电子学报 ›› 2013, Vol. 41 ›› Issue (5): 859-864.DOI: 10.3969/j.issn.0372-2112.2013.05.005

• 学术论文 • 上一篇    下一篇

扩展的代数侧信道攻击及其应用

彭昌勇1,2, 朱创营3, 黄莉4, 祝跃飞1, 王靳辉2   

  1. 1. 解放军信息工程大学网络空间安全学院,河南郑州 450002;
    2. 解放军信息工程大学理学院,河南郑州 450002;
    3. 桂林电子科技大学,广西桂林 541004;
    4. 解放军信息工程大学科研部,河南郑州 450002
  • 收稿日期:2012-09-28 修回日期:2013-03-04 出版日期:2013-05-25
    • 通讯作者:
    • 彭昌勇 男,1974年生于湖南永州.解放军信息工程大学博士研究生.研究方向为分组密码. E-mail:cy.peng@163.com
    • 作者简介:
    • 朱创营 男,1986年生于河南尉氏.硕士生.研究方向为形式化验证和信息安全. E-mail:39463021@qq.com
    • 基金资助:
    • 郑州市科技创新团队项目 (No.10CXTD150)

Extended Algebraic-Side Channel Attack and Its Application

PENG Chang-yong1,2, ZHU Chuang-ying3, HUANG Li4, ZHU Yue-fei1, WANG Jin-hui2   

  1. 1. Cyberspace Security College,PLA Information Engineering University,Zhengzhou,Henan 450002,China;
    2. College of Science,PLA Information Engineering University,Zhengzhou,Henan 450002,China;
    3. School of Computer and Control,Guillin University of Electronic Technology,Guilin,Guangxi 541004,China;
    4. Scientific Research Department,PLA Information Engineering University,Zhengzhou,Henan 450002,China
  • Received:2012-09-28 Revised:2013-03-04 Online:2013-05-25 Published:2013-05-25
    • Supported by:
    • Science and Technology Innovation team project of Zhengzhou,  Henan Province (No.10CXTD150)

摘要: Renauld等人提出的代数侧信道攻击是将代数攻击和侧信道攻击结合起来的一种对分组密码的攻击方法.目前的研究主要针对算法的8-bit实现平台,对于更大的如64-bit实现平台,未见文献讨论.为此,本文提出一种扩展的代数侧信道攻击,直接将侧信道信息表示为密钥的显式函数.相比于通常的代数侧信道攻击,所需泄露信息更少.作为应用,给出了对LBlock轻量级分组密码的扩展的代数侧信道攻击,结果如下:对于64-bit平台实现的LBlock,假设其1-3轮输出的Hamming重量可以准确获得,则利用35个已知明文,便可建立关于LBlock 80-bit主密钥的非线性方程组;在普通的PC机上,利用Magma数学软件v2.12-16求Groebner基,1分钟内可以求得80-bit主密钥.这是对LBlock的首个代数侧信道攻击,同时说明Renauld等人给出的对代数侧信道攻击的其中一个防范方法:"将实现方法从8-bit平台转移到更大的设备"是不够的.

关键词: 轻量级分组密码, 鲁班锁分组密码, 代数侧信道攻击, Magma数学软件, Groebner基

Abstract: Algebraic-side channel attack(ASCA) was proposed by Renauld et al.which combines algebraic attack and side channel attack.The current research of ASCA mainly focuses on the 8-bit implementation of a block cipher.For 64-bit platform,there is no such research.This paper gives an extended algebraic side channel attack which represents the leaked information as explicit function of the key bits.Compared with the original ASCA,the extended ASCA needs less leaked information.As an application,we give an extended ASCA on LBlock light weight block cipher:For LBlock implemented on 64-bit platform,if the Hamming weight of the output of 1-3 round of LBlock can be obtained without error,then with 35 known plaintexts,an equation system concerning the 80 bit maser key can be set up;on a general PC,the 80 bit master key can be obtained in a minute by using Magma mathematical software v2.12-16 to find the Groebner basis.This is the first ASCA attack on LBlock,which shows that the method of moving form 8-bit platform to larger devices suggested by Renauld et al.to prevent ASCA is not enough.

Key words: lightweight block cipher, LBlock, algebraic side channel attack, Magma mathematical software, Groebner basis

中图分类号: