帮助 关于我们

返回检索结果

基于减轮故障的SM2解密算法选择密文组合攻击
Chosen Ciphertext Combined Attack Based on Round-Reduced Fault Against SM2 Decryption Algorithm

查看参考文献27篇

李昊远 1,2   韩绪仓 1,2   曹伟琼 1 *   王舰 1,2   陈华 1  
文摘 SM2系列算法是由我国自主设计的商用椭圆曲线密码算法.目前,对SM2解密算法的实现安全性分析通常遵循对椭圆曲线通用组件的研究成果,缺乏结合算法本身结构和特点而进行的实现安全性研究.同时,SM2解密算法中的哈希和验证步骤,使大部分需要利用错误输出的故障攻击方式对于SM2解密算法并不适用.针对该现状,本文根据SM2解密算法本身的特点,结合安全错误类故障攻击思想,提出了一种减轮故障与侧信道相结合的选择密文组合攻击.攻击的核心是通过故障注入改变标量乘循环的轮数,然后由侧信道分析确定故障轮数的具体取值.根据部分密钥猜测结合明文、正确密文等构建选择密文,并将其输入至具有特定故障效果的解密设备,最后通过解密设备输出验证部分密钥猜测是否正确,逐步恢复私钥.此外,文中分析了攻击对不同标量乘法以及常见防护对策的适用性.最后,本文在基于ARM Cortex M4核心的STM32F303微控制器芯片上,使用时钟毛刺注入和简单能量分析的方式对SM2解密算法进行了实际攻击实验并成功恢复出了私钥.实验结果表明,该攻击方法具有可行性和实用性.
其他语种文摘 SM2 algorithm is a commercial elliptic curve cryptographic algorithm designed by China. At present, the analysis of the implementation security of this algorithm usually follows the research results on the common components of elliptic curves rather than the structure and characteristics of the algorithm. At the same time, hash and verification steps in SM2 decryption algorithm make most of the fault attacks that need to exploit the error output not applicable. To solve this problem, according to characteristics of SM2 decryption algorithm, this paper proposes a chosen ciphertext combined attack that combines the round-reduced fault with side channel based on the idea of safe-error. The core of the attack is changing the number of rounds of scalar multiplication by fault injection, and determining the specific number of faulty rounds by side channel analysis. Then it constructs the chosen ciphertext based on partial key guesses combined with plaintext and correct ciphertext. And the chosen ciphertext is input to the decryption device with specific fault effect, verifying whether the partial key guess is correct by the output of the decryption device. Also, the applicability of the attack to different scalar multiplication methods and common protection countermeasures is analyzed in the paper. Lastly, we conduct practical attack experiments on the SM2 decryption algorithm with clock glitch injection and simple power analysis on an STM32F303 microcontroller chip based on the ARM Cortex M4. And we successfully recover the private key. The experimental results show that the attack method is feasible and practical.
来源 电子学报 ,2023,51(11):3187-3198 【核心库】
DOI 10.12263/DZXB.20220481
关键词 组合攻击 ; 减轮故障 ; 侧信道攻击 ; 选择密文 ; 安全错误 ; SM2解密
地址

1. 中国科学院软件研究所可信计算与信息保障实验室, 北京, 100190  

2. 中国科学院大学, 北京, 100049

语种 中文
文献类型 研究性论文
ISSN 0372-2112
学科 电子技术、通信技术;自动化技术、计算机技术
基金 国家自然科学基金
文献收藏号 CSCD:7641774

参考文献 共 27 共2页

1.  Kocher P C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. Advances in Cryptology-CRYPTO'96,1996:104-113 CSCD被引 14    
2.  Kocher P. Differential power analysis. Advances in Cryptology-CRYPTO'99,1999:388-397 CSCD被引 16    
3.  Boneh D. On the importance of checking cryptographic protocols for faults. Advances in Cryptology-EUROCRYPT'97,1997:37-51 CSCD被引 8    
4.  欧庆于. 基于电压毛刺故障扰动的分组密码安全性度量方法研究. 电子学报,2021,49(3):417-423 CSCD被引 3    
5.  Amiel F. Passive and active combined attacks: Combining fault attacks and side channel analysis. Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007),2007:92-102 CSCD被引 1    
6.  国家质量监督检验检疫总局. 信息安全技术SM2椭圆曲线公钥密码算法:第1部分总则: GB/T 32918.1-2016,2017 CSCD被引 1    
7.  汪朝晖. SM2椭圆曲线公钥密码算法综述. 信息安全研究,2016,2(11):972-982 CSCD被引 19    
8.  史汝辉. 一种针对SM2解密算法的侧信道攻击方法. 密码学报,2015,2(5):467-476 CSCD被引 4    
9.  Dhem J F. A practical implementation of the timing attack. Lecture Notes in Computer Science,2000:167-182 CSCD被引 1    
10.  Brumley B B. Remote timing attacks are still practical. European Symposium on Research in Computer Security,2011:355-371 CSCD被引 2    
11.  Coron J S. Resistance against differential power analysis for elliptic curve cryptosystems. Cryptographic Hardware and Embedded Systems,1999:292-302 CSCD被引 4    
12.  Medwed M. Template attacks on ECDSA. Information Security Applications,2009:14-27 CSCD被引 1    
13.  Goubin L. A refined power-analysis attack on elliptic curve cryptosystems. Public Key Cryptography-PKC 2003,2002:199-211 CSCD被引 2    
14.  Akishita T. Zero-value point attacks on elliptic curve cryptosystem. Lecture Notes in Computer Science,2003:218-233 CSCD被引 5    
15.  Fouque P A. The doubling attack-why upwards is better than downwards. International Workshop on Cryptographic Hardware and Embedded Systems,2003:269-280 CSCD被引 1    
16.  Bauer A. Horizontal collision correlation attack on elliptic curves. Cryptography and Communications,2015,7(1):91-119 CSCD被引 3    
17.  Joye M. Protections against differential analysis for elliptic curve cryptography-an algebraic approach. Cryptographic Hardware and Embedded Systems-CHES 2001,2001:377-390 CSCD被引 1    
18.  Sung-Ming Y. A countermeasure against one physical cryptanalysis may benefit another attack. Information Security and Cryptology-ICISC 2001,2002:414-427 CSCD被引 1    
19.  Biehl I. Differential fault attacks on elliptic curve cryptosystems. Advances in Cryptology-CRYPTO 2000,2000:131-146 CSCD被引 3    
20.  Yen S M. Checking before output may not be enough against fault-based cryptanalysis. IEEE Transactions on Computers,2000,49(9):967-970 CSCD被引 6    
引证文献 1

1 乔少杰 基于智能合约的教育大数据安全管理和隐私保护算法 华东师范大学学报. 自然科学版,2024(5):128-140
CSCD被引 0 次

显示所有1篇文献

论文科学数据集
PlumX Metrics
相关文献

 作者相关
 关键词相关
 参考文献相关

版权所有 ©2008 中国科学院文献情报中心 制作维护:中国科学院文献情报中心
地址:北京中关村北四环西路33号 邮政编码:100190 联系电话:(010)82627496 E-mail:cscd@mail.las.ac.cn 京ICP备05002861号-4 | 京公网安备11010802043238号