharing[J].Advanced Engineering Sciences,2017,49(1):191-196.doi:10.15961/j.jsuese.2017.01.025.
[6]张伟,高俊雄,王耕波,等.一种优化的AES算法及其FPGA实现[J].计算机与数字工程,2017,45(1):502-505.doi:10.3969/j.issn.1672-9722.2017.03.020.ZHANG Wei,GAO Junxiong,WANG Yunbo,et al.Anoptimized AES algorithm and its FPGA implementation[J].Computer&Digital Engineering,2017,45(1):502-505.doi:10.3969/j.issn.1672-9722.2017.03.020.
[7]RIVAIN M and PROUFF E.Provably secure higher-order masking of AES[C].Cryptographic Hardware and Embedded Systems,Santa Barbara,USA,2010:413-427.doi:10.1007/978-3-642-15031-9_28.
[8]CARLET C,GOUBIN L,PROUFF E,et al.Higher-order masking schemes for s-boxes[C].International Conference on FAST Software Encryption,Washington,DC,USA,2012:366-384.doi:10.1007/978-3-642-34047-521.
[9]ROY A and VIVEK S.Analysis and improvement of the generic higher-order masking scheme of FSE 2012[C].Cryptographic Hardware and Embedded Systems-CHES2013,Santa Barbara,USA,2013:417-434.doi:10.1007/978-3-642-40349-1-24.
[10]CORON J S,PROUFF E,RIVAIN M,et al.Higher-order side channel security and mask refreshing[C].International Workshop on Fast Software Encryption 2013,Singapore,2013:410-424.doi:1007/978-3-662-43933-3_21.
[11]王晓东.最短加法链算法[J].小型微型计算机系统,2001,22(10):1250-1253.doi:10.3969/j.issn.1000-1220.2001.10.026.WANG Xiaodong.Shortest addition chain algorithm[J].Mini-Micro System,2001,22(10):1250-1253.doi:10.3969/j.issn.1000-1220.2001.10.026.
[12]刘艳萍,李秋慧.AES算法的研究与其密钥扩展算法改进[J].现代电子技术,2016,39(10):5-8.doi:10.16652/j.issn.1004-373x.2016.10.002.LIU Yanping and LI Qiuhui.Analysis of AES algorithm and its key extension algorithm improvement[J].Modern Electronics Technique,2016,39(10):5-8.doi:10.16652/j.issn.1004-373x.2016.10.002.
[13]OSWALD E,MANGARD S,PRAMSTALLER N,et al.Aside-channel analysis resistant description of the AES S-box[C].International Workshop on Fast Software Encryption 2005,Paris,France,2005:413-423.doi:10.1007/11502760-28.
[14]夏克维,李冰.AES算法中S-box和列混合单元的优化及FPGA实现[J].现代电子技术,2009,32(24):11-14.doi:10.16652/j.issn.1004-373x.2009.24.029.XIA Kewei and LI Bing.Optimization of S-box and Mixcolumn blocks in AES encryption algorithm and FPGAimplementation[J].Modern Electronics Technique,2009,32(24):11-14.doi:10.16652/j.issn.1004-373x.2009.24.029.
[15]崔琦,王思翔,段晓毅,等.一种AES算法的快速模板攻击方法[J].计算机应用研究,2017,34(6):1801-1804.doi:10.3969/j.issn.1001-3695.2017.06.045.CUI Qi,WANG Sixiang,DUAN Xiaoyi,et al.Fast template DPA attack against AES algorithm[J].Application Research of Computers,2017,34(6):1801-1804.doi:10 .3969/j.issn.1001-3695.2017.06.045.
[16]王建新,方华威,段晓毅,等.基于滑动平均的能量分析攻击研究与实现[J].电子与信息学报,2017,39(5):1256-1260.doi:10.11999/JEIT160637.WANG Jianxin,FANG Huawei,DUAN Xiaoyi,et al.Research and implementation of power analysis based on moving average[J].Journal of Electronics&Information Technology,2017,39(5):1256-1260.doi:10.11999/JEIT160637.
[17]段晓毅,王思翔,崔琦,等.一种带掩码AES算法的高阶差分功耗分析攻击方案[J].计算机工程,2017,43(10):120-125.doi:10.3969/j.issn.1000-3428.2017.10.021.DUAN Xiaoyi,WANG Sixiang,CUI Qi,et al.A high-order differential power analysis attack scheme with masked AESalgorithm[J].Computer Engineering,2017,43(10):120-125.doi:10.3969/j.issn.1000-3428.2017.10.021.
[18]ISHAI Y,SAHAI A,and WAGNER D.Private circuits:Securing hardware against probing attacks[C].CRYPTO2003:Advances in Cryptology-CRYPTO,Santa Barbara,USA,2003:463-481.doi:10.1007/978-3-540-45146-4_27.
[19]ZHANG Xinmiao and PARHI K K.High-speed VLSIarchitectures for the AES algorithm[J].IEEE Transactions on Very Large Scale Integration Systems,2004,12(9):957-967.doi:10.1109/TVLSI.2004.832943.
[20]JUNGK B,ST?TTINGER M,GAMPE J,et al.Sidechannel resistant AES architecture utilizing randomized composite field representations[C].International Conference on Field-Programmable Technology,Seoul,Korea,2012:125-128.doi:10.1109/FPT.2012.6412123.
[21]BONNECAZE A,LIARDET P,and VENELLI A.AESside-channel countermeasure using random tower field constructions[J].Designs,Codes and Cryptography,2013,69(3):331-349.doi:10.1007/s10623-012-9670-x.