一种基于门限与感染技术的SM4算法综合防护实现

doi:10.12263/DZXB.20210223

电子学报 ›› 2022, Vol. 50 ›› Issue (5): 1066-1074.DOI: 10.12263/DZXB.20210223

一种基于门限与感染技术的SM4算法综合防护实现

焦志鹏¹^,², 姚富¹^,², 陈华¹^,², 王舰¹^,², 匡晓云³, 黄开天³

^1.中国科学院软件研究所可信计算与信息保障实验室, 北京 100190
^2.中国科学院大学, 北京 100049
^3.南方电网科学研究院, 广东广州 510663

收稿日期:2021-02-04 修回日期:2021-06-03 出版日期:2022-05-25
- 作者简介:
- 焦志鹏　男，1992年生于河南省平顶山市，现为中国科学院软件研究所博士研究生，研究方向为侧信道分析与防护. E-mail: zhipeng2017@iscas.ac.cn
  姚　富　男，1990年生于山西省朔州市，现为中国科学院软件研究所博士研究生，研究方向为侧信道分析与防护. E-mail: yaofu2020@iscas.ac.cn
  陈　华　女，1976年生于山东省日照市，现为中国科学院软件研究所正高级工程师，博士生导师，研究方向为侧信道分析与防护、密码检测. E-mail: chenhua@iscas.ac.cn
- 基金资助:
- 国家重点研发计划 (2018YFB0904900)

A Comprehensive Protection Implementation of SM4 Algorithm Based on Threshold and Infection Technology

JIAO Zhi-peng¹^,², YAO Fu¹^,², CHEN Hua¹^,², WANG Jian¹^,², KUANG Xiao-yun³, HUANG Kai-tian³

^1.Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
^2.University of Chinese Academy of Sciences, Beijing 100049, China
^3.Electric Power Research Institute, China Southern Power Grid, Guangzhou, Guangdong 510663, China

Received:2021-02-04 Revised:2021-06-03 Online:2022-05-25 Published:2022-06-18
- Supported by:
- National Key Research and Development Program of China (2018YFB0904900)

摘要/Abstract

摘要：

侧信道攻击和故障攻击对于密码算法的实现安全性有着巨大的威胁.针对这样的现状，本文结合门限实现和乘法感染防护思想构造了一种具有抵抗侧信道攻击和故障攻击能力的综合防护方案，以门限实现思想为基础实现了对于侧信道攻击的防护，以乘法感染思想为基础实现了对于故障攻击的防护，二者相互结合使得综合防护方案同时具有抵抗侧信道攻击和故障攻击的能力.此外以门限实现改善了乘法感染防护中随机数为0的缺陷，并且结合随机置换思想进一步提高了防护方案抵抗故障攻击的能力.随后本文依据以上综合防护理论构造了一种适用于SM4算法的综合防护实现方案，并在现场可编程门阵列（Field Programmable Gate Array，FPGA）上进行了具体的实现，最后通过理论分析和安全性评估实验验证了该综合防护方案的安全性.

关键词: 侧信道攻击, 故障攻击, 门限实现, 感染, 综合防护, SM4算法

Abstract:

Side channel attack and fault attack are great threats to the security of cryptography implementation. In view of this situation, this paper combines the threshold implementation(TI) and multiplicative infection protection idea to construct a comprehensive protection scheme with the ability to resist side channel attack and fault attack. Based on the idea of threshold implementation, the protection against side channel attack is realized. Based on the idea of multiplicative infection, the protection against fault attack is realized. The combination of the two theory makes the comprehensive protection scheme capable of resisting side channel attack and fault attack at the same time. In addition, threshold implementation improves the flaw of multiplicative infection when the random number is 0, and the ability of the protection scheme to resist fault attack is further improved by combining the idea of random permutation. Then, based on the above comprehensive protection theory, this paper constructs a comprehensive protection implementation scheme suitable for SM4 algorithm, and carries out a specific implementation on field programmable gate array(FPGA). Finally, the security of the comprehensive protection scheme is verified through theoretical analysis and security evaluation experiments.

Key words: side channel attack, fault attack, threshold implementation, infection, comprehensive protection, SM4 algorithm

中图分类号:

TN918

焦志鹏, 姚富, 陈华, 王舰, 匡晓云, 黄开天. 一种基于门限与感染技术的SM4算法综合防护实现[J]. 电子学报, 2022, 50(5): 1066-1074.

JIAO Zhi-peng, YAO Fu, CHEN Hua, WANG Jian, KUANG Xiao-yun, HUANG Kai-tian. A Comprehensive Protection Implementation of SM4 Algorithm Based on Threshold and Infection Technology[J]. Acta Electronica Sinica, 2022, 50(5): 1066-1074.

图/表 8

参考文献 25

1	KOCHERP C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems[C]//Advances in Cryptology—CRYPTO'96. Berlin, Heidelberg: Springer-Verlag, 1996: 104‑113.
2	MESSERGEST S. Using second-order power analysis to attack DPA resistant software[C]//Cryptographic Hardware and Embedded Systems—CHES 2000. Berlin, Heidelberg: Springer-Verlag, 2000: 238‑251.
3	FERRIGNOJ, HLAVÁČM. When AES blinks: introducing optical side channel[J]. IET Information Security, 2008, 2(3): 94‑98.
4	GENKIND, SHAMIRA, TROMERE. RSA key extraction via low-bandwidth acoustic cryptanalysis[C]//Advances in Cryptology—CRYPTO 2014. Berlin, Heidelberg: Springer-Verlag, 2014: 444‑461.
5	BONEHD, DEMILLOR A, LIPTONR J. On the importance of checking cryptographic protocols for faults[C]//Advances in Cryptology—EUROCRYPT'97. Berlin, Heidelberg: Springer-Verlag, 1997: 37‑51.
6	KOCHERP, JAFFEJ, JUN B. Differential power analysis[C]//Advances in Cryptology—CRYPTO'99. Berlin, Heidelberg: Springer-Verlag, 1999: 388‑397.
7	NIKOVAS, RECHBERGERC, RIJMENV. Threshold implementations against side-channel attacks and glitches[C]//Information and Communications Security. Berlin, Heidelberg: Springer-Verlag, 2006: 529‑545.
8	PIRETG, QUISQUATERJ J. A differential fault attack technique against SPN structures, with application to the AES and KHAZAD[C]//Cryptographic Hardware and Embedded Systems—CHES 2003. Berlin, Heidelberg: Springer- Verlag, 2003: 77‑88.
9	FENGJ Y, CHENH, LIY, et al. A framework for evaluation and analysis on infection countermeasures against fault attacks[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 391‑406.
10	ISHAIY, PRABHAKARANM, SAHAIA, et al. Private circuits II: keeping secrets in tamperable circuits[C]//Advances in Cryptology—EUROCRYPT 2006. Berlin, Heidelberg: Springer-Verlag, 2006: 308‑327.
11	DE CNUDDET, NIKOVAS. More efficient private circuits II through threshold implementations[C]//2016 Workshop on Fault Diagnosis and Tolerance in Cryptography(FDTC). New Jersey: IEEE, 2016: 114‑124.
12	SCHNEIDERT, MORADIA, GÜNEYSUT. ParTI⁃towards combined hardware countermeasures against side-channel and fault-injection attacks[C]//Advances in Cryptology—CRYPTO 2016. Berlin, Heidelberg: Springer-Verlag, 2016: 302‑332.
13	REPARAZO, DE MEYERL, BILGINB, et al. CAPA: the spirit of beaver against physical attacks[C]//Advances in Cryptology—CRYPTO 2018. Berlin, Heidelberg: Springer-Verlag, 2018: 121‑151.
14	MEYERL D, ARRIBASV, NIKOVAS, et al. M&M: Masks and macs against physical attacks[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019, 2019(1): 25‑50.
15	吕述望, 苏波展, 王鹏, 等. SM4分组密码算法综述[J].信息安全研究, 2016, 2(11): 995‑1007.
	Shu-wangLÜ, SUBo-zhan, WANGPeng, et al. Overview on SM4 algorithm[J].Journal of Information Security Research, 2016, 2(11): 995‑1007. (in Chinese)
16	谭锐能,卢元元,田椒陵.抗侧信道攻击的SM4多路径乘法掩码方法[J].计算机工程, 2014, 40(05): 103‑108, 114.
	TANRui-neng, LUYuan-yuan, TIANJiao-ling. SM4 multi-path multiplicative masking method against side-channel attack[J]. Computer Engineering, 2014, 40(05):103‑108, 114. ( in Chinese)
17	裴超.一种SM4掩码方法和抗DPA攻击分析[J].密码学报, 2016, 3(01): 79‑90.
	PEIChao. A method of masking SM4 and analysis against DPA attacks[J]. Journal of Cryptologic Research, 2016, 3(01): 79‑90. (in Chinese)
18	李新超,钟卫东,张帅伟,等.一种SM4算法S盒的门限实现方案[J].密码学报, 2018, 5(06): 641‑650.
	LIXin-chao, ZHONGWei-dong, ZHANGShuai-wei, et al. A New Threshold Implementation of the S-box in SM4[J]. Journal of Cryptologic Research, 2018, 5(06):641‑650. (in Chinese)
19	WEIMan, SUNSiwei, WEIZihao, HULei. Unbalanced sharing: a threshold implementation of SM4[J].Science China(Information Sciences), 2021, 64(05): 218‑220.
20	辛小霞. 抗故障攻击的硬件密码算法研究与实现[D]. 湖南长沙: 湖南大学, 2015.
	XINXiao-xia. The Research and Implementation of Hardware Cryptographic Algorithms to Resist Fault Attack[D]. Changsha, Hunan: Hunan University, 2015. (in Chinese)
21	REPARAZO, BILGINB, NIKOVAS, GIERLICHSB, VERBAUWHEDEI. Consolidating masking schemes in CRYPTO[C]//Advances in Cryptology—CRYPTO 2015. Berlin, Heidelberg: Springer-Verlag, 2015: 764‑783.
22	MAOW, BAIX, WENL. Methods and apparatus for secure and efficient implementation of block ciphers: CN2017/080318[P]. 2017-04-12.
23	CANRIGHT, D. A very compact S-Box for AES[C]//Cryptographic Hardware and Embedded Systems—CHES 2005. Berlin, Heidelberg: Springer-Verlag, 2005: 441‑455.
24	CNUDDET D, REPARAZO, BILGINBEGÜL, et al. Masking AES with d+1 shares in hardware[C]//Cryptographic Hardware and Embedded Systems—CHES 2016. Berlin, Heidelberg: Springer-Verlag, 2016: 194‑212.
25	SCHNEIDERT, MORADIA. Leakage assessment methodology[C]//Cryptographic Hardware and Embedded Systems—CHES 2015. Berlin, Heidelberg: Springer-Verlag, 2015: 495‑513.

检测项目	通过率（%）
重叠子序列（2）-1	99.00
重叠子序列（2）-2	100.00
单比特频数	98.50
近似熵（5）	97.50
矩阵秩	99.50
块内频数（100）	99.00
块内最大游程（128）	99.00
累加和	98.50
离散傅里叶	97.50
线性复杂度（500）	99.00
游程总数	99.50

检测项目	通过率（%）
重叠子序列（2）-1	99.00
重叠子序列（2）-2	100.00
单比特频数	98.50
近似熵（5）	97.50
矩阵秩	99.50
块内频数（100）	99.00
块内最大游程（128）	99.00
累加和	98.50
离散傅里叶	97.50
线性复杂度（500）	99.00
游程总数	99.50

评估目标	面积消耗（GE：等价门）
S盒	505
线性移位	153
密钥扩展	2074
其他寄存器与控制逻辑	2548
总的消耗	5280

评估目标	面积消耗（GE：等价门）
S盒	505
线性移位	153
密钥扩展	2074
其他寄存器与控制逻辑	2548
总的消耗	5280

评估目标		面积消耗（GE：等价门）
SM4原始门限实现	S盒	3076
	线性移位	460
	密钥扩展	2074
	其他寄存器与控制逻辑	5315
SM4冗余门限实现		10925
SM4算法故障随机置换		3982
SM4算法感染乘法		16368
综合防护控制逻辑与其他寄存器		750
总的面积消耗		42950

一种基于门限与感染技术的SM4算法综合防护实现

A Comprehensive Protection Implementation of SM4 Algorithm Based on Threshold and Infection Technology

RichHTML

PDF

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 25

相关文章 4

编辑推荐

Metrics

[1]	杨超, 郭云飞, 扈红超, 刘文彦, 霍树民, 王亚文. 基于符号执行的软件缓存侧信道脆弱性检测技术[J]. 电子学报, 2019, 47(6): 1194-1200.
[2]	张建, 吴文玲. 基于SM4轮函数设计的认证加密算法[J]. 电子学报, 2018, 46(6): 1294-1299.
[3]	彭昌勇, 朱创营, 黄莉, 祝跃飞, 王靳辉. 扩展的代数侧信道攻击及其应用[J]. 电子学报, 2013, 41(5): 859-864.
[4]	张书奎;崔志明;龚声蓉;孙涌;. 传感器网络病毒感染传播局域控制研究[J]. 电子学报, 2009, 37(4): 877-883.